The Easy PHP Guestbook ";// editing of the powered by lines is not allowed $pwb2="Powered by the The Easy PHP Guestbook ";// editing of the powered by lines is not allowed $conf_file="include/conf.php"; //the configuration file include $conf_file; include $used_language; include "include/classes.php";include "include/functions.php"; include "include/mixvar.php";include "include/html/forms.php";include "include/html/mix_html.php"; $date=EncodeMessage($date); //if (preg_match("/cellbiol/",$thegb)>0){echo "you are cheating

";} $create_post_array='$post_array=array("post_id"=>$post_id,"name"=>$name,"email"=>$email,"message"=>$message,"date"=>$date,"ip_addr"=>$ip_addr,"show_email"=>$show_email,"show_message"=>$show_message,"approved"=>$approved);'; $login_header=$login_style."".$gbook_title."


"; $login_footer="

$powby
"; # Checking if logfile and posts file are there. If not, create them if (file_exists($logfile) == false){$fp = fopen($logfile,"w");fclose($fp);} if (file_exists($posts_file) == false){$fp = fopen($posts_file,"w");fclose($fp);} # GETTING THE VARIABLES POSTED THROUGH THE FORM(S)$powered="Powered by the The Easy PHP Guestbook"; $show_email="yes"; if($_POST['show_email']){$show_email=$_POST['show_email'];} $show_message="yes"; if($_POST['name']){$name=$_POST['name'];$name = CleanName($name);} if($_POST['email']){$email=$_POST['email']; $email = CleanName($email);} if($_POST['message']) { $message=$_POST['message']; # MESSAGE $message = trim($message); $message=stripslashes($message); $message=EncodeMessage($message); $message=ConvertToHtml ($message); if (preg_match('//'.i,$message)==1 AND preg_match('/<\/B>/'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==1 AND preg_match('/<\/i>/'.i,$message)==0){$message=$message."";} } if($_POST['task']){$task=$_POST['task'];} elseif($_GET['task']){$task=$_GET['task'];} if($_POST['adpass']){$posted_pass=trim($_POST['adpass']);} if($_POST['imgverify']){$imgverify=$_POST['imgverify'];} if($_POST['random']){$random=$_POST['random'];$random = trim($random);} if($_POST['post_id']){$post_id=$_POST['post_id'];} # POST ID if($_GET['post_id']){$post_id=$_GET['post_id'];} if($_POST['approved']){$approved=$_POST['approved'];} $gb=new Guestbook; //$gb->BuildMenus(); //#######//#######//#######//TASKS START HERE//#######//#######//#######//#######//####### if ($task=="postnm"){ # from the form in the html guestbook postnm=post new message $home_url="http:\/\/www.cellbiol.com\/scripts\/free_php_guestbook\/free_php_guestbook.html"; $home_url2="http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html"; # a function that updates the html guestbook file based on the flatfile $g_content=file_get_contents($gbook_name); $temp1=preg_split('/'.$home_url.'/',$g_content); if (count($temp1)==1){die("Please link to the Official Easy PHP Guestbook page in order to use this script. See the readme file licence section for details.

You can avoid linking to us by getting the Enhanced version");} # Checking for missing name or message if ($name==''){die($nam_field_empty);}# the script stops if the name is missing if (count($name)>40){die ("The name is too long");} if (count($email)>40){die ("The e-mail is too long");} if ($message==''){die($mes_field_empty);}# the script stops if the message is missing # Checking the overall message length if (strlen($message)>$max_message_length){die ($mes_too_long);} # CHECKING FOR TOO LONG WORDS THAT COULD BREAK THE PAGE DESIGN if (CheckLongWords($message, $max_word_length)==0){die ($mes_word_too_long);} ##### CHECK TO SEE IF THE POSTER IS ADMIN #### elseif ($enable_image_verification_step==1){ if ($use_sessions==1){session_unset();session_start();} $new_string=CreateCaptchaImage(); if ($use_sessions==1){$_SESSION['new_string'] = $new_string;} elseif ($use_sessions==0) {$fp = fopen('temp_code.txt', "w");$write = fputs($fp, $new_string);fclose($fp);} echo "$captcha_pag_title$nocache_meta"; echo "".$gbook_title."


"; echo "

"; echo "$type_captcha_code

$important:
$captcha_pag_warn"; eval("\$captcha_form = \"$captcha_form\";"); echo $captcha_form; echo "



$powby
"; echo ""; } elseif ($enable_image_verification_step==0){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 OR $check_mail==0 OR $check_message==0 OR $check_ip==0){$check=0;} if ($check==1){ $approved="yes"; $post_id=GetNextAvailableId($posts_file); //eval ($create_post_array); $post_array=array(); $post_array["post_id"]=$post_id; $post_array["email"]=$email; $post_array["name"]=$name; $post_array["message"]=$message; $post_array["date"]=$date; $post_array["ip_addr"]=$ip_addr; $post_array["show_email"]=$show_email; $post_array["show_message"]=$show_message; $post_array["approved"]=$approved; echo "Processing post...

"; $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $message=$post->RemoveBreaks($message); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } echo($confirm); } else{ echo($confirm2); if ($sendmail_onspam==1){ eval("\$email_mssg2 = \"$email_mssg2\";"); msendmail($gbook_email,$admin_email,$email_subj2,$email_mssg2); } } } # end "if captcha disabled" } # END if task=postnm elseif ($task=="ShowPendingMessages"){ echo "The posts moderation mode is only available in the Enhanced version"; } elseif ($task=="approve"){ echo "The posts moderation mode is only available in the Enhanced version"; } elseif ($task=="ShowPrivatePost") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPrivatePost($post_id); } else { echo "

Password:

";} } elseif ($task=="captchaverify"){ # from the form to verify the ability to read the captcha if ($use_sessions==1){ session_start(); if ($_SESSION['new_string'] == $random){$verif=1;} else{$verif=0;} $_SESSION['new_string']=""; session_destroy(); } elseif($use_sessions==0){ $the_code=trim(file_get_contents('temp_code.txt')); unlink('temp_code.txt'); if ($the_code == $random){$verif=1;} else{$verif=0;} } if ($verif==1){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 or $check_mail==0 or $check_message==0 or $check_ip==0){$check=0;} if ($check==1){ $post_id=GetNextAvailableId($posts_file); $approved="yes"; //$post_id=GetNextAvailableId($posts_file); //eval ($create_post_array); $post_array=array(); $post_array["post_id"]=$post_id; $post_array["email"]=$email; $post_array["name"]=$name; $post_array["message"]=$message; $post_array["date"]=$date; $post_array["ip_addr"]=$ip_addr; $post_array["show_email"]=$show_email; $post_array["show_message"]=$show_message; $post_array["approved"]=$approved; echo "Processing post...

"; $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } echo($confirm); } elseif ($check==0){echo($confirm2);} } else{ echo($confirm2); } } elseif ($task=="show"){ # from the form to access the admin section session_start(); $adm_check=0; if ($posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass; $adm_check=1;} elseif ($_SESSION['adm_pass']==$admin_pass){$adm_check=1;} if($adm_check==1){echo $admin_pag_style.$admin_home_line_1.$admin_navigation.$admin_home_line_2;} else{ echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } # END if task=show elseif ($task=="del_edit"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass;$gb->CreateDelEditPage(); die();} else{ echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="delete"){ # from the admin section, call to delete a post session_start(); if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $gb->DeletePost($post_id); die ($post_num_lang." ".$post_id." ".$del_success_lang.'!'.$deledit_redir); } else{ echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="edit"){ # from the admin section, call to edit a post and show the editing form echo "Posts editing is only available in the Easy PHP Guestbook Enhanced version. Get it now at cellbiol.com"; } elseif ($task=="modify"){ # from the message editing form, call to proceed to the modifications and update the posts flatfile and guestbook file echo "Posts editing is only available in the Easy PHP Guestbook Enhanced version. Get it now at cellbiol.com"; } elseif ($task=="adm_logout"){ session_start(); $_SESSION['adm_pass']=''; session_destroy(); echo ''; } elseif ($task=="configure") # creation/editing of the configuration file { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $conf_file=file("include/conf.php"); foreach($conf_file as $value) { if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;} } $fs_splitted=preg_split('/forbidden_strings=array\(/',$forbidden_strings_line); $fs_value=$fs_splitted[1]; $fs_splitted=preg_split('/\);/',$fs_value); $fs_value=$fs_splitted[0]; foreach($conf_file as $value) { if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;} } $bi_splitted=preg_split('/banned_ips=array\(/',$banned_ips_line); $bi_value=$bi_splitted[1]; $bi_splitted=preg_split('/\);/',$bi_value); $bi_value=$bi_splitted[0]; $p_template=preg_split('/##prime##/',$p_template); $p_template=implode("'",$p_template); $p_template=preg_split('/##apostrophe##/',$p_template); $p_template=implode('"',$p_template); if ($enable_image_verification_step=="0"){$option1_imgverif="0";$option2_imgverif="1";$option_right1="no";$option_right2="yes";} elseif ($enable_image_verification_step=="1"){$option1_imgverif="1";$option2_imgverif="0";$option_right1="yes";$option_right2="no";} #echo $admin_pag_style; echo ' Guestbook configuration page '; echo $admin_page_style2; echo ''.$admin_navigation.''; eval("\$gb_config_form = \"$gb_config_form\";"); echo $gb_config_form; //outputting the guestbook configuration form } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="edit_config") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);} $_SESSION['adm_pass']=$admin_pass; if ($powby!=$pwb2){$hv=1;} if($_POST['gbook_title']){$gbook_title=trim($_POST['gbook_title']);} if($_POST['gbook_name']){$gbook_name=trim($_POST['gbook_name']);} if($_POST['gbook_url']){$gbook_url=trim($_POST['gbook_url']);} if($_POST['admin_email']){$admin_email=trim($_POST['admin_email']);} if($_POST['gbook_email']){$gbook_email=trim($_POST['gbook_email']);} if($_POST['sendmail_onpost']){$sendmail_onpost=trim($_POST['sendmail_onpost']);} if($_POST['max_message_length']){$max_message_length=trim($_POST['max_message_length']);} if($_POST['max_word_length']){$max_word_length=trim($_POST['max_word_length']);} $enable_image_verification_step=$_POST['enable_image_verification_step']; if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);} if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);} if($_POST['p_template']){ $p_template=trim($_POST['p_template']); $p_template=preg_split("/'/",$p_template); $p_template=implode("##prime##",$p_template); $p_template=preg_split('/"/',$p_template); $p_template=implode("##apostrophe##",$p_template); } if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ if($_POST['forbidden_strings']){$forbidden_strings=stripslashes(trim($_POST['forbidden_strings']));} if($_POST['banned_ips']){$banned_ips=stripslashes(trim($_POST['banned_ips']));} if($_POST['p_template']){ $p_template=stripslashes(trim($_POST['p_template'])); $p_template=preg_split("/'/",$p_template); $p_template=implode("##prime##",$p_template); $p_template=preg_split('/"/',$p_template); $p_template=implode("##apostrophe##",$p_template); } } } if($_POST['used_language']){$used_language=trim($_POST['used_language']);} if($_POST['posts_file_name']){$posts_file_name=trim($_POST['posts_file_name']);} if($_POST['logfile_name']){$logfile_name=trim($_POST['logfile_name']);} $thegb=file_get_contents($gbook_name); //if (preg_match("/\<.--.*?\s*?.*?[^--].*?\s*?.*?l\.c.{4,4}c.{10,10}_/",$thegb)>0){$config="";} //else { $config= 'UpdateHTMLFile(); echo ''; } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="update_posts_file"){ function ConvertEncoded($string){ $string=preg_split('/&&&&##/',$string);//converting semicolons $string=implode("##semicolon##",$string); $string=preg_split('/###&##/',$string);//converting primes $string=implode("##prime##",$string); $string=preg_split('/##&&##/',$string);//converting semicolons $string=implode("##apostrophe##",$string); $string=preg_split('/#&####/',$string);//converting colons $string=implode("##colon##",$string); return $string; } session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; #Checking format $pf=file("posts/posts.txt"); #Checking format $temp=preg_split('/;/',$pf[0]); $temp2=preg_split('/:/',$temp[0]); if ($temp2[0] == "post_id"){ echo "grabbed posts file (new format detected...)

"; $posts_array=FlatfileToArray("posts/posts.txt"); echo "Posts array created...

"; $temp=array(); foreach ($posts_array as $post_array){ echo "pluto

"; foreach ($post_array as $key => $val){ $val=ConvertEncoded($val); $post_array["$key"]=$val; } $post_id=$post_array["post_id"]; echo "Post_id: $post_id. Post converted...

"; $temp[]=$post_array; } ArrayToFlatfile($temp,"posts/posts.txt"); echo "The flat file was in a recent format and was updated correctly

"; } else{ echo "grabbed posts file (old format detected...)

"; $posts2=array(); foreach ($pf as $post){ $post_array1=preg_split('/;/',$post); $post_array2=array(); foreach ($post_array1 as $item){$item=ConvertEncoded($item);$post_array2[]=$item;} $post_array1=$post_array2; echo "post splitted

"; $string="post_id:$post_array1[0];ip_addr:$post_array1[1];name:$post_array1[2];email:$post_array1[3];date:".EncodeMessage($post_array1[4]).";message:".trim($post_array1[5]).";show_email:yes;show_message:yes\n"; $posts2[]=$string; } $fp = fopen("posts/posts.txt", "w"); echo "file opened

"; foreach ($posts2 as $line){ $write = fputs($fp, $line); } fclose($fp); echo "The flat file was in the old format and was updated correctly

"; } } else { echo " $login_style $login_header Wrong password or session expired

Password:

$login_footer "; } } else {die ("unrecognised call");} ?>