예제 #1
0
 function add_guest()
 {
     global $GB_TMP, $GB_UPLOAD, $GB_PG;
     if ($this->preview == 1 && $this->user_img) {
         $img = new gb_image();
         $img->set_destdir("{$this->include_path}/{$GB_UPLOAD}");
         $img->set_border_size($this->db->VARS["img_width"], $this->db->VARS["img_height"]);
         if ($this->db->VARS["thumbnail"] == 1) {
             $min_size = 1024 * $this->db->VARS["thumb_min_fsize"];
             $img->set_min_filesize($min_size);
             $img->set_prefix("t_");
             $img->create_thumbnail("{$this->include_path}/{$GB_TMP}/{$this->user_img}", $this->user_img);
         }
         copy("{$this->include_path}/{$GB_TMP}/{$this->user_img}", "{$this->include_path}/{$GB_UPLOAD}/{$this->user_img}");
         unlink("{$this->include_path}/{$GB_TMP}/{$this->user_img}");
         $this->image_file = $this->user_img;
     }
     $this->name = htmlspecialchars($this->name);
     $this->location = htmlspecialchars($this->location);
     if ($this->db->VARS["allow_html"] == 0) {
         $this->comment = htmlspecialchars($this->comment);
     }
     if ($this->db->VARS["agcode"] == 1) {
         $this->comment = $this->db->AGCode($this->comment);
     }
     if (!get_magic_quotes_gpc()) {
         $this->name = addslashes($this->name);
         $this->location = addslashes($this->location);
         $this->aim = addslashes($this->aim);
         $this->email = addslashes($this->email);
         $this->url = addslashes($this->url);
         $this->comment = addslashes($this->comment);
         $this->gender = addslashes($this->gender);
     }
     $host = addslashes(@gethostbyaddr($this->ip));
     $agent = addslashes(htmlspecialchars(strip_tags($_SERVER['HTTP_USER_AGENT'])));
     $the_time = time();
     $sql_usertable = $this->private == 1 ? $this->table['priv'] : $this->table['data'];
     $this->db->query("INSERT INTO {$sql_usertable} (name,gender,email,url,date,location,host,browser,comment,icq,aim) VALUES ('{$this->name}','{$this->gender}','{$this->email}','{$this->url}','{$the_time}','{$this->location}','{$host}','{$agent}','{$this->comment}','{$this->icq}','{$this->aim}')");
     if ($this->canUseCaptcha) {
         $this->db->query("DELETE FROM {$this->table['cap']} WHERE session_id = '" . addslashes($this->token) . "'");
     }
     if (!empty($this->image_file) || !empty($this->user_img)) {
         $size = GetImageSize("{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}");
         if (is_array($size) && $size[2] > 0 && $size[2] < 4) {
             $book_id = $this->private == 1 ? 1 : 2;
             $p_filesize = filesize("{$this->include_path}/{$GB_UPLOAD}/{$this->image_file}");
             $this->db->fetch_array($this->db->query("SELECT MAX(id) AS msg_id FROM {$sql_usertable}"));
             $this->db->query("INSERT INTO " . $this->table['pics'] . " (msg_id,book_id,p_filename,p_size,width,height) VALUES ('" . $this->db->record['msg_id'] . "',{$book_id},'{$this->image_file}','{$p_filesize}','{$size['0']}','{$size['1']}')");
         }
     }
     $from_email = $this->email == "" ? $this->db->VARS['admin_mail'] : $this->email;
     if ($this->db->VARS["notify_private"] == 1 && $this->private == 1) {
         @mail($this->db->VARS["admin_mail"], $this->db->LANG["EmailAdminSubject"], "{$this->name}\n{$this->host}\n\n{$this->comment}", "From: {$from_email}\nX-Mailer: Advanced Guestbook 2");
     }
     if ($this->db->VARS["notify_admin"] == 1 && $this->private == 0) {
         @mail($this->db->VARS["admin_mail"], $this->db->LANG["EmailAdminSubject"], "{$this->name}\n{$this->host}\n\n{$this->comment}", "From: {$from_email}\nX-Mailer: Advanced Guestbook 2");
     }
     if ($this->db->VARS["notify_guest"] == 1 && $this->email != '') {
         @mail($this->email, $this->db->LANG["EmailGuestSubject"], $this->db->VARS["notify_mes"], "From: " . $this->db->VARS['admin_mail'] . "\nX-Mailer: Advanced Guestbook 2");
     }
     if ($this->db->VARS["flood_check"] == 1) {
         $this->db->query("INSERT INTO " . $this->table['ip'] . " (guest_ip,timestamp) VALUES ('{$this->ip}','{$the_time}')");
     }
     $LANG =& $this->db->LANG;
     $VARS =& $this->db->VARS;
     $success_html = "";
     eval("\$success_html = \"" . $this->template->get_template($this->GB_TPL['success']) . "\";");
     eval("\$success_html .= \"" . $this->template->get_template($this->GB_TPL['footer']) . "\";");
     return $success_html;
 }
예제 #2
0
 function get_entries($entry, $last_entry)
 {
     global $GB_UPLOAD, $GB_PG;
     $VARS =& $this->db->VARS;
     $last_entry = intval($last_entry);
     $img = new gb_image();
     $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']);
     $LANG =& $this->db->LANG;
     $id = isset($_GET['permalink']) ? 1 : $this->total - $entry;
     $HOST = '';
     $COMMENT = '';
     $GB_ENTRIES = '';
     $i = 0;
     $template['entry'] = $this->template->get_template('entry');
     $template['location'] = $this->template->get_template('location');
     $template['com'] = $this->template->get_template('com');
     $template['url'] = $this->template->get_template('url');
     $template['icq'] = $this->template->get_template('icq');
     $template['aim'] = $this->template->get_template('aim');
     $template['msn'] = $this->template->get_template('msn');
     $template['yahoo'] = $this->template->get_template('yahoo');
     $template['skype'] = $this->template->get_template('skype');
     $template['email'] = $this->template->get_template('email');
     $template['image'] = $this->template->get_template('user_pic');
     $template['male'] = $this->template->get_template('img_male');
     $template['female'] = $this->template->get_template('img_female');
     $template['com_link'] = $this->template->get_template('com_link');
     $template['com_email'] = $this->template->get_template('com_email');
     // Here we create our query dependant upon the admins options.
     if (isset($_GET['permalink'])) {
         $this->searchquery2 = ' AND x.id = ' . $entry;
         $entry = 0;
         $last_entry = 1;
     }
     if ($this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] != 1) {
         $result = $this->db->query("SELECT x.*, y.p_filename, y.width, y.height, COUNT(z.com_id) as comments FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_pics y ON (x.id=y.msg_id and y.book_id=2) LEFT JOIN " . LAZ_TABLE_PREFIX . "_com z ON (x.id=z.id) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}");
     } elseif ($this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] == 1) {
         $result = $this->db->query("SELECT x.*, y.p_filename, y.width, y.height FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_pics y ON (x.id=y.msg_id and y.book_id=2) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}");
     } elseif (!$this->db->VARS['allow_img'] && $this->db->VARS['disablecomments'] != 1) {
         $result = $this->db->query("SELECT x.*, COUNT(z.com_id) as comments FROM " . LAZ_TABLE_PREFIX . "_data x LEFT JOIN " . LAZ_TABLE_PREFIX . "_com z ON (x.id=z.id) WHERE x.accepted='1'" . $this->searchquery2 . " GROUP BY x.id ORDER BY x.id DESC LIMIT {$entry}, {$last_entry}");
     } else {
         $result = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_data WHERE accepted='1'" . str_replace('x.', '', $this->searchquery2) . " ORDER BY id DESC LIMIT {$entry}, {$last_entry}");
     }
     while ($row = $this->db->fetch_array($result)) {
         // Check if they want to show their ad code or not.
         if ($this->db->VARS['ad_pos'] > 0 && $this->db->VARS['ad_code'] != '' && $this->db->VARS['ad_pos'] == $i + 1) {
             $GB_ENTRIES .= '<tr bgcolor="';
             $GB_ENTRIES .= $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1'];
             $GB_ENTRIES .= '"><td colspan="2" align="center" class="font1">' . $this->db->VARS['ad_code'] . '</td></tr>';
             $i++;
         }
         $DATE = $this->db->DateFormat($row['date']);
         // Format the date according to their language
         $MESSAGE = nl2br($row['comment']);
         // Add <br /> where needed
         if (!empty($row['p_filename']) && preg_match('/^img-/', $row['p_filename'])) {
             $row['p_filename2'] = $row['p_filename'];
             if (file_exists($this->path . '/public/t_' . $row['p_filename'])) {
                 $row['p_filename2'] = 't_' . $row['p_filename2'];
             }
             $new_img_size = $img->get_img_size_format($row['width'], $row['height']);
             $GB_UPLOAD = 'public';
             eval("\$USER_PIC = \"" . $template['image'] . "\";");
         } else {
             $USER_PIC = '';
         }
         $row['name'] = $this->db->CensorBadWords($row['name']);
         $MESSAGE = $this->db->CensorBadWords($MESSAGE);
         if ($this->db->VARS['smilies'] == 1) {
             $MESSAGE = $this->db->emotion($MESSAGE);
         }
         /*    if (!$row['location'])
             {
               $row['location'] = '-';
             }*/
         $bgcolor = $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1'];
         $i++;
         if ($row['url'] && $this->db->VARS['allow_url'] == 1) {
             $row['url'] = $this->db->CensorBadWords($row['url']);
             eval("\$URL = \"" . $template['url'] . "\";");
         } else {
             $URL = '';
         }
         if ($row['location'] && $this->db->VARS['allow_loc'] == 1) {
             $row['location'] = $this->db->CensorBadWords($row['location']);
             $THEIRLOC = urlencode($row['location']);
             eval("\$LOCATION = \"" . $template['location'] . "\";");
         } else {
             $LOCATION = '';
         }
         if ($row['icq'] && $this->db->VARS['allow_icq'] == 1 && $row['icq'] != 0) {
             eval("\$ICQ = \"" . $template['icq'] . "\";");
         } else {
             $ICQ = '';
         }
         if ($row['aim'] && $this->db->VARS['allow_aim'] == 1) {
             eval("\$AIM = \"" . $template['aim'] . "\";");
         } else {
             $AIM = '';
         }
         if ($row['msn'] && $this->db->VARS['allow_msn'] == 1) {
             eval("\$MSN = \"" . $template['msn'] . "\";");
         } else {
             $MSN = '';
         }
         if ($row['yahoo'] && $this->db->VARS['allow_yahoo'] == 1) {
             eval("\$YAHOO = \"" . $template['yahoo'] . "\";");
         } else {
             $YAHOO = '';
         }
         if ($row['skype'] && $this->db->VARS['allow_skype'] == 1) {
             eval("\$SKYPE = \"" . $template['skype'] . "\";");
         } else {
             $SKYPE = '';
         }
         if ($row['email']) {
             $GRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? ' background: transparent url(http://www.gravatar.com/avatar/' . md5($row['email']) . '?s=24&amp;d=wavatar&amp;r=G) no-repeat right;' : '';
             if ($this->db->VARS['require_email'] < 2) {
                 $row['email'] = $this->db->CensorBadWords($row['email']);
                 if ($this->db->VARS['encrypt_email'] == 1) {
                     $MAILTO = $this->db->html_encode('mailto:' . $row['email']);
                 } else {
                     $MAILTO = 'mailto:' . $row['email'];
                 }
                 eval("\$EMAIL = \"" . $template['email'] . "\";");
             } else {
                 $EMAIL = '';
             }
         } else {
             $GRAVATAR = '';
             $EMAIL = '';
         }
         if ($this->db->VARS['allow_gender'] == 1) {
             if ($row['gender'] == 'f') {
                 eval("\$GENDER = \"" . $template['female'] . "\";");
             } elseif ($row['gender'] == 'm') {
                 eval("\$GENDER = \"" . $template['male'] . "\";");
             } else {
                 $GENDER = '';
             }
         } else {
             $GENDER = '';
         }
         $PERMALINK = '';
         if ($this->db->VARS['permalinks'] == 1) {
             $PERMALINK = preg_match('/\\?/', $GB_PG['index']) ? $GB_PG['index'] . '&amp;permalink=true&amp;entry=' . $row['id'] : $GB_PG['index'] . '?permalink=true&amp;entry=' . $row['id'];
             $PERMALINK = '<a href="' . $PERMALINK . '"><img src="' . $GB_PG['base_url'] . '/img/permalink.gif" width="14" height="14" alt="Permalink" title="Permalink" style="border:0;" /></a>';
         }
         $GB_COMMENT = (IS_MODULE || IS_INCLUDE) && preg_match('/\\?/', $GB_PG['comment']) ? $GB_PG['comment'] . '&amp;gb_id=' . $row['id'] : $GB_PG['comment'] . '?gb_id=' . $row['id'];
         if ($this->db->VARS['disablecomments'] == 0) {
             eval("\$COMMENTLINK = \"" . $template['com_link'] . "\";");
         } else {
             $COMMENTLINK = '';
         }
         if ($this->db->VARS['show_ip'] == 1) {
             $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $row['host']) ? 'IP' : 'Host';
             $HOST = '<em style="font-weight: normal;">' . $hostname . ': ' . $row['host'] . "</em>\n";
         }
         if (!empty($row['comments'])) {
             $foo = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_com WHERE id='{$row['id']}' AND comaccepted='1' order by com_id asc");
             $comment_count = 0;
             while ($com = $this->db->fetch_array($foo)) {
                 $comment_count++;
                 $COMDATE = $this->db->DateFormat($com['timestamp']);
                 $comhostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $com['host']) ? 'IP' : 'Host';
                 $comhost = $this->db->VARS['show_ip'] == 1 ? '<em>' . $comhostname . ': ' . $com['host'] . "</em><br />\n" : '';
                 $com['comments'] = $this->db->VARS['smilies'] == 1 ? nl2br($this->db->emotion($com['comments'])) : nl2br($com['comments']);
                 $com['name'] = $this->db->CensorBadWords($com['name']);
                 $com['comments'] = $this->db->CensorBadWords($com['comments']);
                 $COMGRAVATAR = '';
                 $COMEMAIL = '';
                 if (!empty($com['email'])) {
                     $COMGRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? 'padding-left:26px;background: url(http://www.gravatar.com/avatar/' . md5($com['email']) . '?s=24&amp;d=wavatar&amp;r=G) no-repeat;' : '';
                     if ($this->db->VARS['require_email'] < 2) {
                         $com['email'] = $this->db->CensorBadWords($com['email']);
                         if ($this->db->VARS['encrypt_email'] == 1) {
                             $COMMAILTO = $this->db->html_encode('mailto:' . $com['email']);
                         } else {
                             $COMMAILTO = 'mailto:' . $com['email'];
                         }
                         eval("\$COMEMAIL = \"" . $template['com_email'] . "\";");
                     } else {
                         $COMEMAIL = '';
                     }
                 }
                 eval("\$COMMENT .= \"" . $template['com'] . "\";");
             }
             unset($com);
             if ($this->db->VARS['hide_comments'] == 1 && $comment_count > 0) {
                 $COMMENTDIV = "<br style=\"clear:both;\" /><a href=\"javascript: ;\" onclick=\"toggleSlide('" . $row['id'] . "', " . $comment_count . ");\" style=\"clear:both;display:none;\" id=\"comtext_" . $row['id'] . "\" class=\"comHide\">" . $LANG['BookMess12'] . " (" . $comment_count . ")</a>";
                 $COMMENTDIV .= "<div id=\"com" . $row['id'] . "_open\" style=\"position:relative;\" class=\"comDiv\">";
                 $COMMENTDIV .= $COMMENT;
                 $COMMENTDIV .= '</div>';
                 $COMMENT = $COMMENTDIV;
                 unset($COMMENTDIV);
             }
         }
         $theirbrowser = $this->db->browser_detect($row['browser']);
         eval("\$GB_ENTRIES .= \"" . $template['entry'] . "\";");
         $COMMENT = '';
         $id--;
         if ($this->db->VARS['ad_pos'] > $last_entry && $this->db->VARS['ad_code'] != '' && $i == $last_entry) {
             $GB_ENTRIES .= '<tr bgcolor="';
             $GB_ENTRIES .= $i % 2 ? $this->db->VARS['tb_color_2'] : $this->db->VARS['tb_color_1'];
             $GB_ENTRIES .= '"><td colspan="2" align="center" class="font1">' . $this->db->VARS['ad_code'] . '</td></tr>';
             $i++;
         }
     }
     $TPL['GB_ENTRIES'] = $GB_ENTRIES;
     return $TPL;
 }
예제 #3
0
 function show_entry($tbl = "gb")
 {
     global $entry, $record, $GB_UPLOAD;
     $entry = intval($entry);
     $record = intval($record);
     if ($tbl == "priv") {
         $gb_tbl = $this->table['priv'];
         $book_id = 1;
     } else {
         $gb_tbl = $this->table['data'];
         $tbl = "gb";
         $book_id = 2;
     }
     $entries_per_page = intval($this->VARS["entries_per_page"]);
     if (!isset($entry)) {
         $entry = 0;
     }
     if (!isset($record)) {
         $record = 0;
     }
     $next_page = $entry + $entries_per_page;
     $prev_page = $entry - $entries_per_page;
     $this->db->query("select count(*) total from {$gb_tbl}");
     $this->db->fetch_array($this->db->result);
     $total = $this->db->record['total'];
     if ($record > 0 && $record <= $total) {
         $entry = $total - $record;
         $next_page = $entry + $entries_per_page;
         $prev_page = $entry - $entries_per_page;
     }
     $result = $this->db->query("select x.*, y.p_filename, y.width, y.height from {$gb_tbl} x left join " . $this->db->table['pics'] . " y on (x.id=y.msg_id and y.book_id={$book_id}) order by id desc limit {$entry}, {$entries_per_page}");
     $img = new gb_image();
     $img->set_border_size($this->VARS["img_width"], $this->VARS["img_height"]);
     $this->NoCacheHeader();
     include_once "./admin/panel_easy.php";
     include_once "./admin/footer.inc.php";
 }
예제 #4
0
 function add_guest()
 {
     global $GB_PG;
     if ($this->preview == 1 && $this->user_img) {
         $img = new gb_image();
         $img->set_destdir($this->include_path . '/public');
         $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']);
         if ($this->db->VARS['thumbnail'] == 1) {
             $min_size = 1024 * $this->db->VARS['thumb_min_fsize'];
             $img->set_min_filesize($min_size);
             $img->set_prefix('t_');
             $img->create_thumbnail($this->include_path . '/tmp/' . $this->user_img, $this->user_img);
         }
         copy($this->include_path . '/tmp/' . $this->user_img, $this->include_path . '/public/' . $this->user_img);
         unlink($this->include_path . '/tmp/' . $this->user_img);
         $this->image_file = $this->user_img;
     }
     if ($this->db->VARS['allow_html'] == 1) {
         $this->comment = $this->db->allowed_html($this->comment);
     }
     if ($this->db->VARS['agcode'] == 1) {
         $this->comment = $this->db->AGCode($this->comment);
     }
     if (get_magic_quotes_gpc()) {
         $this->strip_all_slashes();
     }
     $this->name = $this->db->escape_string($this->name);
     $this->location = $this->db->escape_string($this->location);
     $this->aim = $this->db->escape_string($this->aim);
     $this->msn = $this->db->escape_string($this->msn);
     $this->yahoo = $this->db->escape_string($this->yahoo);
     $this->skype = $this->db->escape_string($this->skype);
     $this->email = $this->db->escape_string($this->email);
     $this->url = $this->db->escape_string($this->url);
     $this->ip = $this->db->escape_string($this->ip);
     $this->gender = $this->db->escape_string($this->gender);
     $host = $this->db->escape_string(htmlspecialchars(gethostbyaddr($this->ip)));
     $agent = $this->db->escape_string(htmlspecialchars($_SERVER['HTTP_USER_AGENT']));
     $the_time = time();
     if ($this->db->VARS['require_checking'] == 1) {
         $this->accepted = $this->private == 1 ? '1' : '0';
     }
     // Check for moderation words
     if ($this->db->BlockBadWords($this->name, 3) || $this->db->BlockBadWords($this->email, 3) || $this->db->BlockBadWords($this->location, 3) || $this->db->BlockBadWords($this->comment, 3) || $this->db->BlockBadWords($this->url, 3)) {
         $this->accepted = $this->private == 1 ? $this->accepted : '0';
     }
     $sql_usertable = $this->private == 1 && $this->db->VARS['allow_private'] == 1 ? LAZ_TABLE_PREFIX . '_private' : LAZ_TABLE_PREFIX . '_data';
     $this->db->query("INSERT INTO {$sql_usertable} (name,gender,email,url,date,location,host,browser,comment,icq,aim,msn,yahoo,skype,accepted,ip) VALUES ('{$this->name}','{$this->gender}','{$this->email}','{$this->url}',{$the_time},'{$this->location}','{$host}','{$agent}','" . $this->db->escape_string($this->comment) . "','{$this->icq}','{$this->aim}','{$this->msn}','{$this->yahoo}','{$this->skype}',{$this->accepted},'{$this->ip}')");
     $entry_id = $this->db->insert_id();
     $imagedata = array('mime' => '', 'name' => '', 'data' => '');
     if (!empty($this->image_file) || !empty($this->user_img)) {
         $size = getimagesize("{$this->include_path}/public/{$this->image_file}");
         if (is_array($size) && ($size[2] > 0 && $size[2] < 4 || $size[2] == 6)) {
             $book_id = $this->private == 1 ? 1 : 2;
             $p_filesize = filesize("{$this->include_path}/public/{$this->image_file}");
             $this->db->fetch_array($this->db->query("SELECT MAX(id) AS msg_id FROM {$sql_usertable}"));
             $this->db->query("INSERT INTO " . LAZ_TABLE_PREFIX . "_pics (msg_id,book_id,p_filename,p_size,width,height) VALUES ('" . $this->db->record['msg_id'] . "',{$book_id},'{$this->image_file}','{$p_filesize}','{$size['0']}','{$size['1']}')");
             if ($this->db->VARS['html_email'] == 1) {
                 if (!empty($size['mime'])) {
                     $imagedata['mime'] = $size['mime'];
                 } else {
                     $mimetype = array(1 => 'image/gif', 2 => 'image/jpeg', 3 => 'image/png', 6 => 'image/png');
                     $imagedata['mime'] = $mimetype[$size[2]];
                 }
                 $imagedata['name'] = $this->image_file;
                 $imgdata = file_get_contents($this->include_path . '/public/' . $this->image_file);
                 $imagedata['data'] = chunk_split(base64_encode($imgdata));
             }
         }
     }
     $LANG =& $this->db->LANG;
     if ($this->db->check_emailaddress($this->db->VARS['book_mail']) && $this->db->VARS['always_bookemail'] == 1) {
         $admin_email = $this->db->VARS['book_mail'];
     } else {
         $admin_emails = explode(',', $this->db->VARS['admin_mail']);
         if ($this->db->check_emailaddress($admin_emails[0])) {
             $admin_email = $admin_emails[0];
         } else {
             $admin_email = 'guestbookentry@' . $host;
         }
     }
     if ($this->email == '' || $this->db->VARS['always_bookemail'] == 1) {
         $from_email = $admin_email;
     } else {
         $from_email = $this->email;
     }
     $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $host) ? 'IP' : 'Host';
     $messagebody = '<div style="background-color:#fff;border:1px solid #a5cae4;border-radius:5px;padding:5px;">';
     $messagebody .= $LANG['FormName'] . ': ' . $this->name . "<br />\n";
     $messagebody .= $hostname . ': ' . $host . ' (' . $this->ip . ")<br />\n";
     $messagebody .= $this->location != '' ? $LANG['FormLoc'] . ': ' . $this->location . "<br />\n" : '';
     $messagebody .= $this->email != '' ? $LANG['FormEmail'] . ': <a href="mailto:' . $this->email . '">' . $this->email . "</a><br />\n" : '';
     $messagebody .= $this->url != '' ? $LANG['FormUrl'] . ': <a href="' . $this->url . '" target="_blank">' . $this->url . "</a><br />\n" : '';
     $messagebody .= $this->aim != '' ? 'AIM: ' . $this->aim . "<br .>\n" : '';
     $messagebody .= $this->icq != '' ? 'ICQ: ' . $this->icq . "<br />\n" : '';
     $messagebody .= $this->msn != '' ? 'MSN: ' . $this->msn . "<br />\n" : '';
     $messagebody .= $this->yahoo != '' ? 'Yahoo: ' . $this->yahoo . "<br />\n" : '';
     $messagebody .= $this->skype != '' ? 'Skype: ' . $this->skype . "<br />\n" : '';
     $messagebody .= '<hr style="min-height:1px;margin:20px 0 10px;border:0;color:#d7edfc;background-color:#d7edfc" />';
     $messagebody .= "<br />\n<br />\n" . nl2br($this->comment);
     if ($GB_PG['base_url'] != '') {
         $messagebody .= "<br />\n<br />\n<div style=\"background-color:#f0f7fc;border-top:1px solid #d7edfc;padding:2px;\">";
         if ($sql_usertable == LAZ_TABLE_PREFIX . '_data') {
             $urlDivider = strpos($this->db->VARS['laz_url'], '?') > 0 ? '&' : '?';
             $messagebody .= $LANG['EmailAdminSubject'] . ': <a href="' . $this->db->VARS['laz_url'] . $urlDivider . 'permalink=true&entry=' . $entry_id . '">' . $this->db->VARS['laz_url'] . $urlDivider . 'permalink=true&entry=' . $entry_id . "</a><br>\n";
             $messagebody .= $this->accepted == 0 ? $LANG['AdminAccept'] . ': <a href="' . $GB_PG['admin'] . '?action=accept&amp;tbl=gb&amp;id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=accept&amp;tbl=gb&amp;id=' . $entry_id . "</a><br>\n" : $LANG['AdminUnaccept'] . ': <a href="' . $GB_PG['admin'] . '?action=unaccept&amp;tbl=gb&amp;id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=unaccept&amp;tbl=gb&amp;id=' . $entry_id . "</a><br>\n";
         }
         $messagebody .= $LANG['AdminEdit'] . ': <a href="' . $GB_PG['admin'] . '?action=edit&amp;tbl=gb&amp;id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=edit&amp;tbl=gb&amp;id=' . $entry_id . "</a><br />\n";
         $messagebody .= $LANG['AdminDelete'] . ': <a href="' . $GB_PG['admin'] . '?action=del&amp;tbl=gb&amp;id=' . $entry_id . '">' . $GB_PG['admin'] . '?action=del&amp;tbl=gb&amp;id=' . $entry_id . "</a><br />\n";
         $messagebody .= $LANG['FormSelect'] . ': <a href="' . $this->db->VARS['laz_url'] . '">' . $this->db->VARS['laz_url'] . "</a><br />\n";
         $messagebody .= '</div>';
     }
     $messagebody .= '</div>';
     //$messagebody = stripslashes($messagebody);
     $fromname = $this->db->undo_htmlspecialchars(stripslashes($this->name));
     if ($this->db->VARS['notify_guest'] == 1 && $this->email != '' && $admin_email != '') {
         $email_message = nl2br($this->db->AGCode($this->db->VARS['notify_mes']));
         $email_message = str_replace('[NAME]', stripslashes($this->name), $email_message);
         $this->db->send_email($this->email, $this->db->LANG['EmailGuestSubject'], $email_message, 'From: "' . strip_tags($this->db->VARS['book_name']) . '" <' . $admin_email . '>', $admin_email);
     }
     $admin_emails = explode(',', $this->db->VARS['admin_mail']);
     foreach ($admin_emails as $adminsaddy) {
         $adminsaddy = trim($adminsaddy);
         if ($this->db->check_emailaddress($adminsaddy)) {
             if ($this->db->VARS['notify_private'] == 1 && $this->private == 1) {
                 $this->db->send_email($adminsaddy, $this->db->LANG['EmailAdminSubject'] . ' - ' . $this->db->LANG['FormPriv'], $this->db->LANG['FormPriv'] . "<br>\n<br>\n" . $messagebody, 'From: "' . $fromname . '" <' . $from_email . '>', $from_email, $imagedata);
             }
             if (($this->db->VARS['notify_admin'] == 1 || $this->db->VARS['require_checking'] == 1) && $this->private == 0) {
                 $this->db->send_email($adminsaddy, $this->db->LANG['EmailAdminSubject'], $messagebody, 'From: "' . $fromname . '" <' . $from_email . '>', $from_email, $imagedata);
             }
         }
     }
     $this->db->query("INSERT INTO " . LAZ_TABLE_PREFIX . '_ip' . " (guest_ip,timestamp) VALUES ('{$this->ip}','{$the_time}')");
     $LANG =& $this->db->LANG;
     $VARS =& $this->db->VARS;
     $success_message = $LANG['BookMess10'];
     if ($this->accepted == 0) {
         $success_message = $LANG['BookMess11'];
     }
     $success_html = '';
     eval("\$success_html .= \"" . $this->template->get_template('success_header') . "\";");
     eval("\$success_html .= \"" . $this->template->get_template('success') . "\";");
     eval("\$success_html .= \"" . $this->template->get_template('footer', false) . "\";");
     return $success_html;
 }
예제 #5
0
 function show_entry($tbl = 'gb', $rid = '', $amessage = '')
 {
     global $entry, $record, $GB_UPLOAD;
     $entry = intval($entry);
     $record = intval($record);
     $rid = intval($rid);
     $entry = !empty($rid) ? $rid : $entry;
     if ($tbl == 'priv') {
         $gb_tbl = LAZ_TABLE_PREFIX . '_private';
         $book_id = 1;
     } else {
         $gb_tbl = LAZ_TABLE_PREFIX . '_data';
         $tbl = 'gb';
         $book_id = 2;
     }
     $entries_per_page = intval($this->VARS['entries_per_page']);
     if (!isset($entry)) {
         $entry = 0;
     }
     if (!isset($record)) {
         $record = 0;
     }
     $next_page = $entry + $entries_per_page;
     $prev_page = $entry - $entries_per_page;
     $this->db->query("select count(*) total from {$gb_tbl}");
     $this->db->fetch_array($this->db->result);
     $total = $this->db->record['total'];
     if ($record > 0 && $record <= $total) {
         $entry = $total - $record;
         $next_page = $entry + $entries_per_page;
         $prev_page = $entry - $entries_per_page;
     }
     if (empty($_GET['unacc'])) {
         $result = $this->db->query("select x.*, y.p_filename, y.width, y.height from {$gb_tbl} x left join " . LAZ_TABLE_PREFIX . "_pics y on (x.id=y.msg_id and y.book_id={$book_id}) order by id desc limit {$entry}, {$entries_per_page}");
     } else {
         $result = $this->db->query("SELECT a.*, COUNT(b.ID) as cnt,c.p_filename, c.width, c.height FROM " . LAZ_TABLE_PREFIX . "_data as a LEFT OUTER JOIN " . LAZ_TABLE_PREFIX . "_com as b ON a.ID = b.ID LEFT OUTER JOIN " . LAZ_TABLE_PREFIX . "_pics as c ON a.ID = c.msg_ID WHERE a.ID IN ( SELECT ID FROM " . LAZ_TABLE_PREFIX . "_data WHERE accepted = 0 UNION SELECT ID FROM " . LAZ_TABLE_PREFIX . "_com WHERE comaccepted = 0 ) GROUP BY a.ID, c.p_filename, c.width, c.height order by id desc limit {$entry}, {$entries_per_page}");
     }
     $img = new gb_image();
     $img->set_border_size($this->VARS['img_width'], $this->VARS['img_height']);
     $this->NoCacheHeader();
     $amessage = $amessage != '' ? '<div class="success">' . $amessage . '</div>' : '';
     include_once './admin/panel_easy.php';
     include_once './admin/footer.inc.php';
 }
예제 #6
0
 function comment_form($extra_html = '')
 {
     global $GB_PG, $gbsession, $rid, $uid, $included;
     //, $include_path;
     if ($this->db->VARS['disablecomments'] != 1 && (!empty($_GET['gbsession']) && !empty($_GET['uid']))) {
         $GB_PG['comment'] = $GB_PG['comment'] . '?gbsession=' . $gbsession . '&amp;rid=' . $rid . '&amp;uid=' . $uid . '&amp;included=' . $included;
     }
     $this->db->query("SELECT x.*, y.p_filename, y.width, y.height, z.comments from " . LAZ_TABLE_PREFIX . "_data x left join " . LAZ_TABLE_PREFIX . "_pics y on (x.id=y.msg_id and y.book_id=2) left join " . LAZ_TABLE_PREFIX . "_com z on (x.id=z.id) WHERE (x.accepted='1' AND x.id=" . $this->id . ") LIMIT 1");
     $row = $this->db->fetch_array($this->db->result);
     $LANG =& $this->db->LANG;
     $VARS =& $this->db->VARS;
     if (isset($_COOKIE['lang']) && !empty($_COOKIE['lang']) && file_exists(LAZ_INCLUDE_PATH . '/lang/codes-' . $_COOKIE['lang'] . '.php')) {
         $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-' . $_COOKIE['lang'] . '.php';
     } elseif (file_exists(LAZ_INCLUDE_PATH . '/lang/codes-' . $VARS['lang'] . '.php')) {
         $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-' . $VARS['lang'] . '.php';
     } else {
         $LANG_CODES = $GB_PG['base_url'] . '/lang/codes-english.php';
     }
     $antispam = $this->db->VARS['antispam_word'];
     $HTML_CODE = $this->db->VARS['allow_html'] == 1 ? $this->db->LANG['BookMess2'] : $this->db->LANG['BookMess1'];
     $AG_CODE = $this->db->VARS['agcode'] == 1 ? '<a href="' . $LANG_CODES . '?show=agcode" onclick="openCentered(\'' . $LANG_CODES . '?show=agcode\',\'_codes\',640,450,\'scrollbars=yes\')" target="_codes">' . $this->db->LANG['FormMess3'] . '</a>' : $this->db->LANG['FormMess6'];
     $SMILE_CODE = $this->db->VARS['smilies'] == 1 ? $this->db->LANG['FormMess2'] : $this->db->LANG['FormMess7'];
     $DATE = $this->db->DateFormat($row['date']);
     $MESSAGE = nl2br($row['comment']);
     $id = $this->id;
     $bgcolor = $this->db->VARS['tb_color_1'];
     $COMMENT = '';
     if ($row['p_filename'] && preg_match('/^img-/', $row['p_filename'])) {
         $img = new gb_image();
         $img->set_border_size($this->db->VARS['img_width'], $this->db->VARS['img_height']);
         $new_img_size = $img->get_img_size_format($row['width'], $row['height']);
         $row['p_filename2'] = $row['p_filename'];
         $GB_UPLOAD = 'public';
         if (file_exists($this->path . '/public/t_' . $row['p_filename'])) {
             $row['p_filename2'] = 't_' . $row['p_filename2'];
         }
         eval("\$USER_PIC = \"" . $this->template->get_template('user_pic') . "\";");
     } else {
         $USER_PIC = '';
     }
     $row['name'] = $this->db->CensorBadWords($row['name']);
     $MESSAGE = $this->db->CensorBadWords($MESSAGE);
     if ($this->db->VARS['smilies'] == 1) {
         $MESSAGE = $this->db->emotion($MESSAGE);
         $LAZSMILEYS = $this->db->generate_smilies();
     } else {
         $LAZSMILEYS = '';
     }
     if ($row['url'] && $this->db->VARS['allow_url'] == 1) {
         $row['url'] = $this->db->CensorBadWords($row['url']);
         eval("\$URL = \"" . $this->template->get_template('url') . "\";");
     } else {
         $URL = '';
     }
     if ($row['location'] && $this->db->VARS['allow_loc'] == 1) {
         $row['location'] = $this->db->CensorBadWords($row['location']);
         $THEIRLOC = urlencode($row['location']);
         eval("\$LOCATION = \"" . $this->template->get_template('location') . "\";");
     } else {
         $LOCATION = '';
     }
     if ($row['icq'] && $this->db->VARS['allow_icq'] == 1 && $row['icq'] != 0) {
         eval("\$ICQ = \"" . $this->template->get_template('icq') . "\";");
     } else {
         $ICQ = '';
     }
     if ($row['aim'] && $this->db->VARS['allow_aim'] == 1) {
         eval("\$AIM = \"" . $this->template->get_template('aim') . "\";");
     } else {
         $AIM = '';
     }
     if ($row['msn'] && $this->db->VARS['allow_msn'] == 1) {
         eval("\$MSN = \"" . $this->template->get_template('msn') . "\";");
     } else {
         $MSN = '';
     }
     if ($row['yahoo'] && $this->db->VARS['allow_yahoo'] == 1) {
         eval("\$YAHOO = \"" . $this->template->get_template('yahoo') . "\";");
     } else {
         $YAHOO = '';
     }
     if ($row['skype'] && $this->db->VARS['allow_skype'] == 1) {
         eval("\$SKYPE = \"" . $this->template->get_template('skype') . "\";");
     } else {
         $SKYPE = '';
     }
     if ($row['email']) {
         $GRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? ' background: transparent url(http://www.gravatar.com/avatar/' . md5($row['email']) . '?s=24&amp;d=wavatar&amp;r=G) no-repeat right;' : '';
         if ($this->db->VARS['require_email'] < 2) {
             $row['email'] = $this->db->CensorBadWords($row['email']);
             if ($this->db->VARS['encrypt_email'] == 1) {
                 $MAILTO = $this->db->html_encode('mailto:' . $row['email']);
             } else {
                 $MAILTO = 'mailto:' . $row['email'];
             }
             eval("\$EMAIL = \"" . $this->template->get_template('email') . "\";");
         } else {
             $EMAIL = '';
         }
     } else {
         $GRAVATAR = '';
         $EMAIL = '';
     }
     if ($this->db->VARS['allow_gender'] == 1) {
         if ($row['gender'] == 'f') {
             eval("\$GENDER = \"" . $this->template->get_template('img_female') . "\";");
         } elseif ($row['gender'] == 'm') {
             eval("\$GENDER = \"" . $this->template->get_template('img_male') . "\";");
         } else {
             $GENDER = '';
         }
     } else {
         $GENDER = '';
     }
     if ($this->db->VARS['show_ip'] == 1) {
         $hostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $row['host']) ? 'IP' : 'Host';
         $HOST = '<em style="font-weight: normal;">' . $hostname . ': ' . $row['host'] . "</em>\n";
     } else {
         $HOST = '';
     }
     $TIMEHASH = $this->db->generate_timehash();
     $TimehashTag = '<input type="hidden" name="gb_timehash" value="' . $TIMEHASH . '" />';
     $EXTRAJS = '';
     $OPTIONS[] = '';
     $EMAILREQ = '';
     $EMAILDISPLAYED = $this->db->VARS['require_email'] > 2 ? $LANG['FormEmailDisplay'] : '';
     if ($this->db->VARS['require_email'] == 1 || $this->db->VARS['require_email'] == 4) {
         $EXTRAJS .= 'document.getElementById(\'gb_email\').value = trim(document.getElementById(\'gb_email\').value);
     if(document.getElementById(\'gb_email\').value == "") {
       errorStyling(\'gb_email\');
       errorMessages[errorNum++] = "' . $LANG['ErrorPost12'] . '";
     }';
         $EMAILREQ = '*';
     }
     $footerJS = '';
     if ($this->db->VARS['require_email'] != 2) {
         eval("\$OPTIONS['email'] = \"" . $this->template->get_template('form_email') . "\";");
     }
     if ($this->db->VARS['honeypot'] == 1) {
         $honeypot = '<br /><span id="gb_username"><input type="checkbox" name="gb_username" value="1" /> Spammer?</span><br />';
         $footerJS .= "document.getElementById('gb_username').style.display = 'none';\n";
     } else {
         $honeypot = '';
     }
     if ($this->db->VARS['need_pass'] == 1) {
         $com_question = '';
         if ($this->db->VARS['com_question'] != '') {
             $com_question = $this->db->VARS['com_question'] . "<br />\n";
             // This is a bit of a hack but means only editing this file and ot the template as well
             $LANG['FormPass'] = $LANG['FormBot'];
         }
         $EXTRAJS .= 'document.getElementById(\'gb_bottest\').value = trim(document.getElementById(\'gb_bottest\').value);
     if(document.getElementById(\'gb_bottest\').value == "") {
       errorStyling(\'gb_bottest\');
       errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '";
     }';
         eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('com_pass') . "\";");
     } elseif ($this->db->VARS['need_pass'] == 2) {
         if ($this->db->VARS['solve_media'] == 1) {
             $EXTRAJS .= 'document.getElementById(\'adcopy_response\').value = trim(document.getElementById(\'adcopy_response\').value);
     if(document.getElementById(\'adcopy_response\').value == "") {
       errorStyling(\'adcopy_response\');
       errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '";
     }';
             require_once LAZ_INCLUDE_PATH . '/solvemedialib.php';
             //include the Solve Media library
             $SolveMedia = solvemedia_get_html('G8vem0b2VDBXju20c9OwHO7makkjC9-o');
             //outputs the widget
             eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('form_captcha2') . "\";");
         } else {
             $EXTRAJS .= 'document.getElementById(\'gb_bottest\').value = trim(document.getElementById(\'gb_bottest\').value);
     if(document.getElementById(\'gb_bottest\').value == "") {
       errorStyling(\'gb_bottest\');
       errorMessages[errorNum++] = "' . $LANG['ErrorPost13'] . '";
     }';
             $footerJS .= "document.getElementById('captchaReload').style.display = 'block';\nreloadCaptcha();";
             eval("\$OPTIONS['antibot'] = \"" . $this->template->get_template('form_captcha') . "\";");
         }
     }
     $OPTIONAL = implode("\n", $OPTIONS);
     $GB_COMMENT = '#';
     $GB_ENTRY = '';
     $display_tags = $this->db->create_buttons($LANG_CODES);
     if ($row['comments']) {
         $coms = $this->db->query("SELECT * FROM " . LAZ_TABLE_PREFIX . "_com WHERE id='" . $this->id . "' AND comaccepted='1' order by com_id asc");
         while ($com = $this->db->fetch_array($coms)) {
             $COMDATE = $this->db->DateFormat($com['timestamp']);
             $comhostname = preg_match('/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/', $com['host']) ? 'IP' : 'Host';
             $comhost = $this->db->VARS['show_ip'] == 1 ? '<i>' . $comhostname . ': ' . $com['host'] . "</i><br />\n" : '';
             $com['comments'] = $this->db->VARS['smilies'] == 1 ? nl2br($this->db->emotion($com['comments'])) : nl2br($com['comments']);
             $com['name'] = $this->db->CensorBadWords($com['name']);
             $com['comments'] = $this->db->CensorBadWords($com['comments']);
             $COMEMAIL = '';
             $COMGRAVATAR = '';
             $template['com_email'] = $this->template->get_template('com_email');
             if (!empty($com['email'])) {
                 $COMGRAVATAR = $this->db->VARS['use_gravatar'] == 1 ? 'padding-left:26px;background: url(http://www.gravatar.com/avatar/' . md5($com['email']) . '?s=24&amp;d=wavatar&amp;r=G) no-repeat;' : '';
                 if ($this->db->VARS['require_email'] < 2) {
                     $template['com_email'] = $this->template->get_template('com_email');
                     $com['email'] = $this->db->CensorBadWords($com['email']);
                     if ($this->db->VARS['encrypt_email'] == 1) {
                         $COMMAILTO = $this->db->html_encode('mailto:' . $com['email']);
                     } else {
                         $COMMAILTO = 'mailto:' . $com['email'];
                     }
                     eval("\$COMEMAIL = \"" . $template['com_email'] . "\";");
                 } else {
                     $COMEMAIL = '';
                 }
             }
             eval("\$COMMENT .= \"" . $this->template->get_template('com') . "\";");
         }
     }
     $theirbrowser = $this->db->browser_detect($row['browser']);
     $comment_html = '';
     $COMMENTLINK = '';
     $PERMALINK = '';
     eval("\$GB_ENTRY = \"" . $this->template->get_template('entry') . "\";");
     $GB_ENTRY .= $TimehashTag;
     eval("\$comment_html = \"" . $this->template->get_template('header') . "\";");
     eval("\$comment_html .= \"" . $this->template->get_template('comment') . "\";");
     eval("\$comment_html .= \"" . $this->template->get_template('footer') . "\";");
     return $comment_html;
 }