Location: PHPKode > projects > The Easy and Free PHP guestbook > php_guestbook.php
<?
########################################################################################
#   A Simple PHP GuestBook Script written by Andrea Cabibbo          #      ######     #
#   Feel free to modify the code to suit your needs                 # #     #          #
#   Redistribution is NOT allowed and will be prosecuted           #   #    #          #
#   Version: v0.6                                                 #######   #          # 
#   If you find bugs or have suggestions, please contact         #       #  #          #
#   the author at the PHP Guestbook official home page:         #         # ######     #
#                                                                                      #
#   http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html         #
#   File last edited on may 11, 2010                                                   #
########################################################################################
#                                                                                      #
# REQUIRED FILES AND FOLDERS PERMISSIONS INFORMATION                                   #
# For the html guestbook file, the configuration file (include/conf.php)               #
# and the verify.png file a 666 permission is needed for the script to work            #
# The posts folder should have either a 755 or 777 permission depending on server      #
# THE CONFIGURATION VARIABLES ARE NOW IN THE include/conf.php FILE.                    #
# No manual editing of this conf.php file is needed as the configuration variables     #
# are accessed though the administration web interface                                 #
#                                                                                      #
#                                                                                      #
########################################################################################

error_reporting(1);
$used_language="include/lang/eng/lang.php"; # this cannot be changed 
$enable_image_verification_step=1; # this cannot be changed 
$moderation_active="no"; # this cannot be changed 
$powby="<a class=\"powby\" href=\"http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html\" target=\"_blank\">Powered by the The Easy PHP Guestbook ®</a>";// editing of the powered by lines is not allowed
$pwb2="<a class=\"powby\" href=\"http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html\" target=\"_blank\">Powered by the The Easy PHP Guestbook ®</a>";// editing of the powered by lines is not allowed
$conf_file="include/conf.php"; //the configuration file
include $conf_file;include $used_language;include "include/classes.php";include "include/functions.php";
include "include/mixvar.php";include "include/html/forms.php";include "include/html/mix_html.php";
$date=EncodeMessage($date);

# GEOIP, please read carefully:
# $geoip_db is the expected location of the geoip database file.
# This file IS NOT INCLUDED in this software distribution and is not part of this guestbook software, which merely offers a way to access and use this file, if so desired by the user.
# It is a GPL licensed file that can be freely downloaded from http://software77.net/geo-ip/
# The provided geoip code can use the CSV version of this file only. You can download this csv file compressed in a zip format or gzip format from the above web site
# You should then unzip it and place it in the "include" folder of the guestbook software distribution. When unzipped, this file should be named IpToCountry.csv, you might want to check that out.
$geoip_db="include/IpToCountry.csv"; # see comments above
$geoip_file_exists=file_exists($geoip_db);
if($geoip_file_exists){$geoip_file_detected="<span style=\"color:green\">yes</span>";}
else{$geoip_file_detected="<span style=\"color:red\">no</span>";}

if ($activate_geoip=="yes" && $geoip_file_exists)
{
  $user_country_name=locate_ip_2($ip_addr,"name");
  $user_country_code=locate_ip_2($ip_addr,"code");
}
# END GEOIP

$create_post_array=
'
$post_array=array(
"post_id"=>$post_id,
"name"=>$name,
"email"=>$email,
"message"=>$message,
"date"=>$date,
"ip_addr"=>$ip_addr,
"show_email"=>$show_email,
"show_message"=>$show_message,
"approved"=>$approved);
';

# CHECKING IF LOGFILE AND POSTS FILE ARE THERE. IF NOT, CREATE THEM
if (file_exists($logfile) == false){$fp = fopen($logfile,"w");fclose($fp);}
if (file_exists($posts_file) == false){$fp = fopen($posts_file,"w");fclose($fp);}

# GETTING THE VARIABLES POSTED THROUGH THE FORM(S)
$show_email="yes";
if($_POST['show_email']){$show_email=$_POST['show_email'];}
$show_message="yes";
if($_POST['show_message']){$show_message=$_POST['show_message'];}
if($_POST['name']){$name=$_POST['name'];$name = CleanName($name);}
if($_POST['email']){$email=$_POST['email']; $email = CleanName($email);}
if($_POST['message'])
{
  $message=$_POST['message'];   # MESSAGE
  $message = trim($message);
  $message=stripslashes($message);
  $message=EncodeMessage($message);
  $message=ConvertToHtml ($message);
  # CHECKING IF THE MESSAGE CONTAINS ANY UNCLOSED TAG THAT MIGHT DISRUPT THE GB LAYOUT, IF SO CLOSE TAGS
  if (preg_match('/<\s*b>/'.i,$message)==1 AND preg_match('/<\/b>/'.i,$message)==0){$message=$message."</b>";}# checking for bold tag
  if (preg_match('/<\s*font/'.i,$message)==1 AND preg_match('/<\/font>/'.i,$message)==0){$message=$message."</font>";}# checking for font tag
  if (preg_match('/<\s*a/'.i,$message)==1 AND preg_match('/<\/a>/'.i,$message)==0){$message=$message."</a>";}# checking for "a" tag
  if (preg_match('/<\s*i>/'.i,$message)==1 AND preg_match('/<\/i>/'.i,$message)==0){$message=$message."</i>";}# checking for italic tag
  if (preg_match('/<\s*u>/'.i,$message)==1 AND preg_match('/<\/u>/'.i,$message)==0){$message=$message."</u>";}# checking for underlined tag
  if (preg_match('/<\s*span/'.i,$message)==1 AND preg_match('/<\/span>/'.i,$message)==0){$message=$message."</span>";}# checking for span tag
  if (preg_match('/<\s*div/'.i,$message)==1 AND preg_match('/<\/div>/'.i,$message)==0){$message=$message."</div>";}# checking for div tag (this one is forbidden dy default in forbidden strings)
  if (preg_match('/<\s*quote/'.i,$message)==1 AND preg_match('/<\/quote>/'.i,$message)==0){$message=$message."</quote>";}# checking for quote tag
}
if($_POST['task']){$task=$_POST['task'];}
elseif($_GET['task']){$task=$_GET['task'];}
if($_POST['adpass']){$posted_pass=trim($_POST['adpass']);$adpass=trim($_POST['adpass']);}
if($_POST['imgverify']){$imgverify=$_POST['imgverify'];}
if($_POST['random']){$random=$_POST['random'];$random = trim($random);}
if($_POST['post_id']){$post_id=$_POST['post_id'];}  # POST ID
if($_GET['post_id']){$post_id=$_GET['post_id'];}
if($_POST['approved']){$approved=$_POST['approved'];}

$gb=new Guestbook;
session_start();

# TASKS START HERE

if ($task=="getCaptcha"){
  CreateCaptchaImage2();
}

# WHEN A MESSAGE IS POSTED FROM THE GUESTBOOK PAGE
if ($task=="postnm"){ # from the form in the html guestbook postnm=post new message

  $home_url="http:\/\/www.cellbiol.com\/scripts\/free_php_guestbook\/free_php_guestbook.html";
  $home_url2="http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html";
  
  # AJAX BASED VERIFICATION OF THE POST
  #$useAjaxVerif="yes";
  
    if ($activate_geoip=="yes" && $geoip_file_exists)
  {
    foreach($country_codes_list as $country_code)
    {
      if ($user_country_code==$country_code)
      {
        die("
        <HTML>
        <HEAD>
        <TITLE>404 Not Found</TITLE>
        </HEAD>
        <BODY>
        <H1>Not Found</H1>
        The requested document was not found on this server.
        <P>
        <HR>
        <ADDRESS>
        Local Web Server
        </ADDRESS>
        </BODY>
        </HTML>
        
        <!--
           - Unfortunately, Microsoft has added a clever new
           - \"feature\" to Internet Explorer. If the text of
           - an error's message is \"too small\", specifically
           - less than 512 bytes, Internet Explorer returns
           - its own error message. You can turn that off,
           - but it's pretty tricky to find switch called
           - \"smart error messages\". That means, of course,
           - that short error messages are censored by default.
           - IIS always returns error messages that are long
           - enough to make Internet Explorer happy. The
           - workaround is pretty simple: pad the error
           - message with a big comment like this to push it
           - over the five hundred and twelve bytes minimum.
           - Of course, that's exactly what you're reading
           - right now.
           -->
          ");
      }
    }
  }
  
  if ($enable_ajax_verification_step=="yes")
  {
    $proceed = false;
    $seconds = 60*10;
    #echo '<h1>Testing:</h1><p>Cookie: '.$_COOKIE['token'].'<br />Timestamp: '. $_POST['ts'].'</p>';
    if(isset($_POST['ts']) && isset($_COOKIE['token']) && $_COOKIE['token'] == md5($secret_salt.$_POST['ts'])) $proceed = true;
    
    if(!$proceed) { 
    echo 'Form processing halted for suspicious activity';
    exit;
    }
    
    if(((int)$_POST['ts'] + $seconds) < mktime()) {
    echo 'Too much time elapsed before posting, '."please go back to the <a href=\"$gbook_url\">form</a> and try again";
    exit;
    } 
  }
  # Checking for missing name or message
  if ($name==''){die($nam_field_empty);}# the script stops if the name is missing
  if (count($name)>40){die ($nam_field_too_long);}
  if (count($email)>40){die ($email_field_too_long);}
  if ($message==''){die($mes_field_empty);}# the script stops if the message is missing
  # CHECKING FOR POSTS FROM ADMIN
  $resnam_array=array();
  $resnam_array[]=$reserved_name; # adding the reserved name to the array
  #$resnam_array[]="another name"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate
  #$resnam_array[]="Alexander"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate
  $check_name=CheckForForbidden($name,$resnam_array); # testing to see if poster is admin
  if ($check_name==0 and $activate_res_name==1) # if poster is admin we go to the admin password verification
  {
    eval("\$adm_verif_form = \"$admin_verif_form\";");
    echo $adm_verif_form;
    die();
  }
  # if poster is not admin, we proceed
  # CAPTCHA BASED VERIFICATION OF THE POST
  if ($enable_image_verification_step=="yes")
  { 
    session_start();
    if ($_SESSION['new_string'] == $random){$verif=1;}
    else{$verif=0;}
    $_SESSION['new_string']="";
    session_destroy();
    if ($verif==0){echo "$wrong_captcha_txt $please_txt <a href=\"$gbook_url\">$go_back_txt</a> $and_try_again_txt";exit;}
  }
  # Checking the overall message length
  if (strlen($message)>$max_message_length){die ($mes_too_long);}
  # CHECKING FOR TOO LONG WORDS THAT COULD BREAK THE PAGE DESIGN
  if (CheckLongWords($message, $max_word_length)==0){die ($mes_word_too_long);}
  $g_content=file_get_contents($gbook_name);
  $temp1=preg_split('/'.$home_url.'/',$g_content);
  if (count($temp1)==1){die("$pl_txt <a href=$home_url2>$off_pag_txt</a> $to_use_txt <p>$avoid_linking_txt <a href=$home_url2>$ev_txt</a><p>$also_txt");}

  #  WE NOW SCAN THE MESSAGE FOR FORBIDDEN WORDS OR HTML TAGS
  $check=1;
  $check_name=CheckForForbidden($name,$forbidden_strings);
  $check_name2=CheckForForbidden($name,$forbidden_html_elements);    
  $check_mail=CheckForForbidden($email,$forbidden_strings);
  $check_mail2=CheckForForbidden($email,$forbidden_html_elements);
  $check_message=CheckForForbidden($message,$forbidden_strings);
  $check_message2=CheckForForbidden($message,$forbidden_html_elements);
  $check_ip=CheckForForbidden($ip_addr,$banned_ips);
  
  if ($check_name==0 OR $check_name2==0 OR $check_mail==0 OR $check_mail2==0 OR $check_message==0 OR $check_message2==0 OR $check_ip==0){$check=0;}
  if ($check==0)
  {
    echo "$illegal_post_txt $please_txt <a href=\"$gbook_url\">$go_back_txt</a> $and_try_again_txt";
    exit;
  }

  if ($moderation_active=="yes"){$approved="no";}
  else{$approved="yes";}
  
  $post_id=GetNextAvailableId($posts_file);
  eval ($create_post_array);
  echo "Processing post...<P>";
  $post=new Post($post_array);
  #$post->SetThisVarsFromPostArray($post_array);
  #$gb=new Guestbook;
  $gb->AddPost($post_array);
  $message=$post->RemoveBreaks($message);
  $post_log=$post->MailLogLine("log"); 
  $mail_log=$post->MailLogLine();
  if ($activate_geoip=="yes" && $geoip_file_exists)  # if geoip is active we add the country information to the message sent to admin on post
  {
    $mail_log=$mail_log."\nposter's country name: $user_country_name\nposter's country code: $user_country_code";
  }
  writelog($logfile,$post_log);
  if ($sendmail_onpost==1){
    if ($moderation_active=="no"){
      eval("\$email_mssg1 = \"$email_mssg1\";");
      msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1);
    }
    elseif ($moderation_active=="yes"){
      eval("\$email_mssg1 = \"$email_mssg3\";");
      msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1);
    }
  }
  echo($confirm);

} # END if task=postnm

# ADMIN MADE A POST AND THEN POSTED THE ADMIN PASSWORD FOR VALIDATION: FROM THE ADMIN PASSWORD VALIDATION FORM FOR POSTING
elseif ($task=="adminverify"){ # from the form with the password check if the admin is authorized to post a message (if the password is right)
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass OR $adpass==$admin_pass){
    $_SESSION['adm_pass']=$admin_pass;
    $approved="yes";
    $post_id=$gb->GetNextAvailableId();
    eval ($create_post_array);
    echo $processing_post_msg.'<p>';
    $post=new Post($post_array);
    $gb->AddPost($post_array);
    $post_log=$post->MailLogLine("log");
    writelog($logfile,$post_log);
    echo($confirm);
  }
  else{die($wrong_pass);} 
}

# SHOW MESSAGES THAT ARE AWAITING ADMIN APPROVAL BEFORE BEING POSTED
elseif ($task=="ShowPendingMessages"){
  session_start();  
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    echo "Moderation is only available in the enhanced version, get it <a href=\"http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html\">here</a><p> <a href=\"php_guestbook.php?task=show\">Back to admin</a>";
  }
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$show_pending_posts_txt,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page;  
  }
}

# APPROVE A PENDING MESSAGE
elseif ($task=="approve"){
  session_start();  
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    $gb->ApprovePost($post_id);
    echo $show_pending_redir;
  }
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$approve_post_txt,$powby,$gbook_title,$wrong_pass,$post_id);
    echo $expired_session_page;
  }
}

# VIEW A POST MARKED AS PRIVATE
elseif ($task=="ShowPrivatePost")
{
  session_start();
  
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    $gb->ShowPrivatePost($post_id);
  }
  else 
  {
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$view_post_txt,$powby,$gbook_title,$wrong_pass,$post_id);
    echo $expired_session_page;
  }
}

# FROM THE FORM TO ACCESS THE ADMINISTRATION INTERFACE
elseif ($task=="show"){ # from the form to access the admin section
  session_start();
  $adm_check=0;
  if ($posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass; $adm_check=1;}
  elseif ($_SESSION['adm_pass']==$admin_pass){$adm_check=1;}
  if($adm_check==1){echo $doctype_header.$open_html_and_head.$admin_title.$link_admin_css.$close_head_open_body_admin.$admin_home_line_1.$admin_navigation.$admin_home_line_2.$close_body_and_html;}
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$capitalized_login,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page;   
  }
} # END if task=show

# CALL TO VIEW THE LIST OF MESSAGES FOR DELETING OR EDITING POSTS
elseif ($task=="del_edit"){
  session_start();
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    $gb->CreateDelEditPage(); die();
  }
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page;
  }
} # END if task=del_edit

# CALL TO DELETE A POST
elseif ($task=="delete"){ # from the admin section, call to delete a post
  session_start();
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    echo "Deleting post...<P>";
    $gb->DeletePost($post_id);
    die ($post_num_lang." ".$post_id." ".$del_success_lang.'!'.$deledit_redir);
  }
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page;
  }
}

elseif ($task=="edit"){ # from the admin section, call to edit a post and show the editing form
  session_start();
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass)
  {
    $_SESSION['adm_pass']=$admin_pass;
    echo "<h2>$editing_p_num $post_id</h2>\n";
    $post_array=$gb->GetPost($post_id);
    $post=new Post($post_array);
    #$post->SetThisVarsFromPostArray($post_array);
    $string=$post->SetVariablesFromPostArray();
    eval($string);
    $message=$post->DecodeMessage($message);
    eval("\$post_edit_form = \"$post_edit_form\";");
    die ($post_edit_form);
  }# end of "if password is right" block
  else 
  {
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page; 
  }
}

elseif ($task=="modify"){ # from the message editing form, call to proceed to the modifications and update the posts flatfile and guestbook file
  session_start();
  if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){
    $_SESSION['adm_pass']=$admin_pass;
    eval ($create_post_array);
    echo $processing_post_msg.'<p>';
    $gb->ReplacePost($post_array);
    echo "$post_num_lang $post_id $edited_ok_lang $deledit_redir";
    die();
  }# end of "if password is right" block
  else 
  { 
    $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass);
    echo $expired_session_page; 
  }
}

# LOGGING OUT
elseif ($task=="adm_logout"){
  session_start();
  $_SESSION['adm_pass']='';
  session_destroy();
  echo '<META HTTP-EQUIV="refresh" CONTENT="0; url='.$gbook_url.'" >';
}

# CALL TO SHOW THE CONFIGURATION PAGE
elseif ($task=="configure") # creation/editing of the configuration file
{
    session_start();
    if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){
      $_SESSION['adm_pass']=$admin_pass;
      $conf_file=file("include/conf.php");
      foreach($conf_file as $value)
      {
        if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;}
      }
      $fs_splitted=preg_split('/forbidden_strings=array\(/',$forbidden_strings_line);
      $fs_value=$fs_splitted[1];
      $fs_splitted=preg_split('/\);/',$fs_value);
      $fs_value=$fs_splitted[0];
      
      foreach($conf_file as $value)
      {
        if (preg_match('/country_codes_list/',$value)==1){$country_codes_list_line=$value; break;}
      }
      $cc_splitted=preg_split('/country_codes_list=array\(/',$country_codes_list_line);
      $cc_value=$cc_splitted[1];
      $cc_splitted=preg_split('/\);/',$cc_value);
      $cc_value=$cc_splitted[0];
      
      foreach($conf_file as $value)
      {
        if (preg_match('/forbidden_html/',$value)==1){$forbidden_html_line=$value; break;}
      }
      $fh_splitted=preg_split('/forbidden_html_elements=array\(/',$forbidden_html_line);
      $fh_value=$fh_splitted[1];
      $fh_splitted=preg_split('/\);/',$fh_value);
      $fh_value=$fh_splitted[0];
      
      
      foreach($conf_file as $value)
      {
        if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;}
      }
      $bi_splitted=preg_split('/banned_ips=array\(/',$banned_ips_line);
      $bi_value=$bi_splitted[1];
      $bi_splitted=preg_split('/\);/',$bi_value);
      $bi_value=$bi_splitted[0];
      $p_template=preg_split('/##prime##/',$p_template);
      $p_template=implode("'",$p_template);
      $p_template=preg_split('/##apostrophe##/',$p_template);
      $p_template=implode('"',$p_template);
      if ($moderation_active=="yes"){$option1_modact="yes";$option2_modact="no";}
      if ($moderation_active=="no") {$option1_modact="no";$option2_modact="yes";}
      if ($enable_image_verification_step=="yes"){$option1_imgverif="yes";$option2_imgverif="no";}
      if ($enable_image_verification_step=="no") {$option1_imgverif="no";$option2_imgverif="yes";}
      if ($enable_ajax_verification_step=="yes"){$option1_ajaxverif="yes";$option2_ajaxverif="no";}
      if ($enable_ajax_verification_step=="no") {$option1_ajaxverif="no";$option2_ajaxverif="yes";}
      if ($activate_geoip=="yes"){$option1_geoip="yes";$option2_geoip="no";}
      if ($activate_geoip=="no") {$option1_geoip="no";$option2_geoip="yes";}  
      $possible_offsets=array('-11','-10','-9','-8','-7','-6','-5','-4','-3','-2','-1','+0','+1','+2','+3','+4','+5','+6','+7','+8','+9','+10','+11');
      $offsets_form_code="<select name=\"time_offset\">\n";
      foreach ($possible_offsets as $offset){
        if ($offset!=$time_offset){$offsets_form_code.="<option value=$offset>$offset</option>\n";}
        else {$offsets_form_code.="<option value=$offset selected=\"yes\">$offset</option>\n";}
      }
      $offsets_form_code.="</select>\n";
      
      # the following variables contain html and are defined in include/html/mix_html.php
      echo $doctype_header.$open_html_and_head;
      echo $configuration_page_title;
      echo $link_javascript;
      echo $link_admin_css.$close_head_open_body_admin;
      echo $admin_navigation;  
      eval("\$gb_config_form = \"$gb_config_form\";"); # form html defined in include/html/forms.php
      echo $gb_config_form; # outputting the html code for the guestbook configuration form.      
    }
    else 
    { 
      $expired_session_page=Build_session_expired_page($task,$session_expired_header,$configure_guestbook,$powby,$gbook_title,$wrong_pass);
      echo $expired_session_page;
    }
}

# CALL FROM THE CONFIGURATION PAGE, TO EDIT CONFIGURATION
elseif ($task=="edit_config")
{
  session_start();
  if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){
      $_SESSION['adm_pass']=$admin_pass;
      if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);}
      $_SESSION['adm_pass']=$admin_pass;
      if($_POST['gbook_title']){$gbook_title=trim($_POST['gbook_title']);} 
      if($_POST['gbook_name']){$gbook_name=trim($_POST['gbook_name']);} 
      if($_POST['gbook_url']){$gbook_url=trim($_POST['gbook_url']);} 
      if($_POST['admin_email']){$admin_email=trim($_POST['admin_email']);} 
      if($_POST['gbook_email']){$gbook_email=trim($_POST['gbook_email']);} 
      if($_POST['reserved_name']){$reserved_name=trim($_POST['reserved_name']);}
      //if($_POST['activate_res_name']){$activate_res_name=trim($_POST['activate_res_name']);} 
      $activate_res_name=$_POST['activate_res_name'];
      if($_POST['posts_per_page']){$posts_per_page=trim($_POST['posts_per_page']);} 
      if($_POST['sendmail_onpost']){$sendmail_onpost=trim($_POST['sendmail_onpost']);} 
      if($_POST['max_message_length']){$max_message_length=trim($_POST['max_message_length']);} 
      if($_POST['max_word_length']){$max_word_length=trim($_POST['max_word_length']);} 
      if($_POST['time_offset']){$time_offset=$_POST['time_offset'];}

      if($_POST['additional_pages_name']){$additional_pages_name=trim($_POST['additional_pages_name']);}
      if($_POST['menu_spacer']){$menu_spacer=$_POST['menu_spacer'];} # this one must not be trimmed! 
      
      if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);}
      if($_POST['forbidden_html']){$forbidden_html_elements=trim($_POST['forbidden_html']);}
      if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);}
      if($_POST['country_codes_list']){$country_codes_list=strtoupper(trim($_POST['country_codes_list']));} # for now we need this to be uppercase as we check with an identity and not a regular expression

      
      if($_POST['secret_salt']){$secret_salt=trim($_POST['secret_salt']);}
      
      if($_POST['p_template']){
        $p_template=trim($_POST['p_template']);
        $p_template=preg_split("/'/",$p_template);
        $p_template=implode("##prime##",$p_template);
        $p_template=preg_split('/"/',$p_template);
        $p_template=implode("##apostrophe##",$p_template);
      }            
      if (function_exists('get_magic_quotes_gpc')){
        $mq=get_magic_quotes_gpc();   
        if ($mq==1){
          if($_POST['forbidden_strings']){$forbidden_strings=stripslashes(trim($_POST['forbidden_strings']));}
          if($_POST['forbidden_html']){$forbidden_html_elements=stripslashes(trim($_POST['forbidden_html']));}
          if($_POST['banned_ips']){$banned_ips=stripslashes(trim($_POST['banned_ips']));}
          if($_POST['country_codes_list']){$country_codes_list=stripslashes(trim($_POST['country_codes_list']));}
          if($_POST['p_template']){
            $p_template=stripslashes(trim($_POST['p_template']));
            $p_template=preg_split("/'/",$p_template);
            $p_template=implode("##prime##",$p_template);
            $p_template=preg_split('/"/',$p_template);
            $p_template=implode("##apostrophe##",$p_template);
          }      
        }
      }            

      if($_POST['posts_file_name']){$posts_file_name=trim($_POST['posts_file_name']);}
      if($_POST['logfile_name']){$logfile_name=trim($_POST['logfile_name']);}
      if($_POST['imgverif_active']){$enable_image_verification_step=trim($_POST['imgverif_active']);}
      if($_POST['ajaxverif_active']){$enable_ajax_verification_step=trim($_POST['ajaxverif_active']);}
      if($_POST['activate_geoip']){$activate_geoip=trim($_POST['activate_geoip']);}
   
            
      $config=  '<?php'."\n".
                '$admin_pass="'.$admin_pass.'";'."\n".
                '$gbook_title="'.$gbook_title.'";'."\n".
                '$gbook_name="'.$gbook_name.'";'."\n".
                '$gbook_url="'.$gbook_url.'";'."\n". 
                '$admin_email="'.$admin_email.'";'."\n". 
                '$gbook_email="'.$gbook_email.'";'."\n". 
                '$reserved_name="'.$reserved_name.'";'."\n".  
                '$activate_res_name='.$activate_res_name.';'."\n".  
                '$posts_per_page='.$posts_per_page.';'."\n". 
                '$sendmail_onpost='.$sendmail_onpost.';'."\n".  
                '$max_message_length='.$max_message_length.';'."\n". 
                '$secret_salt='.$secret_salt.';'."\n".
                '$activate_geoip='.$activate_geoip.';'."\n".
                '$country_codes_list=array('.$country_codes_list.');'."\n".
                '$max_word_length='.$max_word_length.';'."\n". 
                '$enable_image_verification_step='.$enable_image_verification_step.';'."\n".
                '$enable_ajax_verification_step='.$enable_ajax_verification_step.';'."\n".
                '$additional_pages_name="'.$additional_pages_name.'";'."\n".
                '$menu_spacer="'.$menu_spacer.'";'."\n".
                '$forbidden_html_elements=array('.$forbidden_html_elements.');'."\n".
                '$forbidden_strings=array('.$forbidden_strings.');'."\n".
                '$banned_ips=array('.$banned_ips.');'."\n".
                '$p_template=\''.$p_template.'\';'."\n".
                '$posts_file_name=\''.$posts_file_name.'\';'."\n".
                '$logfile_name=\''.$logfile_name.'\';'."\n".
                '$time_offset=\''.$time_offset.'\';'."\n"
                ;
      $fp = fopen("include/conf.php", "w");
      $write = fputs($fp, $config);
      fclose($fp);
      echo $saving_config_msg.'<p>';
      $gb=new Guestbook;
      $gb->UpdateHTMLFile();
      echo $task_show_redir; # defined in include/html/mix_html.php, 
      # redirects the user to admin home page (task=show) after the configuration is saved 
    }
    else 
    { 
      $expired_session_page=Build_session_expired_page($task,$session_expired_header,"Configure guestbook",$powby,$gbook_title,$wrong_pass);
      echo $expired_session_page;
    }
}

else {die ("unrecognised call");} # if the script is called without arguments this is what you get
?>
Return current item: The Easy and Free PHP guestbook