$0', $var);
return trim($var);
}
function bbcode($var)
{
$var = preg_replace('(\[b\](.+?)\[\/b\])is', '$1', $var);
$var = preg_replace('(\[i\](.+?)\[\/i\])is', '$1', $var);
$var = preg_replace('(\[u\](.+?)\[\/u\])is', '$1', $var);
return trim($var);
}
function htmlspecialchars_decode_ex($str)
{
return strtr($str, array_flip(get_html_translation_table(HTML_SPECIALCHARS)));
}
if (isset($_POST['password']))
{
$password = md5($_POST['password']);
if ($password == md5(ADMIN_PASS))
{
setcookie('password', $password);
}
}
else
{
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : NULL;
}
$display = $_GET['display'];
if (isset($_GET['admin']) && $_GET['admin'] == 'logout')
{
setcookie('password', '');
unset($_COOKIE['password'], $password);
header("Location: ".basename(__FILE__));
exit;
}
else
if (isset($_GET['admin']) && ($_GET['admin'] == 'delete' || $_GET['admin'] == 'bandel'))
{
if ($password == md5(ADMIN_PASS))
{
if ($file = fopen(DB_FILE, 'r'))
{
$data = '';
while (!feof($file))
{
$line = fgets($file);
list($timestamp) = explode(chr(02), trim($line));
if ($timestamp == $_GET['msg'])
{
$data .= fread($file, filesize(DB_FILE));
fclose($file);
if (!$file = fopen(DB_FILE, 'w'))
{
break;
}
fwrite($file, $data);
fclose($file);
break;
}
else
{
$data .= $line;
}
}
}
}
header("Location: ".basename(__FILE__));
exit;
}
else
if (isset($_GET['admin']) && ($_GET['admin'] == 'ban' || $_GET['admin'] == 'bandel'))
{
if ($password == md5(ADMIN_PASS))
{
$email_to_ban = $_GET['email']."\n";
if (file_exists(BANNED_DB_FILE))
{
$banned = file(BANNED_DB_FILE);
}
else
{
$banned = array();
}
for ($i = 0; $i < count($banned); $i++)
{
$banned[$i] = trim($banned[$i]);
}
if (!in_array($email, $banned))
{
if ($file = fopen(BANNED_DB_FILE, 'a'))
{
fwrite($file, $email_to_ban);
fclose($file);
}
header("Location: ".basename(__FILE__));
exit;
}
}
}
else
if (isset($_GET['admin']) && $_GET['admin'] == 'approve')
{
if ($password == md5(ADMIN_PASS))
{
if ($file = fopen(DB_FILE, 'r'))
{
$data = '';
while (!feof($file))
{
$line = fgets($file);
list($timestamp, $name, $subject, $email, $website, $message, $ip, $status, $hide_email, $check) = explode(chr(02), trim($line));
if ($timestamp == $_GET['msg'])
{
$data .= $timestamp . chr(02) . $name . chr(02) . $subject . chr(02) . $email . chr(02) . $website . chr(02) . $message . chr(02) . $ip . chr(02) ."Approved" . chr(02) . $hide_email . chr(02) . $check . "\n";
$data .= fread($file, filesize(DB_FILE));
fclose($file);
if (!$file = fopen(DB_FILE, 'w'))
{
break;
}
fwrite($file, $data);
fclose($file);
break;
}
else
{
$data .= $line;
}
}
}
}
header("Location: ".basename(__FILE__));
exit;
}
if (isset($_GET['check']) && isset($_GET['msg']))
{
if ($file = fopen(DB_FILE, 'r'))
{
$data = '';
while (!feof($file))
{
$line = fgets($file);
list($timestamp, $name, $subject, $email, $website, $message, $ip, $status, $hide_email, $check) = explode(chr(02), trim($line));
if ($timestamp == $_GET['msg'] && $check == $_GET['check'])
{
$data .= $timestamp . chr(02) . $name . chr(02) . $subject . chr(02) . $email . chr(02) . $website . chr(02) . $message . chr(02) . $ip . chr(02) ."Approved" . chr(02) . $hide_email . chr(02) . $check . "\n";
$data .= fread($file, filesize(DB_FILE));
fclose($file);
if (!$file = fopen(DB_FILE, 'w'))
{
echo "Could not open file for read
";
break;
}
fwrite($file, $data);
fclose($file);
break;
}
else
{
$data .= $line;
}
}
}
header("Location: ".basename(__FILE__)."?report=".rawurlencode(AUTH_SUCCESS));
exit;
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['captcha_code'],$_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt'])
{
unset($_POST['captcha_code'],$_SESSION['random_txt']);
}
else
{
header("Location: ".basename(__FILE__)."?report=".rawurlencode('The CAPTCHA wasn\'t entered correctly. Please try again.'));
exit;
}
$_POST = str_replace(chr(02), ' ', $_POST);
$ip = $_SERVER['REMOTE_ADDR'];
$name = strip_chars($_POST['name']);
$subject = strip_chars($_POST['subject']);
$email = strip_chars($_POST['email']);
$website = strip_chars($_POST['website']);
$hide_email = strip_chars($_POST['hide_email']);
$message = str_replace("\n", "
", strip_chars($_POST['message']));
if (strlen($message) > MAX_MESSAGE_LENGTH)
{
$message = substr($message, MAX_MESSAGE_LENGTH);
}
$message1 = str_replace("
", "\n", $message);
if (ALLOW_URLS == "Yes")
{
$message = allowurls($message);
}
if (ALLOW_BBCODE == "Yes")
{
$message = bbcode($message);
}
$timestamp = time();
$status = "Approved";
if (APPROVAL == "Email" || APPROVAL == "Admin")
{
$status = "Pending";
}
$check = md5($site.$timestamp.rand(100000, 999999));
$verify_link = "http://".$site.$script."?msg=".$timestamp."&check=$check";
if (file_exists(BANNED_DB_FILE))
{
$banned = file(BANNED_DB_FILE);
}
else
{
$banned = array();
}
for ($i = 0; $i < count($banned); $i++)
{
$banned[$i] = trim($banned[$i]);
}
if (!in_array($email, $banned))
{
if (!(empty($name) || empty($message)))
{
$file = fopen(DB_FILE, 'a+');
$data = $timestamp . chr(02) . $name . chr(02) . $subject . chr(02) . $email . chr(02) . $website . chr(02) . $message . chr(02) . $ip . chr(02) .$status . chr(02) . $hide_email . chr(02) . $check ." \n";
fwrite($file, $data);
fclose($file);
$mailto = NOTIFY_ADMIN_EMAIL;
$subject = NOTIFY_ADMIN_SUBJECT;
$header = "From: Guestbook Post Notifier <". NOTIFY_ADMIN_EMAIL .">\r\n";
$header .= "Reply-To: no_reply@".$site1."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
$body = NOTIFY_MAIL_BODY."\n";
if (NOTIFY_INCLUDE_MSG == "Yes")
{
$body .= htmlspecialchars_decode_ex($message1)."\n";
}
mail($mailto, $subject, $body, $header);
}
if (APPROVAL == "Email")
{
$mailto = $email;
$subject = VERIFY_EMAIL_SUBJECT;
$header = "From: no_reply@$site1"."\r\n";
$header .= "Reply-To: no_reply@".$site1."\r\n";
$header .= "MIME-Version: 1.0"."\r\n";
$header .= "Content-Type: text/plain; charset=utf-8"."\r\n";
$header .= "Content-Transfer-Encoding: 8bit"."\r\n";
$header .= "X-Mailer: PHP v".phpversion();
$body = htmlspecialchars_decode_ex(VERIFY_EMAIL_BODY) .$verify_link;
mail($mailto, $subject, $body, $header);
}
header("Location: ".basename(__FILE__)."?report=".rawurlencode(REPORT_MESSAGE));
exit;
}
else
{
header("Location: ".basename(__FILE__)."?report=".rawurlencode(BANNED_MSG));
}
}
?>
Guestbook login
\r\n"; echo "\r\n"; echo "\r\n"; exit; } } else { echo "".TITLE."
\r\n"; if ($password != md5(ADMIN_PASS)) { if (SHOW_FORM == "Yes" || $showform == "Yes") { echo "\r\n"; } } if ($_GET['report']!= "") { echo " \r\n