function add_guest() { global $GB_TMP, $GB_UPLOAD, $GB_PG; if ($this->preview == 1 && $this->user_img) { $img = new gb_image(); $img->set_destdir("{$this->include_path}/{$GB_UPLOAD}"); $img->set_border_size($this->db->VARS["img_width"], $this->db->VARS["img_height"]); if ($this->db->VARS["thumbnail"] == 1) { $min_size = 1024 * $this->db->VARS["thumb_min_fsize"]; $img->set_min_filesize($min_size); $img->set_prefix("t_"); $img->create_thumbnail("{$this->include_path}/{$GB_TMP}/{$this->user_img}", $this->user_img); } copy("{$this->include_path}/{$GB_TMP}/{$this->user_img}", "{$this->include_path}/{$GB_UPLOAD}/{$this->user_img}"); unlink("{$this->include_path}/{$GB_TMP}/{$this->user_img}"); $this->image_file = $this->user_img; } $this->name = htmlspecialchars($this->name); $this->location = htmlspecialchars($this->location); if ($this->db->VARS["allow_html"] == 0) { $this->comment = htmlspecialchars($this->comment); } if ($this->db->VARS["agcode"] == 1) { $this->comment = $this->db->AGCode($this->comment); } if (!get_magic_quotes_gpc()) { $this->name = addslashes($this->name); $this->location = addslashes($this->location); $this->aim = addslashes($this->aim); $this->email = addslashes($this->email); $this->url = addslashes($this->url); $this->comment = addslashes($this->comment); $this->gender = addslashes($this->gender); } $host = addslashes(@gethostbyaddr($this->ip)); $agent = addslashes(htmlspecialchars(strip_tags($_SERVER['HTTP_USER_AGENT']))); $the_time = time(); $sql_usertable = $this->private == 1 ? $this->table['priv'] : $this->table['data']; $this->db->query("INSERT INTO {$sql_usertable} (name,gender,email,url,date,location,host,browser,comment,icq,aim) VALUES ('{$this->name}','{$this->gender}','{$this->email}','{$this->url}','{$the_time}','{$this->location}','{$host}','{$agent}','{$this->comment}','{$this->icq}','{$this->aim}')"); if ($this->canUseCaptcha) { $this->db->query("DELETE FROM {$this->table['cap']} WHERE session_id = '" . addslashes($this->token) . "'"); } if (!empty($this->image_file) || !empty($this->user_img)) { $size = GetImageSize("{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}"); if (is_array($size) && $size[2] > 0 && $size[2] < 4) { $book_id = $this->private == 1 ? 1 : 2; $p_filesize = filesize("{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}"); $this->db->fetch_array($this->db->query("SELECT MAX(id) AS msg_id FROM {$sql_usertable}")); $this->db->query("INSERT INTO " . $this->table['pics'] . " (msg_id,book_id,p_filename,p_size,width,height) VALUES ('" . $this->db->record['msg_id'] . "',{$book_id},'{$this->image_file}','{$p_filesize}','{$size['0']}','{$size['1']}')"); } } $from_email = $this->email == "" ? $this->db->VARS['admin_mail'] : $this->email; if ($this->db->VARS["notify_private"] == 1 && $this->private == 1) { @mail($this->db->VARS["admin_mail"], $this->db->LANG["EmailAdminSubject"], "{$this->name}\n{$this->host}\n\n{$this->comment}", "From: {$from_email}\nX-Mailer: Advanced Guestbook 2"); } if ($this->db->VARS["notify_admin"] == 1 && $this->private == 0) { @mail($this->db->VARS["admin_mail"], $this->db->LANG["EmailAdminSubject"], "{$this->name}\n{$this->host}\n\n{$this->comment}", "From: {$from_email}\nX-Mailer: Advanced Guestbook 2"); } if ($this->db->VARS["notify_guest"] == 1 && $this->email != '') { @mail($this->email, $this->db->LANG["EmailGuestSubject"], $this->db->VARS["notify_mes"], "From: " . $this->db->VARS['admin_mail'] . "\nX-Mailer: Advanced Guestbook 2"); } if ($this->db->VARS["flood_check"] == 1) { $this->db->query("INSERT INTO " . $this->table['ip'] . " (guest_ip,timestamp) VALUES ('{$this->ip}','{$the_time}')"); } $LANG =& $this->db->LANG; $VARS =& $this->db->VARS; $success_html = ""; eval("\$success_html = \"" . $this->template->get_template($this->GB_TPL['success']) . "\";"); eval("\$success_html .= \"" . $this->template->get_template($this->GB_TPL['footer']) . "\";"); return $success_html; }
function add_guest() { global $GB_PG; if ($this->preview == 1 && $this->user_img) { $img = new gb_image(); $img->set_destdir($this->include_path . '/public'); $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']); if ($this->db->VARS['thumbnail'] == 1) { $min_size = 1024 * $this->db->VARS['thumb_min_fsize']; $img->set_min_filesize($min_size); $img->set_prefix('t_'); $img->create_thumbnail($this->include_path . '/tmp/' . $this->user_img, $this->user_img); } copy($this->include_path . '/tmp/' . $this->user_img, $this->include_path . '/public/' . $this->user_img); unlink($this->include_path . '/tmp/' . $this->user_img); $this->image_file = $this->user_img; } if ($this->db->VARS['allow_html'] == 1) { $this->comment = $this->db->allowed_html($this->comment); } if ($this->db->VARS['agcode'] == 1) { $this->comment = $this->db->AGCode($this->comment); } if (get_magic_quotes_gpc()) { $this->strip_all_slashes(); } $this->name = $this->db->escape_string($this->name); $this->location = $this->db->escape_string($this->location); $this->aim = $this->db->escape_string($this->aim); $this->msn = $this->db->escape_string($this->msn); $this->yahoo = $this->db->escape_string($this->yahoo); $this->skype = $this->db->escape_string($this->skype); $this->email = $this->db->escape_string($this->email); $this->url = $this->db->escape_string($this->url); $this->ip = $this->db->escape_string($this->ip); $this->gender = $this->db->escape_string($this->gender); $host = $this->db->escape_string(htmlspecialchars(gethostbyaddr($this->ip))); $agent = $this->db->escape_string(htmlspecialchars($_SERVER['HTTP_USER_AGENT'])); $the_time = time(); if ($this->db->VARS['require_checking'] == 1) { $this->accepted = $this->private == 1 ? '1' : '0'; } // Check for moderation words if ($this->db->BlockBadWords($this->name, 3) || $this->db->BlockBadWords($this->email, 3) || $this->db->BlockBadWords($this->location, 3) || $this->db->BlockBadWords($this->comment, 3) || $this->db->BlockBadWords($this->url, 3)) { $this->accepted = $this->private == 1 ? $this->accepted : '0'; } $sql_usertable = $this->private == 1 && $this->db->VARS['allow_private'] == 1 ? LAZ_TABLE_PREFIX . '_private' : LAZ_TABLE_PREFIX . '_data'; $this->db->query("INSERT INTO {$sql_usertable} (name,gender,email,url,date,location,host,browser,comment,icq,aim,msn,yahoo,skype,accepted,ip) VALUES ('{$this->name}','{$this->gender}','{$this->email}','{$this->url}',{$the_time},'{$this->location}','{$host}','{$agent}','" . $this->db->escape_string($this->comment) . "','{$this->icq}','{$this->aim}','{$this->msn}','{$this->yahoo}','{$this->skype}',{$this->accepted},'{$this->ip}')"); $entry_id = $this->db->insert_id(); $imagedata = array('mime' => '', 'name' => '', 'data' => ''); if (!empty($this->image_file) || !empty($this->user_img)) { $size = getimagesize("{$this->include_path}/public/{$this->image_file}"); if (is_array($size) && ($size[2] > 0 && $size[2] < 4 || $size[2] == 6)) { $book_id = $this->private == 1 ? 1 : 2; $p_filesize = filesize("{$this->include_path}/public/{$this->image_file}"); $this->db->fetch_array($this->db->query("SELECT MAX(id) AS msg_id FROM {$sql_usertable}")); $this->db->query("INSERT INTO " . LAZ_TABLE_PREFIX . "_pics (msg_id,book_id,p_filename,p_size,width,height) VALUES ('" . $this->db->record['msg_id'] . "',{$book_id},'{$this->image_file}','{$p_filesize}','{$size['0']}','{$size['1']}')"); if ($this->db->VARS['html_email'] == 1) { if (!empty($size['mime'])) { $imagedata['mime'] = $size['mime']; } else { $mimetype = array(1 => 'image/gif', 2 => 'image/jpeg', 3 => 'image/png', 6 => 'image/png'); $imagedata['mime'] = $mimetype[$size[2]]; } $imagedata['name'] = $this->image_file; $imgdata = file_get_contents($this->include_path . '/public/' . $this->image_file); $imagedata['data'] = chunk_split(base64_encode($imgdata)); } } } $LANG =& $this->db->LANG; if ($this->db->check_emailaddress($this->db->VARS['book_mail']) && $this->db->VARS['always_bookemail'] == 1) { $admin_email = $this->db->VARS['book_mail']; } else { $admin_emails = explode(',', $this->db->VARS['admin_mail']); if ($this->db->check_emailaddress($admin_emails[0])) { $admin_email = $admin_emails[0]; } else { $admin_email = 'guestbookentry@' . $host; } } if ($this->email == '' || $this->db->VARS['always_bookemail'] == 1) { $from_email = $admin_email; } else { $from_email = $this->email; } $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $host) ? 'IP' : 'Host'; $messagebody = '<div style="background-color:#fff;border:1px solid #a5cae4;border-radius:5px;padding:5px;">'; $messagebody .= $LANG['FormName'] . ': ' . $this->name . "<br />\n"; $messagebody .= $hostname . ': ' . $host . ' (' . $this->ip . ")<br />\n"; $messagebody .= $this->location != '' ? $LANG['FormLoc'] . ': ' . $this->location . "<br />\n" : ''; $messagebody .= $this->email != '' ? $LANG['FormEmail'] . ': <a href="mailto:' . $this->email . '">' . $this->email . "</a><br />\n" : ''; $messagebody .= $this->url != '' ? $LANG['FormUrl'] . ': <a href="' . $this->url . '" target="_blank">' . $this->url . "</a><br />\n" : ''; $messagebody .= $this->aim != '' ? 'AIM: ' . $this->aim . "<br .>\n" : ''; $messagebody .= $this->icq != '' ? 'ICQ: ' . $this->icq . "<br />\n" : ''; $messagebody .= $this->msn != '' ? 'MSN: ' . $this->msn . "<br />\n" : ''; $messagebody .= $this->yahoo != '' ? 'Yahoo: ' . $this->yahoo . "<br />\n" : ''; $messagebody .= $this->skype != '' ? 'Skype: ' . $this->skype . "<br />\n" : ''; $messagebody .= '<hr style="min-height:1px;margin:20px 0 10px;border:0;color:#d7edfc;background-color:#d7edfc" />'; $messagebody .= "<br />\n<br />\n" . nl2br($this->comment); if ($GB_PG['base_url'] != '') { $messagebody .= "<br />\n<br />\n<div style=\"background-color:#f0f7fc;border-top:1px solid #d7edfc;padding:2px;\">"; if ($sql_usertable == LAZ_TABLE_PREFIX . '_data') { $urlDivider = strpos($this->db->VARS['laz_url'], '?') > 0 ? '&' : '?'; $messagebody .= $LANG['EmailAdminSubject'] . ': <a href="' . $this->db->VARS['laz_url'] . $urlDivider . 'permalink=true&entry=' . $entry_id . '">' . $this->db->VARS['laz_url'] . $urlDivider . 'permalink=true&entry=' . $entry_id . "</a><br>\n"; $messagebody .= $this->accepted == 0 ? $LANG['AdminAccept'] . ': <a href="' . $GB_PG['admin'] . '?action=accept&tbl=gb&id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=accept&tbl=gb&id=' . $entry_id . "</a><br>\n" : $LANG['AdminUnaccept'] . ': <a href="' . $GB_PG['admin'] . '?action=unaccept&tbl=gb&id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=unaccept&tbl=gb&id=' . $entry_id . "</a><br>\n"; } $messagebody .= $LANG['AdminEdit'] . ': <a href="' . $GB_PG['admin'] . '?action=edit&tbl=gb&id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=edit&tbl=gb&id=' . $entry_id . "</a><br />\n"; $messagebody .= $LANG['AdminDelete'] . ': <a href="' . $GB_PG['admin'] . '?action=del&tbl=gb&id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=del&tbl=gb&id=' . $entry_id . "</a><br />\n"; $messagebody .= $LANG['FormSelect'] . ': <a href="' . $this->db->VARS['laz_url'] . '">' . $this->db->VARS['laz_url'] . "</a><br />\n"; $messagebody .= '</div>'; } $messagebody .= '</div>'; //$messagebody = stripslashes($messagebody); $fromname = $this->db->undo_htmlspecialchars(stripslashes($this->name)); if ($this->db->VARS['notify_guest'] == 1 && $this->email != '' && $admin_email != '') { $email_message = nl2br($this->db->AGCode($this->db->VARS['notify_mes'])); $email_message = str_replace('[NAME]', stripslashes($this->name), $email_message); $this->db->send_email($this->email, $this->db->LANG['EmailGuestSubject'], $email_message, 'From: "' . strip_tags($this->db->VARS['book_name']) . '" <' . $admin_email . '>', $admin_email); } $admin_emails = explode(',', $this->db->VARS['admin_mail']); foreach ($admin_emails as $adminsaddy) { $adminsaddy = trim($adminsaddy); if ($this->db->check_emailaddress($adminsaddy)) { if ($this->db->VARS['notify_private'] == 1 && $this->private == 1) { $this->db->send_email($adminsaddy, $this->db->LANG['EmailAdminSubject'] . ' - ' . $this->db->LANG['FormPriv'], $this->db->LANG['FormPriv'] . "<br>\n<br>\n" . $messagebody, 'From: "' . $fromname . '" <' . $from_email . '>', $from_email, $imagedata); } if (($this->db->VARS['notify_admin'] == 1 || $this->db->VARS['require_checking'] == 1) && $this->private == 0) { $this->db->send_email($adminsaddy, $this->db->LANG['EmailAdminSubject'], $messagebody, 'From: "' . $fromname . '" <' . $from_email . '>', $from_email, $imagedata); } } } $this->db->query("INSERT INTO " . LAZ_TABLE_PREFIX . '_ip' . " (guest_ip,timestamp) VALUES ('{$this->ip}','{$the_time}')"); $LANG =& $this->db->LANG; $VARS =& $this->db->VARS; $success_message = $LANG['BookMess10']; if ($this->accepted == 0) { $success_message = $LANG['BookMess11']; } $success_html = ''; eval("\$success_html .= \"" . $this->template->get_template('success_header') . "\";"); eval("\$success_html .= \"" . $this->template->get_template('success') . "\";"); eval("\$success_html .= \"" . $this->template->get_template('footer', false) . "\";"); return $success_html; }