name = $guestbookfile; $gb->server = $db_server; $gb->login = $db_login; $gb->password = $db_password; $gb->database = $db_database; $gb->init(); $bf = new mysql; $bf->name = $blocking_file; $bf->server = $db_server; $bf->login = $db_login; $bf->password = $db_password; $bf->database = $db_database; $bf->init(); } if ( $data_source == "csvfile" ) { // include class for csv-textfile support require ( "csvfile.inc.php" ); // prepare object for file access $gb = new csvfile; $gb->name = $guestbookfile; $gb->init(); $bf = new csvfile; $bf->name = $blocking_file; $bf->init(); } ?> Toegang geweigerd!

"; exit("Sorry, maar u heeft geen toegang tot deze site!."); } if ($REMOTE_ADDR == "") { echo "

Toegang geweigerd!

"; exit("Sorry, maar u heeft geen toegang tot deze site!."); } if ($REMOTE_ADDR == "") { echo "

Toegang geweigerd!

"; exit("Sorry, maar u heeft geen toegang tot deze site!."); } ?> <?php echo strip_tags($htmltitle); ?>

 

append( $dummy ); } function check_ip( ) // Task: checks whether the ip address of the surfer is invalid // // Input: none // // Output: none { global $_like_you_anyway, $bf, $REMOTE_ADDR; $stamp = gmmktime(); $max = $bf->entries(); $search_pattern = array(); $search_pattern["ip"] = $REMOTE_ADDR; $position = $bf->find_entry( $search_pattern ); if ( $position < $max ) { $entry = array(); $bf->get_entry( $position, $entry ); // does the visitor try to spam the guestbook? if ( ($entry["ip"] == $REMOTE_ADDR ) and ($stamp <= $entry["timestamp"]) ) { echo $_like_you_anyway; exit(); } } } function email_notification( $ddate, $ttime, $ip, $name, $mail, $msg, $key ) // Task: notifies the webmaster by e-mail if a new guestbook entry was made // // Input: none // // Output: none { global $administrator_address, $_new_entry, $_permit, $_delete, $_change, $_guestbook, $guestbook_id, $SERVER_NAME, $SCRIPT_NAME, $gmt_ofs, $language, $_guestbook_admin_tool, $quick_admin; $mailheader = trim( "From: ".$_guestbook." \n" . "Reply-To: jax_guestbook@".$SERVER_NAME."\n" . "X-Mailer: PHP " . phpversion() ); // shortens the pathname by scriptname $script_path_dummy = explode( "/", $SCRIPT_NAME ); unset ( $script_path_dummy[ count( $script_path_dummy ) - 1 ] ); $admin_script_url = "http://" . $SERVER_NAME . implode("/",$script_path_dummy ) . "/admin/guestbook.admin.php?action=list&guestbook_id=$guestbook_id&gmt_ofs=$gmt_ofs&language=$language"; $gb_url = "http://".$SERVER_NAME.$SCRIPT_NAME .'?guestbook_id='.$guestbook_id; if ($quick_admin) { $message = trim( "$_new_entry\n\n$gb_url\n\n"."$name ($mail) - $ddate / $ttime\n\n" . $msg . "\n\n" . $_permit.":\n".$admin_script_url."&action=enable&id=$key\n\n" . $_delete.":\n".$admin_script_url."&action=delete&id=$key\n\n" . $_change.":\n".$admin_script_url."&action=edit&id=$key\n" ); } else $message = trim( $_new_entry."\n\n".$gb_url." !\n\n".$_guestbook_admin_tool." :\n".$admin_script_url."\n" ); $subject = trim( $_new_entry."\n" ); $email = trim( $administrator_address ); @mail( $email, $subject, $message, $mailheader ); } function wrap_words( $bad_text, $max_chars ) // Task: Forces line and word wraps in the text // // Input: $bad_text -> the Text // $max_chars -> maximum of chars each line // // Output: $nice_text -> the "clean" text { $lines = explode( " ", $bad_text ); $nice_text = ""; for ( $i=0; $i < count($lines); $i++ ) { if ( strlen($lines[$i]) > $max_chars ) { $lines[$i] = chunk_split( $lines[$i], $max_chars , " " ); } $nice_text .= $lines[$i]." "; } return $nice_text; } function clean_html_input( $bad_text, $len ) // Task: cleans HTML form input (removes tags and cuts oversize) // // Input: $bad_text -> the html form input text // $len -> maximum length of the input text // Output: $nice_text -> the "clean" input text { $nice_text = strip_tags( $bad_text ); // Shortens (if neccessary) $nice_text = substr( $nice_text, 0, $len ); return $nice_text; } //---------------------------------------------------------------------------- // Guestbook entry was sent, save! //---------------------------------------------------------------------------- if ( !empty( $HTTP_GET_VARS[ "action"] ) && $HTTP_GET_VARS[ "action" ] == "post" ) { check_ip(); if ( !empty( $HTTP_POST_VARS[ "email_protection" ] ) ) { $sec_mail = "1"; } else { $sec_mail = "0"; } if ( !empty( $HTTP_POST_VARS[ "message" ] ) ) $msg = $HTTP_POST_VARS[ "message" ]; else exit; if ( !empty( $HTTP_POST_VARS[ "name" ] ) ) $name = clean_html_input( $HTTP_POST_VARS[ "name" ], 30 ); else $name = ""; if ( !empty( $HTTP_POST_VARS[ "age" ] ) ) $age = clean_html_input( $HTTP_POST_VARS[ "age" ], 3 ); else $age = ""; if ( !empty( $HTTP_POST_VARS[ "location" ] ) ) $location = clean_html_input( $HTTP_POST_VARS[ "location" ], 30 ); else $location = ""; if ( !empty( $HTTP_POST_VARS[ "mail" ] ) ) $mail = clean_html_input( $HTTP_POST_VARS[ "mail" ], 100 ); else $mail = ""; if ( !empty( $HTTP_POST_VARS[ "homepage"] ) ) $homepage = clean_html_input( $HTTP_POST_VARS[ "homepage" ], 100 ); else $homepage = ""; if ( !empty( $HTTP_POST_VARS[ "icq"] ) ) $icq = clean_html_input( $HTTP_POST_VARS[ "icq" ], 12 ); else $icq = ""; // Clear HTML-Tags ? if ( $filter_html == true ) { $msg = strip_tags( $msg ); } // Clear line breaks from message!! $msg = ereg_replace("(\r\n|\n|\r)", "
", $msg); // Force line breaks if lines too long! $msg = wrap_words( $msg, 55 ); // Clear again linebreaks! $msg = ereg_replace("(\r\n|\n|\r)", "
", $msg); // Remove HTML "Script" - Tag (also if filter_HTML is disabled) if ( ereg("[<][Ss][Cc][Rr][Ii][Pp][Tt]", $msg) ) { echo $_nice_try; block_ip(); exit(); } // Shortens message if neccessary ! $msg = substr( $msg, 0, $max_message_size ); if ( $filter_badwords == true ) { // Read list with bad words $wordlist = file ( "language/" . $language . ".insults.txt" ); $words = array_values( $wordlist ); $insults = 0; $dummy = strtolower( $msg ); foreach ( $words as $swearword ) { // Contains the message one of the bad words? if ( strstr( $dummy , trim($swearword) ) ) { $insults++; // If pain threshold exceeded block the user's ip if ( $insults >= $insults_tolerance ) { $msg = ""; block_ip(); break; } } } } if ( $msg != "" && $name != "" ) { $new_entry = array(); $new_entry["date"] = $ddate = gmdate( "Y-m-d" ); $new_entry["time"] = $ttime = gmdate( "H:i:s" ); $new_entry["ip"] = $iip = $REMOTE_ADDR; $new_entry["name"] = $name; $new_entry["mail"] = $mail; $new_entry["age"] = $age; $new_entry["location"] = $location; $new_entry["homepage"] = $homepage; $new_entry["icq"] = $icq; $new_entry["message"] = $msg; if ($permission_required) $new_entry["hide_entry"] = "1"; else $new_entry["hide_entry"] = ""; $new_entry["sec_mail"] = $sec_mail; $new_entry["xkey"] = $kkey = md5( $ddate.$ttime.$iip.$msg ); // SAVE NOW! $gb->append( $new_entry ); if ( $administrator_notification == true ) { email_notification( $ddate, $ttime, $iip, $name, $mail, $msg, $kkey ); } if ( $filter_multiposting == true ) { block_ip(); } } echo "

$_het bericht is toegevoegd

"; if ($permission_required) echo "

$_permission_info_message

"; echo ''; exit; } // Show current page of the Guestbook! if ( !empty( $HTTP_GET_VARS[ "page" ] ) ) { $page = $HTTP_GET_VARS[ "page" ]; } else $page = 1; if ($page > 1) $separate_input_form = true; $entries = $gb->entries(); $maxpages = ceil( $entries / $entries_per_page ); if ( $page < $maxpages ) { $nextpage = $page+1; } else { $nextpage = $maxpages; } $lastpage = $page-1; if ($page > 1) $seperate_input_form = true; if ( !empty( $HTTP_GET_VARS["do"] ) ) { $do = $HTTP_GET_VARS["do"]; } else { $do = "default"; } if ( !$separate_input_form ) { require ( "form.inc.php" ); } elseif ($do != "sign_in") { echo '

 

  '.$_sign_in_guestbook.'

 

'; } if ($do != "sign_in") { $pagenavigation = <<