Location: PHPKode > projects > chillyCMS > chillyCMS/modules/guestbook/guestbook.php
<?php
defined('DOIT') or die('Restricted access');

$specialsettings = explode(',', $modsettings);

//gather data
if ($mysession->user->user) {
	$presetname = $mysession->user->user;
	$presetuid = $mysession->user->uid;
	$presetemail = $mysession->user->email;
} else {
	$presetname = false;
	$presetuid = false;
	$presetemail = false;
}
//Guests allowed?
if ($specialsettings[6]==1) {
	$namecompulsory = false;
} else {
	$namecompulsory = true;
}
//Email compulsory?
if($specialsettings[2]==1) {
	if($specialsettings[3]==1) {
		$emailcompulsory = true;
		
	} else {
		$emailcompulsory = false;
	}
}

$f = new Form(URL.'/index.php?id='.$this->id,'post',false,$mod_gb["msg_msgsent_ok"],$mod_gb['msg_msginsert_err'],$mod_gb['lbl_required'],true);
if ($specialsettings[6]!=1) {
	//show username from session
	$f->addTextrow('usernamedisplay',$mod_gb['lbl_name'],$presetname,2);
	$f->addInput('hidden','gbname',false,$presetname);
}else {
	$f->addInput('text','gbname',$mod_gb['lbl_name'],$presetname,$namecompulsory,false,false,false,false,false,false,'gb_input',false,array($mod_gb['msg_wrongu_err'],'below'));
}
$f->addInput('hidden','gbuid',false,$presetuid);
$f->addInput('text','entryemail',$mod_gb['lbl_email'],$presetemail,$namecompulsory,false,false,false,false,false,false,'gb_input',false,array($mod_gb['msg_invalidmail_err'],'below'));
$f->addInput('textarea','gbmessage',$mod_gb['lbl_msg'],false,true,false,false,false,false,5,false,'gb_input',false,array($mod_gb['msg_emptymsg_err'],'below'));
if ($specialsettings[5]!=0) {
	$f->addCaptcha('recaptcha',false,false,false,false,$mod_gb['msg_captcha_err']);
}
$f->addButton('submit','submit',false,$mod_gb['lbl_sendmsg'],false,false,'gb_button');
$f->addButton('reset','reset',false,$l_gen['lbl_reset'],false,false,'gb_button');

// Handling
$f->getErrors();
$msg = $f->getMsg();
$myvalues = $f->getCleanValues('html');
$mydbvalues = $f->getCleanValues('db');
$message = strip_tags($mydbvalues["gbmessage"]);
$email = email_chars($mydbvalues['entryemail']);

//Set Anonymous User
if ($mydbvalues['gbname']=="") { $mydbvalues['gbname'] = $mod_gb["lbl_anonymus"]; }

//if there were no errors proceed
if ($f->sent && is_array($f->errors) && sizeof($f->errors)<1) { $doit = true; } else { $doit = false; }

if ($doit) {
	//check values:
	//--does the user really exist (if no guests are allowed)??
	if ($specialsettings[6]!=1) {
		$sql = "select `uid` from system_users where `user`='".$mydbvalues['gbname']."' and `uid`='".$mydbvalues['gbuid']."'";
		$this->query($sql);
		$result = $this->db->getdata();
		if ($result===true or (is_array($result) && isset($result['uid']) && isset($mysession->user->uid) && $result["uid"] != $mysession->user->uid)) {
			$f->setError('gbname');
			$msg = array($mod_gb['msg_wrongu_err'],'bad');
			$doit = false;
		}
	}
	//--look for double entries: same name, same guestbook, same message, time difference less than 5 minutes
	$sql = "select `id` from mod_guestbook where `name`='".$mydbvalues['gbname']."' and `message`='".$message."' and `mainmodid`=".$this->id." and minute(timediff(now(),`msg_date`))<5 limit 1";
	$this->query($sql);
	$doubleentries=$this->db->getdata();
	if (isset($doubleentries['id']) && intval($doubleentries['id']>0)) {
		$f->setError('gbmessage');
		$msg = array($mod_gb['msg_double_err'],'bad');
		$doit = false;
	}
}

if ($doit) {
	//make insert query
	$sql="insert into mod_guestbook (`mainmodid`, `name`, `msg_date`, `message`, `email`, `active`) values ".
	"(".$this->id.",'".$mydbvalues['gbname']."',now(),'$message','$email',".$specialsettings[0].")";
	if($this->query($sql)) {
		$message = $email = "";
		//try to send the message
		if ($specialsettings[1]!="") {
			$to = $specialsettings[1];
			$subject =$mod_gb["msg_newgbentry"];
			$mailtext ='<h3>'.$mod_gb["msg_newgbentry"].'</h3><br />'.
			'<b>'.$mydbvalues['gbname'].' ('.date('Y/m/d, H:i').'):</b><br />'.str_replace("\n","<br />",escape_html(strip_tags($_POST['gbmessage'])));
			
			if ($specialsettings[0]!=1) {
				$mailtext .= '<br /><br /><h4>'.$mod_gb['msg_unlock'].'</h4><br />'.
				'<a href="'.URL.'/admin" target="_blank">'.$mod_gb['lbl_validate'].'</a>';
			}
			
			$header = "MIME-Version: 1.0'\r\n";
			$header.= "Content-type: text/html; charset=utf-8\r\n";
			$header.= "From: ".$settings['sitename']." <".$settings['siteemail'].">\r\n";
			if (mail($to, $subject, $mailtext, $header)) {
				if ($specialsettings[0]!=1) {
					$msg = $mod_gb["msg_senttoadmin"];
				}
			}
		}
	}
}
//render form
$contactform = '<div class="gb_submitform">'.$f->render('fieldset').'</div>';

//real guestbook///////////////////////////////////////////////////////////////////////////////////
echo "<div class='guestbook'>".
"<h3>$this->name</h3>".
"<p class='gb_msgoutput'>".msg($msg).'</p>';

if($mysession->valid or $specialsettings[6]==1) {
	echo $contactform;
} else {
	echo $mod_gb["msg_login"];
}

if($specialsettings[4]==1) {
	$orderby = "order by id desc";
} else {
	$orderby = "order by id asc";
}

$sql = "select * from mod_guestbook where `active`=1 and `mainmodid`='".$this->id."' ".$orderby;
$this->query($sql);
$result = $this->db->getdata_array($sql);

//all entries
if (!empty($result)) {
	echo "<div class='gb_entries'>";
	foreach ($result as $row) {
		$date		= date("d.m.Y", strtotime($row["msg_date"]));
		$time		= date("H:i:s", strtotime($row["msg_date"]));
		$replydate	= date("d.m.Y", strtotime($row["reply_date"]));
		$replytime	= date("H:i:s", strtotime($row["reply_date"]));
		$message	= str_replace("\n","<br />",$row["message"]);
		
		echo "<div class='gb_entry'>".
		"<div class='gb_bubble'>".
		"<p class='gb_message'>$message</p>".
		"<div class='gb_arrowborder'></div><div class='gb_arrow'></div>".
		"</div>".
		"<p class='gb_from'>".
		"<span class='gb_name'>".$row['name']."</span>, ".$mod_gb['lbl_wrotethe']." ".
		"<span class='gb_date'>$date</span> ".$mod_gb['lbl_wroteat']." ".
		"<span class='gb_time'>$time</span>".
		"</p>".
		"</div>";
		if (isset($row["reply"]) && $row["reply"]!= "") {
			$reply=str_replace("\n","<br />",$row["reply"]);
			echo "<div class='gb_reply'>".
			"<p class='gb_replyfrom'>".$mod_gb['lbl_answerby']." ".
			"<span class='gb_name'>$this->author</span>, ".$mod_gb['lbl_wrotethe']." ".
			"<span class='gb_date'>$replydate</span> ".$mod_gb['lbl_wroteat']." ".
			"<span class='gb_time'>$replytime</span>".
			"</p>".
			"<div class='gb_replybubble'>".
			"<div class='gb_replyarrowborder'></div><div class='gb_replyarrow'></div>".
			"<p class='gb_message'>$reply</p>".
			"</div>".
			"</div>";
		}
	}
	echo "</div>";
}
echo '</div>';
?>
Return current item: chillyCMS