<?php
if (@$magic != "0xDEADBEEF")
die("This file cannot be executed directly");
if (($_SESSION['nameField'] == "") || ($_SESSION['messageField'] == "") || ($_SESSION['hiddenField'] == "") || ($_SESSION['captchaField'] == "") || ($_SESSION['emailField'] == "")) {
session_regenerate_id();
$_SESSION['nameField'] = md5(uniqid(rand(), true));
$_SESSION['messageField'] = md5(uniqid(rand(), true));
$_SESSION['hiddenField'] = md5(uniqid(rand(), true));
$_SESSION['captchaField'] = md5(uniqid(rand(), true));
$_SESSION['emailField'] = md5(uniqid(rand(), true));
}
$boxContent = new XTemplate('./themes/' . $config['guestbookTheme'] . '/content/sign.tpl');
$signOk = false;
$scriptInclude = "<script type=\"text/javascript\">
function showFlag(flag){
document.getElementById(\"flagsPic\").src = 'images/countries/'+flag.value+'.png';
}
function showStar(star){
document.getElementById(\"starsPic\").src = 'images/stars/'+star.value+'.gif';
}
</script>
<script type=\"text/javascript\" src=\"javascript/popup.js\"></script>
";
$boxContent->assign("SCRIPTS", $scriptInclude);
// Check if already send
$submitId = secureVar($_POST['submit'], 'html');
$boxContent->assign("FORM_NAME", 'signForm');
$boxContent->assign("URL_SIGN", 'index.php?a=sign');
$boxContent->assign("LANG_NAME", $lang['name']);
$boxContent->assign("NAME_FIELD", $_SESSION['nameField']);
$boxContent->assign("LANG_MESSAGE", $lang['message']);
$boxContent->assign("MESSAGE_FIELD", $_SESSION['messageField']);
$boxContent->assign("LANG_COUNTRY", $lang['country']);
$boxContent->assign("COUNTRY_FIELD", 'country');
$boxContent->assign("LANG_LOCATION", $lang['location']);
$boxContent->assign("LOCATION_FIELD", 'location');
$boxContent->assign("LANG_EMAIL", $lang['email']);
$boxContent->assign("EMAIL_FIELD", $_SESSION['emailField']);
$boxContent->assign("LANG_RATING", $lang['rating']);
$boxContent->assign("RATING_FIELD", 'rating');
$boxContent->assign("LANG_SEND", $lang['send']);
$boxContent->assign("MAX_CHAR_FIELD", $config['maxCharField']);
$boxContent->assign("FLAG_ICON", 'flagsPic');
$boxContent->assign("STAR_ICON", 'starsPic');
$boxContent->assign("FLAG_IMG", 'images/countries/00.png');
$boxContent->assign("STAR_IMG", 'images/countries/00.png');
$boxContent->assign("HIDDEN_FIELD", $_SESSION['hiddenField']);
if ($config['reCaptcha'])
$captcha = recaptcha_get_html($config['reCaptchapubk']);
else {
$captcha = "<img src=\"includes/captcha.php\" alt=\"captcha code\" id=\"captchaCode\" onclick=\"this.src = this.src + '?' + (new Date()).getTime();\" style=\"cursor: pointer;\" />";
$captcha .= " <img src=\"images/posts/reload.gif\" alt=\"Reload captcha code\" onclick=\"document.getElementById('captchaCode').src = document.getElementById('captchaCode').src + '?' + (new Date()).getTime();\" style=\"cursor: pointer;\" />";
}
if ((! empty($submitId)) && isset($submitId)) {
$signCheck['name'] = secureVar(trim($_POST[$_SESSION['nameField']]), 'html');
$signCheck['country'] = secureVar(trim($_POST['country']), 'html');
$signCheck['location'] = secureVar(trim($_POST['location']), 'html');
$signCheck['email'] = secureVar(trim($_POST[$_SESSION['emailField']]), 'html');
$signCheck['rating'] = secureVar(trim($_POST['rating']), 'html');
$signCheck['message'] = secureVar(trim($_POST[$_SESSION['messageField']]), 'html');
$signCheck['captcha'] = secureVar(trim($_POST[$_SESSION['captchaField']]), 'html');
$signCheck['hiddenField'] = secureVar(trim($_POST[$_SESSION['hiddenField']]), 'html');
if ($signCheck['hiddenField'] != '') {
$error = new Error("Humans only ! Go away WALL·E");
die($error->showError());
}
$errorField = "";
if (($signCheck['name'] == '') || empty($signCheck['name']))
$errorField .= $lang['name'] . ' ' . $lang['isEmpty'] . '<br />';
if (($signCheck['message'] == '') || empty($signCheck['message']))
$errorField .= $lang['message'] . ' ' . $lang['isEmpty'] . '<br />';
if ($config['checkEmail']) {
if ((($signCheck['email'] == '') || empty($signCheck['email'])) && $config['checkEmail'])
$errorField .= $lang['email'] . ' ' . $lang['isEmpty'] . '<br />';
else {
include_once 'classes/email/email.class.php';
$email = new Email($signCheck['email']);
if (!$email->checkMail())
$errorField .= $signCheck['email'] . $lang['emailInvalid'] . '<br />';
}
}
if ($config['checkCaptcha']) {
if ($config['reCaptcha']) {
$resp = recaptcha_check_answer ($config['reCaptchaprvk'],
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid)
$errorField .= $lang['captchaError'] . '<br />';
}
else {
if (($signCheck['captcha'] == '') || empty($signCheck['captcha']))
$errorField .= $lang['captcha'] . ' ' . $lang['isEmpty'] . '<br />';
elseif (hash('sha1', $signCheck['captcha']) != $_SESSION['captcha_value'])
$errorField .= $lang['captchaError'] . '<br />';
}
}
if (strlen($signCheck['name']) > $config['maxCharField'])
$errorField .= $lang['name'] . ' ' . $lang['isBig'] . ' (' . strlen($signCheck['name']) . '/' . $config['maxCharField'] . ')<br />';
if (strlen($signCheck['location']) > $config['maxCharField'])
$errorField .= $lang['location'] . ' ' . $lang['isBig'] . ' (' . strlen($signCheck['location']) . '/' . $config['maxCharField'] . ')<br />';
if (strlen($signCheck['email']) > $config['maxCharField'])
$errorField .= $lang['email'] . ' ' . $lang['isBig'] . ' (' . strlen($signCheck['email']) . '/' . $config['maxCharField'] . ')<br />';
if (strlen($signCheck['message']) > $config['maxCharMsg'])
$errorField .= $lang['message'] . ' ' . $lang['isBig'] . ' (' . strlen($signCheck['message']) . '/' . $config['maxCharMsg'] . ')<br />';
$con->connect();
$con->getRows("Select ip from " . $dbTables['ip'] . ";");
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
if (preg_match("/^" . $res['ip'] . "/", $_SERVER['REMOTE_ADDR'])) {
$errorField .= secureVar($_SERVER['REMOTE_ADDR'], 'html') . ' ' . $lang['bannedIP'] . '<br />';
break;
}
}
}
$con->getRows("Select ip, date from " . $dbTables['posts'] . " where ip='" . secureVar($_SERVER['REMOTE_ADDR'], 'sql') . "';");
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
if (time() <= ($res['date'] + $config['floodTime'])) {
$errorField .= secureVar($_SERVER['REMOTE_ADDR'], 'html') . ' ' . $lang['floodTime'] . '<br />';
break;
}
}
}
$signCheck['publish'] = !$config['moderateMsg'];
if ($config['autoCensor']) {
include_once 'classes/manage/message.class.php';
if (Message::isCensored($signCheck['message']))
$signCheck['publish'] = 0;
}
$boxContent->assign("ERROR_MSG", $errorField);
$boxContent->parse('sign.signCheck');
$signCheck['date'] = time();
$signCheck['ip'] = getIP();
$signCheck['useragent'] = $_SERVER['HTTP_USER_AGENT'];
include_once 'classes/manage/countries.class.php';
$countriesName = new Countries();
$ratingArray = array("0" => "0", "1" => "1", "2" => "2", "3" => "3", "4" => "4", "5" => "5");
$resCountries = $countriesName->getCountry($signCheck['country']);
if (empty($resCountries) || ($resCountries == ''))
$signCheck['country'] = '00';
if (! in_array($signCheck['rating'], $ratingArray))
$signCheck['rating'] = '-1';
if ($errorField == "") {
$queryMsg = "INSERT INTO " . $dbTables['posts'] . " (
`id` ,
`name` ,
`country` ,
`date` ,
`location` ,
`email` ,
`message` ,
`useragent` ,
`rating` ,
`publish` ,
`ip` )
VALUES (
NULL ,
'" . secureVar($signCheck['name'], 'sql') . "',
'" . secureVar($signCheck['country'], 'sql') . "',
'" . secureVar($signCheck['date'], 'sql') . "',
'" . secureVar($signCheck['location'], 'sql') . "',
'" . secureVar(base64_encode($signCheck['email']), 'sql') . "',
'" . secureVar($signCheck['message'], 'sql') . "',
'" . secureVar($signCheck['useragent'], 'sql') . "',
'" . secureVar($signCheck['rating'], 'sql') . "',
'" . secureVar($signCheck['publish'], 'sql') . "',
'" . secureVar($signCheck['ip'], 'sql') . "' )";
if ($con->modify($queryMsg)) {
// Send email if enabled
if ($config['receiveEmailNotification']) {
include_once 'classes/email/email.class.php';
$senderEmail = base64_decode($config['email']);
$sendEmail = new Email($senderEmail);
$sendEmail->sendEmail($senderEmail, $senderEmail, $lang['newMsgEmailSubject'], $lang['newMsgEmail'], "text");
}
$signOk = true;
$boxContent->assign("LANG_OK_MSG", $lang['okSign']);
$boxContent->assign("URL_REDIRECT", 'index.php');
$boxContent->assign("LANG_REDIRECT", $lang['redirect']);
$boxContent->parse('sign.signOK');
$_SESSION = array();
unset($_SESSION);
session_destroy();
}
else {
$con->printError();
$boxContent->assign("ERROR_MSG", $lang['errorSigndb']);
$boxContent->parse('sign.signErr');
}
}
if ($config['reCaptcha'])
$captcha = recaptcha_get_html($config['reCaptchapubk']);
else {
$captcha = "<img src=\"includes/captcha.php\" alt=\"Captcha code\" id=\"captchaCode\" onclick=\"this.src = this.src + '?' + (new Date()).getTime();\" style=\"cursor: pointer;\" />";
$captcha .= " <img src=\"images/posts/reload.gif\" alt=\"Reload captcha code\" onclick=\"document.getElementById('captchaCode').src = document.getElementById('captchaCode').src + '?' + (new Date()).getTime();\" style=\"cursor: pointer;\" />";
}
$boxContent->assign("NAME_VALUE", stripslashes($signCheck['name']));
$boxContent->assign("COUNTRY_VALUE", $signCheck['country']);
$boxContent->assign("LOCATION_VALUE", stripslashes($signCheck['location']));
$boxContent->assign("EMAIL_VALUE", stripslashes($signCheck['email']));
$boxContent->assign("RATING_VALUE", $signCheck['rating']);
$boxContent->assign("MESSAGE_VALUE", stripslashes($signCheck['message']));
}
include_once 'classes/manage/countries.class.php';
$countryName = new Countries();
$selected = '';
foreach ($countryName->getCountriesArray() as $id_cc => $country_name)
{
if (isset($signCheck['country']) && !empty($signCheck['country'])) {
if ($signCheck['country'] == $id_cc)
$selected = "selected";
else
$selected = '';
}
if (strlen($country_name) > 23) {
$country_name = substr($country_name, 0, 23);
}
$boxContent->assign('ID_COUNTRY', $id_cc);
$boxContent->assign('COUNTRY_NAME', $country_name);
$boxContent->assign('SELECTED', $selected);
$boxContent->parse('sign.signForm.countries');
}
$ratingArray = array("0" => "0", "1" => "1", "2" => "2", "3" => "3", "4" => "4", "5" => "5");
$selected = '';
foreach ($ratingArray as $id_rate => $rate_value)
{
if (isset($signCheck['rating']) && !empty($signCheck['rating'])) {
if ($signCheck['rating'] == $id_rate)
$selected = "selected";
else
$selected = '';
}
$boxContent->assign('ID_RATE', $id_rate);
$boxContent->assign('RATE_NAME', $rate_value);
$boxContent->assign('SELECTED', $selected);
$boxContent->parse('sign.signForm.rating');
}
if ($config['checkCaptcha'] && !$config['reCaptcha']) {
$boxContent->assign("CAPTCHA_FIELD", $_SESSION['captchaField']);
$boxContent->assign("LANG_CAPTCHA", $lang['captcha']);
$boxContent->assign("CAPTCHA", $captcha);
$boxContent->parse('sign.signForm.captcha');
}
if ($config['checkCaptcha'] && $config['reCaptcha']) {
$boxContent->assign("CAPTCHA", $captcha);
$boxContent->parse('sign.signForm.recaptcha');
}
$publishPage = true;
$con->connect();
$con->getRows("Select ip from " . $dbTables['ip'] . ";");
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
if (preg_match("/^" . $res['ip'] . "/", $_SERVER['REMOTE_ADDR'])) {
$errorFieldBanIP = secureVar($_SERVER['REMOTE_ADDR'], 'html') . ' ' . $lang['bannedIP'] . '<br />';
$publishPage = false;
break;
}
}
}
if (!$publishPage) {
$boxContent->assign("IP_BANNED", $errorFieldBanIP);
$boxContent->parse('sign.bannedIP');
}
else {
if (!$signOk)
$boxContent->parse('sign.signForm');
}
$boxContent->parse('sign');
$boxContent = $boxContent->text('sign');
?>