Location: PHPKode > projects > GBoook > gbook_v.3.3/process.php
<?php
	session_start();

	if($_SERVER['REQUEST_METHOD'] == "POST"){
		define('GBOOK', TRUE);
		include('inc/settings.inc.php');

		//If problems start where people keep returning to the entry form
		//then comment out the line below by placing slashes in front of it 
		//like this //
		$gooddom = FUNCT_VERIFY_REFERER(MYDOM, htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_REFERER']), ENT_QUOTES));

		$username 	= htmlspecialchars(mysql_real_escape_string($_POST['name']), ENT_QUOTES);
		$useremail	= htmlspecialchars(mysql_real_escape_string($_POST['email']), ENT_QUOTES);
		$userurl 	= htmlspecialchars(mysql_real_escape_string($_POST['website']), ENT_QUOTES);
		$usermsg 	= htmlspecialchars(mysql_real_escape_string($_POST['message']), ENT_QUOTES);
		$ccode 		= htmlspecialchars(mysql_real_escape_string($_POST['code']), ENT_QUOTES);

	}else{
		//The void.  
		exit();
	}	
	if (empty($username) || empty($usermsg)){
		header("Location: ".MAINURL."?loc=sign");
		exit();
	}

	if(!empty($userurl)){
   		if (!(eregi("http://", $userurl))){
    		$userurl = "http://".trim($userurl);
   		}
	}

	if ($captcha == 1) {
		$captchaok = FUNCT_VERIFY_CAPTCHA($ccode);
		if($captchaok == FALSE){
			header("Location: ".MAINURL."?loc=sign&cap=FALSE");
			exit();
		}
	}

	$useremail = eregi_replace("@", "<font class=\"emailat\">(at)</font>" , $useremail);
	$userdate = date("l, F j, Y ")."&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".date("h:i:s a"); 

	$userdata = FUNCT_WORD_FILTER($usermsg, $userurl, $useremail, $username);
	
	if ($keyword == 1){
		$goodmsg = FUNCT_KEYWORDS($usermsg.' '.$userurl.' '.$useremail.' '.$username);
		if ($goodmsg == 'BAD'){
			FUNCT_MOD_MSG($userdata, $userdate);
			if ($notify == 1){
				FUNCT_SEND_MOD_MAIL($subject, $emailaddr, $username); 
			}
			unset($_POST);
  			header("Location: " . MODQ);
			exit();
		}
	}

	//if all checks well then lets post the dange message!
	FUNCT_POST_MSG($userdata, $userdate);

function FUNCT_VERIFY_REFERER($mdomain, $rdomain){
	if (strpos($rdomain, $mdomain) === FALSE) {
		header("Location: ".MAINURL."?loc=sign");
		exit();	
	}
}
	
function FUNCT_VERIFY_CAPTCHA($captchacode){
	if (!(strtolower($_SESSION['string']) == strtolower($captchacode))) {
		return FALSE;
   	}else{
		return TRUE;
	} 
	
}
	
function FUNCT_POST_MSG($mydata, $udate){
	$result = mysql_query("SELECT * FROM groones_guestbook WHERE user_name LIKE '".$mydata['username']."' AND message LIKE '".$mydata['usermsg']."'");
	$num = mysql_num_rows($result);

	if($num == 0){	
		mysql_query("INSERT INTO groones_guestbook (user_name, email_address, website, my_date, message) VALUES ('".$mydata['username']."', '".$mydata['useremail']."', '".$mydata['userurl']."', '".$udate."', '".$mydata['usermsg']."')");
		if (mysql_errno()){
			die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
		}else{
			unset($_POST);
  			header("Location: ".REDIRECTED);
			exit();
		}
	}else{
		unset($_POST);
  		header("Location: ".REDIRECTED);
		exit();
	}
}

function FUNCT_MOD_MSG($mydata, $udate){
	$result = mysql_query("SELECT * FROM groones_guestbook_mod WHERE user_name LIKE '".$mydata['username']."' AND message LIKE '".$mydata['usermsg']."'");
	$num = mysql_num_rows($result);

	if($num == 0){
		mysql_query("INSERT INTO groones_guestbook_mod (user_name, email_address, website, my_date, message) VALUES ('".$mydata['username']."', '".$mydata['useremail']."', '".$mydata['userurl']."', '".$udate."', '".$mydata['usermsg']."')");
		 
		if (mysql_errno()){
			die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
		}
	}else{
		unset($_POST);
  		header("Location: ".REDIRECTED);
		exit();
	}

}

function FUNCT_SEND_MOD_MAIL($msubject, $mreciever, $uname) {
	$design = '
	<html>
		<head>
			<title>Guestbook Entry</title>
		</head>
		<body>
			<div align="center">
				<center>
   					<table  bgcolor="#000000" border="1" width="100%" cellpadding="0" cellspacing="0">
      					<tr>
         					<td>
            					<table bgcolor="#ffffff" border="0" width="100%" cellpadding="8" cellspacing="0">
               						<tr>
                  						<td align="Center">
                    						'.$uname.' has placed an entry into your guestbook that needs moderation.
                  						</td>
               						</tr>
            					</table>
         					</td>
      					</tr>
   					</table>
				</center>
			</div>
   		</body>
	</html>';
    $headers = "From: ".$mreciever."\n"; // From address
    $headers .= "Reply-To: ".$mreciever."\n"; // Reply-to address
    $headers .= "Organization: Guest Book\n"; // Organisation
    $headers .= "Content-Type: text/html; charset=iso-8859-1\n"; // Type
	
	mail($mreciever, $msubject, $design, $headers);
}

function FUNCT_WORD_FILTER($umsg, $uurl, $uemail, $uname){
	$filterresult = mysql_query("SELECT * FROM groones_wordfilter");
	while ($row = mysql_fetch_array($filterresult)){
   		$umsg 	= eregi_replace($row['BADWORD'], $row['GOODWORD'], $umsg);
   		$uurl 	= eregi_replace($row['BADWORD'], $row['GOODWORD'], $uurl);
   		$uemail = eregi_replace($row['BADWORD'], $row['GOODWORD'], $uemail);
   		$uname 	= eregi_replace($row['BADWORD'], $row['GOODWORD'], $uname);
	}
	
	return array('username' => $uname, 'useremail' => $uemail, 'userurl' => $uurl, 'usermsg' => $umsg);
}
	
function FUNCT_KEYWORDS($umsg) {
	include(ABSPATH."inc/keywords.inc.php");

	$umsg = strtoupper($umsg);
	$tmpbad = strtoupper($keywords);
	$keywords = explode(",",$tmpbad);
	$ding = "GOOD";
	$i = 0;
	
	while (($ding == "GOOD") && ($i <= count($keywords)-1)){
		if (strpos($umsg, $keywords[$i]) !== FALSE) {
			$ding = "BAD";	
		}
		$i++;
	}
	return $ding;
}

?>
Return current item: GBoook