Location: PHPKode > scripts > GigKalender > guestbook/backend_addGuestbookEntry.php
<?php
/*
    CREATIVE COMMONS - Attribution-No Derivative Works 3.0 Germany:
    - You may not alter, transform, or build upon this work.
    - Dieses Werk darf nicht bearbeitet oder in anderer Weise verändert werden.
*/
  include_once ("functions.php");
  $IP = $_SERVER['REMOTE_ADDR'];
  if ( isset($_POST['senden']) ) $senden = true;
  else  $senden = false;
  if
    (
          ($senden!="")
      && ($Name!="")
      && ($Nachricht!="")
      &&
      (
        ( ($Email!="") && checkEmail ($Email) )
        OR
        ( ($Email=="") )
      )
      &&
      (
        ( ($URL!="") && checkURL ($URL) )
        OR
        ( ($URL=="http://") )
        OR
        ( ($URL=="") )
      )
      &&
        (
          ( ($ICQ!="") && checkICQNumber ($ICQ) )
          OR
          ( ($ICQ=="") )
        )
      && (!messageIsSpam ($Nachricht, $IP, $URL, ''))
    )
  {
    $FormularKorrektAusgefuellt = true;
  }
  else 
  {
    $Title = '';
    $Text = '';
    $Publish = ''; 
    $FormularKorrektAusgefuellt = false;
  }

    
  $xUserRightAddGuestbookEntries = 1;
  $xUserRightEditGuestbookEntries = 1;
  if ( $xUserRightAddGuestbookEntries OR $xUserRightEditGuestbookEntries )
  {
    // Inhalt hier einfügen
      if ( !isset($_POST['senden']) )  // Gig editieren
      {
        if (isset($_REQUEST['GuestbookID'])) { $GuestbookID = $_REQUEST['GuestbookID']; }

        else { $GuestbookID = ''; }
        $sql = "SELECT * FROM ".$prefix."guestbook WHERE GuestbookID = '$GuestbookID'";
        $resultat = mysql_query($sql);
        while ($row = mysql_fetch_array($resultat))
        {
          extract($row);
          //$Name = stripslashes($Name);
          //$Ort = stripslashes($Ort);
          //$Nachricht = stripslashes($Nachricht);
          //$Kommentar = stripslashes($Kommentar);
        }
      }
      else
      {
        // Post-Variablen in Variablen speichern
          foreach ($_POST as $key => $value)
          {
            if (get_magic_quotes_gpc()) $$key = stripslashes($value);
            else $$key = $value;
          }
      }


      if ($FormularKorrektAusgefuellt == true)
      {
        // Guestbook bearbeiten
        if ($_REQUEST['job']=='edit')
        {
          if ( $URL=="http://" ) { $URL=""; }
          $Kommentar = strip_tags($Kommentar);
          // Maskieren spezieller Zeichen für die Verwendung in einer SQL-Anweisung
            $Name = mysql_real_escape_string($Name);
            $Email = mysql_real_escape_string($Email);
            $URL = mysql_real_escape_string($URL);
            $ICQ = mysql_real_escape_string($ICQ);
            $Nachricht = mysql_real_escape_string($Nachricht);
            $Ort = mysql_real_escape_string($Ort);
            $Kommentar = mysql_real_escape_string($Kommentar);

          $sql = "UPDATE ".$prefix."guestbook SET
            Name = '".$Name."',
            Email = '".$Email."',
            URL = '".$URL."',
            ICQ = '".$ICQ."',
            Nachricht = '".$Nachricht."',
            Kommentar = '".$Kommentar."',
            Ort = '".$Ort."'
            WHERE GuestbookID = '".$GuestbookID."'
            LIMIT 1";
          $resultat = mysql_query($sql);
          if ($resultat) { echo $L_165.'<br /><br />'; }
          else { echo $L_166.'<br /><br />'; }
        }

        echo '
          <form method="post" action="index.php?submenu=guestbook&amp;page=backend_showAllGuestbookEntries">
            <fieldset>
              <input type="submit" value="'.$L_Button26.'" class="button" />
            </fieldset>
          </form>';
      }
      else
      {
        // Post-Variablen in Variablen speichern
          foreach ($_POST as $key => $value)
          {
            if (get_magic_quotes_gpc()) $$key = stripslashes($value);
            else $$key = $value;
          }
        echo '
          <form method="post" action="index.php?submenu=guestbook&amp;page=backend_addGuestbookEntry&amp;job='.$_REQUEST['job'].'">
      	   <table summary="AddGuestbookEntry">
            ';
            // Name
              if ($senden!="" && $Name=="")
              { echo '<tr><td></td><td class="ERROR">'.$L_121.'</td><td></td></tr>'; }
              $Name = htmlspecialchars($Name);
              echo '<tr>
                  <td align="right" valign="top">'.$L_114.':</td>
                  <td><input type="text" name="Name" value="'.$Name.'" /></td>
                  <td valign="top">*</td>
                </tr>';
            // Ort
              $Ort = htmlspecialchars($Ort);
              echo '<tr>
                  <td align="right" valign="top">'.$L_GuestbookLocation.':</td>
                  <td><input type="text" name="Ort" value="'.$Ort.'" /></td>
                  <td valign="top">&nbsp;</td>
                </tr>';
            // Email
              if ($senden!="" && $Email && !checkEmail ($Email))
              { echo '<tr><td></td><td class="ERROR">'.$L_122.'</td><td></td></tr>'; }
              echo '<tr>
                      <td align="right" valign="top">'.$L_115.':</td>
                      <td><input type="text" name="Email" value="'.$Email.'" /></td>
                      <td valign="top">&nbsp;</td>
                    </tr>';
            // Echte URL
              $IP = $_SERVER['REMOTE_ADDR'];
              // Spamtest
                if ($senden!="" && messageIsSpam ($Nachricht, $IP, $URL, $URL)=='domain')
                { echo '<tr><td></td><td class="ERROR"><br />'.$L_128.'</td><td></td></tr>'; }
              if ( $URL == "") { $URL = "http://"; }
              if ( !stristr($URL, "http://" ) ) { $URL = "http://".$URL; }
              if ($senden!="" && $URL && !checkURL ($URL))
              { echo '<tr><td></td><td class="ERROR">'.$L_123.'</td></tr>'; }
              echo '<tr>
                  <td align="right" valign="top">'.$L_116.':</td>
                  <td><input type="text" name="URL" value="'.$URL.'" /></td>
                  <td valign="top">&nbsp;</td>
                </tr>';
            // ICQ
              // ICQ-Nummer überprüfen
                
                if ($senden!="" && $ICQ && !checkICQNumber($ICQ) )
                { echo '<tr><td></td><td class="ERROR">'.$L_164.'</td><td></td></tr>'; }
                if ( $ICQ=='0' ) $ICQ='';
              echo '<tr>
                      <td align="right" valign="top">'.$L_118.':</td>
                      <td><input type="text" name="ICQ" value="'.$ICQ.'" /></td>
                      <td valign="top">&nbsp;</td>
                    </tr>';
            // Nachricht
              // Spamtest
                if ($senden!="" && messageIsSpam ($Nachricht, $IP, $URL, $URL)=='word')
                { echo '<tr><td></td><td class="ERROR">'.$L_124.'</td><td></td></tr>'; }
              if ( $senden && !$Nachricht )
              { echo '<tr><td></td><td class="ERROR">'.$L_125.'</td><td></td></tr>'; }
              $Nachricht = htmlspecialchars($Nachricht);
              echo '<tr>
                      <td align="right" valign="top">'.$L_119.':</td>
                      <td><textarea name="Nachricht" rows="5" cols="">'.$Nachricht.'</textarea></td>
                      <td valign="top">*</td>
                    </tr>';
            // Kommentar
              $Kommentar = htmlspecialchars($Kommentar);
              echo '<tr>
        		          <td align="right" valign="top">'.$L_138.':</td>
        		          <td><textarea name="Kommentar" rows="6" cols="">'.$Kommentar.'</textarea></td>
        		          <td valign="top">&nbsp;</td>
      		          </tr>';



          // Button
          echo '
        	   <tr>
              <td></td>
              <td>
                <input type="submit" name="senden" value="'.$L_Button01.'" class="button" />
                <input type="button" value="'.$L_Button03.'" onclick="history.go(-1)" class="button" />
                <input type="hidden" name="GuestbookID" value="'.$GuestbookID.'" />
              </td>
        	   </tr>
      	   </table>
    	 </form>
        ';
      }
    // Inhalt zuende
  }
  else
  { echo $L_015; }
?>
Return current item: GigKalender