Powered by the The Easy PHP Guestbook ®";// editing of the powered by lines is not allowed $pwb2="Powered by the The Easy PHP Guestbook ®";// editing of the powered by lines is not allowed $conf_file="include/conf.php"; //the configuration file include $conf_file;include $used_language;include "include/classes.php";include "include/functions.php"; include "include/mixvar.php";include "include/html/forms.php";include "include/html/mix_html.php"; $date=EncodeMessage($date); # GEOIP, please read carefully: # $geoip_db is the expected location of the geoip database file. # This file IS NOT INCLUDED in this software distribution and is not part of this guestbook software, which merely offers a way to access and use this file, if so desired by the user. # It is a GPL licensed file that can be freely downloaded from http://software77.net/geo-ip/ # The provided geoip code can use the CSV version of this file only. You can download this csv file compressed in a zip format or gzip format from the above web site # You should then unzip it and place it in the "include" folder of the guestbook software distribution. When unzipped, this file should be named IpToCountry.csv, you might want to check that out. $geoip_db="include/IpToCountry.csv"; # see comments above $geoip_file_exists=file_exists($geoip_db); if($geoip_file_exists){$geoip_file_detected="yes";} else{$geoip_file_detected="no";} if ($activate_geoip=="yes" && $geoip_file_exists) { $user_country_name=locate_ip_2($ip_addr,"name"); $user_country_code=locate_ip_2($ip_addr,"code"); } # END GEOIP $create_post_array= ' $post_array=array( "post_id"=>$post_id, "name"=>$name, "email"=>$email, "message"=>$message, "date"=>$date, "ip_addr"=>$ip_addr, "show_email"=>$show_email, "show_message"=>$show_message, "approved"=>$approved); '; # CHECKING IF LOGFILE AND POSTS FILE ARE THERE. IF NOT, CREATE THEM if (file_exists($logfile) == false){$fp = fopen($logfile,"w");fclose($fp);} if (file_exists($posts_file) == false){$fp = fopen($posts_file,"w");fclose($fp);} # GETTING THE VARIABLES POSTED THROUGH THE FORM(S) $show_email="yes"; if($_POST['show_email']){$show_email=$_POST['show_email'];} $show_message="yes"; if($_POST['show_message']){$show_message=$_POST['show_message'];} if($_POST['name']){$name=$_POST['name'];$name = CleanName($name);} if($_POST['email']){$email=$_POST['email']; $email = CleanName($email);} if($_POST['message']) { $message=$_POST['message']; # MESSAGE $message = trim($message); $message=stripslashes($message); $message=EncodeMessage($message); $message=ConvertToHtml ($message); # CHECKING IF THE MESSAGE CONTAINS ANY UNCLOSED TAG THAT MIGHT DISRUPT THE GB LAYOUT, IF SO CLOSE TAGS if (preg_match('/<\s*b>/'.i,$message)==1 AND preg_match('/<\/b>/'.i,$message)==0){$message=$message."";}# checking for bold tag if (preg_match('/<\s*font/'.i,$message)==1 AND preg_match('/<\/font>/'.i,$message)==0){$message=$message."";}# checking for font tag if (preg_match('/<\s*a/'.i,$message)==1 AND preg_match('/<\/a>/'.i,$message)==0){$message=$message."";}# checking for "a" tag if (preg_match('/<\s*i>/'.i,$message)==1 AND preg_match('/<\/i>/'.i,$message)==0){$message=$message."";}# checking for italic tag if (preg_match('/<\s*u>/'.i,$message)==1 AND preg_match('/<\/u>/'.i,$message)==0){$message=$message."";}# checking for underlined tag if (preg_match('/<\s*span/'.i,$message)==1 AND preg_match('/<\/span>/'.i,$message)==0){$message=$message."";}# checking for span tag if (preg_match('/<\s*div/'.i,$message)==1 AND preg_match('/<\/div>/'.i,$message)==0){$message=$message."";}# checking for div tag (this one is forbidden dy default in forbidden strings) if (preg_match('/<\s*quote/'.i,$message)==1 AND preg_match('/<\/quote>/'.i,$message)==0){$message=$message."";}# checking for quote tag } if($_POST['task']){$task=$_POST['task'];} elseif($_GET['task']){$task=$_GET['task'];} if($_POST['adpass']){$posted_pass=trim($_POST['adpass']);$adpass=trim($_POST['adpass']);} if($_POST['imgverify']){$imgverify=$_POST['imgverify'];} if($_POST['random']){$random=$_POST['random'];$random = trim($random);} if($_POST['post_id']){$post_id=$_POST['post_id'];} # POST ID if($_GET['post_id']){$post_id=$_GET['post_id'];} if($_POST['approved']){$approved=$_POST['approved'];} $gb=new Guestbook; session_start(); # TASKS START HERE if ($task=="getCaptcha"){ CreateCaptchaImage2(); } # WHEN A MESSAGE IS POSTED FROM THE GUESTBOOK PAGE if ($task=="postnm"){ # from the form in the html guestbook postnm=post new message $home_url="http:\/\/www.cellbiol.com\/scripts\/free_php_guestbook\/free_php_guestbook.html"; $home_url2="http://www.cellbiol.com/scripts/free_php_guestbook/free_php_guestbook.html"; # AJAX BASED VERIFICATION OF THE POST #$useAjaxVerif="yes"; if ($activate_geoip=="yes" && $geoip_file_exists) { foreach($country_codes_list as $country_code) { if ($user_country_code==$country_code) { die(" 404 Not Found

Not Found

The requested document was not found on this server.


Local Web Server
"); } } } if ($enable_ajax_verification_step=="yes") { $proceed = false; $seconds = 60*10; #echo '

Testing:

Cookie: '.$_COOKIE['token'].'
Timestamp: '. $_POST['ts'].'

'; if(isset($_POST['ts']) && isset($_COOKIE['token']) && $_COOKIE['token'] == md5($secret_salt.$_POST['ts'])) $proceed = true; if(!$proceed) { echo 'Form processing halted for suspicious activity'; exit; } if(((int)$_POST['ts'] + $seconds) < mktime()) { echo 'Too much time elapsed before posting, '."please go back to the form and try again"; exit; } } # Checking for missing name or message if ($name==''){die($nam_field_empty);}# the script stops if the name is missing if (count($name)>40){die ($nam_field_too_long);} if (count($email)>40){die ($email_field_too_long);} if ($message==''){die($mes_field_empty);}# the script stops if the message is missing # CHECKING FOR POSTS FROM ADMIN $resnam_array=array(); $resnam_array[]=$reserved_name; # adding the reserved name to the array #$resnam_array[]="another name"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate #$resnam_array[]="Alexander"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate $check_name=CheckForForbidden($name,$resnam_array); # testing to see if poster is admin if ($check_name==0 and $activate_res_name==1) # if poster is admin we go to the admin password verification { eval("\$adm_verif_form = \"$admin_verif_form\";"); echo $adm_verif_form; die(); } # if poster is not admin, we proceed # CAPTCHA BASED VERIFICATION OF THE POST if ($enable_image_verification_step=="yes") { session_start(); if ($_SESSION['new_string'] == $random){$verif=1;} else{$verif=0;} $_SESSION['new_string']=""; session_destroy(); if ($verif==0){echo "$wrong_captcha_txt $please_txt $go_back_txt $and_try_again_txt";exit;} } # Checking the overall message length if (strlen($message)>$max_message_length){die ($mes_too_long);} # CHECKING FOR TOO LONG WORDS THAT COULD BREAK THE PAGE DESIGN if (CheckLongWords($message, $max_word_length)==0){die ($mes_word_too_long);} $g_content=file_get_contents($gbook_name); $temp1=preg_split('/'.$home_url.'/',$g_content); if (count($temp1)==1){die("$pl_txt $off_pag_txt $to_use_txt

$avoid_linking_txt $ev_txt

$also_txt");} # WE NOW SCAN THE MESSAGE FOR FORBIDDEN WORDS OR HTML TAGS $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_name2=CheckForForbidden($name,$forbidden_html_elements); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_mail2=CheckForForbidden($email,$forbidden_html_elements); $check_message=CheckForForbidden($message,$forbidden_strings); $check_message2=CheckForForbidden($message,$forbidden_html_elements); $check_ip=CheckForForbidden($ip_addr,$banned_ips); if ($check_name==0 OR $check_name2==0 OR $check_mail==0 OR $check_mail2==0 OR $check_message==0 OR $check_message2==0 OR $check_ip==0){$check=0;} if ($check==0) { echo "$illegal_post_txt $please_txt $go_back_txt $and_try_again_txt"; exit; } if ($moderation_active=="yes"){$approved="no";} else{$approved="yes";} $post_id=GetNextAvailableId($posts_file); eval ($create_post_array); echo "Processing post...

"; $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $message=$post->RemoveBreaks($message); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); if ($activate_geoip=="yes" && $geoip_file_exists) # if geoip is active we add the country information to the message sent to admin on post { $mail_log=$mail_log."\nposter's country name: $user_country_name\nposter's country code: $user_country_code"; } writelog($logfile,$post_log); if ($sendmail_onpost==1){ if ($moderation_active=="no"){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } elseif ($moderation_active=="yes"){ eval("\$email_mssg1 = \"$email_mssg3\";"); msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1); } } echo($confirm); } # END if task=postnm # ADMIN MADE A POST AND THEN POSTED THE ADMIN PASSWORD FOR VALIDATION: FROM THE ADMIN PASSWORD VALIDATION FORM FOR POSTING elseif ($task=="adminverify"){ # from the form with the password check if the admin is authorized to post a message (if the password is right) if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass OR $adpass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $approved="yes"; $post_id=$gb->GetNextAvailableId(); eval ($create_post_array); echo $processing_post_msg.'

'; $post=new Post($post_array); $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); writelog($logfile,$post_log); echo($confirm); } else{die($wrong_pass);} } # SHOW MESSAGES THAT ARE AWAITING ADMIN APPROVAL BEFORE BEING POSTED elseif ($task=="ShowPendingMessages"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; echo "Moderation is only available in the enhanced version, get it here

Back to admin"; } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$show_pending_posts_txt,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } # APPROVE A PENDING MESSAGE elseif ($task=="approve"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ApprovePost($post_id); echo $show_pending_redir; } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$approve_post_txt,$powby,$gbook_title,$wrong_pass,$post_id); echo $expired_session_page; } } # VIEW A POST MARKED AS PRIVATE elseif ($task=="ShowPrivatePost") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPrivatePost($post_id); } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$view_post_txt,$powby,$gbook_title,$wrong_pass,$post_id); echo $expired_session_page; } } # FROM THE FORM TO ACCESS THE ADMINISTRATION INTERFACE elseif ($task=="show"){ # from the form to access the admin section session_start(); $adm_check=0; if ($posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass; $adm_check=1;} elseif ($_SESSION['adm_pass']==$admin_pass){$adm_check=1;} if($adm_check==1){echo $doctype_header.$open_html_and_head.$admin_title.$link_admin_css.$close_head_open_body_admin.$admin_home_line_1.$admin_navigation.$admin_home_line_2.$close_body_and_html;} else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$capitalized_login,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } # END if task=show # CALL TO VIEW THE LIST OF MESSAGES FOR DELETING OR EDITING POSTS elseif ($task=="del_edit"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->CreateDelEditPage(); die(); } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } # END if task=del_edit # CALL TO DELETE A POST elseif ($task=="delete"){ # from the admin section, call to delete a post session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; echo "Deleting post...

"; $gb->DeletePost($post_id); die ($post_num_lang." ".$post_id." ".$del_success_lang.'!'.$deledit_redir); } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } elseif ($task=="edit"){ # from the admin section, call to edit a post and show the editing form session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; echo "

$editing_p_num $post_id

\n"; $post_array=$gb->GetPost($post_id); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); $string=$post->SetVariablesFromPostArray(); eval($string); $message=$post->DecodeMessage($message); eval("\$post_edit_form = \"$post_edit_form\";"); die ($post_edit_form); }# end of "if password is right" block else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } elseif ($task=="modify"){ # from the message editing form, call to proceed to the modifications and update the posts flatfile and guestbook file session_start(); if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; eval ($create_post_array); echo $processing_post_msg.'

'; $gb->ReplacePost($post_array); echo "$post_num_lang $post_id $edited_ok_lang $deledit_redir"; die(); }# end of "if password is right" block else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$delete_edit_posts,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } # LOGGING OUT elseif ($task=="adm_logout"){ session_start(); $_SESSION['adm_pass']=''; session_destroy(); echo ''; } # CALL TO SHOW THE CONFIGURATION PAGE elseif ($task=="configure") # creation/editing of the configuration file { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $conf_file=file("include/conf.php"); foreach($conf_file as $value) { if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;} } $fs_splitted=preg_split('/forbidden_strings=array\(/',$forbidden_strings_line); $fs_value=$fs_splitted[1]; $fs_splitted=preg_split('/\);/',$fs_value); $fs_value=$fs_splitted[0]; foreach($conf_file as $value) { if (preg_match('/country_codes_list/',$value)==1){$country_codes_list_line=$value; break;} } $cc_splitted=preg_split('/country_codes_list=array\(/',$country_codes_list_line); $cc_value=$cc_splitted[1]; $cc_splitted=preg_split('/\);/',$cc_value); $cc_value=$cc_splitted[0]; foreach($conf_file as $value) { if (preg_match('/forbidden_html/',$value)==1){$forbidden_html_line=$value; break;} } $fh_splitted=preg_split('/forbidden_html_elements=array\(/',$forbidden_html_line); $fh_value=$fh_splitted[1]; $fh_splitted=preg_split('/\);/',$fh_value); $fh_value=$fh_splitted[0]; foreach($conf_file as $value) { if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;} } $bi_splitted=preg_split('/banned_ips=array\(/',$banned_ips_line); $bi_value=$bi_splitted[1]; $bi_splitted=preg_split('/\);/',$bi_value); $bi_value=$bi_splitted[0]; $p_template=preg_split('/##prime##/',$p_template); $p_template=implode("'",$p_template); $p_template=preg_split('/##apostrophe##/',$p_template); $p_template=implode('"',$p_template); if ($moderation_active=="yes"){$option1_modact="yes";$option2_modact="no";} if ($moderation_active=="no") {$option1_modact="no";$option2_modact="yes";} if ($enable_image_verification_step=="yes"){$option1_imgverif="yes";$option2_imgverif="no";} if ($enable_image_verification_step=="no") {$option1_imgverif="no";$option2_imgverif="yes";} if ($enable_ajax_verification_step=="yes"){$option1_ajaxverif="yes";$option2_ajaxverif="no";} if ($enable_ajax_verification_step=="no") {$option1_ajaxverif="no";$option2_ajaxverif="yes";} if ($activate_geoip=="yes"){$option1_geoip="yes";$option2_geoip="no";} if ($activate_geoip=="no") {$option1_geoip="no";$option2_geoip="yes";} $possible_offsets=array('-11','-10','-9','-8','-7','-6','-5','-4','-3','-2','-1','+0','+1','+2','+3','+4','+5','+6','+7','+8','+9','+10','+11'); $offsets_form_code="\n"; # the following variables contain html and are defined in include/html/mix_html.php echo $doctype_header.$open_html_and_head; echo $configuration_page_title; echo $link_javascript; echo $link_admin_css.$close_head_open_body_admin; echo $admin_navigation; eval("\$gb_config_form = \"$gb_config_form\";"); # form html defined in include/html/forms.php echo $gb_config_form; # outputting the html code for the guestbook configuration form. } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,$configure_guestbook,$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } # CALL FROM THE CONFIGURATION PAGE, TO EDIT CONFIGURATION elseif ($task=="edit_config") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);} $_SESSION['adm_pass']=$admin_pass; if($_POST['gbook_title']){$gbook_title=trim($_POST['gbook_title']);} if($_POST['gbook_name']){$gbook_name=trim($_POST['gbook_name']);} if($_POST['gbook_url']){$gbook_url=trim($_POST['gbook_url']);} if($_POST['admin_email']){$admin_email=trim($_POST['admin_email']);} if($_POST['gbook_email']){$gbook_email=trim($_POST['gbook_email']);} if($_POST['reserved_name']){$reserved_name=trim($_POST['reserved_name']);} //if($_POST['activate_res_name']){$activate_res_name=trim($_POST['activate_res_name']);} $activate_res_name=$_POST['activate_res_name']; if($_POST['posts_per_page']){$posts_per_page=trim($_POST['posts_per_page']);} if($_POST['sendmail_onpost']){$sendmail_onpost=trim($_POST['sendmail_onpost']);} if($_POST['max_message_length']){$max_message_length=trim($_POST['max_message_length']);} if($_POST['max_word_length']){$max_word_length=trim($_POST['max_word_length']);} if($_POST['time_offset']){$time_offset=$_POST['time_offset'];} if($_POST['additional_pages_name']){$additional_pages_name=trim($_POST['additional_pages_name']);} if($_POST['menu_spacer']){$menu_spacer=$_POST['menu_spacer'];} # this one must not be trimmed! if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);} if($_POST['forbidden_html']){$forbidden_html_elements=trim($_POST['forbidden_html']);} if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);} if($_POST['country_codes_list']){$country_codes_list=strtoupper(trim($_POST['country_codes_list']));} # for now we need this to be uppercase as we check with an identity and not a regular expression if($_POST['secret_salt']){$secret_salt=trim($_POST['secret_salt']);} if($_POST['p_template']){ $p_template=trim($_POST['p_template']); $p_template=preg_split("/'/",$p_template); $p_template=implode("##prime##",$p_template); $p_template=preg_split('/"/',$p_template); $p_template=implode("##apostrophe##",$p_template); } if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ if($_POST['forbidden_strings']){$forbidden_strings=stripslashes(trim($_POST['forbidden_strings']));} if($_POST['forbidden_html']){$forbidden_html_elements=stripslashes(trim($_POST['forbidden_html']));} if($_POST['banned_ips']){$banned_ips=stripslashes(trim($_POST['banned_ips']));} if($_POST['country_codes_list']){$country_codes_list=stripslashes(trim($_POST['country_codes_list']));} if($_POST['p_template']){ $p_template=stripslashes(trim($_POST['p_template'])); $p_template=preg_split("/'/",$p_template); $p_template=implode("##prime##",$p_template); $p_template=preg_split('/"/',$p_template); $p_template=implode("##apostrophe##",$p_template); } } } if($_POST['posts_file_name']){$posts_file_name=trim($_POST['posts_file_name']);} if($_POST['logfile_name']){$logfile_name=trim($_POST['logfile_name']);} if($_POST['imgverif_active']){$enable_image_verification_step=trim($_POST['imgverif_active']);} if($_POST['ajaxverif_active']){$enable_ajax_verification_step=trim($_POST['ajaxverif_active']);} if($_POST['activate_geoip']){$activate_geoip=trim($_POST['activate_geoip']);} $config= ''; $gb=new Guestbook; $gb->UpdateHTMLFile(); echo $task_show_redir; # defined in include/html/mix_html.php, # redirects the user to admin home page (task=show) after the configuration is saved } else { $expired_session_page=Build_session_expired_page($task,$session_expired_header,"Configure guestbook",$powby,$gbook_title,$wrong_pass); echo $expired_session_page; } } else {die ("unrecognised call");} # if the script is called without arguments this is what you get ?>