<?php require('layout/header.php'); ?>
<script type="text/javascript">
function insert(was) {
document.gb.post.value += was + " ";
document.gb.post.focus();
}
</script>
<script type="text/javascript">
function showSuccessMessage() {
showNotification({
type : "success",
message: "<?php echo $lang['success_gb_entry']; ?>"
});
}
function showErrorMessage() {
showNotification({
type : "error",
message: "<?php echo $lang['couldnot_gb_entry']; ?>"
});
}
</script>
<div id="content_wrapper">
<div class="content"><?php
if((isset($_GET['user_id'])) && (is_numeric($_GET['user_id']))) {
$id = mysql_real_escape_string($_GET['user_id']);
$id = intval($_GET['user_id']);
}else{
echo '<p align="center" class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
echo '<h1>' . $lang['guestbook_entry'] . '</h1><br>';
include('functions/flood.php');
if($_SERVER['REQUEST_METHOD'] != 'POST') {
echo '<a href="read_gb.php?user_id=' . $id . '" class="css_button">' . $lang['guestbook_read'] . '</a><br><br>';
echo "<form action=\"\" method=\"post\" name=\"gb\">
<p><input type=\"text\" name=\"name\" class=\"fields\" size=\"30\" maxlength=\"30\"> <strong>" . $lang['name'] . "*</strong></p>
<p><input type=\"text\" name=\"email\" class=\"fields\" size=\"30\" maxlength=\"50\"> <strong>" . $lang['e_mail'] . "</strong></p>
<p><input type=\"text\" name=\"url\" class=\"fields\" value=\"http://\" size=\"30\" maxlength=\"50\"> <strong>" . $lang['homepage'] . "</strong></p>
<p><strong>" . $lang['message'] . "*</strong><br>
<textarea name=\"post\" class=\"fields_text\" cols=\"35\" rows=\"8\"></textarea></p>
<p><small>" . $lang['spam_protection_question'] . " *</small><br>
<strong>" . $lang['sum_of'] . " " . $random1 . " + " . $code . " =</strong> <input size=\"5\" name=\"zip\" id=\"Spamschutz\" type=\"text\" class=\"fields\" /><input type=\"hidden\" name=\"zip2\" value=" . $rand_result . "></p>
<p><input type=\"submit\" class=\"button\" value=\"" . $lang['do_entry'] . "\" name=\"" . $lang['do_entry'] . "\"></p>
</form>";
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<p class="false">' . $lang['invalid_spam'] . '!</p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}else{
$errors = array();
if(isset($_POST['name'])) {
if(trim($_POST['name']) == "") {
$errors[] = '<p>' . $lang['fill_in_name'] . '.</p>';
}
}else{
$errors[] = '<p>' . $lang['fill_in_name'] . '.</p>';
}
if(isset($_POST['post'])) {
if(trim($_POST['post']) == "") {
$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
}
}else{
$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
}
if(!empty($errors)) {
echo '<p class="false"><u>' . $lang['not_filled_all'] . '</u></p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
echo '<ul>';
foreach($errors as $key => $value) {
echo '<li>' . $value . '</li>';
}
echo '</ul>';
}else{
include_once('functions/secure.php');
$sql = "INSERT INTO
guestbook(gb_id2, name, email, url, post, date)
VALUES ('" . $id . "',
'" . mysql_real_escape_string($_POST["name"]) . "',
'" . mysql_real_escape_string($_POST["email"]) . "',
'" . mysql_real_escape_string($_POST["url"]) . "',
'" . mysql_real_escape_string($_POST["post"]) . "',
NOW()
)";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['couldnot_gb_entry'] . '</p>
[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]';
echo "<script type=\"text/javascript\">showErrorMessage();</script>";
}else{
$autoforward = 3;
echo '<p class="right">' . $lang['success_gb_entry'] . '</p>
<p><meta http-equiv="refresh" content="' . $autoforward . '; URL=read_gb.php?user_id=' . $id . '">
<small>' . $lang['redirected_in'] . ' ' . $autoforward . ' ' . $lang['seconds'] . '...</small></p><br>
<p>' . $lang['if_not_redirected'] . ' - [ <a href="read_gb.php?user_id=' . $id . '">' . $lang['go_on'] . '</a> ]</p>';
echo "<script type=\"text/javascript\">showSuccessMessage();</script>";
}}}}
echo '<div class="spacer_div"> </div>';
?>
</div>
</div>
<div id="infobox_wrapper">
<div class="infobox">
<?php include('layout/infobox.php'); ?>
</div>
</div>
<?php require('layout/footer.php'); ?>