Location: PHPKode > projects > Enigma > Enigma2/Enigma2_Install/modules/Mod_Guestbook.php
<?php
/*
*****************************************************************

 Mod_Guestbook.php
 
*****************************************************************
LSP: Lunabyte Systems Portal
Open-Source Project Inspired by Zef Hemel (hide@address.com)
*****************************************************************
Software Version:                  LSP 2.0 "Enigma 2"
Software by:                         Lunabyte Systems (http://www.lunabyte.net)
Copyright 2002-2005 by:       Lunabyte Systems (http://www.lunabyte.net)
Support, News, Updates at:    http://www.lunabyte.net
*****************************************************************
This program is free software; you may redistribute it and/or modify it 
under the terms of the provided license as published by Lunabyte Systems.

This program is distributed in the hope that it is and will be useful,                  
but WITHOUT ANY WARRANTIES; without even any implied warranty of           
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                        

See the "LSP_license.txt" file for details of the LSP license.
The latest version can always be found at http://www.lunabyte.net.
*****************************************************************
*/

if (!defined('ENIGMA'))
	die('<b>Access Violation</b><br />Direct Access to this location is not allowed.');
else
	GuestbookHub();

function GuestbookHub()
{
	global $context, $scripturl, $txt;

	loadMLanguage('Guestbook');

	$sa = (empty($_REQUEST['sa']) && !empty($_POST['sa'])) ? $_POST['sa'] :
		empty($_REQUEST['sa']) ? 'View' : $_REQUEST['sa'];

	$subActions = array(
		'SignGuestBook',
		'sign2',
		// Admin functions
		'edit',
		'doEdit',
		'delete',
		'Admin',
		'AdminDelete',
	);

	$context['linktree'][] = array(
		'url'	=> $scripturl . '?module=Guestbook',
		'name'	=> $txt['guestbook'],
	);
	$context['linktree'][] = array(
		'url'	=> $scripturl . '?module=Guestbook;sa=SignGuestBook',
		'name'	=> $txt['guestbook_sign'],
	);

	if (allowedTo('manage_guestbook'))
		$context['linktree'][] = array(
			'url'	=> $scripturl . '?module=Guestbook;sa=Admin',
			'name'	=> $txt['guestbook_admin'],
		);

	if (in_array($sa, $subActions))
		$sa();
	elseif (isset($subActions[$sa]))
		$subActions[$sa]();
	else
		Guestbook();
		
	unset($subActions);
}

function Guestbook()
{
	global $context, $db_prefix, $txt, $modSettings, $scripturl;

	$max = $modSettings['max_gb_entries_per_page'];
	$index = (int) empty($_REQUEST['start']) ? '0' : $_REQUEST['start'];

	$request = db_query("
		SELECT *
		FROM {$db_prefix}guestbook
		WHERE response = 0
		ORDER BY id DESC
		LIMIT $index, $max", __FILE__, __LINE__);

	while ($entry = mysql_fetch_assoc($request))
		$context['guestbook'][] = array(
			'id'		=> $entry['id'],
			'guestName'	=> $entry['guestName'],
			'emailaddress'	=> $entry['emailaddress'],
			'signtime'	=> timeformat($entry['signtime']),
			'body'		=> censorText(DoUBBC($entry['body'])),
			'userid'	=> $entry['userid'],
		);

	mysql_free_result($request);
	$context['index_count'] = !empty($context['guestbook']) ? count($context['guestbook']) : '';

	$request = db_query("
		SELECT *
		FROM {$db_prefix}guestbook
		WHERE response > 0
		ORDER BY id ASC", __FILE__, __LINE__);

	while ($entry = mysql_fetch_assoc($request))
		$context['response'][$entry['response']][] = array(
			'to'		=> $entry['response'],
			'id'		=> $entry['id'],
			'guestName'	=> $entry['guestName'],
			'emailaddress'	=> $entry['emailaddress'],
			'signtime'	=> timeformat($entry['signtime']),
			'body'		=> censorText(DoUBBC($entry['body'])),
			'userid'	=> $entry['userid'],
		);

	mysql_free_result($request);

	// count how many there really are, not responses.
	$request = db_query("
		SELECT COUNT(id) AS counted
		FROM {$db_prefix}guestbook
		WHERE response = 0", __FILE__, __LINE__);

	$counted = mysql_fetch_assoc ($request);
	mysql_free_result($request);

	$context['start_count'] = ($counted['counted'])-$index;
	$context['page_index'] = $txt[139] . ': ' . constructPageIndex($scripturl . '?module=Guestbook', $index, $counted['counted'], $max, false);

	$context['linktree'][] = array(
		'name'	=> $context['page_index'],
	);

	$context['page_title'] = $txt['guestbook'];

	loadMTemplate('Guestbook');
	$context['sub_template'] = 'guestbook_main';
}

function SignGuestBook()
{
	global $context, $db_prefix, $txt, $scripturl, $modSettings;

	$context['page_title'] = $txt['guestbook_sign'] . $context['user']['is_guest'];

	$context['is_response'] = ((!empty($_REQUEST['id']) && allowedTo('manage_guestbook'))) ? $_REQUEST['id'] : '';

	if ($context['is_response'] != '')
	{
		$request = db_query("
			SELECT *
			FROM {$db_prefix}guestbook
			WHERE response = '$context[is_response]'
			LIMIT 1", __FILE__, __LINE__);

		$context['response'] = mysql_fetch_assoc($request);
		mysql_free_result($request);
	}

	// check if verification is disabled
	if (empty($modSettings['disablegbverify']) || $modSettings['disablegbverify'] != '1')
	{
		$context['gb_image_verify'] = (int) true;

		// Image verification stuff
		include_once('ModuleCaptcha/image_class.php');
	
		$context['gbsesc'] = md5(round(rand(0,40000)));
	
		$lsp_captcha = new captcha($context['gbsesc'], 'modules/ModuleCaptcha/cache');
		$context['gbimg'] = $lsp_captcha->get_pic(5);
	}
	// verification is disabled
	else
		$context['gb_image_verify'] = (int) false;

	loadMTemplate('Guestbook');
	$context['sub_template'] = 'guest_sign';
}

function sign2()
{
	global $context, $db_prefix, $ID_MEMBER, $modSettings;

	// if verification is not disabled, check post variable set on site.
	if ((empty($modSettings['disablegbverify']) || $modSettings['disablegbverify'] != '1') && !empty($_POST['go']) && $_POST['go'] == 'verify')
	{
		include_once('ModuleCaptcha/image_class.php');

		$lsp_captcha = new captcha($_POST['gbv'] , 'modules/ModuleCaptcha/cache');
		$checkcode = $lsp_captcha->verify( $_POST['password'] );
	}
	// just check the normal session
	elseif (!empty($modSettings['disablegbverify']) && $modSettings['disablegbverify'] == '1')
	{
		checkSession('post', '', true);
		// if session is bad, they'll already have an error.  if it's good, set the checkcode var
		$checkcode = (int) true;
	}
	// This user MUST be a bot! Let's have some fun!
	else
	{
		header('http://www.spamcop.net/');
		exit();
	}

	// if they posted on site, then they'll have the right credentials, and hopefully entered in the right code.
	if ($checkcode)
	{
		$userid	 = ($ID_MEMBER == $_POST['id']) ? (int) $_POST['id'] : '-1';
		$response = ((!empty($_REQUEST['response']) && allowedTo('manage_guestbook'))) ? (int) $_REQUEST['response'] : '';

		$signname	= !empty($_POST['signname']) ? htmlspecialchars($_POST['signname']) : htmlspecialchars($_POST['signname']);
		$emailaddress	= !empty($_POST['emailaddress']) ? htmlspecialchars($_POST['emailaddress']) : '';
		$body		= !empty($_POST['body']) ? htmlspecialchars($_POST['body']) : htmlspecialchars($_POST['body']);
		$thetime	= time();

		if (empty($body))
			fatal_lang_error ('gb_emptymsg');

		// If poster is a Guest then evaluate the legality of name and email
		if ($context['user']['is_guest'])
		{
			$submit = trim($signname);
			if ($submit == '' || $submit == '_' || $submit == ' ')
				fatal_lang_error (75);

			if (strlen($submit) > 25)
				fatal_lang_error (75);

			if (empty($emailaddress))
				fatal_lang_error (76);

			if (!preg_match("/^[0-9A-Za-z@\._\-]+$/", $emailaddress))
				fatal_lang_error (76);
		}

		db_query("
			INSERT INTO {$db_prefix}guestbook
			(guestName, emailaddress, signtime, body, response, userid)
			VALUES ('$signname','$emailaddress','$thetime','$body', '$response', '$userid')", __FILE__, __LINE__);

			redirectexit('module=Guestbook');
	}

	// invalid code entered, redirect back to sign again.
	else
	{
		redirectexit('module=Guestbook;sa=SignGuestBook;code=1');
	}

}

// This function will delete one entry and/or any responces to that entry.
function delete()
{
	global $context, $db_prefix, $ID_MEMBER;

	isallowedTo('manage_guestbook');

	$id = (int) $_REQUEST['id'];

	db_query("
		DELETE FROM {$db_prefix}guestbook
		WHERE id = '$id' OR response = '$id'", __FILE__, __LINE__);

	redirectexit('module=Guestbook');
}

function edit()
{
	global $context, $db_prefix, $txt, $scripturl;

	$context['page_title'] = $txt['guestbook_edit'];

	isallowedTo('manage_guestbook');

	$id = (int) $_REQUEST['id'];

	$request = db_query("
		SELECT id, guestName, emailaddress, body
		FROM {$db_prefix}guestbook
		WHERE id = '$id'
		LIMIT 1", __FILE__, __LINE__);

	$context['message'] = mysql_fetch_assoc($request);
	mysql_free_result($request);

	loadMTemplate('Guestbook');
	$context['sub_template'] = 'guest_edit';
}

function doEdit()
{
	global $db_prefix;

	isallowedTo('manage_guestbook');

	$id = (int) $_POST['id'];

	$signname	= htmlspecialchars($_POST['signname']);
	$emailaddress	= htmlspecialchars($_POST['emailaddress']);
	$body		= htmlspecialchars($_POST['body']);

	$request = db_query("
		UPDATE {$db_prefix}guestbook
		SET guestName='$signname', emailaddress='$emailaddress', body='$body'
		WHERE id='$id'
		LIMIT 1", __FILE__, __LINE__);

	redirectexit('module=Guestbook');
}

function Admin()
{
	global $context, $db_prefix, $txt;

	isallowedTo('manage_guestbook');

	if (!isset($context['page_title']))
		$context['page_title'] = $txt['guestbook_mng'];

	// Load the common admin stuff... select 'Guestbook_Management'.
	adminIndex('Guestbook_Management');

        $request = db_query("
		SELECT *
		FROM {$db_prefix}guestbook
		ORDER BY id DESC", __FILE__, __LINE__);

	while ($entry = mysql_fetch_assoc($request))
		$context['messages'][] = array(
			'id'		=> $entry['id'],
			'guestName'	=> $entry['guestName'],
			'emailaddress'	=> $entry['emailaddress'],
			'signtime'	=> timeformat($entry['signtime']),
			'body'		=> censorText(DoUBBC($entry['body'])),
			'is_response'	=> $entry['response'],
			'userid'	=> $entry['userid'],
		);

	mysql_free_result($request);

	loadMTemplate('Guestbook');
	$context['sub_template'] = 'guest_admin';
}

function AdminDelete()
{
	global $db_prefix, $txt;

	isallowedTo('manage_guestbook');

        if (!empty($_POST['delete_all']))
	{
                db_query("DELETE FROM {$db_prefix}guestbook", __FILE__, __LINE__);
                redirectexit('module=Guestbook');
        }

	if (is_array($_POST['delete']))
	{
		while (list($id) = each($_POST['delete']))
		{
			(int) $id;
			db_query("
				DELETE FROM {$db_prefix}guestbook
				WHERE id = '$id'
				LIMIT 1", __FILE__, __LINE__);
		}
	}
        redirectexit('module=Guestbook;sa=Admin');
}
?>
Return current item: Enigma