<?php
/*
*****************************************************************
Mod_Guestbook.php
*****************************************************************
LSP: Lunabyte Systems Portal
Open-Source Project Inspired by Zef Hemel (hide@address.com)
*****************************************************************
Software Version: LSP 2.0 "Enigma 2"
Software by: Lunabyte Systems (http://www.lunabyte.net)
Copyright 2002-2005 by: Lunabyte Systems (http://www.lunabyte.net)
Support, News, Updates at: http://www.lunabyte.net
*****************************************************************
This program is free software; you may redistribute it and/or modify it
under the terms of the provided license as published by Lunabyte Systems.
This program is distributed in the hope that it is and will be useful,
but WITHOUT ANY WARRANTIES; without even any implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the "LSP_license.txt" file for details of the LSP license.
The latest version can always be found at http://www.lunabyte.net.
*****************************************************************
*/
if (!defined('ENIGMA'))
die('<b>Access Violation</b><br />Direct Access to this location is not allowed.');
else
GuestbookHub();
function GuestbookHub()
{
global $context, $scripturl, $txt;
loadMLanguage('Guestbook');
$sa = (empty($_REQUEST['sa']) && !empty($_POST['sa'])) ? $_POST['sa'] :
empty($_REQUEST['sa']) ? 'View' : $_REQUEST['sa'];
$subActions = array(
'SignGuestBook',
'sign2',
// Admin functions
'edit',
'doEdit',
'delete',
'Admin',
'AdminDelete',
);
$context['linktree'][] = array(
'url' => $scripturl . '?module=Guestbook',
'name' => $txt['guestbook'],
);
$context['linktree'][] = array(
'url' => $scripturl . '?module=Guestbook;sa=SignGuestBook',
'name' => $txt['guestbook_sign'],
);
if (allowedTo('manage_guestbook'))
$context['linktree'][] = array(
'url' => $scripturl . '?module=Guestbook;sa=Admin',
'name' => $txt['guestbook_admin'],
);
if (in_array($sa, $subActions))
$sa();
elseif (isset($subActions[$sa]))
$subActions[$sa]();
else
Guestbook();
unset($subActions);
}
function Guestbook()
{
global $context, $db_prefix, $txt, $modSettings, $scripturl;
$max = $modSettings['max_gb_entries_per_page'];
$index = (int) empty($_REQUEST['start']) ? '0' : $_REQUEST['start'];
$request = db_query("
SELECT *
FROM {$db_prefix}guestbook
WHERE response = 0
ORDER BY id DESC
LIMIT $index, $max", __FILE__, __LINE__);
while ($entry = mysql_fetch_assoc($request))
$context['guestbook'][] = array(
'id' => $entry['id'],
'guestName' => $entry['guestName'],
'emailaddress' => $entry['emailaddress'],
'signtime' => timeformat($entry['signtime']),
'body' => censorText(DoUBBC($entry['body'])),
'userid' => $entry['userid'],
);
mysql_free_result($request);
$context['index_count'] = !empty($context['guestbook']) ? count($context['guestbook']) : '';
$request = db_query("
SELECT *
FROM {$db_prefix}guestbook
WHERE response > 0
ORDER BY id ASC", __FILE__, __LINE__);
while ($entry = mysql_fetch_assoc($request))
$context['response'][$entry['response']][] = array(
'to' => $entry['response'],
'id' => $entry['id'],
'guestName' => $entry['guestName'],
'emailaddress' => $entry['emailaddress'],
'signtime' => timeformat($entry['signtime']),
'body' => censorText(DoUBBC($entry['body'])),
'userid' => $entry['userid'],
);
mysql_free_result($request);
// count how many there really are, not responses.
$request = db_query("
SELECT COUNT(id) AS counted
FROM {$db_prefix}guestbook
WHERE response = 0", __FILE__, __LINE__);
$counted = mysql_fetch_assoc ($request);
mysql_free_result($request);
$context['start_count'] = ($counted['counted'])-$index;
$context['page_index'] = $txt[139] . ': ' . constructPageIndex($scripturl . '?module=Guestbook', $index, $counted['counted'], $max, false);
$context['linktree'][] = array(
'name' => $context['page_index'],
);
$context['page_title'] = $txt['guestbook'];
loadMTemplate('Guestbook');
$context['sub_template'] = 'guestbook_main';
}
function SignGuestBook()
{
global $context, $db_prefix, $txt, $scripturl, $modSettings;
$context['page_title'] = $txt['guestbook_sign'] . $context['user']['is_guest'];
$context['is_response'] = ((!empty($_REQUEST['id']) && allowedTo('manage_guestbook'))) ? $_REQUEST['id'] : '';
if ($context['is_response'] != '')
{
$request = db_query("
SELECT *
FROM {$db_prefix}guestbook
WHERE response = '$context[is_response]'
LIMIT 1", __FILE__, __LINE__);
$context['response'] = mysql_fetch_assoc($request);
mysql_free_result($request);
}
// check if verification is disabled
if (empty($modSettings['disablegbverify']) || $modSettings['disablegbverify'] != '1')
{
$context['gb_image_verify'] = (int) true;
// Image verification stuff
include_once('ModuleCaptcha/image_class.php');
$context['gbsesc'] = md5(round(rand(0,40000)));
$lsp_captcha = new captcha($context['gbsesc'], 'modules/ModuleCaptcha/cache');
$context['gbimg'] = $lsp_captcha->get_pic(5);
}
// verification is disabled
else
$context['gb_image_verify'] = (int) false;
loadMTemplate('Guestbook');
$context['sub_template'] = 'guest_sign';
}
function sign2()
{
global $context, $db_prefix, $ID_MEMBER, $modSettings;
// if verification is not disabled, check post variable set on site.
if ((empty($modSettings['disablegbverify']) || $modSettings['disablegbverify'] != '1') && !empty($_POST['go']) && $_POST['go'] == 'verify')
{
include_once('ModuleCaptcha/image_class.php');
$lsp_captcha = new captcha($_POST['gbv'] , 'modules/ModuleCaptcha/cache');
$checkcode = $lsp_captcha->verify( $_POST['password'] );
}
// just check the normal session
elseif (!empty($modSettings['disablegbverify']) && $modSettings['disablegbverify'] == '1')
{
checkSession('post', '', true);
// if session is bad, they'll already have an error. if it's good, set the checkcode var
$checkcode = (int) true;
}
// This user MUST be a bot! Let's have some fun!
else
{
header('http://www.spamcop.net/');
exit();
}
// if they posted on site, then they'll have the right credentials, and hopefully entered in the right code.
if ($checkcode)
{
$userid = ($ID_MEMBER == $_POST['id']) ? (int) $_POST['id'] : '-1';
$response = ((!empty($_REQUEST['response']) && allowedTo('manage_guestbook'))) ? (int) $_REQUEST['response'] : '';
$signname = !empty($_POST['signname']) ? htmlspecialchars($_POST['signname']) : htmlspecialchars($_POST['signname']);
$emailaddress = !empty($_POST['emailaddress']) ? htmlspecialchars($_POST['emailaddress']) : '';
$body = !empty($_POST['body']) ? htmlspecialchars($_POST['body']) : htmlspecialchars($_POST['body']);
$thetime = time();
if (empty($body))
fatal_lang_error ('gb_emptymsg');
// If poster is a Guest then evaluate the legality of name and email
if ($context['user']['is_guest'])
{
$submit = trim($signname);
if ($submit == '' || $submit == '_' || $submit == ' ')
fatal_lang_error (75);
if (strlen($submit) > 25)
fatal_lang_error (75);
if (empty($emailaddress))
fatal_lang_error (76);
if (!preg_match("/^[0-9A-Za-z@\._\-]+$/", $emailaddress))
fatal_lang_error (76);
}
db_query("
INSERT INTO {$db_prefix}guestbook
(guestName, emailaddress, signtime, body, response, userid)
VALUES ('$signname','$emailaddress','$thetime','$body', '$response', '$userid')", __FILE__, __LINE__);
redirectexit('module=Guestbook');
}
// invalid code entered, redirect back to sign again.
else
{
redirectexit('module=Guestbook;sa=SignGuestBook;code=1');
}
}
// This function will delete one entry and/or any responces to that entry.
function delete()
{
global $context, $db_prefix, $ID_MEMBER;
isallowedTo('manage_guestbook');
$id = (int) $_REQUEST['id'];
db_query("
DELETE FROM {$db_prefix}guestbook
WHERE id = '$id' OR response = '$id'", __FILE__, __LINE__);
redirectexit('module=Guestbook');
}
function edit()
{
global $context, $db_prefix, $txt, $scripturl;
$context['page_title'] = $txt['guestbook_edit'];
isallowedTo('manage_guestbook');
$id = (int) $_REQUEST['id'];
$request = db_query("
SELECT id, guestName, emailaddress, body
FROM {$db_prefix}guestbook
WHERE id = '$id'
LIMIT 1", __FILE__, __LINE__);
$context['message'] = mysql_fetch_assoc($request);
mysql_free_result($request);
loadMTemplate('Guestbook');
$context['sub_template'] = 'guest_edit';
}
function doEdit()
{
global $db_prefix;
isallowedTo('manage_guestbook');
$id = (int) $_POST['id'];
$signname = htmlspecialchars($_POST['signname']);
$emailaddress = htmlspecialchars($_POST['emailaddress']);
$body = htmlspecialchars($_POST['body']);
$request = db_query("
UPDATE {$db_prefix}guestbook
SET guestName='$signname', emailaddress='$emailaddress', body='$body'
WHERE id='$id'
LIMIT 1", __FILE__, __LINE__);
redirectexit('module=Guestbook');
}
function Admin()
{
global $context, $db_prefix, $txt;
isallowedTo('manage_guestbook');
if (!isset($context['page_title']))
$context['page_title'] = $txt['guestbook_mng'];
// Load the common admin stuff... select 'Guestbook_Management'.
adminIndex('Guestbook_Management');
$request = db_query("
SELECT *
FROM {$db_prefix}guestbook
ORDER BY id DESC", __FILE__, __LINE__);
while ($entry = mysql_fetch_assoc($request))
$context['messages'][] = array(
'id' => $entry['id'],
'guestName' => $entry['guestName'],
'emailaddress' => $entry['emailaddress'],
'signtime' => timeformat($entry['signtime']),
'body' => censorText(DoUBBC($entry['body'])),
'is_response' => $entry['response'],
'userid' => $entry['userid'],
);
mysql_free_result($request);
loadMTemplate('Guestbook');
$context['sub_template'] = 'guest_admin';
}
function AdminDelete()
{
global $db_prefix, $txt;
isallowedTo('manage_guestbook');
if (!empty($_POST['delete_all']))
{
db_query("DELETE FROM {$db_prefix}guestbook", __FILE__, __LINE__);
redirectexit('module=Guestbook');
}
if (is_array($_POST['delete']))
{
while (list($id) = each($_POST['delete']))
{
(int) $id;
db_query("
DELETE FROM {$db_prefix}guestbook
WHERE id = '$id'
LIMIT 1", __FILE__, __LINE__);
}
}
redirectexit('module=Guestbook;sa=Admin');
}
?>