Location: PHPKode > projects > iPei Guestbook > ipei-guestbook/guestbook/index.php
<?PHP

// iPei Guestbook v2.0
// (c) Paley Wu
// www.epistream.com

include "functions.php";

if ($sss == 1)
{
	$sm  = array (";))",":((",";;)",">:D<",";)","\\:D/",":-/",":x",":\">",":P",":-*","=((",":o","x(",":>","B-)","#:-S",":-S",">:)",":(|)",":))",":|","/:)","=))","O:)",":-B","=;","I-|","8-|","L-)",":-&",":-$","[-(",":O)","8-}","<:-P","(:-|","=P~",":-?","#-o","=D>",":-ss","@-)",":^o",":-w",":-<",">:p","<):)",":@)","3:-O",":(","~8>","@};-","%%-",":-j","(~~)","^:)^","[-x","8-x","=:)",">-)",":-L","[-O<","$-)",":-\"","B-(",":)>-",":-@",":D",">:/",":)",":p",":O"); 
	$num_smiley = 73;
	for ($nc = 1;$nc <= $num_smiley;$nc++)
		$num[] = "<img src=y_emo/$nc.gif>";
}

$num_entry=mysql_numrows($gb);

$epp = $def_epp;
if (isset($_GET['epp']) and ($_GET['epp'] != ""))
	$epp = $_GET['epp'];

$pg = ceil($num_entry/$epp);
if (isset($_GET['pg']) and ($_GET['pg'] != ""))
	$pg = $_GET['pg'];

$tp = ceil($num_entry/$epp);

$start = $num_entry - ($tp-$pg)*$epp;
$end = $start - $epp;


if ($siteindex=="off")
	$noindexing = "<meta name=\"robots\" content=\"noindex,nofollow\" />";
else
	$noindexing = "";

if (($captcha1 == "on" or $captcha2 == "on") or $_GET['a'] == "process")
{
	session_start();
}

echo "<html><head><title>$title</title>$noindexing</head><body text=#000000 link=#858585 alink=#858585 vlink=#858585 bgcolor=white><font size=1>";
if ($center != 0)
	echo "<center>";

$mid_width = $width - 31;
echo "<table width=$width cellpadding=0 cellspacing=0 border=0><tr><td width=15 align=right><img src=ipei_imgs/bar_left.gif width=13 height=31></td><td width=$mid_width valign=center align=right background=ipei_imgs/bar_mid.gif><font face=arial size=1 color=#858585>Page: ";

echo "<a href=index.php?pg=$tp&epp=$epp>&lt;&lt;</a> | ";


for ($b=$pg+4;$b >= $pg+1;$b--)
{
	if (($b >= 1) and ($b <= $tp))
		echo "<a href=index.php?pg=$b&epp=$epp>$b</a> | ";
}

echo "<b><font size=+1>$pg</font></b>";

for ($a=$pg-1;$a >= $pg-4;$a--)
{
	if (($a >= 1) and ($a <= $tp))
		echo " | <a href=index.php?pg=$a&epp=$epp>$a</a>";
}


echo " | <a href=index.php?pg=1&epp=$epp>&gt;&gt;</a>";

echo " of $tp pages. &nbsp; <font face=arial size=4 color=#858585><a href=index.php?a=view>view</a> / <a href=index.php?a=sign>sign</a></font></font></td><td width=16 align=left><img src=ipei_imgs/bar_right.gif width=13 height=31></td></tr></table><br><img src=ipei_imgs/blank.gif width=1 height=4><br>";





if ($_GET['a'] == "smilies")
{
	$smile_per_row = floor($width/70);

	echo "<font size=1 face=arial color=gray>Emoticons are &copy; Yahoo!<br>note: not all smilie codes are exactly same as on Yahoo Messenger</font><br><br><table border=0 cellspacing=3 cellpadding=1 bgcolor=gray>";
	for ($i=0;$i < $num_smiley;$i++)
	{
		if (($i+1)%$smile_per_row==1)
			echo "<tr>";
		echo "<td bgcolor=white><font face=arial size=2 color=#858585><b>$num[$i] &nbsp;$sm[$i]</td>";
		if (($i+1)%$smile_per_row==0)
			echo "</tr>";
	}
	echo "</table>";
}
else if ($_GET['a'] == "process_delete")
{
	if ($_POST[password] == $pw)
	{
		$DQuery = "DELETE FROM `$table` WHERE `entrynum` = $_POST[e]";
		mysql_query($DQuery);
		echo "<font size=2 face=arial>Entry $_POST[e] Deleted.<br><br></font>";
	}
	else
		echo "<font size=2 face=arial>Invalid Password<br><br></font>";
}
else if ($_GET['a'] == "process_comment")
{
	if ($_POST[password] == $pw)
	{
		$cmttime = date("Y-m-d H:i:s");
		$querya="UPDATE `$table` SET `comment` = '$_POST[comment]',`comment_date` = '$cmttime' WHERE `entrynum` = '$_POST[e]'";
		mysql_query($querya);
		echo "<font size=2 face=arial>Comment added for entry $_POST[e].<br><br></font>";
	}
	else
		echo "<font size=2 face=arial>Invalid Password<br><br></font>";
}
else if ($_GET['a'] == "edit")
{
	if ($_POST[password] == $pw)
	{
		$query="SELECT * FROM `$table` WHERE 1 AND `entrynum` = $_POST[e]";
		$entryfile=mysql_query($query);
		$tip = mysql_result($entryfile,0,"ip");
		$tisp = mysql_result($entryfile,0,"res_ip");
		$original_cmt = mysql_result($entryfile,0,"comment");
	
		echo "<font size=1 color=gray face=arial>Follow Up:<br></font><form action=index.php?a=process_comment method=POST><input type=hidden name=\"password\" value=\"$_POST[password]\"><input type=hidden name=\"e\" value=\"$_POST[e]\"><TEXTAREA name=\"comment\" rows=6 cols=35>$original_cmt</TEXTAREA><br><input type=submit name=submit value=\"Edit Comment\"></form><hr width=$width><br></font>";

		echo "<font size=2 face=arial>IP: $tip<br>Resolved IP: $tisp<br>";

		
		displayEntry(mysql_result($entryfile,0,"name"),mysql_result($entryfile,0,"msg"),mysql_result($entryfile,0,"comment"),mysql_result($entryfile,0,"email"),mysql_result($entryfile,0,"homepage"),convert_datetime(mysql_result($entryfile,0,"date"), "F j Y"),1,mysql_result($entryfile,0,"entrynum"));

		echo "<br><hr width=$width><font size=1 color=red face=arial>Delete:<br></font><form action=index.php?a=process_delete method=POST><input type=hidden name=\"password\" value=\"$_POST[password]\"><input type=hidden name=\"e\" value=\"$_POST[e]\"><input type=submit name=submit value=\"Delete entry #$_POST[e], CANNOT BE UNDONE\"></form>";
	}
	else
		echo "<font size=2 face=arial><a href=\"javascript:history.back()\"><img src=ipei_imgs/arrow_left.gif border=0></a> Invalid Password<br><br></font>";
}
else if ($_GET['a'] == "login")
{
	$form = "<br><form action=index.php?a=edit method=POST><table cellspacing=3 cellpadding=3 border=0>
	<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>password</font></td><td><input type=password name=\"password\" size=26><input type=hidden name=\"e\" value=\"$_GET[e]\"></td></tr>
	<tr><td>&nbsp;</td><td><input type=submit name=submit value=\"Login to edit entry #$_GET[e]\"></td></tr>
	</table></form><br>";

	echo $form;
}
else if ($_GET['a'] == "process")
{
	include "audit.php";

	$entrytime = date("Y-m-d H:i:s");
	$userIP = getenv("REMOTE_ADDR");
	$userISP = gethostbyaddr($userIP);


	if (($_POST[name] == "") or ($_POST[message] == ""))
	{
		echo "<font size=2 face=arial>Missing Field(s): please input a name and a message<br><br></font>";
		errinc("missing");
	}
	else if ((time()-base64_decode($_POST[ts]) < 6) and ($spamfilter > 0))
	{
		//$pst = time()-base64_decode($_POST[ts]);
		echo "<font size=2 face=arial>Post too fast.<br><br></font>";
		errinc("time");
	}
	else if ((base64_decode($_POST[confir]) != $_SERVER['REMOTE_ADDR']) and ($spamfilter > 0))
	{
		echo "<font size=2 face=arial>Illegal Post Method<br><br></font>";
		errinc("confir");
	}
	else if ($captcha1=="on" and !(isset($_POST['number']) && $_POST['number']==$_SESSION['key']) and ($spamfilter > 0))
	{
		echo "<font size=2 face=arial>Number Image Confirmation Failed [a]<br><br></font>";
		errinc("catchpa");
	}
	else if ($captcha2=="on" and !(audit()) and ($spamfilter > 0))
	{
		echo "<font size=2 face=arial>Number Image Confirmation Failed [b]<br><br></font>";
		errinc("captcha");
	}
	else if (hasBannedWord() and ($spamfilter > 0))
	{
		echo "<font size=2 face=arial>Spam keywords detected in fields.<br><br></font>";
		errinc("slist");
	}
	else if (isbanned($userIP,$userISP) and ($spamfilter > 0))
	{
		echo "<font size=2 face=arial>IP Has Been Banned<br><br></font>";
		errinc("ip");
	}
	else {
		$in_query = "INSERT INTO `$table` VALUES ('','$_POST[name]','$_POST[email]','$_POST[homepage]','','$_POST[message]','$entrytime','','','$userIP','$userISP','1')";
		mysql_query($in_query);

		echo "<META HTTP-EQUIV=Refresh CONTENT=\"1; URL=index.php?a=view\"><font size=2 face=arial>Thank you for posting $_POST[name]!<br><br></font>";
	}
}
else if ($_GET['a'] == "sign")
{
	$encodedIP = base64_encode($_SERVER['REMOTE_ADDR']);
	$ts = base64_encode(time());
	
	if ($captcha1 == "on" or $captcha2 == "on")
	{
		if ($captcha1=="on")
		{
			$s1 = "<img width=100 height=25 src=\"./key.php\" border=1> ";
			$f1 = "<input type=\"text\" name=\"number\" size=26><br>";
		}
		if ($captcha2=="on")
		{
			$s2 = "<img width=100 height=25 src=\"button.php\" border=1> ";
			$f2 = "<input type=\"text\" name=\"userdigit\" size=26><br>";
		}


		$sic_code1 = "<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>confirmation</font></td><td>{$s1}{$s2}<br>Please enter the numbers you see:<br>{$f1}{$f2}</td></tr>";
	}
	else	$sic_code1 = "";

	$form = "<br><form action=index.php?a=process method=POST><table cellspacing=3 cellpadding=3 border=0>
	<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>name</font></td><td><input type=text name=\"name\" size=26></td></tr>
	<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>email</font></td><td><input type=text name=\"email\" size=26></td></tr>
	<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>homepage</font></td><td><input type=text name=\"homepage\" value=\"http://\" size=26></td></tr>
	<tr><td valign=top align=right><font size=2 face=\"$font\" color=$fcolor>message</font></td><td><TEXTAREA name=\"message\" rows=6 cols=30></TEXTAREA></td></tr>
	$sic_code1
	<tr><td>&nbsp;</td><td><input type=hidden name=\"confir\" value=\"$encodedIP\"><input type=hidden name=\"ts\" value=\"$ts\"><input type=submit name=submit value=Post></td></tr></table></form>";

	if ($sss == 1)
		$form = $form . "<center><font size=1><a href=index.php?a=smilies target=_blank>Smilies Help</a></font></center><br>";

	displayEntry("Sign Guestbook",$form,"",NULL,NULL,NULL,0,NULL);
}
else if ($num_entry == 0)
{
	echo "<font size=2 face=arial>The guestbook is empty.<br><br></font>";
}
else
{
	if ($pg < $tp)
	{
		$toleft = $pg + 1;
		echo "<a href=index.php?pg=$toleft&epp=$epp><img src=ipei_imgs/arrow_left.gif border=0></a>";
	}
	if (($pg > 1) and ($tp > 1))
	{
		$toright = $pg - 1;
		echo "<a href=index.php?pg=$toright&epp=$epp><img src=ipei_imgs/arrow_right.gif border=0></a>";
	}
	if (($pg < $tp) or (($pg > 1) and ($tp > 1)))
		echo "<br /><br />";

	// display entries
	for ($c=$start;$c > $end;$c--)
	{
		if (($c > 0) and ($c <= $num_entry))
		{
			displayEntry(mysql_result($gb,$c-1,"name"),mysql_result($gb,$c-1,"msg"),mysql_result($gb,$c-1,"comment"),mysql_result($gb,$c-1,"email"),mysql_result($gb,$c-1,"homepage"),convert_datetime(mysql_result($gb,$c-1,"date"), "F j Y"),1,mysql_result($gb,$c-1,"entrynum"));
		}
	}

	if (($pg < $tp) or (($pg > 1) and ($tp > 1)))
		echo "<img src=ipei_imgs/blank.gif width=1 height=8><br />";
	if ($pg < $tp)
	{
		$toleft = $pg + 1;
		echo "<a href=index.php?pg=$toleft&epp=$epp><img src=ipei_imgs/arrow_left.gif border=0></a>";
	}
	if (($pg > 1) and ($tp > 1))
	{
		$toright = $pg - 1;
		echo "<a href=index.php?pg=$toright&epp=$epp><img src=ipei_imgs/arrow_right.gif border=0></a>";
	}
}





cleanup();

echo "</center><br><br></font></body><comment><!-- iPei Guestbook 2.0 by Paley Wu - www.epistream.com --></comment></html>";
?>
Return current item: iPei Guestbook