<?php
//-------------------------------------------------------------------------
// YW Guestbook
// screen.php
//
//
//-------------------------------------------------------------------------
// Copyright (c) Vortex Solutions
// http://www.yahoowebs.tk
//-------------------------------------------------------------------------
// This program is free software. You can redistribute it and/or modify
// it under the terms of the License that was distributed with this file!
//-------------------------------------------------------------------------
define ( "MAILSPAMTIME", "30" );
define ( "RELOGINAFTERMINUTE", "30" );
define ( "HOSTNAMERESOLVING" , "1" ); // try to set this constant to 0
// if your guestbook is too slow
// DON'T CHANGE THE FOLLOWING CONSTANTS !!!
define ( "MAINSCRIPT" , "" );
define ( "SCRIPTPATH" , "" );
define ( "PFIX" , "" );
//*********************************************************************
// main-routine
//*********************************************************************
include("functions.php");
vgb_getParameters();
// check for forced language
$PFIX = (isset($arg['vgbxiferp'])) ? $arg['vgbxiferp'] : "";
$screenparam = "vgbxiferp=".$PFIX;
$skin = (isset($arg[$PFIX."skindir"])) ? $arg[$PFIX."skindir"] : null;
if ($skin != "")
$screenparam .= "&".$PFIX."skindir=".$skin;
$langID = (isset($arg[$PFIX."lang"])) ? $arg[$PFIX."lang"] : "";
if ($langID != "")
$screenparam .= "&".$PFIX."lang=".$langID;
$decode = (isset($arg[$PFIX.'decode']) && $arg[$PFIX.'decode'] != "") ? $arg[$PFIX.'decode'] : null;
// include the language-package
if (!file_exists("lang/langindex".$langID.".inc"))
die("<center>Missing file: <b>lang/langindex".
$langID.".inc</b> !</center>");
@include("lang/langindex".$langID.".inc");
if (!file_exists("lang/langcountry".$langID.".inc"))
die("<center>Missing file: <b>lang/langcountry".
$langID.".inc</b> !</center>");
@include("lang/langcountry".$langID.".inc");
if (file_exists("lang/langspecial".$langID.".inc"))
include("lang/langspecial".$langID.".inc");
vgb_connectDB();
if ($settings['ENCODING'] != "")
header("Content-Type: text/html; charset=".$settings['ENCODING']);
$IP = vgb_getIP();
vgb_setSkinDir("",$skin);
if (file_exists($skinDir."skininfo.php")) {
include($skinDir."skininfo.php");
if (isset($skininfo['STYLEINC']) && $skininfo['STYLEINC']) {
if (file_exists($skinDir."style.inc")) {
include($skinDir."style.inc");
}
}
}
if (isset($arg['vgbedocbb']))
BBCodeInfo();
elseif (isset($arg['vgberutcip']))
picture();
elseif (isset($arg['vgbhcraes']))
search();
elseif (isset($arg['vgbtnemmoc']))
comment();
elseif (isset($arg['vgbweiverp']))
preview();
elseif (isset($arg['vgbdnes']))
sendComment();
elseif (isset($arg['vgbssapdnes']))
sendpass();
elseif (isset($arg['vgbssap']))
decode();
elseif (isset($arg['vgbnigol']))
login();
elseif (isset($arg['vgbreliam']))
mailer();
elseif (isset($arg['sendmail']))
send();
elseif (isset($arg['vgbnocitome']))
emoticon();
function loggedIn( $inEntry = 0 ) {
global $decode,$IP,$PFIX,$screenparam,$settings;
$_p = explode(".",$IP);
$sessionIP = $_p[0].".".$_p[1].".".$_p[2];
$loggedIn = false;
if (!is_null($decode)) {
$_query = vgb_query("select * from VGB_LOGIN where SESSIONID = '".addSlashes($decode)."' and IP = '".$sessionIP."'");
if (vgb_numrows($_query) != 0) {
$_l = vgb_result($_query);
vgb_query("update VGB_LOGIN set TIMESTAMP = now() where SESSIONID = '".addSlashes($decode)."'");
$screenparam .= "&".$PFIX."decode=".$decode;
if (!$settings['ASKPRIVATE'] || ($inEntry == 0) || ($_l['ENTRYID'] == 0))
$loggedIn = true;
else {
$_query = vgb_query("select PRIVATE from VGB_ENTRY where ID = ".intval($inEntry));
if (vgb_numrows($_query) != 0) {
$_e = vgb_result($_query);
if (is_null($_e['PRIVATE']) || ($_l['ENTRYID'] == $inEntry))
$loggedIn = true;
}
}
}
}
if (($inEntry == 0) || (!$settings['ASKPRIVATE']))
$loggedIn = true;
else {
$_query = vgb_query("select PRIVATE from VGB_ENTRY where ID = ".intval($inEntry));
if (vgb_numrows($_query) != 0) {
$_e = vgb_result($_query);
if (is_null($_e['PRIVATE']))
$loggedIn = true;
}
}
return $loggedIn;
}
function skinDir() {
global $skinDir;
if (isset($skinDir))
echo $skinDir;
}
function setStyle() {
global $skinDir,$skin;
vgb_setSkinDir("",$skin);
if (!file_exists($skinDir."screencss.php")) {
echo "<style type='text/css'>
<!--
body { background-color: #CCCCCC; }
a { color: #0000FF; text-decoration: none }
.border { background-color: #000000 }
.title { color: #FFFFFF; font-family: Arial,Sans-Serif; font-size: 16px; font-weight: bold }
.status { color: #FFFFFF; font-family: Arial,Sans-Serif; font-size: 14px; font-weight: bold }
.error { color: #FF0000; font-family: Arial,Sans-Serif; font-size: 14px; font-weight: bold }
.bgcomment { color: #000000; font-family: Arial,Sans-Serif; font-size: 12px; background-color: #FFFFFF }
.bgadmin { color: #000000; font-family: Arial,Sans-Serif; font-size: 12px; background-color: #DDDDDD }
.bgoption { color: #FFFFFF; font-family: Arial,Sans-Serif; font-size: 12px; font-weight: bold; background-color: #888888 }
.example { color: #888888; font-size: 11px; font-family: Monospace }
.link { color: #0000FF; text-decoration: none }
.bglink { color: #888888; font-size: 10px; font-family: Arial,Sans-Serif; text-decoration: none }
.emoticons { background-color: #CCCCCC; margin: 2px }
-->
</style>";
}
else
include($skinDir."screencss.php");
}
function picture() {
global $arg,$settings;
$ad = false;
if (isset($arg['decode'])) {
$query = vgb_query("select * from VGB_SESSION where SESSIONID = '".addSlashes($arg['decode'])."'");
if (vgb_numrows($query) > 0)
$ad = true;
}
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($arg['vgberutcip']));
if ((vgb_numrows($query) > 0) && ($settings['ASKPICTURE'])) {
$e = vgb_result($query);
if (!is_null($e['PICTURE']))
if (loggedIn($arg['vgberutcip']) || $ad) {
$text = (is_null($e['PICTEXT']) || (!$settings['ASKPICTEXT'])) ?
"" :
vgb_removeHTML(vgb_UndoNoHTML(vgb_string(vgb_filterBadwords(vgb_noHTML($e['PICTEXT']),$settings['FILTERPICTEXT']))),false);
echo "<html>
<head>
<title></title>";
setStyle();
echo " </head>
<body style='margin: 0px; padding: 0px;'><img src='upload/".$e['PICTURE']."' alt='$text' title='$text' /></body>
</html>";
}
}
}
function search() {
global $arg,$settings,$lang,$langC,$_param,$PFIX;
if ($settings['ALLOWSEARCH'] && loggedIn(0)) {
$_param = "";
foreach ($arg as $key => $val) {
if (!in_array($key,array("vgbhcraes","vgbxiferp",$PFIX."filtername",$PFIX."filtertext",$PFIX."filteremail",$PFIX."filterhomepage",$PFIX."filtericq",$PFIX."filteraim",$PFIX."filtermsn",$PFIX."filteryahoo",$PFIX."filtercountry",$PFIX."filterrating",$PFIX."filtercustom")))
$_param .= "&".urlencode($key)."=".urlencode($val);
}
$url = "http://".$settings['INDEXURL'];
if ($url[strlen($url)-1] == "/")
$url .= "index.".EXT;
if ((strpos($url,"?") == 0) && ($_param != ""))
$url .= "?";
$url .= $_param;
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html style='height: 100%'>
<head>
<title>".$lang['search']."</title>";
setStyle();
echo "
</head>
<body style='height: 100%'><br />
<table width='100%' style='height: 100%'>
<tr>
<td valign='middle' align='center'>
<table border='0' cellspacing='0' cellpadding='1' width='400' align='center'>
<tr>
<td class='border'>
<center><span class='title'>".$lang['searchEntries']."</span></center>
<table border='0' cellspacing='9' cellpadding='4' width='100%' class='bgcomment'>
<tr>
<td align='center'>
<br />".$lang['searchInfo']."
<form action='$url' target='_blank' method='post'>
<table>
<tr>
<td align='left'>".$lang['name'].":</td>
<td align='left'><input type='text' name='".$PFIX."filtername' value='' maxlength='".$settings['MAXLENNAME']."' size='30' /></td>
</tr>
<tr>
<td align='left'>".$lang['text'].":</td>
<td align='left'><input type='text' name='".$PFIX."filtertext' value='' maxlength='127' size='30' /></td>
</tr>";
if ($settings['ASKEMAIL'])
echo " <tr>
<td align='left'>".$lang['email'].":</td>
<td align='left'><input type='text' name='".$PFIX."filteremail' value='' maxlength='".$settings['MAXLENEMAIL']."' size='30' /></td>
</tr>";
if ($settings['ASKHOMEPAGE'])
echo " <tr>
<td align='left'>".$lang['homepage'].":</td>
<td align='left'><input type='text' name='".$PFIX."filterhomepage' value='' maxlength='".$settings['MAXLENHOMEPAGE']."' size='30' /></td>
</tr>";
if ($settings['ASKICQ'])
echo " <tr>
<td align='left'>ICQ:</td>
<td align='left'><input type='text' name='".$PFIX."filtericq' value='' maxlength='10' size='30' /></td>
</tr>";
if ($settings['ASKAIM'])
echo " <tr>
<td align='left'>AIM:</td>
<td align='left'><input type='text' name='".$PFIX."filteraim' value='' maxlength='".$settings['MAXLENAIM']."' size='30' /></td>
</tr>";
if ($settings['ASKMSN'])
echo " <tr>
<td align='left'>MSN:</td>
<td align='left'><input type='text' name='".$PFIX."filtermsn' value='' maxlength='".$settings['MAXLENMSN']."' size='30' /></td>
</tr>";
if ($settings['ASKYAHOO'])
echo " <tr>
<td align='left'>YAHOO:</td>
<td align='left'><input type='text' name='".$PFIX."filteryahoo' value='' maxlength='".$settings['MAXLENYAHOO']."' size='30' /></td>
</tr>";
if ($settings['ASKCOUNTRY']) {
echo " <tr>
<td align='left'>".$lang['country'].":</td>
<td align='left'><select name='".$PFIX."filtercountry'><option value=''> </option>";
$_query = vgb_query("select * from VGB_COUNTRY where ID > 1");
// get the list of countries and sort the list by names
$_countries = array();
while ($_country = vgb_result($_query)) {
if ($_country['NAME'] != "0") {
$_name = ($_country['TRANSLATE']) ? $langC[$_country['NAME']] :
$_country['NAME'];
$_countries[$_country['ID']] = $_name;
}
}
uasort($_countries,"vgb_stringsort");
$_countries[1] = $langC['0'];
// generate country-selection
foreach ($_countries as $_id => $_name)
echo "<option value='".$_id."'>".vgb_removeHTML(vgb_string($_name))."</option>";
echo " </select>
</td>
</tr>";
}
$_query = vgb_query("select * from VGB_CUSTOMFIELD order by PRIORITY asc");
if (vgb_numrows($_query) > 0) {
while ($_field = vgb_result($_query)) {
echo "<tr><td align='left'>".vgb_removeHTML(vgb_string($_field['NAME']))."</td><td align='left'>";
if ($_field['TYPE'] == 2) {
// the custom-field is a selection
$_value = "<select name='".$PFIX."filtercustom[".$_field['ID']."]'".
"><option value=''> ";
$_options = explode("\n",$_field['RULES']);
foreach ($_options as $option) {
if (($_pos = substr_count($option,"=")) > 0) {
$_rule = explode("=",$option,2);
$_value .= "</option><option value='$_rule[0]'> ".
vgb_removeHTML(vgb_string($_rule[1]))." ";
}
}
$_value .= "</option></select>";
}
else {
// the custom-field is text-input
$_value = "<input type='text' name='".$PFIX."filtercustom[".$_field['ID'].
"]' value='' maxlength='";
if ($_field['TYPE'] == 1) {
// the input is a number
$_rules = explode("\n",$_field['RULES'],2);
// is there a valid rule in the first line ?
if ($_rules[0] != "") {
$_rule = explode("-",$_rules[0]);
if ($_rule[1] != "")
// set the maximum from the rule
$_value .= strlen($_rule[1]);
else
// set the maximum from the integer-boundary
$_value .= strlen("999999999");
}
else
// no rule => set integer-boundary as maximum
$_value .= strlen("999999999");
$_value .= "' />";
}
else {
// the input is text
$_rules = explode("\n",$_field['RULES'],2);
if ($_rules[0] != "")
// set the given length as maximum
$_value .= $_rules[0];
else
// no rule => set string-maximum
$_value .= "127";
$_value .= "' />";
}
}
echo $_value."</td></tr>";
}
}
$_query = vgb_query("select * from VGB_RATINGBOX order by PRIORITY asc");
if (vgb_numrows($_query) != 0) {
while ($_box = vgb_result($_query)) {
echo "<tr><td align='left'>".vgb_removeHTML(vgb_string($_box['NAME']))."</td><td align='left'>";
echo "<select name='".PFIX."filterrating[".$_box['ID']."]'>";
echo "<option value=''> </option><option value='5'> 5 ".
$lang['good']."</option><option value='4'> 4 </option><option value='3'".
"> 3 </option><option value='2'> 2 </option><option value='1'> 1 ".
$lang['poor']."</option></select></td></tr>";
}
}
if ($settings['ASKPICTURE'])
echo " <tr>
<td align='center' colspan='2'><input type='checkbox' value='1' name='filterpicture' /> ".$lang['onlyPicture']."</td>
</tr>";
echo" <tr>
<td colspan='2' align='center'><br />
<input type='submit' name='' value='".$lang['search']."' />
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
<br />
<a href='javascript:window.close()' class='bglink'>[ ".$lang['closeWindow']." ]</a>
</td>
</tr>
</table><br />
</body>
</html>";
}
}
function checkComment() {
global $arg,$lang,$settings,$preName,$preEmail,$preText,$_user,
$IP,$hostname,$time,$date,$errorMSG;
if (!(isset($arg['vgbeman']) &&
(isset($arg['vgbliame'])) &&
(isset($arg['vgbdi'])) &&
(isset($arg['vgbtxet']))))
failure($lang['errorOccured']);
else {
$today = getdate(time());
if (strlen($today['mon']) == 1)
$today['mon'] = "0".$today['mon'];
$date = $today['year']."-".$today['mon']."-".
$today['mday'];
$now = localtime(time(),1);
if (strlen($now['tm_sec']) == 1)
$now['tm_sec'] = "0".$now['tm_sec'];
if (strlen($now['tm_min']) == 1)
$now['tm_min'] = "0".$now['tm_min'];
if (strlen($now['tm_hour']) == 1)
$now['tm_hour'] = "0".$now['tm_hour'];
$time = $now['tm_hour'].":".$now['tm_min'].":".$now['tm_sec'];
if (($IP == "0.0.0.0") || !HOSTNAMERESOLVING)
$hostname = "unknown";
else
$hostname = gethostbyaddr($IP);
$arg['vgbtnemmoc'] = trim($arg['vgbdi']);
$preName = trim($arg['vgbeman']);
$preEmail = trim($arg['vgbliame']);
$preText = trim($arg['vgbtxet']);
$query2 = vgb_query("select * from VGB_USER where RESERVED = 1");
$_names = array();
while ($u = vgb_result($query2)) {
$_names[] = strtolower($u['NAME']);
}
if (in_array(strtolower($preName),$_names))
$errorMSG = $lang['nameReserved'];
elseif (strtolower(substr($preName,0,strlen($settings['PASSPREFIX']))) == strtolower(($settings['PASSPREFIX']))) {
$_pass = strtolower(substr($preName,strlen($settings['PASSPREFIX'])));
$query2 = vgb_query("select * from VGB_USER where PASSWORD = '".addSlashes($_pass)."'");
if (vgb_numrows($query2) == 0)
$errorMSG = $lang['invalidPassword'];
else {
$u = vgb_result($query2);
$_user['NAME'] = $u['NAME'];
$_user['EMAIL'] = ($preEmail == "") ? $u['EMAIL'] : $preEmail;
$_user['TEXT'] = $preText."\n\n".$u['SIGNATURE'];
}
}
elseif (($x = vgb_noASCII(array($lang['email'] => $preEmail))) != "")
$errorMSG = "Only ASCII characters are allowed in the field: ".$x;
elseif (($preEmail != "") &&
(!vgb_isValidEmail($preEmail)))
$errorMSG = $lang['wrongEmail'];
elseif ($preName == "")
$errorMSG = $lang['noName'];
elseif ($preText == "")
$errorMSG = $lang['noEntry'];
elseif (vgb_strlen($preName) > $settings['MAXLENNAME'])
$errorMSG = $lang['tooLongName'];
elseif (vgb_strlen($preEmail) > $settings['MAXLENEMAIL'])
$errorMSG = $lang['tooLongEmail'];
elseif (($settings['MAXLENENTRY'] != 0) &&
(($_zahl = vgb_strlen($preText))
> $settings['MAXLENENTRY']))
$errorMSG = $lang['tooLongEntry'].
($_zahl-$settings['MAXLENENTRY']);
elseif (vgb_strlen($preEmail) > $settings['MAXLENEMAIL'])
$errorMSG = $lang['tooLongEmail'];
}
}
function preview() {
global $errorMSG,$preview,$preName,$preText,$preEmail,$time,
$hostname,$IP,$date,$arg,$_user;
checkComment();
if ($errorMSG == "") {
$preview['NAME'] = (isset($_user)) ? $_user['NAME'] : $preName;
$preview['EMAIL'] = (isset($_user)) ? $_user['EMAIL'] : $preEmail;
if ($preview['EMAIL'] == "")
$preview['EMAIL'] = null;
$preview['TEXT'] = (isset($_user)) ? $_user['TEXT'] : $preText;
$preview['HOSTNAME'] = $hostname;
$preview['IP'] = $IP;
$preview['DATE'] = $date;
$preview['SIGNTIME'] = $time;
$preview['ENTRYID'] = intval($arg['vgbdi']);
$preview['ADMIN'] = 0;
}
Comment();
}
function sendComment() {
global $lang,$arg,$preName,$preText,$preEmail,$time,$hostname,$IP,$date,
$errorMSG,$statusMSG,$settings,$_user;
if ($settings['ALLOWCOMMENTS'] && loggedIn($arg['vgbdi']) && (intval($arg['vgbdi'] > 0))) {
checkComment();
if (!isset($errorMSG)) {
vgb_query("delete from VGB_COMMENTSPAM where ".
"date_add(TIMESTAMP,interval ".$settings['MAXSPAMTIME']." minute) < now()");
$query = vgb_query("select * from VGB_COMMENTSPAM where IP = '".
$IP."' and ENTRYID = ".intval($arg['vgbdi']));
if (vgb_numrows($query) != 0) {
// possible spammer detected => ask to retry later
vgb_query("update VGB_COMMENTSPAM set TIMESTAMP".
" = now() where IP = '".$IP.
"' and ENTRYID = ".intval($arg['vgbdi']));
$errorMSG = $lang['spamWarning']."<center>(spam protection)</center>";
}
else {
// no spammer but save the ip in spamlist
$query = vgb_query("insert into VGB_COMMENTSPAM values('".
$IP."',now(),".intval($arg['vgbdi']).")");
if (isset($_user)) {
$preName = $_user['NAME'];
$preEmail = $_user['EMAIL'];
$preText = $_user['TEXT'];
}
$q = "insert into VGB_COMMENT values (null,".intval($arg['vgbtnemmoc']).",".
"'".addSlashes($preName)."',";
$q .= ($preEmail == "") ?
"null," : "'".addSlashes($preEmail)."',";
$q .= "'".addSlashes($preText)."','".$IP."','".addSlashes($hostname)."','".
$date."','".$time."',0,";
$q .= ($settings['MODERATEDMODE']) ? "1" : "0";
$q .= ")";
vgb_query($q);
$statusMSG = $lang['sendSuccess'];
if ($settings['MODERATEDMODE'])
$statusMSG .= $lang['sendSuccessMod'];
$_q = vgb_query("select * from VGB_ENTRY where ID = ".intval($arg['vgbtnemmoc']));
$e = vgb_result($_q);
if (!($settings['FIRSTCOMMENT'] && $settings['COMMENTSENT'])) {
vgb_notification(6,$settings['ADMINEMAIL'],$e['NAME'],
array("comment" => $preText,
"url" => $settings['INDEXURL'],
"from" => $preName),
$lang['commentSubject'],$lang['commentSubject']);
}
if (!is_null($e['EMAIL']) && !$settings['MODERATEDMODE'])
vgb_notification(7,$e['EMAIL'],$e['NAME'],
array("comment" => $preText,
"url" => $settings['INDEXURL'],
"from" => $preName),
$lang['commentSubject'],$lang['commentSubject']);
vgb_query("update VGB_SETTINGS set COMMENTSENT = 1");
$preEmail="";
$preText="";
$preName="";
}
}
comment();
}
}
function comment() {
global $lang,$arg,$settings,$emoticons,$skinDir,$preText,$preEmail,
$preName,$preview,$errorMSG,$statusMSG,$screenparam;
function showComment($_comment, $preview = false) {
global $settings,$lang,$screenparam,$preName,$preEmail,$preText,$_user;
$_date = explode("-",vgb_diffDate($_comment['SIGNTIME'],$_comment['DATE']));
if ($_comment['ADMIN']) {
$name = vgb_removeHTML(vgb_string($_comment['NAME']),false);
$text = vgb_formatText(vgb_doLinebreak(vgb_wrapWords(vgb_string(vgb_insertEmoticons(vgb_activateLinks(
vgb_BBCode(vgb_noHTML($_comment['TEXT'],ENT_QUOTES),true)),$settings['USEADMINEMO'])))));
$class = "bgadmin";
}
else {
$name = vgb_removeHTML(vgb_UndoNoHTML(vgb_wrapWords(vgb_string(vgb_filterBadwords(vgb_noHTML($_comment['NAME']),$settings['FILTERNAME'])))),false);
$text = vgb_formatText(vgb_doLinebreak(vgb_wrapWords(vgb_string(vgb_insertEmoticons(vgb_filterBadwords(vgb_activateLinks(vgb_BBCode(vgb_noHTML(vgb_limitEmptyLines($_comment['TEXT'])))),$settings['USEFILTER']),$settings['USEEMOTICONS'],"")))));
$class = "bgcomment";
}
echo "<tr>
<td>";
if ($preview)
echo " <span class='title'> ".$lang['preview']."</span>";
echo " <table width='100%' border='0' cellspacing='1' cellpadding='3'>
<tr>
<td class='$class'>
<b>";
if ($settings['USEMAILER'] && !is_null($_comment['EMAIL']) && !$preview) {
$_link = "screen.".EXT."?$screenparam&vgbreliam=a".$_comment['ID'];
echo "<a class='link' href='".$_link."' target='_blank' onclick=\"m=window.open('".$_link.
"','_blank','width=440,height=270,resizable=yes,scrollbars=yes'); if (window.focus)".
" m.focus(); return false;\">$name</a>";
}
else
echo $name;
echo "</b><br />
<span style='font-size: 10px;'>".vgb_dateOut($_date)." - ".vgb_diffTime($_comment['SIGNTIME'])." ";
if (!($settings['HIDEIP'] && ($settings['HIDEHOST']))) {
echo "- ";
if ($settings['HIDEHOST'])
echo $_comment['IP'];
else {
echo $_comment['HOSTNAME'];
if (!$settings['HIDEIP'])
echo " (".$_comment['IP'].")";
}
}
echo "</span><br /><br />".$text."<br /><br />";
if ($preview) {
if (isset($_user)) {
$_comment['NAME'] = $preName;
$_comment['EMAIL'] = $preEmail;
$_comment['TEXT'] = $preText;
}
echo "<center><form action='screen.".EXT."?$screenparam' method='post'>
<input type='hidden' name='vgbeman' value='".vgb_formdata($_comment['NAME'])."' />
<input type='hidden' name='vgbliame' value='";
if (!is_null($_comment['EMAIL']))
echo vgb_formdata($_comment['EMAIL']);
echo "' />
<input type='hidden' name='vgbtxet' value='".vgb_formdata($_comment['TEXT'])."' />
<input type='hidden' name='vgbdi' value='".$_comment['ENTRYID']."' />
<input type='submit' name='vgbdnes' value='".$lang['send']."'>
</form></center>";
}
echo " </td>
</tr>
</table>";
echo " </td>
</tr>";
}
if (($settings['ALLOWCOMMENTS']) && (loggedIn($arg['vgbtnemmoc']) && (intval($arg['vgbtnemmoc'] > 0)))) {
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html>
<head><title></title>";
setStyle();
$emoticons = array();
$query = vgb_query("select * from VGB_EMOTICON order by PRIORITY asc");
while ($emoticon = vgb_result($query)) {
$emoticons[] = array($emoticon['CODE'],$emoticon['FILENAME']);
}
echo " <script type='text/javascript'>
<!--
function icon(zeichen) {
document.form.vgbtxet.value += zeichen;
document.form.vgbtxet.focus();
}
-->
</script>
</head>
<body><br />";
if (isset($statusMSG))
echo "<center><div class='status'>$statusMSG</div><br /><br /></center>";
elseif (isset($errorMSG))
echo "<center><div class='error'>$errorMSG</div><br /><br /></center>";
echo "<table width='500' border='0' cellspacing='0' cellpadding='0' align='center' class='border'>";
$query = vgb_query("select * from VGB_COMMENT where UNMODERATED = 0 and ENTRYID = ".intval($arg['vgbtnemmoc'])." order by DATE asc, SIGNTIME asc, ID asc");
while ($comment = vgb_result($query)) {
showComment($comment);
}
if (isset($preview))
showComment($preview,true);
echo "<tr>
<td>
<span class='title'> ".$lang['newComment']."</span>
<table width='100%' border='0' cellspacing='1' cellpadding='3'>
<tr>
<td class='bgcomment' align='center'>";
echo " <form action='screen.".EXT."?$screenparam' method='post' name='form'>
<input type='hidden' value='".vgb_formdata($arg['vgbtnemmoc'])."' name='vgbdi' />
<table>
<tr>
<td valign='top' align='left'>".$lang['name'].":</td><td><input type='text' size='40' maxlength='".$settings['MAXLENNAME']."' name='vgbeman' style='width: 350px' value='";
if (isset($preName)) echo vgb_formdata($preName);
echo "' /></td>
</tr>
<tr>
<td valign='top' align='left'>".$lang['email'].":</td><td><input type='text' size='40' maxlength='".$settings['MAXLENEMAIL']."' name='vgbliame' style='width: 350px' value='";
if (isset($preEmail)) echo vgb_formdata($preEmail);
echo "' /></td>
</tr>";
if ($settings['USEBBCODE']) {
echo "<tr>
<td> </td><td align='left'><table style='width: 350px;'><tr><td align='right'>[";
$_link = "screen.".EXT."?$screenparam&vgbedocbb=0";
echo "<a class='link' href='".$_link.
"' target='_blank' onclick=\"bb=window.open('".$_link.
"','_blank','width=540,scrollbars=yes,resizable=yes'); if (window.focus)".
" bb.focus(); return false;\"> BBCode </a>]</td></tr></table></td>
</tr>";
}
echo "<tr>
<td valign='top' align='left'>".$lang['text'].":</td><td><textarea cols='40' rows='12' name='vgbtxet' style='width: 350px'>";
if(isset($preText)) echo vgb_formdata($preText);
echo "</textarea></td>
</tr>";
if ($settings['USEEMOTICONS']) {
echo "<tr>
<td> </td>
<td>";
foreach($emoticons as $emoticon)
echo "<a href='javascript:icon(\"".$emoticon[0]."\")'><img src='".$skinDir."emoticons/".$emoticon[1]."' border='0' alt='' /></a> ";
echo " <br /><br />
</td>
</tr>";
}
echo " <tr>
<td colspan='2' align='center'><input type='submit' value='".$lang['send']."' name='vgbdnes' /> <input type='submit' value='".$lang['preview']."' name='vgbweiverp' /></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table><br />
</body>
</html>";
}
}
function sendpass() {
global $lang,$arg,$settings,$IP;
// check for spammer
if (($arg['vgbssapdnes'] != "") && loggedIn()) {
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($arg['vgbssapdnes']));
if (vgb_numrows($query) == 1) {
$entry = vgb_result($query);
if (!(is_null($entry['EMAIL']) || is_null($entry['PRIVATE']))) {
// check for spammer
vgb_query("delete from VGB_MAILSPAM where ".
"date_add(TIMESTAMP,interval ".MAILSPAMTIME." minute) < now()");
$query = vgb_query("select * from VGB_MAILSPAM where IP = '".
$IP."' and EMAIL = '".addSlashes($entry['EMAIL'])."'");
if (vgb_numrows($query) != 0) {
// possible spammer detected => ask to retry later
vgb_query("update VGB_MAILSPAM set TIMESTAMP".
" = now() where IP = '".$IP.
"' and EMAIL = '".addSlashes($entry['EMAIL'])."'");
failure($lang['mailSpam'],true);
}
else {
// no spammer but save the ip in spamlist
$query = vgb_query("insert into VGB_MAILSPAM values('".
$IP."',now(),'".addSlashes($entry['EMAIL'])."')");
if (!vgb_mail($entry['EMAIL'],$lang['passwordMail'].$entry['PRIVATE'],
$lang['passwordMail'].$entry['PRIVATE']))
failure($lang['sendMailFail'],true);
success($lang['sendMailSuccess']);
}
}
}
}
}
function decode() {
global $arg,$settings,$lang,$IP;
if (isset($arg['vgbxiferp']) && isset($arg['vgbegap']) && isset($arg['vgbnigol']) && ($arg['vgbnigol'] != "")) {
// check for spammer
$_p = explode(".",$IP);
$sessionIP = $_p[0].".".$_p[1].".".$_p[2];
vgb_query("delete from VGB_LOGIN where ".
"date_add(TIMESTAMP,interval ".RELOGINAFTERMINUTE." minute) < now()");
$query = vgb_query("select * from VGB_LOGIN where IP = '".
$sessionIP."' and ENTRYID = ".intval($arg['vgbnigol']));
if (vgb_numrows($query) == 0) {
vgb_query("insert into VGB_LOGIN values ('".$sessionIP."',now(),".intval($arg['vgbnigol']).",0,null)");
$query = vgb_query("select * from VGB_LOGIN where IP = '".$sessionIP."' and ENTRYID = ".intval($arg['vgbnigol']));
}
$_l = vgb_result($query);
if ($_l['TRY'] == 3) {
// possible hacker => login not possible
vgb_query("update VGB_LOGIN set TIMESTAMP".
" = now() where IP = '".$sessionIP.
"' and ENTRYID = ".intval($arg['vgbnigol']));
failure($lang['noLogin']);
}
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($arg['vgbnigol']));
if (vgb_numrows($query) != 0) {
$entry = vgb_result($query);
if ($settings['ASKPRIVATE'] && !is_null($entry['PRIVATE'])) {
if (strtolower($arg['vgbssap']) != $entry['PRIVATE']) {
vgb_query("update VGB_LOGIN set TRY = TRY + 1, TIMESTAMP = now(), SESSIONID = null ".
"where IP = '".$sessionIP."' and ENTRYID = ".intval($arg['vgbnigol']));
failure($lang['invalidPassword']);
}
else {
$sessionID = substr(md5(uniqid(rand())),0,20);
vgb_query("update VGB_LOGIN set TRY = 0, TIMESTAMP = now(), SESSIONID = '".addSlashes($sessionID)."' where IP = '".
$sessionIP."' and ENTRYID = ".intval($arg['vgbnigol']));
$_param = "";
foreach ($arg as $key => $val) {
if (($key != "vgbegap") && ($key != "vgbnigol")
&& ($key != "vgbssap") && ($key != "vgbxiferp") &&
($key != $arg['vgbxiferp']."decode")) {
if (is_array($val)) {
foreach ($val as $_inkey => $_inval) {
$_param .= "&".urlencode($key)."[".
urlencode($_inkey)."]=".urlencode($_inval);
}
}
else
$_param .= "&".urlencode($key)."=".urlencode($val);
}
}
$url = "http://".$settings['INDEXURL'];
if ($url[strlen($url)-1] == "/")
$url .= "index.".EXT;
if (strpos($url,"?") == 0)
$url .= "?";
$_c = explode("?",$url);
if ($_c[1] != "")
$url .= "&";
$url .= $arg['vgbxiferp']."decode=".urlencode($sessionID)."&show=".$arg['vgbegap'].$_param;
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html style='height: 100%'>
<head>
<title>".$lang['login']."</title>
<meta http-equiv='refresh' content='0; URL=$url' />";
setStyle();
echo "
</head>
<body style='height: 100%'>
<table width='100%' style='height: 100%'>
<tr>
<td valign='middle' align='center'>
<a href='$url' class='bglink'>Click here if you're not redirected</a>
</td>
</tr>
</table>
</html>";
}
}
}
}
}
function login() {
global $lang,$arg,$settings,$screenparam,$PFIX;
if (isset($arg['vgbegap']) && isset($arg['vgbxiferp']) && ($arg['vgbnigol'] != "")) {
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($arg['vgbnigol']));
if (vgb_numrows($query) != 0) {
$entry = vgb_result($query);
if ($settings['ASKPRIVATE'] && !is_null($entry['PRIVATE'])) {
$_param = "";
foreach ($arg as $key => $val)
if ($key != $PFIX."decode") {
if (is_array($val)) {
foreach ($val as $_inkey => $_inval) {
$_param .= "&".urlencode($key)."[".
urlencode($_inkey)."]=".urlencode($_inval);
}
}
else
$_param .= "&".urlencode($key)."=".urlencode($val);
}
$_link1 = "screen.".EXT."?$screenparam&";
$_link2 = "vgbssapdnes=".$arg['vgbnigol'];
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html style='height: 100%'>
<head>
<title>".$lang['login']."</title>";
setStyle();
echo "
</head>
<body style='height: 100%' onload='document.FORM.vgbssap.focus()'>
<table width='100%' style='height: 100%'>
<tr>
<td valign='middle' align='center'>
<table border='0' cellspacing='0' cellpadding='1' width='400' align='center'>
<tr>
<td class='border'>
<center><span class='title'>".$lang['privateEntry']."</span></center>
<table border='0' cellspacing='9' cellpadding='4' width='100%' class='bgcomment'>
<tr>
<td align='center'>
<br />".$lang['enterPassword'].":<br /><br />
<form action='screen.".EXT."?".$_param."' name='FORM' method='post'>
<input type='text' size='20' name='vgbssap' maxlength='20' /><input type='submit' name='' value='".$lang['login']."' />
</form>";
if (!is_null($entry['EMAIL']))
echo "<a href=\"\" target=\"_blank\" onclick=\"w = window.open('".$_link1."'+'".$_link2."','_blank','width=340,height=250,resizable=yes,scrollbars=yes'); if (window.focus)
w.focus(); return false;\" class=\"link\">» ".$lang['sendPassword']."</a><br /><br />";
echo "</td>
</tr>
</table>
</td>
</tr>
</table>
<br />
<a href='javascript:window.history.back()' class='bglink'>[ ".$lang['back']." ]</a>
</td>
</tr>
</table>
</body>
</html>";
}
}
}
}
function emoticon() {
global $arg,$settings,$skinDir;
vgb_setSkinDir();
echo "<html style='height: 100%'>
<head><title>Emoticons</title>";
setStyle();
echo "</head>
<body class='emoticons'>";
$query = vgb_query("select * from VGB_EMOTICON order by PRIORITY asc");
while ($emoticon = vgb_result($query)) {
if ($settings['USEJAVASCRIPT'])
echo "<a href='javascript:parent.icon(\"".$emoticon['CODE']."\")'><img src='".$skinDir."/emoticons/".$emoticon['FILENAME']."' border='0' alt='' /></a> ";
else
echo "<img border='0' src='".$skinDir.
"/emoticons/".$emoticon['FILENAME']."' alt=' ".
$emoticon['CODE']." ' /> ";
}
echo " </body></html>";
}
function success( $inText ) {
global $lang;
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html style='height: 100%'>
<head><title></title>";
setStyle();
echo "</head>
<body style='height: 100%'>
<table height='100%' align='center'>
<tr>
<td valign='middle' align='center'>
<div class='status'>
".$inText."</div><br /><br />
<a href='javascript:window.close()' class='bglink'>[ ".$lang['closeWindow']." ]</span>
</td>
</tr>
</table>
</body>
</html>";
}
function failure( $inText, $close = false ) {
global $lang;
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html style='height: 100%'>
<head><title>".$lang['errorOccured']."</title>";
setStyle();
echo "</head>
<body style='height: 100%'>
<table height='100%' align='center'>
<tr>
<td valign='middle' align='center'>
<div class='error'>$inText</div><br /><br />
";
if ($close)
echo "<a href='javascript:window.close()' class='bglink'>[ ".$lang['closeWindow']." ]</a>";
else
echo "<a href='javascript:window.history.back()' class='bglink'>[ ".$lang['back']." ]</a>";
echo "</td>
</tr>
</table>
</body></html>";
exit();
}
function send() {
global $settings,$lang,$arg,$IP;
$parameters = array("vgbdi","vgbtcejbus","vgbtxetliam");
foreach ($parameters as $_parameter) {
if (!isset($arg[$_parameter])) {
exit();
}
}
// check for spammer
if (($arg['vgbdi'] != "") && ($arg['vgbdi'][strlen($arg['vgbdi'])-1] == "x") && ($settings['USEMAILER'])) {
$arg['vgbdi'] = substr($arg['vgbdi'],0,strlen($arg['vgbdi'])-1);
$id = $arg['vgbdi'];
if ($id[0] == 'a') {
$id = substr($id,1);
$query = vgb_query("select * from VGB_COMMENT where UNMODERATED = 0 and ID = ".intval($id));
if (vgb_numrows($query) > 0) {
$comment = vgb_result($query);
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($comment['ENTRYID']));
if (vgb_numrows($query) > 0) {
$entry = vgb_result($query);
if (loggedIn($entry['ID']))
$_email = $comment['EMAIL'];
}
}
}
else {
$query = vgb_query("select * from VGB_ENTRY where UNMODERATED = 0 and ID = ".intval($arg['vgbdi']));
if (vgb_numrows($query) == 1) {
$entry = vgb_result($query);
if (loggedIn($arg['vgbdi']))
$_email = $entry['EMAIL'];
}
}
// check for spammer
if (isset($_email) && (!is_null($_email))) {
vgb_query("delete from VGB_MAILSPAM where ".
"date_add(TIMESTAMP,interval ".MAILSPAMTIME." minute) < now()");
$query = vgb_query("select * from VGB_MAILSPAM where IP = '".
$IP."' and EMAIL = '".addSlashes($_email)."'");
if (vgb_numrows($query) != 0) {
// possible spammer detected => ask to retry later
vgb_query("update VGB_MAILSPAM set TIMESTAMP".
" = now() where IP = '".$IP.
"' and EMAIL = '".addSlashes($_email)."'");
failure($lang['mailSpam']);
}
else {
// no spammer but save the ip in spamlist
$query = vgb_query("insert into VGB_MAILSPAM values('".
$IP."',now(),'".addSlashes($_email)."')");
if (!vgb_mail($_email,$arg['vgbtcejbus'],$arg['vgbtxetliam']))
failure($lang['sendMailFail']);
success($lang['sendMailSuccess']);
}
}
}
}
function mailer() {
global $settings,$lang,$arg,$screenparam;
$id = $arg['vgbreliam'];
if ($id[0] == 'a') {
$id = substr($id,1);
$query = vgb_query("select * from VGB_COMMENT where UNMODERATED = 0 and ID = ".intval($id));
if (vgb_numrows($query) > 0) {
$comment = vgb_result($query);
if (!is_null($comment['EMAIL'])) {
$query = vgb_query("select * from VGB_ENTRY where ID = ".intval($comment['ENTRYID']));
if (vgb_numrows($query) > 0) {
$entry = vgb_result($query);
if (loggedIn($entry['ID']))
$_name = vgb_removeHTML(vgb_UndoNoHTML(vgb_wrapWords(vgb_string(vgb_filterBadwords(vgb_noHTML($comment['NAME']),$settings['FILTERNAME'])))),false);
}
}
}
}
else {
$query = vgb_query("select * from VGB_ENTRY where UNMODERATED = 0 and ID = ".intval($id));
if (vgb_numrows($query) > 0) {
$entry = vgb_result($query);
if (loggedIn($id))
$_name = vgb_removeHTML(vgb_UndoNoHTML(vgb_wrapWords(vgb_string(vgb_filterBadwords(vgb_noHTML($entry['NAME']),$settings['FILTERNAME'])))),false);
}
}
if (isset($_name)) {
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html>
<head><title>".$lang['sendEmail']."</title>";
setStyle();
echo "</head>
<body><br />
<center>
<form method='post' action='screen.".EXT."?$screenparam' name='form' onsubmit='if (document.form.vgbdi.value[document.form.vgbdi.value.length-1] != \"x\")document.form.vgbdi.value += \"x\"; return true'>
<input type='hidden' name='vgbdi' value='".$arg['vgbreliam']."' />
<table border='0' cellspacing='0' cellpadding='1' width='400' align='center'>
<tr>
<td class='border'>
<center><span class='title'>".$lang['mailto']." ".$_name."</span></center>
<table border='0' cellspacing='9' cellpadding='4' width='100%' class='bgcomment'>
<tr>
<td>
<table align='center'>
<tr>
<td valign='top' align='left'>".$lang['subject'].":</td>
<td><input type='text' name='vgbtcejbus' style='width: 250px;' /></td>
</tr>
<tr>
<td valign='top' align='left'>".$lang['message'].":</td>
<td><textarea name='vgbtxetliam' rows='8' cols='40' style='width: 250px; height: 100px;'></textarea></td>
</tr>
</table>
<center><br /><input type='submit' name='sendmail' value=' ".$lang['sendEmail']." ' /></center>
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</center>
</body>
</html>";
}
}
function BBCodeInfo() {
global $settings,$skinDir,$lang,$arg;
function BBCodeRow( $name, $examples ) {
echo " <tr>
<td width='100' class='bgoption' valign='top'>$name:</td>
<td class='bgcomment'>";
$i = 1;
$max = sizeof($examples);
foreach ($examples as $example) {
echo "<span class='example'>$example =</span><br />
".vgb_BBCode($example);
if ($i < $max) echo "<br />";
$i++;
}
echo "</td></tr>";
}
echo "<!DOCTYPE html
PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"DTD/xhtml1-transitional.dtd\">
<html>
<head><title>BBCode</title>";
setStyle();
echo " </head>
<body><br />
<table border='0' cellspacing='0' cellpadding='0' class='border' width='500' align='center'>
<tr>
<td>
<center><span class='title'>BBCode</span></center>
<table border='0' cellspacing='1' cellpadding='4' width='100%'>
<tr>
<td class='bgcomment'>".$lang['bbcodeInfo']."</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<center><span class='title'>".$lang['elements']."</span></center>
<table border='0' cellspacing='1' cellpadding='4' width='100%'>";
if ($settings['USELINK'])
BBCodeRow ($lang['link'],array("[url=www.yahoowebs.tk]".$lang['exampleLink']."[/url]"));
if ($settings['USEBOLD'])
BBCodeRow ($lang['bold'],array("[b]".$lang['exampleText']."[/b]"));
if ($settings['USEITALIC'])
BBCodeRow ($lang['italic'],array("[i]".$lang['exampleText']."[/i]"));
if ($settings['USEUNDERLINE'])
BBCodeRow ($lang['underline'],array( "[u]".$lang['exampleText']."[/u]"));
if ($settings['USEQUOTE'])
BBCodeRow ($lang['quote'],array( "[quote]".$lang['exampleText']."[/quote]"));
if ($settings['USECODE'])
BBCodeRow ($lang['code'],array( "[code]".$lang['exampleText']."[/code]"));
if ($settings['USELEFT'])
BBCodeRow ($lang['left'],array( "[left]".$lang['exampleText']."[/left]"));
if ($settings['USECENTER'])
BBCodeRow ($lang['center'],array( "[center]".$lang['exampleText']."[/center]"));
if ($settings['USERIGHT'])
BBCodeRow ($lang['right'],array( "[right]".$lang['exampleText']."[/right]"));
if ($settings['USEIMAGE'])
BBCodeRow ($lang['image'],array("[img]logo.gif[/img]"));
if ($settings['USESIZE']) {
$lines = array();
$i = $settings['SIZEMIN'];
while ($i <= $settings['SIZEMAX']) {
$lines[] = "[size=$i]".$lang['exampleText']."[/size]";
$i++;
}
BBCodeRow ($lang['size'],$lines);
}
if ($settings['USECOLORHEX'] || ($settings['USECOLORPRE'] && ($settings['USERCOLORS'] != ""))) {
$lines = array();
if ($settings['USECOLORHEX']) {
$lines[] = "[color=#FF0000]".$lang['exampleText']."[/color]";
}
if ($settings['USECOLORPRE'] && ($settings['USERCOLORS'] != "")) {
$colors = explode("\n",$settings['USERCOLORS']);
foreach ($colors as $color) {
$name = explode("=",$color);
$lines[] = "[color=".$name[0]."]".$lang['exampleText']."[/color]";
}
}
BBCodeRow ($lang['color'],$lines);
}
if ($settings['USEFONT']) {
$lines = array();
if ($settings['USERFONTS'] == "")
$lines[] = "[font=Times]".$lang['exampleText']."[/font]";
else {
$fonts = explode("\n",$settings['USERFONTS']);
foreach ($fonts as $font) {
$lines[] = "[font=$font]".$lang['exampleText']."[/font]";
}
}
BBCodeRow ($lang['font'],$lines);
}
if ($settings['USELIST'])
BBCodeRow ($lang['list'],array("[list][*] ".
$lang['option']." 1 [*] ".$lang['option']." 2[/list]"));
echo " </table>
</td>
</tr>
</table><br />
</body>
</html>";
}
?>