The Easy PHP Guestbook ®";// editing of the powered by lines is not allowed $pwb2="Powered by the The Easy PHP Guestbook ®";// editing of the powered by lines is not allowed $conf_file="include/conf.php"; //the configuration file include $conf_file; include $used_language; include "include/classes.php";include "include/functions.php"; include "include/mixvar.php";include "include/html/forms.php";include "include/html/mix_html.php"; $date=EncodeMessage($date); $create_post_array='$post_array=array("post_id"=>$post_id,"name"=>$name,"email"=>$email,"message"=>$message,"date"=>$date,"ip_addr"=>$ip_addr,"show_email"=>$show_email,"show_message"=>$show_message,"approved"=>$approved);'; $login_header=$login_style."".$gbook_title."
"; $login_footer="

$powby"; # Checking if logfile and posts file are there. If not, create them if (file_exists($logfile) == false){$fp = fopen($logfile,"w");fclose($fp);} if (file_exists($posts_file) == false){$fp = fopen($posts_file,"w");fclose($fp);} # GETTING THE VARIABLES POSTED THROUGH THE FORM(S) $show_email="yes"; if($_POST['show_email']){$show_email=$_POST['show_email'];} $show_message="yes"; if($_POST['show_message']){$show_message=$_POST['show_message'];} if($_POST['name']){$name=$_POST['name'];$name = CleanName($name);} if($_POST['email']){$email=$_POST['email']; $email = CleanName($email);} if($_POST['message']) { $message=$_POST['message']; # MESSAGE $message = trim($message); $message=stripslashes($message); $message=EncodeMessage($message); $message=ConvertToHtml ($message); if (preg_match('//'.i,$message)==1 AND preg_match('/<\/B>/'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==1 AND preg_match('/<\/i>/'.i,$message)==0){$message=$message."";} } if($_POST['task']){$task=$_POST['task'];} elseif($_GET['task']){$task=$_GET['task'];} if($_POST['adpass']){$posted_pass=trim($_POST['adpass']);} if($_POST['imgverify']){$imgverify=$_POST['imgverify'];} if($_POST['random']){$random=$_POST['random'];$random = trim($random);} if($_POST['post_id']){$post_id=$_POST['post_id'];} # POST ID if($_GET['post_id']){$post_id=$_GET['post_id'];} if($_POST['approved']){$approved=$_POST['approved'];} $gb=new Guestbook; session_start(); //$gb->BuildMenus(); //#######//#######//#######//TASKS START HERE//#######//#######//#######//#######//####### if ($task=="postnm"){ # from the form in the html guestbook postnm=post new message # Checking for missing name or message if ($name==''){die($nam_field_empty);}# the script stops if the name is missing if (count($name)>40){die ("The name is too long");} if (count($email)>40){die ("The e-mail is too long");} if ($message==''){die($mes_field_empty);}# the script stops if the message is missing # Checking the overall message length if (strlen($message)>$max_message_length){die ($mes_too_long);} # CHECKING FOR TOO LONG WORDS THAT COULD BREAK THE PAGE DESIGN if (CheckLongWords($message, $max_word_length)==0){die ($mes_word_too_long);} ##### CHECK TO SEE IF THE POSTER IS ADMIN #### $resnam_array=array(); $resnam_array[]=$reserved_name; #$resnam_array[]="another name"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate #$resnam_array[]="Alexander"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate $check_name=CheckForForbidden($name,$resnam_array); #if ($name==$reserved_name and $activate_res_name==1){ if ($check_name==0 and $activate_res_name==1){ eval("\$adm_verif_form = \"$admin_verif_form\";"); echo $adm_verif_form; } elseif ($enable_image_verification_step==1){ if ($use_sessions==1){session_unset();session_start();} $new_string=CreateCaptchaImage(); if ($use_sessions==1){$_SESSION['new_string'] = $new_string;} elseif ($use_sessions==0) {$fp = fopen('temp_code.txt', "w");$write = fputs($fp, $new_string);fclose($fp);} echo "$captcha_pag_title$nocache_meta"; echo ""; echo $login_header; echo "

"; echo "$type_captcha_code

$important:
$captcha_pag_warn"; eval("\$captcha_form = \"$captcha_form\";"); echo $captcha_form; echo $login_footer; echo ""; } elseif ($enable_image_verification_step==0){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 OR $check_mail==0 OR $check_message==0 OR $check_ip==0){$check=0;} if ($check==1){ if ($moderation_active=="yes"){$approved="no";} else{$approved="yes";} $post_id=GetNextAvailableId($posts_file); eval ($create_post_array); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $message=$post->RemoveBreaks($message); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ if ($moderation_active=="no"){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } elseif ($moderation_active=="yes"){ eval("\$email_mssg1 = \"$email_mssg3\";"); msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1); } } echo($confirm); } else{ echo($confirm2); if ($sendmail_onspam==1){ eval("\$email_mssg2 = \"$email_mssg2\";"); msendmail($gbook_email,$admin_email,$email_subj2,$email_mssg2); } } } # end "if captcha disabled" } # END if task=postnm elseif ($task=="ShowPendingMessages"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPendingMessages(); } else { echo " $login_style $login_header

Password:

$login_footer "; } } elseif ($task=="approve"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ApprovePost($post_id); echo $show_pending_redir; } else { echo " $login_style $login_header Password:

$login_footer "; } } elseif ($task=="ShowPrivatePost") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPrivatePost($post_id); } else { echo " $login_style $login_header Password:

$login_footer ";} } elseif ($task=="captchaverify"){ # from the form to verify the ability to read the captcha if ($use_sessions==1){ session_start(); if ($_SESSION['new_string'] == $random){$verif=1;} else{$verif=0;} $_SESSION['new_string']=""; session_destroy(); } elseif($use_sessions==0){ $the_code=trim(file_get_contents('temp_code.txt')); unlink('temp_code.txt'); if ($the_code == $random){$verif=1;} else{$verif=0;} } if ($verif==1){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 or $check_mail==0 or $check_message==0 or $check_ip==0){$check=0;} if ($check==1){ $post_id=GetNextAvailableId($posts_file); if ($moderation_active=="yes"){$approved="no";} else{$approved="yes";} $post_id=GetNextAvailableId($posts_file); eval ($create_post_array); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ if ($moderation_active=="no"){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } elseif ($moderation_active=="yes"){ eval("\$email_mssg1 = \"$email_mssg3\";"); msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1); } } echo($confirm); } elseif ($check==0){echo($confirm2);} } else{ echo($confirm2); } } elseif ($task=="adminverify"){ # from the form with the password check if the admin is authorized to post a message (if the password is right) if ($adpass==$admin_pass){ $approved="yes"; $post_id=$gb->GetNextAvailableId(); eval ($create_post_array); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); writelog($logfile,$post_log); echo($confirm); } else{die($wrong_pass);} } elseif ($task=="show"){ # from the form to access the admin section session_start(); $adm_check=0; if ($posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass; $adm_check=1;} elseif ($_SESSION['adm_pass']==$admin_pass){$adm_check=1;} if($adm_check==1){echo $admin_pag_style.$admin_home_line_1.$admin_navigation.$admin_home_line_2;} else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } # END if task=show elseif ($task=="del_edit"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->CreateDelEditPage(); die(); } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="delete"){ # from the admin section, call to delete a post session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->DeletePost($post_id); die ($post_num_lang." ".$post_id." ".$del_success_lang.'!'.$deledit_redir); } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="edit"){ # from the admin section, call to edit a post and show the editing form session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; echo "

$editing_p_num $post_id

\n"; $post_array=$gb->GetPost($post_id); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); $string=$post->SetVariablesFromPostArray(); eval($string); $message=$post->DecodeMessage($message); eval("\$post_edit_form = \"$post_edit_form\";"); die ($post_edit_form); }# end of "if password is right" block else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="modify"){ # from the message editing form, call to proceed to the modifications and update the posts flatfile and guestbook file session_start(); if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; eval ($create_post_array); $gb->ReplacePost($post_array); echo "$post_num_lang $post_id $edited_ok_lang $deledit_redir"; die(); }# end of "if password is right" block else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="adm_logout"){ session_start(); $_SESSION['adm_pass']=''; session_destroy(); echo ''; } elseif ($task=="configure") # creation/editing of the configuration file { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $conf_file=file("include/conf.php"); foreach($conf_file as $value) { if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;} } $fs_splitted=preg_split('/forbidden_strings=array\(/',$forbidden_strings_line); $fs_value=$fs_splitted[1]; $fs_splitted=preg_split('/\);/',$fs_value); $fs_value=$fs_splitted[0]; foreach($conf_file as $value) { if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;} } $bi_splitted=preg_split('/banned_ips=array\(/',$banned_ips_line); $bi_value=$bi_splitted[1]; $bi_splitted=preg_split('/\);/',$bi_value); $bi_value=$bi_splitted[0]; if ($moderation_active=="yes"){$option1_modact="yes";$option2_modact="no";} if ($moderation_active=="no") {$option1_modact="no";$option2_modact="yes";} if ($enable_image_verification_step=="0"){$option1_imgverif="0";$option2_imgverif="1";$option_right1="no";$option_right2="yes";} elseif ($enable_image_verification_step=="1"){$option1_imgverif="1";$option2_imgverif="0";$option_right1="yes";$option_right2="no";} #echo $admin_pag_style; echo ' Guestbook configuration page '; echo $admin_page_style2; echo ''.$admin_navigation.''; echo '

Guestbook configuration page

VariableValue
Comments
    Essential values to be set before the first run
Guestbook page name The name of the guestbook html file. If you are not using the provided template, you should have inserted a snippet of code in this page, as per readme file instructions. This is the page where the posted message will end-up. This file should have at least a 666 permission (read/write permission for all users)
Guestbook URL The full URL of your guestbook html page
Administrator e-mail address The address where e-mails notices are sent to, for example when a new post is made: the e-mail of the owner of the guestbook
Guestbook e-mail address The address that will be in the FROM field of the e-mails sent by this script
Administrator password We strongly suggest that you change the default password to your own
Posts File For additional security and privacy you should change the name of this file to something else. We suggest you keep a .txt extension though. After configuration you will find this file in the '.$posts_dir.' directory in the main folder. If you are unsure just leave it as it is.
Log File For additional security and privacy you should change the name of this file to something else. We suggest you keep a .txt extension though. After configuration you will find this file in the '.$posts_dir.' directory in the main folder. If you are unsure just leave it as it is.
Other variables
Guestbook title A smart title that describes your guestbook
Moderation mode active If set to yes, each message will have to be approved by admin before it is actually posted. When a new message is posted admin gets a notification e-mail with a link to login to the pending messages tab in the admin section, where pending messages can be approved or deleted
Posts per page The number of posts per page. Every time a multiple of this number is reached, a new page is created. If you want all the posts in a single page you can set this very high (like 10000). This can also be useful if you want to transiently move all the posts to a single page and then save this as an archive page. You can then revert to the usual number of pages by resetting the number to the usual one (tipically 10-30 posts per page)
Use reserved name Enables the protection of one name (for posting on the guestbook) with the admin password. This reserved name is set on the next variable.
Reserved name Enter here the name you use to post on your guestbook. If a post is made with the reserved name, the captcha step is replaced by a verification with the admin password. Case does not matters, any post with a name that matches the reserved name, irrespective of upper/lower case is subjected to admin password verification.

Tip: if the "use reserved name" variable is set to yes and the reserved name is left blank, any post made with any name will require admin password verification. This is an effective way to "lock" the guestbook if needed
Forbidden strings Please note: each word, phrase or regular expression is included within quotation marks and separated by the next by a comma: "word1","word2" etc.. You should take great care to respect these rules, otherwise the script could stop working.
Many offensive words are included in this list as well as the most "dangerous" html tags and script tags. If you still get annoying messages, you can add more words, phrases, regular expressions here.
Maybe you are instead very permissive on your guestbook and you think that this list is too strict: please remove stuff from here. We suggest that you at least leave the ban on dangerous html tags such iframe and script tags for example, as if you don\'t you might have some unpleasant surprises one day. As the list is now it should give a reasonable \'average\' protection acceptable for most guestbooks, however you are in control here.
Banned IPs List here the IP addresses you wish to ban. Each IP is included within quotation marks and separated by the next by a comma. You should take great care to respect these rules, otherwise the script could stop working.
You can ban entire classes/sets of ip addresses by listing the initial numbers only: if you include a partial IP (example: "122.131"), all the IP addresses starting with these numbers will be banned.
Send e-mail on post If set to yes, on each post an e-mail will be sent to the guestbook administrator with full post details
Enable CAPTCHA verification If set to yes (recommended), your guestbook will be protected by spam bots
Mex message length The maximum number of characters allowed in the message field
Max word length The maximum length, in characters, of a word in the message. Required to prevent users from breaking the layout of your website by posting a very long word
Used language Specify here the language to be used in the public part of the guestbook. This is based on text files that contain the translations of the words and sentences used throughout the guestbook, including warning messages. You can build your own \'language file\': create a folder in include/lang for your language and put inside a translation of the lang.php file that you can find in the existing directories in lang. Then look for the following line in php_guestbook.php file (it\'s toward the end of the file): <OPTION VALUE=include/lang/ita/lang.php>Italian and add a new line for your new language.
Additional pages name The name that will be given to the pages created by the guestbook (a new page is created each time the last page is filled up according to the "posts per page" variable). This name will be followed by progressive numbers (for example page_2.html, page_3.html etc..). The name of the very first page, the original guestbook html page, will remain as it was, it won\'t be affected by this setting
Navigation menu spacer The spacer used in the menu on the guestbook page to navigate the different pages. This spacer will separate, in this menu, the links to the pages. You cannot use semicolons (;) here, or in any other variable in this page as this will \'break\' the guestbook! In this variable spaces ( ) are allowed and matter: " - " is different from " -" for example. If you are unsure, just leave it as it is.
Posts template If you know some html you can edit the posts template here, otherwise you might probably leave this alone. This determines how the name, email and message will look like/are arrange on the guestbook page. The variables ending in _lang are the language variables for name, email and message. Their value change with the selected language. The other variables are replaced by the actual name, e-mail and message for each post.


Powered by the Easy PHP Guestbook
'; } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="edit_config") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);} $_SESSION['adm_pass']=$admin_pass; if($_POST['gbook_title']){$gbook_title=trim($_POST['gbook_title']);} if($_POST['gbook_name']){$gbook_name=trim($_POST['gbook_name']);} if($_POST['gbook_url']){$gbook_url=trim($_POST['gbook_url']);} if($_POST['admin_email']){$admin_email=trim($_POST['admin_email']);} if($_POST['gbook_email']){$gbook_email=trim($_POST['gbook_email']);} if($_POST['reserved_name']){$reserved_name=trim($_POST['reserved_name']);} if($_POST['activate_res_name']){$activate_res_name=trim($_POST['activate_res_name']);} if($_POST['posts_per_page']){$posts_per_page=trim($_POST['posts_per_page']);} if($_POST['sendmail_onpost']){$sendmail_onpost=trim($_POST['sendmail_onpost']);} if($_POST['max_message_length']){$max_message_length=trim($_POST['max_message_length']);} if($_POST['max_word_length']){$max_word_length=trim($_POST['max_word_length']);} $enable_image_verification_step=$_POST['enable_image_verification_step']; if($_POST['additional_pages_name']){$additional_pages_name=trim($_POST['additional_pages_name']);} if($_POST['menu_spacer']){$menu_spacer=$_POST['menu_spacer'];} # this one must not be trimmed! if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==0){ if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);} if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);} if($_POST['p_template']){$p_template=trim($_POST['p_template']);} } elseif ($mq==1){ if($_POST['forbidden_strings']){$forbidden_strings=stripslashes(trim($_POST['forbidden_strings']));} if($_POST['banned_ips']){$banned_ips=stripslashes(trim($_POST['banned_ips']));} if($_POST['p_template']){$p_template=stripslashes(trim($_POST['p_template']));} } } else{ if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);} if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);} if($_POST['p_template']){$p_template=trim($_POST['p_template']);} } if($_POST['used_language']){$used_language=trim($_POST['used_language']);} if($_POST['posts_file_name']){$posts_file_name=trim($_POST['posts_file_name']);} if($_POST['logfile_name']){$logfile_name=trim($_POST['logfile_name']);} if($_POST['moderation_active']){$moderation_active=trim($_POST['moderation_active']);} $config= 'UpdateHTMLFile(); echo ''; } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } elseif ($task=="update_posts_file"){ function ConvertEncoded($string){ $string=preg_split('/&&&&##/',$string);//converting semicolons $string=implode("##semicolon##",$string); $string=preg_split('/###&##/',$string);//converting primes $string=implode("##prime##",$string); $string=preg_split('/##&&##/',$string);//converting semicolons $string=implode("##apostrophe##",$string); $string=preg_split('/#&####/',$string);//converting colons $string=implode("##colon##",$string); return $string; } session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; #Checking format $pf=file("posts/posts.txt"); #Checking format $temp=preg_split('/;/',$pf[0]); $temp2=preg_split('/:/',$temp[0]); if ($temp2[0] == "post_id"){ echo "grabbed posts file (new format detected...)

"; $posts_array=FlatfileToArray("posts/posts.txt"); echo "Posts array created...

"; $temp=array(); foreach ($posts_array as $post_array){ echo "pluto

"; foreach ($post_array as $key => $val){ $val=ConvertEncoded($val); $post_array["$key"]=$val; } $post_id=$post_array["post_id"]; echo "Post_id: $post_id. Post converted...

"; $temp[]=$post_array; } ArrayToFlatfile($temp,"posts/posts.txt"); echo "The flat file was in a recent format and was updated correctly

"; } else{ echo "grabbed posts file (old format detected...)

"; $posts2=array(); foreach ($pf as $post){ $post_array1=preg_split('/;/',$post); $post_array2=array(); foreach ($post_array1 as $item){$item=ConvertEncoded($item);$post_array2[]=$item;} $post_array1=$post_array2; echo "post splitted

"; $string="post_id:$post_array1[0];ip_addr:$post_array1[1];name:$post_array1[2];email:$post_array1[3];date:".EncodeMessage($post_array1[4]).";message:".trim($post_array1[5]).";show_email:yes;show_message:yes\n"; $posts2[]=$string; } $fp = fopen("posts/posts.txt", "w"); echo "file opened

"; foreach ($posts2 as $line){ $write = fputs($fp, $line); } fclose($fp); echo "The flat file was in the old format and was updated correctly

"; } } else { echo " $login_style $login_header Wrong password or session exipred

Password:

$login_footer "; } } //end upgrade posts file else {die ("unrecognised call");} ?>