################################################################################
## ##
## Copyright (C) 1999 Devpros Corporation ##
## http://www.devpros/probook ##
## ##
## This program is free software. You can redistribute it and/or modify ##
## it under the terms of the GNU General Public License Version 2 as ##
## published by the Free Software Foundation. ##
## ##
## This program is distributed in the hope that it will be useful, ##
## but WITHOUT ANY WARRANTY, without even the implied warranty of ##
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ##
## GNU General Public License for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ##
## ##
################################################################################
include ("gb_common.inc");
if (!isset($probookadmin)) $probookadmin="";
if ($probookadmin==$password) {
$header="./adm_hdr.php";
$footer="./adm_ftr.php";
$admin=1;
$tbl_headercolor="#A9A9AF";
$tbl_headerfontcolor="#000000";
$tbl_navcolor="#595758";
$tbl_navfontcolor="#FFFFFF";
$tbl_bodycolor1="#E2E2E2";
$tbl_bodyfontcolor1="#000000";
$tbl_bodycolor2="#F0F0F0";
$tbl_bodyfontcolor2="#000000";
} else {
$admin=0;
if ($ListActive!="yes") {
$action="down";
}
}
if (!isset($titlemsg)) $titlemsg="Probook Maintenance";
if ($probookadmin==$password) {
if ($action == "delete") {
# DELETE RECORD
$delquery = "select * from $dbTable";
$delresult = mysql_query($delquery);
mysql_query("DELETE FROM $dbTable WHERE (id = '$record')");
$record=0;
include("$header");
include "./gb_display.php";
include("$footer");
} elseif ($action=="logout") {
# LOGOUT
setcookie("probookadmin","",time(),"/");
header("Location: $PHP_SELF");
} elseif ($action == "write") {
if ($section == "edit") {
# UPDATE RECORD
#$record=$id;
$name=addslashes($name);
$name=ereg_replace("<[^>]*>", "", $name);
$email=addslashes($email);
$email=ereg_replace("<[^>]*>", "", $email);
$title=addslashes($title1);
$title=ereg_replace("<[^>]*>", "", $title);
$comment=addslashes($comment);
$comment=ereg_replace("<[^>]*>", "", $comment);
$query="UPDATE $dbTable set name='$name', email='$email', url='$url', title='$title1', ";
$query.="comment='$comment', city='$city', state='$state', country='$country' WHERE id = '$record'";
$result=MYSQL_QUERY($query) or die(mysql_error());
$record=$id;
$record=0;
include("$header");
include "./gb_display.php";
include("$footer");
}
} elseif ($action=="edit") {
# EDIT RECORD
include("$header");
include "./gb_post.php";
include("$footer");
} else {
# SHOW GUESTBOOK
include("$header");
include "./gb_display.php";
include("$footer");
}
} else {
if ($action=="post") {
# GOTO POST NEW RECORD SCREEN
include("$header");
include "./gb_post.php";
include("$footer");
} else if ($action=="down") {
# PROBOOK DOWN
include("$header");
#include "./gb_down.php";
echo '
';
echo '';
echo '';
echo '';
echo '';
echo '';
echo '
'.$ListDown.'
';
echo '
| ';
echo ' ';
echo ' |
';
include("$footer");
} elseif ($action == "write") {
if ($section == "post") {
##########################
# VALIDATE POSTING ENTRY #
##########################
$postpass=true;
$posterrmsg="";
# CHECK MISSING NAME
if ($name == ""){
$posterrmsg.="$FormErrNameMsg";
$postpass=false;
}
# CHECK MISSING COMMENT
if ($comment == ""){
$posterrmsg.="$FormErrCommentMsg";
$postpass=false;
}
########################
# CHECK BAD EMAIL LIST #
########################
$badfile=file("./bad_emails.cfg");
$bademails=array();
for($index=0; $index < count($badfile); $index++) {
$str=$badfile[$index];
$str=trim($str);
if (substr($str,0,1)!="#") {
$bademails[]=$str;
}
}
if(is_array($bademails)){
$cnt=count($bademails);
for($index=0;$index<$cnt;$index++){
if(strstr(strtoupper($email), strtoupper($bademails[$index]) )){
$posterrmsg.="$FormErrBannedMsg";
$postpass=false;
}
}
}
#######################
# CHECK BAD WORD LIST #
#######################
$badfile=file("./bad_words.cfg");
$badwords=array();
for($index=0; $index < count($badfile); $index++) {
$str=$badfile[$index];
$str=trim($str);
if (substr($str,0,1)!="#") {
$badwords[]=$str;
}
}
if(is_array($badwords)){
$cnt=count($badwords);
for($index=0;$index<$cnt;$index++){
if( strstr( strtoupper($name), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($email), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($city), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($state), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($country), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($url), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($title), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
if( strstr( strtoupper($comment), strtoupper($badwords[$index]) )) {
$posterrmsg.="$badwords[$index] $FormErrBadWord";
$postpass=false;
}
}
}
#######################
# CHECK BAD HOST LIST #
#######################
$badfile=file("./bad_hosts.cfg");
$badhosts=array();
for($index=0; $index < count($badfile); $index++) {
$str=$badfile[$index];
$str=trim($str);
if (substr($str,0,1)!="#") {
$badhosts[]=$str;
}
}
if(!$host){
$host = getenv('REMOTE_HOST');
}
if(!$host){
$host = getenv('REMOTE_ADDR');
}
$host = @GetHostByAddr($host);
if(is_array($badhosts)){
$cnt=count($badhosts);
for($index=0;$index<$cnt;$index++){
if(ereg($badhosts[$index],$host)){
$posterrmsg.="$FormErrBannedMsg";
$postpass=false;
}
}
}
if (!$postpass) {
include("$header");
include "./gb_post.php";
include("$footer");
exit();
} else {
$section="writepost";
}
}
if ($section == "writepost") {
#################
# SAVE NEW POST #
#################
$name = addslashes($name);
$name = ereg_replace("<[^>]*>", "", $name);
$email = addslashes($email);
$email = ereg_replace("<[^>]*>", "", $email);
$title = addslashes($title1);
$title = ereg_replace("<[^>]*>", "", $title);
$comment = addslashes($comment);
$comment = ereg_replace("<[^>]*>", "", $comment);
$query = "INSERT INTO $dbTable (name,email,url,title,comment,host,date,time,city,state,country)
VALUES('$name','$email','$url','$title','$comment','$hostid','$datestamp','$timestamp','$city','$state','$country')";
$result = MYSQL_QUERY($query) or die(mysql_error());
if ($notify == "yes"){
$mailmsg="----------------------------------\n";
$mailmsg.="Name: $name\n";
$mailmsg.="Email: $email\n";
$mailmsg.="IP: $REMOTE_ADDR\n";
$mailmsg.="Host: $hostid\n";
$mailmsg.="Datum: $datestamp um $timestamp\n";
$mailmsg.="Stadt: $city\n";
$mailmsg.="Land: $country\n";
$mailmsg.="\nEintrag:\n$comment\n";
$mailmsg.="----------------------------------\n";
mail("$AdminEmail","Neuer Eintrag im Gaestebuch",$mailmsg, "From: $email\nX-Mailer: ProBook");
}
$record=0;
include("$header");
include "./gb_display.php";
include("$footer");
}
} else {
# SHOW GUESTBOOK
include("$header");
include "./gb_display.php";
include("$footer");
}
}
?>