#################################################################################################
#
# project : phpBook
# filename : guestbook.php
# last modified by : Erich Fuchs
# e-mail : erich.fuchs@netone.at
# purpose : Guestbook
#
#################################################################################################
$proctime_start=microtime();
# Include Configs & Variables
#################################################################################################
require ("config.php");
if (strstr (getenv('HTTP_USER_AGENT'), 'MSIE')) { // Browser Detection
$in_field_size="30";
$text_field_size="51";
} else {
$in_field_size="20";
$text_field_size="30";
}
$title=str_replace("\\","",$title);
# Connect DB
#################################################################################################
mysql_connect($server, $db_user, $db_pass) or died("Database Connect Error");
# Process
#################################################################################################
if ($action=="submit") { // Add an action
if (!$in && !$delid && !$delcommentid && !$commentid && !$passid) {
header("Location: $PHP_SELF");
exit;
} elseif ($passid && $admin==$adminpass) {
mysql_db_query($database, "UPDATE guestbook SET pass='Y' WHERE id='$passid'") or died("Database Query Error");
header("Location: $PHP_SELF?offset=$offset&poffset=$poffset&admin=$admin");
exit;
} elseif ($delid && $admin==$adminpass) {
mysql_db_query($database, "DELETE FROM guestbook WHERE id='$delid'") or died("Database Query Error");
header("Location: $PHP_SELF?offset=$offset&poffset=$poffset&admin=$admin");
exit;
} elseif ($delcommentid && $admin==$adminpass) {
mysql_db_query($database, "UPDATE guestbook SET comment='' where id='$delcommentid'") or died("Database Query Error");
header("Location: $PHP_SELF?offset=$offset&poffset=$poffset&admin=$admin");
exit;
} elseif ($commentid && $admin==$adminpass) {
if(isset($comment)){
$action=changed;
mysql_db_query($database, "UPDATE guestbook SET comment='".encode_msg($comment)."' where id='$commentid'") or died("Database Query Error");
} else {
$action="";
}
header("Location: $PHP_SELF?commentid=$commentid&action=$action&offset=$offset&poffset=$poffset&admin=$admin");
exit;
} else {
if (isbanned()) {
header("Location: $PHP_SELF");
exit;
}
$add_date=time();
$result=mysql_db_query($database, "SELECT * FROM guestbook WHERE ip='$REMOTE_ADDR' AND timestamp>($add_date-(60*$timelimit))") or died("Database Query Error");
$query=mysql_fetch_array($result);
if ($query) {
header("Location: $PHP_SELF?book_id=$book_id$titlelink");
exit;
}
if($title&&$link){$titlelink="&title=$title&link=$link";};
// $in = strip_array($in);
// Add SQL compatibilty & Smilie Convert
$in['message'] = encode_msg($in['message']);
if($attachID!="")
{
$original = "
\n"; $query = "select * from guestbook where id=".$attachID; $result=mysql_db_query($database, $query) or died("Database Query Error"); $record=mysql_fetch_array($result); $original .= " |
$title | ||||||||||||||||||||||||||||||||||||||||
\n";
echo"
| \n";
echo" ||||||||||||||||||||||||||||||||||||||||
\n";
echo" \n"; if ($show_sysinfo) { list($usec, $sec) = explode(" ",$proctime_start); $proctime_start = $usec+$sec; list($usec, $sec) = explode(" ",microtime()); $proctime_end = $usec+$sec; $proctime = $proctime_end-$proctime_start; $query = mysql_db_query($database, "SELECT id FROM guestbook"); $countall=mysql_num_rows($query); // echo" \n"; } echo" | \n";
echo"
".$record[message]; $original .= "