function guestbook_validate($entry) { global $MAX_NAME_LENGTH; global $MAX_EMAIL_LENGTH; global $MAX_URL_LENGTH; global $MAX_COMMENTS_LENGTH; global $MIN_COMMENTS_LENGTH; global $NAME_FIELD_NAME; global $EMAIL_FIELD_NAME; global $URL_FIELD_NAME; global $COMMENTS_FIELD_NAME; global $ERROR_MSG_BAD_WORD; global $dbs_error; $dbs_error = ""; validate_notempty($entry, "name", $NAME_FIELD_NAME); global $ENABLE_COMMENT_FIELD; if ($ENABLE_COMMENT_FIELD === TRUE) { if (validate_notempty($entry, "comments", $COMMENTS_FIELD_NAME)) { validate_minlength($entry, "comments", $MIN_COMMENTS_LENGTH, $COMMENTS_FIELD_NAME); } } else { if (isset($entry["comments"])) { die("Comments field is disabled."); } } validate_length($entry, "name", $MAX_NAME_LENGTH, $NAME_FIELD_NAME); validate_notags($entry, "name", $NAME_FIELD_NAME); validate_length($entry, "email", $MAX_EMAIL_LENGTH, $EMAIL_FIELD_NAME); validate_email($entry, "email", $EMAIL_FIELD_NAME); validate_length($entry, "url", $MAX_URL_LENGTH, $URL_FIELD_NAME); validate_url($entry, "url", $URL_FIELD_NAME); validate_length($entry, "comments", $MAX_COMMENTS_LENGTH, $COMMENTS_FIELD_NAME); validate_notags($entry, "comments", $COMMENTS_FIELD_NAME); validate_max_word_length($entry, "comments", $COMMENTS_FIELD_NAME); if (isset($entry["name"]) && has_bad_word($entry["name"]) || isset($entry["comments"]) && has_bad_word($entry["comments"]) || isset($entry["url"]) && has_bad_word($entry["url"]) || isset($entry["email"]) && has_bad_word($entry["email"])) { $dbs_error .= htmlspecialchars_default($ERROR_MSG_BAD_WORD) . '<br />'; } global $PREVENT_URLS_IN_COMMENTS; if ($PREVENT_URLS_IN_COMMENTS === TRUE && isset($entry["comments"]) && has_url($entry["comments"])) { global $ERROR_MSG_URLS_NOT_ALLOWED; $dbs_error .= htmlspecialchars_default($ERROR_MSG_URLS_NOT_ALLOWED) . '<br />'; } // Challenge-response test global $CHALLENGE_ENABLED; if ($CHALLENGE_ENABLED === TRUE) { // Check entered value global $CHALLENGE_FIELD_PARAM_NAME; $entered_challenge_value = $entry[$CHALLENGE_FIELD_PARAM_NAME]; if (!isChallengeAccepted($entered_challenge_value)) { // Android! global $ERROR_MSG_BAD_CHALLENGE_STRING; $dbs_error .= htmlspecialchars_default($ERROR_MSG_BAD_CHALLENGE_STRING) . '<br />'; } } // Time delay test global $MIN_POST_DELAY; global $MAX_POST_DELAY; global $ERROR_MSG_MIN_DELAY_STRING; global $ERROR_MSG_MAX_DELAY_STRING; @session_start(); if (!isset($_SESSION['dbs_req_time'])) { $dbs_error .= htmlspecialchars_default($ERROR_MSG_MAX_DELAY_STRING) . '<br />'; } else { $delay = time() - $_SESSION['dbs_req_time']; if ($delay < $MIN_POST_DELAY) { $dbs_error .= htmlspecialchars_default($ERROR_MSG_MIN_DELAY_STRING) . '<br />'; } else { if ($delay > $MAX_POST_DELAY) { $dbs_error .= htmlspecialchars_default($ERROR_MSG_MAX_DELAY_STRING) . '<br />'; } } } return empty($dbs_error); }
*/ //Includes config file include "includes/config.inc.php"; $CHALLENGE_FIELD_PARAM_NAME = "challenge_string"; //Includes config file include "includes/challenge.php"; //Includes global class file include DIR_CLASSES . "/clsGlobal.php"; //Creates object for global class file $hldGlobal = new clsGlobal($hdlDb); if ($_POST["Submit"] == "Contact Us") { $intSuccess = 0; if (trim($_POST["name"]) == "" || trim($_POST["email"]) == "" || trim($_POST["briefmessage"] == "" || trim($_POST['challenge_string']) == "")) { $intSuccess = 1; } else { if (isChallengeAccepted($_POST['challenge_string']) === FALSE) { $intSuccess = 3; } else { $sqlContact = "INSERT INTO tblContact(id,name,email,briefmessage) VALUES('','" . addslashes(trim($_POST["name"])) . "','" . addslashes(trim($_POST["email"])) . "','" . addslashes(trim($_POST["briefmessage"])) . "')"; mysql_query($sqlContact) or die(mysql_error()); $intSuccess = 2; header("Location:contactus.php?succ=2"); } } } //Creates the object for sigma template. $hdlTpl =& new HTML_Template_Sigma(DIR_TEMPLATE, DIR_TEMPLATE . "/prepared"); //Loads index template file $hdlTpl->loadTemplateFile("contactus.htm", TRUE, TRUE); $strHeader = $hldGlobal->fnGetHeader(); //Fetches header template