($add_date-(60*$timelimit))") or died("Database Query Error"); $query=mysql_fetch_array($result); if ($query) { header("Location: $PHP_SELF"); exit; } $in = strip_array($in); $in['message'] = encode_msg($in['message']); // Add SQL compatibilty & Smilie Convert $in['http'] = str_replace("http://", "", $in['http']); // Remove http:// from URLs if ($in['name'] == "") { died("$guestbook_head$languagemetatag
$name_empty
"); } if ($in['icq'] != "" && ($in['icq'] < 1000 || $in['icq'] > 999999999)) { died("$guestbook_head$languagemetatag
$icq_wrong
"); } if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$in['email']) && $in['email'] != "") { died("$guestbook_head$languagemetatag
$non_valid_email
"); } if (strlen($in['message']) < $limit["0"] || strlen($in['message']) > $limit["1"]) { died("$guestbook_head$languagemetatag
$message_incorrect $limit[0] $and $limit[1] $characters.
"); } if ($in['email'] == "") { $in['email'] = "none"; } if ($in['icq'] == "") { $in['icq'] = 0; } if ($in['http'] == "") { $in['http'] = "none"; } if ($in['location'] == "0") { $in['location'] = "none"; } $in['browser'] = $HTTP_USER_AGENT; $testpatten = "[url="; $testmess = strpos($in['message'],$testpatten); if ($testmess == -1){ mysql_db_query($database, "INSERT INTO guestbook (name, email, http, icq, message, timestamp, ip, location, browser, passwd, username, usergroup) VALUES('$in[name]', '$in[email]','$in[http]','$in[icq]','$in[message]','$add_date', '$REMOTE_ADDR','$in[location]','$in[browser]','$in[passwd]','$in[username]','$in[usergroup]')") or died("Database Query Error"); } if ($in['username'] <> ""){ mysql_db_query($database, "INSERT INTO bookuser (username, usergroup, passwd) VALUES('$in[username]','$in[usergroup]','$in[passwd]')") or died("Database Query Error"); } if ($gb_notify) { @mail("$gb_notify","$gb_notifysubj","$notify_text $in[name]\n\n".censor_msg($in[message]),"From: $gb_notify"); } if ($timelimit) { setcookie("phpbookcookie","$guestbook_head", time()+(60*$timelimit),"/"); } if ($admin) {$adminlink="?admin=$admin";} header("Location: $PHP_SELF$adminlink&imgnow=$imgnow&username=$username&password=$password"); exit; } } else { // Show the entries ##################### # Header ################################################################################################# echo "\n"; echo " \n"; echo " $guestbook_head\n"; echo " \n"; echo " $languagemetatag\n"; echo " \n"; echo " \n"; echo " \n"; if ($logerr == 1){ echo " \n"; } echo "\n"; echo " \n"; echo "\n"; # The Main-Section ################################################################################################# echo" \n"; echo" \n"; echo"
\n"; echo" \n"; echo" \n"; echo"
\n"; if ($action=="add") { echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
$gb_link1head
\n"; echo "
\n"; echo "
\n"; echo "
\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if ($location_text) { echo " \n"; } else { echo " \n"; } echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if ($location_text) { echo " \n"; } else { echo " \n"; } echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
$gbadd_name
$gbadd_location
$gbadd_email
$gbadd_icq
$gbadd_url
$gbadd_msg

\n"; echo "
$smiley_help\n"; echo "
$url_code_help\n"; echo "
$gbadd_username
$gbadd_passwd
$gbadd_usergroup

\n"; echo " \n"; echo "
\n"; } elseif ($action=="admin" && $admin==$adminpass) { echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2head
\n"; echo "
\n"; echo "
\n"; echo "
\n"; echo " $gb_link3
\n"; echo " $gb_link4
\n"; echo " $gb_link6\n"; echo "
\n"; } elseif ($action == "badwords" && $admin==$adminpass) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
$guestbook_head
\n"; echo " 		\n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link3head
\n"; echo "
\n"; $count=0; $result = mysql_db_query($database, "select * from badwords") or die("Database Query Error"); echo "
\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " \n"; echo "
New
\n"; echo "
\n"; while ($db = mysql_fetch_array($result)) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
$db[badword]
"; echo " 		\n"; echo "
Edit || \n"; echo " $menusepDelete
\n"; echo "
\n"; $count++; } echo "

$count $gb_link4stat

\n"; } elseif ($action == "edit_badword" || $action == "new_badword" && $admin==$adminpass) { echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link3head
\n"; echo "
\n"; echo "
\n"; echo "\n"; if ($action == "edit_badword") { echo "\n"; } else { echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
$gb_link3text
\n"; echo "

\n"; echo "
\n"; } elseif ($action == "save_edit_badword" && $admin==$adminpass) { $result = mysql_db_query($database, "UPDATE badwords SET badword='$newvalue' WHERE badword='$value'") or die("Database Query Error"); echo "\n"; } elseif ($action == "save_new_badword" && $admin==$adminpass) { $result = mysql_db_query($database, "INSERT INTO badwords (badword) VALUES('$newvalue')") or die("Database Query Error"); echo "\n"; } elseif ($action == "delete_badword" && $admin==$adminpass) { $result = mysql_db_query($database, "DELETE FROM badwords WHERE badword='$value'") or die("Database Query Error"); echo "\n"; } elseif ($action == "banned_ips" && $admin==$adminpass) { echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link4head
\n"; echo "
\n"; $count=0; $result = mysql_db_query($database, "select * from banned_ips") or die("Database Query Error"); echo "
\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " \n"; echo "
New
\n"; echo "
\n"; while ($db = mysql_fetch_array($result)) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
$db[0]
"; echo " 		\n"; echo "
Edit || \n"; echo " Delete
\n"; echo "
\n"; $count++; } echo "

$count $gb_link4stat

\n"; } elseif ($action == "edit_banned_ip" || $action == "new_banned_ip") { echo " \n"; echo " \n"; echo "
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link4head
\n"; echo "
\n"; echo "
\n"; echo "\n"; if ($action == "edit_banned_ip") { echo "\n"; } else { echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
$gb_link4text
\n"; echo "

\n"; echo "
\n"; } elseif ($action == "save_edit_banned_ip" && $admin==$adminpass) { $result = mysql_db_query($database, "UPDATE banned_ips SET banned_ip='$newvalue' WHERE banned_ip='$value'") or die("Database Query Error"); echo "\n"; } elseif ($action == "save_new_banned_ip" && $admin==$adminpass) { $result = mysql_db_query($database, "INSERT INTO banned_ips (banned_ip) VALUES('$newvalue')") or die("Database Query Error"); echo "\n"; } elseif ($action == "delete_banned_ip" && $admin==$adminpass) { $result = mysql_db_query($database, "DELETE FROM banned_ips WHERE banned_ip='$value'") or die("Database Query Error"); echo "\n"; } elseif ($action == "bookusers" && $admin==$adminpass) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
$guestbook_head
\n"; echo " 		\n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link6head
\n"; echo "
\n"; $count=0; $result = mysql_db_query($database, "select * from bookuser") or die("Database Query Error"); echo "
\n"; echo " \n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo " \n"; echo " \n"; echo "
username
password
usergroup
power
\n"; echo "
New
\n"; echo "
\n"; while ($db = mysql_fetch_array($result)) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
$db[username]
"; echo " 		\n"; echo "
$db[passwd]
"; echo " 		\n"; echo "
$db[usergroup]
"; echo " 		\n"; echo "
$db[power]
"; echo " 		\n"; echo "
Edit || \n"; echo " $menusepDelete
\n"; echo "
\n"; $count++; } echo "

$count $gb_link6stat

\n"; } elseif ($action == "edit_bookuser" || $action == "new_bookuser" && $admin==$adminpass) { echo " \n"; echo " \n"; echo " \n"; echo" \n"; echo" \n"; echo" \n"; echo" \n"; echo"
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
"; echo " $gb_link5 || "; echo " $gb_link2 || "; echo " $gb_link6head
\n"; echo "
\n"; echo "
\n"; echo "\n"; if ($action == "edit_bookuser") { echo "\n"; } else { echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
$gb_link6text
\n"; echo "username:\n"; echo "password:\n"; echo "usergroup:\n"; echo "power:

\n"; echo "
\n"; } elseif ($action == "save_edit_bookuser" && $admin==$adminpass) { $result = mysql_db_query($database, "UPDATE bookuser SET username='$newvalue1',passwd='$newvalue2',usergroup='$newvalue3',power='$newvalue4' WHERE username='$value1' and passwd='$value2'") or die("Database Query Error"); echo "\n"; } elseif ($action == "save_new_bookuser" && $admin==$adminpass) { $result = mysql_db_query($database, "INSERT INTO bookuser (username,passwd,usergroup,power) VALUES('$newvalue1','$newvalue2','$newvalue3','$newvalue4')") or die("Database Query Error"); echo "\n"; } elseif ($action == "delete_bookuser" && $admin==$adminpass) { $result = mysql_db_query($database, "DELETE FROM bookuser WHERE username='$value1' and passwd='$value2'") or die("Database Query Error"); echo "\n"; } else { if ($admin) {$adminlink="&admin=$admin";} echo " \n"; echo " \n"; echo " \n"; echo" \n"; echo"
\n"; echo " "; echo " "; echo " "; echo " "; echo " \n"; echo " \n"; echo " \n"; echo "
 
"; genheader($username,$password,$imgnow); echo " \n"; echo "
\n"; if ($admin==$adminpass) { echo " $gb_link2 || \n"; } if ($phpbookcookie==$guestbook_head && $admin!=$adminpass) { echo " $gb_link1\n"; } else { echo " $gb_link1\n"; } echo "
\n"; echo "
\n"; echo "
\n"; # Start with Output ################################################################################################# echo "\n"; echo "\n"; # Calculate Page-Numbers ################################################################################################# if (empty($perpage)) $perpage = 1; if (empty($pperpage)) $pperpage = 9; //!!! ONLY 5,7,9,11,13 !!!! if (empty($sort)) $sort = "desc"; if (empty($offset)) $offset = 0; if (empty($poffset)) $poffset = 0; if ($imgnow == 2){ if ($admin == $adminpass){ $amount = mysql_db_query($database, "SELECT count(*) FROM guestbook WHERE usergroup = 2"); } else { $amount = mysql_db_query($database, "SELECT count(*) FROM guestbook WHERE usergroup = 2 AND username = '$username' AND passwd = '$password'"); } } elseif ($imgnow == 3){ $amount = mysql_db_query($database, "SELECT count(*) FROM guestbook WHERE usergroup = 3"); } else { $amount = mysql_db_query($database, "SELECT count(*) FROM guestbook WHERE usergroup < 2"); } $amount = mysql_db_query($database, "SELECT count(*) FROM guestbook"); $amount_array = mysql_fetch_array($amount); $pages = ceil($amount_array["0"] / $perpage); $actpage = ($offset+$perpage)/$perpage; $maxoffset = ($pages-1)*$perpage; $maxpoffset = $pages-$pperpage; $middlepage=($pperpage-1)/2; if ($maxpoffset<0) {$maxpoffset=0;} echo "\n"; echo "
\n"; if ($imgnow == 2){ echo "$gbboard2
\n"; } elseif ($imgnow == 3){ echo "$gbboard3
\n"; } else { echo "$gbboard1
\n"; } echo "
\n"; if ($pages) { // print only when pages > 0 echo "$ad_pages\n"; if ($offset) { $noffset=$offset-$perpage; $npoffset = $noffset/$perpage-$middlepage; if ($npoffset<0) {$npoffset=0;} if ($npoffset>$maxpoffset) {$npoffset = $maxpoffset;} echo "[<<] "; echo "[<] "; } for($i = $poffset; $i< $poffset+$pperpage && $i < $pages; $i++) { $noffset = $i * $perpage; $npoffset = $noffset/$perpage-$middlepage; if ($npoffset<0) {$npoffset = 0;} if ($npoffset>$maxpoffset) {$npoffset = $maxpoffset;} $actual = $i + 1; if ($actual==$actpage) { echo "($actual) "; } else { echo "[$actual] "; } } if ($offset+$perpage<$amount_array["0"]) { $noffset=$offset+$perpage; $npoffset = $noffset/$perpage-$middlepage; if ($npoffset<0) {$npoffset=0;} if ($npoffset>$maxpoffset) {$npoffset = $maxpoffset;} echo "[>] "; echo "[>>] "; } } echo "
\n"; # Start the Page ################################################################################################# echo "\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; # Get actions for current page ################################################################################################# if ($imgnow == 2){ if ($admin == $adminpass){ $result = mysql_db_query($database, "SELECT * FROM guestbook WHERE usergroup = 2 ORDER by id $sort LIMIT $offset, $perpage"); } else { $result = mysql_db_query($database, "SELECT * FROM guestbook WHERE usergroup = 2 AND username = '$username' AND passwd = '$password' ORDER by id $sort LIMIT $offset, $perpage"); } } elseif ($imgnow == 3){ $result = mysql_db_query($database, "SELECT * FROM guestbook WHERE usergroup = 3 ORDER by id $sort LIMIT $offset, $perpage"); } else { $result = mysql_db_query($database, "SELECT * FROM guestbook WHERE usergroup < 2 ORDER by id $sort LIMIT $offset, $perpage"); } while ($db = mysql_fetch_array($result)) { if ($dateformat=="eu") { // European Date & Timeformat $when = strftime("%d.%m.%Y %H:%M", $db["timestamp"]); } else { // US Date & Timeformat $when = strftime("%m/%d/%Y %I:%M %p", $db["timestamp"]); } if ($db[email] != "none") { $email = "\"$send_email\""; } else { $email = ""; } if ($db[icq] != 0) { $icq = "\"$icq_message\""; } else { $icq = ""; } if ($db[http] != "none") { $http = "\"$view_homepage\""; } else { $http = ""; } if ($db[ip] != "none") { if ($admin==$adminpass) { $ip = "\"".$db[ip]."\""; } else { $ip = "\"$ip_logged\""; } } else { $ip = ""; } if ($db[location]!= "none") { $location = "$gb_location
$db[location]
"; } else { $location = "

"; } if ($db[browser] != "") { $browser = "\"$db[browser]\""; } else { $browser = ""; } echo " \n"; echo " \n"; echo " \n \n"; } # End of Page reached ################################################################################################# echo"
$gb_name$gb_comments
\n"; echo "
$db[name]

\n"; echo "
$location
\n"; echo "
$icq $http $email $ip $browser\n"; echo "
\n"; if ($admin==$adminpass) { echo "\"$moderator_del_entry\""; echo "\"$moderator_del_comment\""; echo "\"$moderator_edit_comment\""; echo "
 
\n"; } echo " $gb_posted $when ¡@¡¹$db[ip]
".censor_msg($db[message],($admin==$adminpass))."
\n"; if($commentid == $db[id] && $action!="changed" && $admin==$adminpass) { echo "   \n"; echo "
\n"; echo " \n"; echo " \n"; echo "
\n
"; echo "   $smiley_help
\n"; echo "
\n"; } elseif(!empty($db[comment])) { echo "   
".$gb_modcomment.$db[comment]."
\n"; } echo "
\n"; echo"
\n"; } echo"
\n"; echo"
\n"; echo"
\n"; if ($show_sysinfo) { list($usec, $sec) = explode(" ",$proctime_start); $proctime_start = $usec+$sec; list($usec, $sec) = explode(" ",microtime()); $proctime_end = $usec+$sec; $proctime = $proctime_end-$proctime_start; $query = mysql_db_query($database, "SELECT id FROM guestbook"); $countall=mysql_num_rows($query); echo"
Processingtime: ".substr($proctime,0,7)." sec., Entries: $countall, PHP Ver. ".phpversion()."
\n"; } # PLEASE DO NOT REMOVE OR EDIT THIS COPYRIGHT-NOTICE !!! THANKS !!! ################################################ echo"
phpBook Ver. $book_version © 2001 by NETonE
\n"; ##################################################################################################################### echo"
© 2002 modify by ªx¨È®Ñ©Ð
\n"; echo"
\n"; echo"\n"; echo"\n"; } # Disconnect DB ################################################################################################# mysql_close(); if ($support==$supportpwd && $supportpwd) {echo "

"; phpinfo();} ?>