Location: PHPKode > projects > KISGB (Keep It Simple Guest Book) > addtogb.php
<?
/*
   KISGB - a Guest Book script written in PHP.
   Copyright (C) 2001-2002 Gaylen Fraley
   hide@address.com

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   License file for more details.
*/
ob_start();
require("config.php");
$name = $HTTP_POST_VARS['name'];
$password = $HTTP_POST_VARS['password'];
$loginLink = "";
if ($HTTP_GET_VARS[Login]>"") {
	$Login = $HTTP_GET_VARS[Login];
	if (strlen($Login)!=64) break;
	/**  Need to read registry for match  **/
	$uName = substr($Login,0,32);
	$uPass = substr($Login,32);
	$loginLink = "&Login=$Login";
}
/* This next line adds the private variable [back] to the post array. This is needed because I had to rename private to private_msg in index.php - add section. In NN6.x, the word private is apparently reserved and was causing a javascript error. This code caused the least amount of pain to remedy the situation */
$HTTP_POST_VARS[private] = $HTTP_POST_VARS[private_msg];
if ($HTTP_POST_VARS[private]!="on") unset($HTTP_POST_VARS[private]);
if ($HTTP_GET_VARS['tmp_theme']>'') $theme = $HTTP_GET_VARS['tmp_theme'];
if ($HTTP_GET_VARS['tmp_lang']>'') $language = $HTTP_GET_VARS['tmp_lang'];
if (empty($name)) {
	header("Location: $root_document?action=view&tmp_theme=$theme&tmp_lang=$language$loginLink");
	die();
}
$privpass = $HTTP_POST_VARS['privpass'];echo $privpass;
require("$path_to_languages/$language");
require("$path_to_themes/$theme");
if ($secure_site) {
	$auth_id = $secure_site_id;
	$auth_pw = $secure_site_pw;
	include("authenticate.php");
}
require("classes.php");
if ($use_filter_file) require("filters.inc.php");
require("functions.php");
/*** 7/19/2002 ***/ registerUser();
reset ($HTTP_POST_VARS);
entryErrorCheck($HTTP_POST_VARS);
reset ($HTTP_POST_VARS);
$write_header = 0;
if (!file_exists("$path_to_gb")) {
	$write_header = 1;
	$header = "<? Header(\"HTTP/1.0 403 Forbidden\");exit; ?>\n";
	for ($i=1;$i<17;$i++) {
		if ($i==1) $comma = "";
		else $comma = ",";
		$header .= $comma.'"'.${"col$i"}.'"';
	}
	$header .= "\n";
}

$key15_found = false;
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
	if ($key=="private") $key15_found=true;
}
$ip = gethost($HTTP_SERVER_VARS['REMOTE_ADDR']);
$time_offset = ($hours_to_offset!=0) ? $hours_to_offset * 60 * 60 : 0;
$msgid = time() + $time_offset;
if ($msgid<10000) {
	$date = date($date_format,$msgid);
	$time = date($time_format,$msgid);
}
else {
	$date = '';
	$time = '';
}
if ($moderateEntries) $msgid = '0'.$msgid;
/****************************************************************************/
/*                        BEGIN FLOOD CONTROL LOGIC                         */
/****************************************************************************/
/* Read file to get time of last entry by this IP for use of flood control. */
/* This adds very little overhead, even if the file is very large.  It's a  */
/* tradeoff - safety for a little overhead. If flood_control_timer = 0 then */
/* the check is skipped.                                                    */
/****************************************************************************/
$fp = fopen("$path_to_gb","r") or die("Unable to access $path_to_gb");
if ($flood_control_timer > 0) {
// The code below ensures that a converted guestbook is being used
	if (strpos(@fread($fp,40),"HTTP/1.0 403 Forbidden")) {}
	else {
		js_getPointer();
		echo "<style type=\"text/css\">";
		@include("style-sheet-add.php");
		echo "</style>";
		echo "<table bgcolor=\"lightblue\" border=\"2\" align=\"center\"><tr><td align=\"center\"><font color=\"blue\">I'm sorry, but the Guest Book is not available at this time.<br /><br />Please contact the <a href='mailto:$admin_email_address'>System Administrator</a> for help.</font></td></tr></table>";
		if ($use_footer) include_once 'footer.php';
		exit();
	}
// The code above ensures that a converted guestbook is being used
	$rn = 0;
	while ($data = fgetcsv($fp,$csv_buffer_size,",")) {
		$rn++;
		if ($rn > 2 && $data[0]>"") {
			if ($data[1]==$ip) {
				$lapse = $msgid-$data[0];
				if ($lapse<($flood_control_timer)) {
					js_getPointer();
					echo "<style type=\"text/css\">";
					@include("style-sheet-add.php");
					echo "</style>";
					echo "<table border=\"1\" align=\"center\"><tr><td id=\"tdadd\"><center>$flood_msg</td></tr></table><p><center><a href='javascript:history.go(-1)'>$label_back</a></center></p>";
					if ($use_footer) include_once 'footer.php';
					exit;
				}
			}
		}
	}
	fclose($fp);
}
/****************************************************************************/
/*                         END FLOOD CONTROL LOGIC                          */
/****************************************************************************/
$fp = fopen("$path_to_gb","a") or die("$unable_to_access_file_msg $path_to_db");
flock($fp,2);
if ($write_header) fwrite($fp,$header);
fwrite($fp,"$msgid");
fwrite($fp,",$ip");
fwrite($fp,",$date");
fwrite($fp,",$time");
reset ($HTTP_POST_VARS);
while (list ($key, $val) = each ($HTTP_POST_VARS)) {
/* indexes start at 1 */
	if (chop($key)=="PHPSESSID") continue;
	if (chop(strtolower($key))=="charleft") continue;
	if (chop(strtolower($key))=="nationselected") continue;

	$allow_tags = "";
	if ($allow_html) $allow_tags .= $allowed_html_tags_no_img;
	if ($allow_smileys) $allow_tags .= "<img>";
	$val = strip_tags($val,$allow_tags);

	$val = htmlspecialchars($val,ENT_QUOTES);
	$val = str_replace("&amp;#","&#",$val);
	if ($key==$col14) {
		$rep_str = "";
		for ($i=0;$i<$allow_carriage_returns_max;$i++) {
			$rep_str .= '\\1';
		}
		$val = preg_replace("/(\n|<br \/>|\r\n){".$allow_carriage_returns_max.",}/i", "$rep_str", $val);
		$val = substr($val,0,$max_comment_length);
		fwrite($fp,",\"$val\"");
	}
	else {
/*** 7/17/2002 ***/		if ($key==$col6||$key==$col7||$key==$col8) {
/*** 7/17/2002 ***/			if (FALSE !== strpos(strtolower($val),'javascript:')) $val="";
/*** 7/17/2002 ***/		}
		if ($key != $col8||($key==$col8&&chop($val)=="http://")) $val = str_replace("http://", "", $val);
		if ($encryptPassword&&$key=="password"&&!empty($val)) $val = md5($val);
		if ($key=="password"&&!$key15_found) fwrite($fp,",\"\"");
		$val = str_replace("\\"," ",$val);
		$val = trim(str_replace("&quot;","",$val));
		fwrite($fp,",\"$val\"");
	}
}
fwrite($fp,"\n");
flock($fp,3);
fclose($fp);
if ($admin_email_advice && !empty($admin_email_address)) {
	include("config.php");
	$to = "$admin_email_address,$admin_email_address_addl";
	$subject = $admin_email_subject;
	$msg = $admin_email_msg;
	reset ($HTTP_POST_VARS);
	while (list ($key, $val) = each ($HTTP_POST_VARS)) {
		$msg .= "$key : $val\n";
	}
	if ($admin_email_show_server_vars) {
		reset ($HTTP_SERVER_VARS);
		$msg .= "\n";
		while (list ($key, $val) = each ($HTTP_SERVER_VARS)) {
			$msg .= "$key : $val\n";
		}
	}

	@mail($to, $subject, "$msg","From: $admin_email_address") ;
}
if ($guest_email_advice && !empty($HTTP_POST_VARS['email'])) {
	$to = $HTTP_POST_VARS['email'];
	$subject = $guest_email_subject;
	$msg = $guest_email_msg;
	@mail($to, $subject, "$msg","From: $admin_email_address") ;
}
header("Location: $root_document?action=view&tmp_theme=$theme&tmp_lang=$language$loginLink");
ob_end_flush();
?>
Return current item: KISGB (Keep It Simple Guest Book)