<?
################################################################################
##                                                                            ##
##   Copyright (C) 1999  Devpros Corporation                                  ##
##   http://www.devpros/probook                                               ##
##                                                                            ##
##   This program is free software. You can redistribute it and/or modify     ##
##   it under the terms of the GNU General Public License Version 2 as        ##
##   published by the Free Software Foundation.                               ##
##                                                                            ##
##   This program is distributed in the hope that it will be useful,          ##
##   but WITHOUT ANY WARRANTY, without even the implied warranty of           ##
##   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            ##
##   GNU General Public License for more details.                             ##
##                                                                            ##
##   You should have received a copy of the GNU General Public License        ##
##   along with this program; if not, write to the Free Software              ##
##   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.                ##
##                                                                            ##
################################################################################
include ("gb_common.inc");

if (!isset($probookadmin)) $probookadmin="";
if ($probookadmin==$password) {
   $header="./adm_hdr.php";
   $footer="./adm_ftr.php";
   $admin=1;
   $tbl_headercolor="#A9A9AF";
   $tbl_headerfontcolor="#000000";
   $tbl_navcolor="#595758";
   $tbl_navfontcolor="#FFFFFF";
   $tbl_bodycolor1="#E2E2E2";
   $tbl_bodyfontcolor1="#000000";
   $tbl_bodycolor2="#F0F0F0";
   $tbl_bodyfontcolor2="#000000";
} else {
   $admin=0;
   if ($ListActive!="yes") {
      $action="down";
   }
}

if (!isset($titlemsg)) $titlemsg="Probook Maintenance";

if ($probookadmin==$password) {
   if ($action == "delete") {
      # DELETE RECORD
      $delquery = "select * from $dbTable";
      $delresult = mysql_query($delquery);
      mysql_query("DELETE FROM $dbTable WHERE (id = '$record')");
      $record=0;
      include("$header");
      include "./gb_display.php";
      include("$footer");
   } elseif ($action=="logout") {
      # LOGOUT
      setcookie("probookadmin","",time(),"/");
      header("Location: $PHP_SELF");
   } elseif ($action == "write") {
      if ($section == "edit") {
         # UPDATE RECORD
         #$record=$id;
         $name=addslashes($name);
         $name=ereg_replace("<[^>]*>", "", $name);
         $email=addslashes($email);
         $email=ereg_replace("<[^>]*>", "", $email);
         $title=addslashes($title1);
         $title=ereg_replace("<[^>]*>", "", $title);
         $comment=addslashes($comment);
         $comment=ereg_replace("<[^>]*>", "", $comment);
         $query="UPDATE $dbTable set name='$name', email='$email', url='$url', title='$title1', ";
         $query.="comment='$comment', city='$city', state='$state', country='$country' WHERE id = '$record'";
         $result=MYSQL_QUERY($query) or die(mysql_error());
         $record=$id;
         $record=0;
         include("$header");
         include "./gb_display.php";
         include("$footer");
      }
   } elseif ($action=="edit") {
      # EDIT RECORD
      include("$header");
      include "./gb_post.php";
      include("$footer");
   } else {
      # SHOW GUESTBOOK
      include("$header");
      include "./gb_display.php";
      include("$footer");
   }
} else {
   if ($action=="post") {
      # GOTO POST NEW RECORD SCREEN
      include("$header");
      include "./gb_post.php";
      include("$footer");
   } else if ($action=="down") {
      # PROBOOK DOWN
      include("$header");
      #include "./gb_down.php";
      echo '<TABLE BGCOLOR="'.$tbl_bodycolor1.'" BORDER="0" CELLPADDING="0" WIDTH="'.$ListWidth.'" CELLSPACING="0">';
      echo '<TR>';
      echo '<TD WIDTH="100%" ALIGN="CENTER">';
      echo '<TABLE CELLPADDING="3" WIDTH="97%">';
      echo '<TR>';
      echo '<TD WIDTH="100%" ALIGN="CENTER"><FONT FACE="'.$tbl_bodyfont1.'" SIZE="-1">';
      echo '<B><BR><BR>'.$ListDown.'</B><BR><BR>';
      echo '<BR></FONT></TD>';
      echo '</TR></TABLE>';
      echo '</TD></TR></TABLE>';
      include("$footer");
   } elseif ($action == "write") {
      if ($section == "post") {
         ##########################
         # VALIDATE POSTING ENTRY #
         ##########################
         $postpass=true;
         $posterrmsg="";
         # CHECK MISSING NAME
         if ($name == ""){
            $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\">$FormErrNameMsg</FONT></LI>";
            $postpass=false;
         } 
         # CHECK MISSING COMMENT
         if ($comment == ""){
            $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\">$FormErrCommentMsg</FONT></LI>";
            $postpass=false;
         }
         ########################
         # CHECK BAD EMAIL LIST #
         ########################
         $badfile=file("./bad_emails.cfg");
         $bademails=array();
         for($index=0; $index < count($badfile); $index++) {
            $str=$badfile[$index];
            $str=trim($str);
            if (substr($str,0,1)!="#") {
               $bademails[]=$str;
            }
         }
         if(is_array($bademails)){
            $cnt=count($bademails);
            for($index=0;$index<$cnt;$index++){
               if(strstr(strtoupper($email), strtoupper($bademails[$index]) )){
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\">$FormErrBannedMsg</FONT></LI>";
                  $postpass=false;
               }
            }
         }
         #######################
         # CHECK BAD WORD LIST #
         #######################
         $badfile=file("./bad_words.cfg");
         $badwords=array();
         for($index=0; $index < count($badfile); $index++) {
            $str=$badfile[$index];
            $str=trim($str);
            if (substr($str,0,1)!="#") {
               $badwords[]=$str;
            }
         }
         if(is_array($badwords)){
            $cnt=count($badwords);
            for($index=0;$index<$cnt;$index++){
               if( strstr( strtoupper($name), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($email), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($city), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($state), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($country), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($url), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($title), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
               if( strstr( strtoupper($comment), strtoupper($badwords[$index]) )) {
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\"><B>$badwords[$index]</B> $FormErrBadWord</FONT></LI>";
                  $postpass=false;
               }
            }
         }
         #######################
         # CHECK BAD HOST LIST #
         #######################
         $badfile=file("./bad_hosts.cfg");
         $badhosts=array();
         for($index=0; $index < count($badfile); $index++) {
            $str=$badfile[$index];
            $str=trim($str);
            if (substr($str,0,1)!="#") {
               $badhosts[]=$str;
            }
         }
         if(!$host){
            $host = getenv('REMOTE_HOST');
         }
         if(!$host){
            $host = getenv('REMOTE_ADDR');
         }
         $host = @GetHostByAddr($host);
         if(is_array($badhosts)){
            $cnt=count($badhosts);
            for($index=0;$index<$cnt;$index++){
               if(ereg($badhosts[$index],$host)){
                  $posterrmsg.="<LI><FONT FACE=\"$tbl_bodyfont1\" SIZE=\"-1\">$FormErrBannedMsg</FONT></LI>";
                  $postpass=false;
               }
            }
         }
         if (!$postpass) {
            include("$header");
            include "./gb_post.php";
            include("$footer");
            exit();
         } else {
            $section="writepost";
         } 
      } 
      if ($section == "writepost") {
         #################
         # SAVE NEW POST #
         #################
         $name = addslashes($name);
         $name = ereg_replace("<[^>]*>", "", $name);
         $email = addslashes($email);
         $email = ereg_replace("<[^>]*>", "", $email);
         $title = addslashes($title1);
         $title = ereg_replace("<[^>]*>", "", $title);
         $comment = addslashes($comment);
         $comment = ereg_replace("<[^>]*>", "", $comment);
         $query = "INSERT INTO $dbTable (name,email,url,title,comment,host,date,time,city,state,country)
         VALUES('$name','$email','$url','$title','$comment','$hostid','$datestamp','$timestamp','$city','$state','$country')";
         $result = MYSQL_QUERY($query) or die(mysql_error());
         if ($notify == "yes"){
            $mailmsg="----------------------------------\n"; 
            $mailmsg.="Name:     $name\n"; 
            $mailmsg.="Email:    $email\n"; 
            $mailmsg.="IP:     $REMOTE_ADDR\n"; 
            $mailmsg.="Host:     $hostid\n"; 
            $mailmsg.="Datum:    $datestamp um $timestamp\n"; 
            $mailmsg.="Stadt:    $city\n";  
            $mailmsg.="Land:  	 $country\n"; 
            $mailmsg.="\nEintrag:\n$comment\n"; 
            $mailmsg.="----------------------------------\n"; 
            mail("$AdminEmail","Neuer Eintrag im Gaestebuch",$mailmsg, "From: $email\nX-Mailer: ProBook");
         }
         $record=0;
         include("$header");
         include "./gb_display.php";
         include("$footer");
      }
   } else {
      # SHOW GUESTBOOK
      include("$header");
      include "./gb_display.php";
      include("$footer");
   }
}

?>