<?php
/**************************************************************************
* *
* *
* Solution: eBlog *
* Release: 1.7 *
* File: guestbook.php *
* By: Emuci inc. *
* Website: http://www.emuci.com *
* Copyright: (C) 2010 Emcui inc. *
* *
* *
**************************************************************************
* *
* *
* This script is NOT freeware and is subjected to Emuci terms of use *
* located in the docs folder. *
* *
* *
*************************************************************************/
include_once 'includes/global.php';
$action = $_GET['action'];
$id = $_GET['id'];
$spoint = $_GET['spoint'];
if(empty($spoint))
{
$spoint = 0;
}
if(empty($action))
$action = "main";
$defaultTemplate = $template;
$copyrights = "© " . date("Y") . " " . $lang_admin_globalRights1;
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);
$tree_map = $lang_blog_guestbook;
// 1: Main View
if($action == "main"){
$static_value = array ($lang_blog_readEntries, $lang_blog_addEntry);
$static_name = array ("{lang_blog_readEntries}","{lang_blog_addEntry}");
$tabs = $new_template->load_template ("templates/$defaultTemplate/tabsGroup3.html");
$tabs = $new_template->replace_static($static_name, $static_value, $tabs);
$wh2 = $wh - 70;
if($wh2 < 350)
$wh2 = $wh;
$static_value = array ($tabs, $blog_dir, $wh2, $blog_windows_encoding);
$static_name = array ("{tabs}", "{blog_dir}", "{wh}", "{blog_windows_encoding}");
$file = $new_template->load_template ("templates/$defaultTemplate/guestbook.html");
$template = $new_template->replace_static($static_name, $static_value, $file);
echo $template;
}
// 2: Show Form
else if($action == "showForm"){
$random = rand(18989, 99999);
$countries_list = "<select name=\"location\">";
$query = "SELECT id, name FROM eblog_countries";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$ThisRowID = $row['id'];
$ThisRowName = $row['name'];
if($ThisRowID == $location)
{
$countries_list = $countries_list . "<option value=\"$ThisRowID\" SELECTED>$ThisRowName</option>";
}
else
{
$countries_list = $countries_list . "<option value=\"$ThisRowID\">$ThisRowName</option>";
}
}
$countries_list = $countries_list . "</select>";
$static_value = array ($blog_dir, $lang_blog_form_name, $lang_blog_form_country, $countries_list,$lang_blog_form_email,$lang_blog_form_title,$lang_blog_form_comment,$lang_blog_form_cc,$random,$lang_blog_submit, $blog_windows_encoding, $lang_erorr_code149, $lang_erorr_code150, $lang_erorr_code151, $lang_erorr_code154, $lang_erorr_code155, $lang_erorr_code156);
$static_name = array ("{blog_dir}","{lang_blog_form_name}", "{lang_blog_form_country}","{countries_list}","{lang_blog_form_email}", "{lang_blog_form_title}", "{lang_blog_form_comment}" , "{lang_blog_form_cc}","{random}","{lang_blog_submit}", "{blog_windows_encoding}", "{lang_erorr_code149}", "{lang_erorr_code150}", "{lang_erorr_code151}", "{lang_erorr_code154}", "{lang_erorr_code155}","{lang_erorr_code156}");
$file = $new_template->load_template ("templates/$defaultTemplate/addEntry.html");
$template = $new_template->replace_static($static_name, $static_value, $file);
echo $template;
}
// 3: Process
else if($action == "process"){
$erorr = 0;
$name = htmlspecialchars($_POST['name']);
$comment = htmlspecialchars($_POST['comment']);
$code = $_POST['code'];
$code2 = $_POST['code2'];
$location = $_POST['location'];
$title = htmlspecialchars($_POST['title']);
if(empty($name)){
$erorr++;
}
if(empty($title)){
$erorr++;
}
if(empty($comment)){
$erorr++;
}
if($code != $code2){
$erorr++;
}
if($erorr < 1)
{
$newID = 0;
$query = "SELECT id FROM eblog_gb ORDER BY id ASC";
$result = mysql_query($query);
$rowDate = date("d-m-Y");
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$newID = $row['id'];
}
$newID++;
$statusID = $autoValidate;
$replacment = $replaceWords;
if($statusID == 0)
{$messageToShow = $lang_blog_commentUnderReview;}
if($statusID == 1)
{$messageToShow = $lang_blog_commentAdded;}
$LOFW = explode(",", $badWords);
$ArrayLength = count($LOFW);
$driver = 0;
while($driver < $ArrayLength)
{
$thisFW = $LOFW[$driver];
$comment = str_replace($thisFW, $replacment, $comment);
$driver++;
}
$driver = 0;
while($driver < $ArrayLength)
{
$thisFW = $LOFW[$driver];
$name = str_replace($thisFW, $replacment, $name);
$driver++;
}
$driver = 0;
while($driver < $ArrayLength)
{
$thisFW = $LOFW[$driver];
$title = str_replace($thisFW, $replacment, $title);
$driver++;
}
mysql_query("INSERT INTO eblog_gb VALUES ('$newID', '$title', '$name', '$rowDate', '$location','$comment','$statusID')");
if($enable2 == 1)
{
$result2 = mysql_query("SELECT gb FROM eblog_alerts WHERE id = '1'");
$row2 = mysql_fetch_row($result2);
$currentAlerts = $row2[0];
$currentAlerts = $currentAlerts + 1;
$sql="UPDATE eblog_alerts SET gb='$currentAlerts' WHERE id = '1'";
$result=mysql_query($sql);
$query = "SELECT id FROM eblog_new ORDER BY id ASC";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$thisNewID = $row['id'];
}
$thisNewID++;
mysql_query("INSERT INTO eblog_new VALUES ('$thisNewID', '$newID', '2')");
}
echo "
<script type='text/javascript'>
alert('$messageToShow');
window.location='guestbook.php?action=showForm';
</script>
";
}
}
// 4: List all entries
else if($action == "list"){
$query = "SELECT * FROM eblog_gb ORDER BY id DESC";
$result = mysql_query($query);
$totalResults = 0;
$counter = 0;
$entries_list = "";
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
if($row['statusID'] == 1)
$totalResults++;
if(($counter < $GPP)&&($totalResults > $spoint)){
if($row['statusID'] == 1){
$counter++;
$rowID = $row['id'];
$rowTitle = $row['title'];
$rowAuthor = $row['author'];
$rowDate = $row['date'];
$chunks = explode("-",$rowDate);
$toGet = $chunks[1];$rowDate = $chunks[0] . " " . $MonthsArray[$toGet] . " " . $chunks[2];
$rowLocation = $row['location'];
$rowComment = $row['comment'];
$result3 = mysql_query("SELECT name FROM eblog_countries WHERE id = '$rowLocation'");
$row3 = mysql_fetch_row($result3);
$rowCountry = $row3[0];
$static_value = array ($rowDate, $lang_blog_date, $lang_blog_byAuthor, $rowAuthor, $lang_blog_from, $rowCountry, $rowComment);
$static_name = array ("{rowDate}","{lang_blog_date}", "{lang_blog_byAuthor}", "{rowAuthor}", "{lang_blog_from}", "{rowCountry}", "{rowComment}");
$file = $new_template->load_template ("templates/$defaultTemplate/entry.html");
$entries_list = $entries_list . $new_template->replace_static($static_name, $static_value, $file);
}
}
}
if($counter < 1)
{
$entries_list = $entries_list . $lang_blog_noEntries;
}
$nav = "";
if($counter < $totalResults)
{
$prevPoint = $spoint-$GPP;
$nextPoint = $spoint+$GPP;
$nextToShow = $nextPoint;
if($prevPoint < 1){
$prevPoint = 0;
}
if($nextPoint >= $totalResults)
{
$nextPoint = $spoint;
$nextToShow = $totalResults;
}
$prevToShow = $spoint+1;
$showingInfo = "$lang_blog_showing " . $prevToShow . " $lang_blog_to " . $nextToShow . " $lang_blog_outOf " . $totalResults;
$prevLink = "guestbook.php?action=list&spoint=$prevPoint\" target=\"list\"";
$nextLink = "guestbook.php?action=list&spoint=$nextPoint\" target=\"list\"";
$static_value = array ($prevLink, $nextLink, $lang_blog_prev, $lang_blog_next, $showingInfo, $blog_dir);
$static_name = array ("{prevLink}","{nextLink}", "{lang_blog_prev}", "{lang_blog_next}", "{showingInfo}", "{blog_dir}");
$nav = $new_template->load_template ("templates/$defaultTemplate/navigation.html");
$nav = $new_template->replace_static($static_name, $static_value, $nav);
}
$static_value = array ($blog_dir, $blog_windows_encoding);
$static_name = array ("{blog_dir}", "{blog_windows_encoding}");
$m = $new_template->load_template ("templates/$defaultTemplate/includes.html");
$m = $new_template->replace_static($static_name, $static_value, $m);
$entries_list = $m . $entries_list;
echo $entries_list . $nav;
}
// 5: Else, show error message
else
{
echo "
<script type='text/javascript'>
alert('$lang_erorr_PgaeNotFound');
parent.location='index.php';
</script>
";
}
mysql_close($conn);
?>