################################################################################################# # # project : phpBook # filename : guestbook.php # last modified by : Erich Fuchs # e-mail : erich.fuchs@netone.at # purpose : Guestbook # ################################################################################################# # 2005-12-30 dvdh regexp op bericht, indien http dan niet inserten # ################################################################################################# // Emulate register_globals on if (!ini_get('register_globals')) { $superglobals = array($_SERVER, $_ENV, $_FILES, $_COOKIE, $_POST, $_GET); if (isset($_SESSION)) { array_unshift($superglobals, $_SESSION); } foreach ($superglobals as $superglobal) { extract($superglobal, EXTR_SKIP); } } $proctime_start=microtime(); # Include Configs & Variables ################################################################################################# require ("config.php"); if (strstr (getenv('HTTP_USER_AGENT'), 'MSIE')) { // Browser Detection $in_field_size="50"; $text_field_size="31"; } else { $in_field_size="30"; $text_field_size="24"; } # Connect DB ################################################################################################# mysql_connect($server, $db_user, $db_pass) or died("Database Connect Error"); # Process ################################################################################################# if ($action=="submit") { // Add an action if (!$in && !$delid && !$delcommentid && !$commentid) { header("Location: $PHP_SELF"); exit; } elseif ($delid && $admin==$adminpass) { mysql_db_query($database, "DELETE FROM guestbook WHERE id='$delid'") or died("Database Query Error"); header("Location: $PHP_SELF?offset=$offset&poffset=$poffset&admin=$admin"); exit; } elseif ($delcommentid && $admin==$adminpass) { mysql_db_query($database, "UPDATE guestbook SET comment='' where id='$delcommentid'") or died("Database Query Error"); header("Location: $PHP_SELF?offset=$offset&poffset=$poffset&admin=$admin"); exit; } elseif ($commentid && $admin==$adminpass) { if(isset($comment)){ $action=changed; mysql_db_query($database, "UPDATE guestbook SET comment='".encode_msg($comment)."' where id='$commentid'") or died("Database Query Error"); } else { $action=""; } header("Location: $PHP_SELF?commentid=$commentid&action=$action&offset=$offset&poffset=$poffset&admin=$admin"); exit; } else { if (isbanned()) { header("Location: $PHP_SELF"); exit; } $add_date=time(); $result=mysql_db_query($database, "SELECT * FROM guestbook WHERE ip='$REMOTE_ADDR' AND timestamp>($add_date-(60*$timelimit))") or died("Database Query Error"); $query=mysql_fetch_array($result); if ($query) { header("Location: $PHP_SELF"); exit; } require_once("class_ocr_captcha.inc.php"); $captcha = new ocr_captcha(); $in = strip_array($in); $in['blandja'] = encode_msg($in['blandja']); // Add SQL compatibilty & Smilie Convert $in['http'] = str_replace("http://", "", $in['http']); // Remove http:// from URLs if ($in['name'] == "") { died("
\n";
echo"
| \n";
echo" |||||||||||||||||||||||||
\n";
echo" \n"; if ($show_sysinfo) { list($usec, $sec) = explode(" ",$proctime_start); $proctime_start = $usec+$sec; list($usec, $sec) = explode(" ",microtime()); $proctime_end = $usec+$sec; $proctime = $proctime_end-$proctime_start; $query = mysql_db_query($database, "SELECT id FROM guestbook"); $countall=mysql_num_rows($query); echo" \n"; } # PLEASE DO NOT REMOVE OR EDIT THIS COPYRIGHT-NOTICE !!! THANKS !!! ################################################ # # echo" \n"; # ##################################################################################################################### echo" | \n";
echo"