$post_id,"gbid"=>$gbid,"name"=>$name,"email"=>$email,"message"=>$message,"date"=>$date,"ip_addr"=>$ip_addr,"show_email"=>$show_email,"show_message"=>$show_message,"approved"=>$approved);'; # GETTING THE VARIABLES POSTED THROUGH THE FORM(S) /* $docroot=$_SERVER['DOCUMENT_ROOT']; $referer=$_SERVER['HTTP_REFERER']; $refurl=parse_url($referer); $refpath=$docroot.$refurl["path"]; foreach ($urlcomps as $key=>$val){echo "The value of $key is $val

";} */ if($_POST['gbid']){$gbid=$_POST['gbid'];} elseif($_GET['gbid']){$gbid=$_GET['gbid'];} $show_email="yes"; if($_POST['show_email']){$show_email=$_POST['show_email'];} $show_message="yes"; if($_POST['show_message']){$show_message=$_POST['show_message'];} if($_POST['name']){$name=$_POST['name'];$name=CleanName($name);} if($_POST['email']){$email=$_POST['email']; $email=CleanEmail($email);$email=EncodeMessage($email);} if($_POST['message']) { $message=$_POST['message']; # MESSAGE $message = trim($message); if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ $message=stripslashes($message); } } //$message=stripslashes($message); $message=EncodeMessage($message); $message=ConvertToHtml ($message); if (preg_match('//'.i,$message)==1 AND preg_match('/<\/B>/'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==0){$message=$message."";} if (preg_match('//'.i,$message)==1 AND preg_match('/<\/i>/'.i,$message)==0){$message=$message."";} } if($_POST['task']){$task=$_POST['task'];} elseif($_GET['task']){$task=$_GET['task'];} if($_POST['adpass']){$posted_pass=trim($_POST['adpass']);} if($_POST['imgverify']){$imgverify=$_POST['imgverify'];} if($_POST['random']){$random=$_POST['random'];$random = trim($random);} if($_POST['post_id']){$post_id=$_POST['post_id'];} # POST ID if($_GET['post_id']){$post_id=$_GET['post_id'];} if($_POST['approved']){$approved=$_POST['approved'];} $gb=new Guestbook($gbid); $wcs=new wcs; //#######//#######//#######//TASKS START HERE//#######//#######//#######//#######//####### if ($task=="postnm"){ # from the form in the html guestbook postnm=post new message $gbstatus=GetGBStatus($gbidsfile,$gbid); if ($gbstatus=="b"){die ("Comments for this page were temporarily disabled - Back");} if ($gbid_in_post==0){die("The posting form does not contain a field for the guestbook id, check your form html - Back");} $all_ids=GetGBids($gbidsfile); $gbcheck=0; foreach ($all_ids as $value){ if ($value==$gbid){$gbcheck=1;break;} } if ($gbcheck==0){die ("You are apparently posting from a guestbook with the following id: $gbid, that does not exist on this Comments System - Back");} # Checking for missing name or message if ($name==''){die($nam_field_empty);}# the script stops if the name is missing if (count($name)>40){die ("The name is too long");} if (count($email)>40){die ("The e-mail is too long");} if ($message==''){die($mes_field_empty);}# the script stops if the message is missing # Checking the overall message length if (strlen($message)>$max_message_length){die ($mes_too_long);} # CHECKING FOR TOO LONG WORDS THAT COULD BREAK THE PAGE DESIGN if (CheckLongWords($message, $max_word_length)==0){die ($mes_word_too_long);} ##### CHECK TO SEE IF THE POSTER IS ADMIN #### $resnam_array=array(); $resnam_array[]=$reserved_name; #$resnam_array[]="another name"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate #$resnam_array[]="Alexander"; # to add more reserved names/admin names for posting, create a line like this one for each name you want to add. Of course uncomment the line to activate $check_name=CheckForForbidden($name,$resnam_array); #if ($name==$reserved_name and $activate_res_name==1){ if ($check_name==0 and $activate_res_name==1){ eval("\$adm_verif_form = \"$admin_verif_form\";"); echo $adm_verif_form; } elseif ($enable_image_verification_step==1){ //if ($use_sessions==1){session_unset();session_start();} //session_unset(); session_start(); //echo "the new string is ".$_SESSION['new_string']."

"; //$new_string=CreateCaptchaImage(); //if ($use_sessions==1){$_SESSION['new_string'] = $new_string;} echo "$captcha_pag_title$nocache_meta"; echo "$admin_pag_style\n"."$wcs_login_head

"; //$_SESSION['new_string'] = ''; echo ""; //echo "the new string is ".$_SESSION['new_string']."

"; //echo"

"; //$new_string=CreateCaptchaImage(); //if ($use_sessions==1){session_unset();session_start();} //if ($use_sessions==1){$_SESSION['new_string'] = $new_string;} //echo "the session new string is ".$_SESSION['new_string']; echo "

$type_captcha_code

"; eval("\$captcha_form = \"$captcha_form\";"); echo "$captcha_form"; echo "
$wcs_login_foot"; } elseif ($enable_image_verification_step==0){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 OR $check_mail==0 OR $check_message==0 OR $check_ip==0){$check=0;} if ($check==1){ if ($moderation_active=="yes"){$approved="no";} else{$approved="yes";} $post_id=GetNextAvailableId($posts_file); eval ($create_post_array); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $message=$post->RemoveBreaks($message); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ if ($moderation_active=="no"){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } elseif ($moderation_active=="yes"){ eval("\$email_mssg1 = \"$email_mssg3\";"); msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1); } } echo($confirm); } else{ echo($confirm2); if ($sendmail_onspam==1){ eval("\$email_mssg2 = \"$email_mssg2\";"); msendmail($gbook_email,$admin_email,$email_subj2,$email_mssg2); } } } # end "if captcha disabled" } # END if task=postnm elseif ($task=="ForceDelete"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $wcs->DeleteGuestbook($gbid); echo "Guestbook number $gbid Deleted

"; } else{ echo "$admin_pag_style\n"."$wcs_login_head

"; echo "

Password:

$wcs_login_foot"; } } elseif ($task=="ModifyGBStatus"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_GET['status_tag']){$status_tag=$_GET['status_tag'];} if ($status_tag=="s"){$wcs->ShowGuestbook($gbid);echo 'Guestbook status updated ';} elseif ($status_tag=="h"){$wcs->HideGuestbook($gbid);echo 'Guestbook status updated ';} elseif ($status_tag=="b"){$wcs->BlockGuestbook($gbid);echo 'Guestbook '.$gbid.' blocked ';} elseif ($status_tag=="d"){$wcs->DeleteAndRemoveGB($gbid,$posts_file,$logfile,$additional_pages_name);echo 'Redirecting to Guestbook Manager in 20 seconds ';} //elseif ($status_tag=="r"){RemoveGBfromlist($gbid,$gbidsfile);echo 'Guestbook entirely removed from the system.

You will be redirected to the Guestbook Manager in 2 seconds ';} } else{ echo "$admin_pag_style\n"."$wcs_login_head

"; echo " Password:

$wcs_login_foot"; } } elseif ($task=="ManageGuestbooks"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_GET['showgbs']){$showgbs=$_GET['showgbs'];} else {$showgbs="selected";} $wcs->ManageGuestbooks($showgbs); } else{ echo "$admin_pag_style\n"."$wcs_login_head

"; echo " Password:

$wcs_login_foot"; } } //end ManageGuestbooks elseif($task=="EditGlobalAndDefaultConfigs"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass){ if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);} $_SESSION['adm_pass']=$admin_pass; if($_POST['admin_email']){$admin_email=trim($_POST['admin_email']);} if($_POST['gbook_email']){$gbook_email=trim($_POST['gbook_email']);} if($_POST['reserved_name']){$reserved_name=trim($_POST['reserved_name']);} if($_POST['activate_res_name']){$activate_res_name=trim($_POST['activate_res_name']);} if($_POST['posts_per_page']){$posts_per_page=trim($_POST['posts_per_page']);} if($_POST['sendmail_onpost']){$sendmail_onpost=trim($_POST['sendmail_onpost']);} if($_POST['max_message_length']){$max_message_length=trim($_POST['max_message_length']);} if($_POST['max_word_length']){$max_word_length=trim($_POST['max_word_length']);} $enable_image_verification_step=$_POST['enable_image_verification_step']; if($_POST['additional_pages_name']){$additional_pages_name=trim($_POST['additional_pages_name']);} if($_POST['menu_spacer']){$menu_spacer=$_POST['menu_spacer'];} # this one must not be trimmed! if($_POST['forbidden_strings']){$forbidden_strings=trim($_POST['forbidden_strings']);} if($_POST['banned_ips']){$banned_ips=trim($_POST['banned_ips']);} if($_POST['p_template']){$p_template=implode("\'", preg_split('/\'/', trim($_POST['p_template'])));} if($_POST['nxheader']){$nxheader=implode("\'", preg_split('/\'/', htmlentities(trim($_POST['nxheader']))));} if($_POST['nxfooter']){$nxfooter=implode("\'", preg_split('/\'/', htmlentities(trim($_POST['nxfooter']))));} if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ if($_POST['forbidden_strings']){$forbidden_strings=stripslashes(trim($_POST['forbidden_strings']));} if($_POST['banned_ips']){$banned_ips=stripslashes(trim($_POST['banned_ips']));} if($_POST['p_template']){$p_template=implode("\'", preg_split('/\'/', stripslashes(trim($_POST['p_template']))));} if($_POST['nxheader']){$nxheader=implode("\'", preg_split('/\'/', htmlentities(stripslashes(trim($_POST['nxheader'])))));} if($_POST['nxfooter']){$nxfooter=implode("\'", preg_split('/\'/', htmlentities(stripslashes(trim($_POST['nxfooter'])))));} } } if($_POST['used_language']){$used_language=trim($_POST['used_language']);} if($_POST['posts_file_name']){$posts_file_name=trim($_POST['posts_file_name']);} if($_POST['logfile_name']){$logfile_name=trim($_POST['logfile_name']);} if($_POST['moderation_active']){$moderation_active=trim($_POST['moderation_active']);} $global_config= ''; } }//end EditGlobalAndDefaultConfigs elseif ($task=="CreateGuestbook"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; if($_POST['gbook_title']){ $gbook_title=implode("\'", preg_split('/\'/', trim($_POST['gbook_title']))); if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ $gbook_title=implode("\'", preg_split('/\'/', stripslashes(trim($_POST['gbook_title'])))); } } } else {die("Guestbook title missing, please go back and insert a title and URL");} if($_POST['gbook_url']){$gbook_url=$_POST['gbook_url'];}else {die("URL missing, please go back and insert a title and URL");} $wcs->CreateGuestbook($gbook_url,$gbook_title); } else{ echo "$admin_pag_style\n"." $wcs_login_head

Session expired, please re-login below

Password:

$wcs_login_foot "; } }//end CreateGuestbook elseif ($task=="GlobalConf") # creation/editing of the global configuration file { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; include ("include/default_conf.php"); $global_conf=file("include/global_conf.php"); //$default_conf=file("include/default_conf.php"); //$nxheader=implode("'", preg_split("/\\\'/", $nxheader)); //$nxfooter=implode("'", preg_split("/\\\'/", $nxfooter)); $gb=new Guestbook($gbid); $header=$gb->GetHeader(); $header=htmlentities($header); $footer=$gb->GetFooter(); $footer=htmlentities($footer); $gb=new Guestbook($gbid); foreach($global_conf as $value) { if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;} } $fs_splitted=preg_split('/forbidden_strings=array$/',$forbidden_strings_line); $fs_value=$fs_splitted[1]; $fs_splitted=preg_split('/$;/',$fs_value); $fs_value=$fs_splitted[0]; foreach($global_conf as $value) { if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;} } $bi_splitted=preg_split('/banned_ips=array$/',$banned_ips_line); $bi_value=$bi_splitted[1]; $bi_splitted=preg_split('/$;/',$bi_value); $bi_value=$bi_splitted[0]; if ($moderation_active=="yes"){$option1_modact="yes";$option2_modact="no";} if ($moderation_active=="no") {$option1_modact="no";$option2_modact="yes";} if ($enable_image_verification_step=="0"){$option1_imgverif="0";$option2_imgverif="1";$option_right1="no";$option_right2="yes";} elseif ($enable_image_verification_step=="1"){$option1_imgverif="1";$option2_imgverif="0";$option_right1="yes";$option_right2="no";} #echo $admin_pag_style; echo ' Guestbook configuration page '; //echo $admin_page_style2; echo $admin_pag_style; echo ''.$admin_navigation.''; //eval("\$gb_admin_navigation = \"$gb_admin_navigation\";"); //echo "

$gb_admin_navigation"; echo '

Website Comments System central configuration page

In this section you can:

Set the globlal configuration variables that apply to all guestbooks, such as the admin password, the admin e-mail, badwords, banned IPs and more. Those variables apply to the whole Website Comment System and cannot be changed in the individual guestbooks. You can change those variables at any time, except the logfile and posts file that should be left unchanged once you start creating guestbooks and posting

Set the default values applied to newly created guestbooks. Changes of the default values can be done at any time and will not affect existing guestbooks. Once you create a new guestbook, you will be able to change those variables for this particular guestbook in the guestbook configuration page (accessible from the Guestbook Manager section)

Global configuration variables

Variable	Value	Comments
Administrator e-mail address		The address where e-mails notices are sent to, for example when a new post is made: the e-mail of the website administrator/owner
Website comment system e-mail address		The address that will be in the FROM field of the e-mails sent by this script
Administrator password		We strongly suggest that you change the default password to your own
Use reserved name		Enables the protection of one name (for posting on the guestbook) with the admin password. This reserved name is set on the next variable.
Reserved name		Enter here the name you use to post on your guestbook. If a post is made with the reserved name, the captcha step is replaced by a verification with the admin password. Case does not matters, any post with a name that matches the reserved name, irrespective of upper/lower case is subjected to admin password verification. Tip: if the "use reserved name" variable is set to yes and the reserved name is left blank, any post made with any name will require admin password verification. This is an effective way to "lock" the guestbook if needed
Send e-mail on post		If set to yes, on each post an e-mail will be sent to the guestbook administrator with full post details
Forbidden strings	'.$fs_value.'	Please note: each word, phrase or regular expression is included within quotation marks and separated by the next by a comma: "word1","word2" etc.. You should take great care to respect these rules, otherwise the script could stop working. Many offensive words are included in this list as well as the most "dangerous" html tags and script tags. If you still get annoying messages, you can add more words, phrases, regular expressions here. Maybe you are instead very permissive on your guestbook and you think that this list is too strict: please remove stuff from here. We suggest that you at least leave the ban on dangerous html tags such iframe and script tags for example, as if you don\'t you might have some unpleasant surprises one day. As the list is now it should give a reasonable \'average\' protection acceptable for most guestbooks, however you are in control here.
Banned IPs	'.$bi_value.'	List here the IP addresses you wish to ban. Each IP is included within quotation marks and separated by the next by a comma. You should take great care to respect these rules, otherwise the script could stop working. You can ban entire classes/sets of ip addresses by listing the initial numbers only: if you include a partial IP (example: "122.131"), all the IP addresses starting with these numbers will be banned.
Posts File		For additional security and privacy, BEFORE CREATING GUESTBOOKS AND START POSTING you can change this file name to something else. We suggest you keep a .txt extension. If you are unsure just leave it as it is, you will be fine.
Log File		For additional security and privacy, BEFORE CREATING GUESTBOOKS AND START POSTING you can change this file name to something else. We suggest you keep a .txt extension. If you are unsure just leave it as it is, you will be fine.
Mex message length		The maximum number of characters allowed in the message field
Max word length		The maximum length, in characters, of a word in the message. Required to prevent users from breaking the layout of your website by posting a very long word

Default values for new guestbooks

Below please review the default values applied to newly created guestbooks. After a new guestbook is created, you will be able to change those in the individual guestbook configuration page. Changing those variables here does not affect the already existing guestbooks

Variable Value Comments

Header '.$nxheader.' The header used for the pages created by the script. This header will never be used for the original html guestbook pages, only for the subsequent pages created by the script when the number of posts exceeds the maximum posts per page setted in the configuration section.
In the individual guestbook configuration page you will be able to easily access the header and footer of the original guestbook page, that you might want to use for the subsequent pages created by the script.
In the code for the header and footer, we advise you to use absolute URLs (starting with http://...) to link images, style sheets, flash animations, videos etc.. as the script does not create the subsequent pages in the same folder as the original html guestbook page.

Footer '.$nxfooter.' The footer used for the pages created by the script. This header will never be used for the original html guestbook pages, only for the subsequent pages created by the script when the number of posts exceeds the maximum posts per page setted in the configuration section.
In the individual guestbook configuration page you will be able to easily access the header and footer of the original guestbook page, that you might want to use for the subsequent pages created by the script In the code for the header and footer, we advise you to use absolute URLs (starting with http://...) to link images, style sheets, flash animations, videos etc.. as the script does not create the subsequent pages in the same folder as the original html guestbook page.

Moderation mode active If set to yes, each message will have to be approved by admin before it is actually posted. When a new message is posted admin gets a notification e-mail with a link to login to the pending messages tab in the admin section, where pending messages can be approved or deleted

Posts per page The number of posts per page. Every time a multiple of this number is reached, a new page is created. If you want all the posts in a single page you can set this very high (like 10000). This can also be useful if you want to transiently move all the posts to a single page and then save this as an archive page. You can then revert to the usual number of pages by resetting the number to the usual one (tipically 10-30 posts per page)

Enable CAPTCHA verification If set to yes (recommended), your guestbook will be protected by spam bots

Used language Specify here the language to be used in the public part of the guestbook. This is based on text files that contain the translations of the words and sentences used throughout the guestbook, including warning messages. You can build your own \'language file\': create a folder in include/lang for your language and put inside a translation of the lang.php file that you can find in the existing directories in lang. Then look for the following line in php_guestbook.php file (it\'s toward the end of the file): <OPTION VALUE=include/lang/ita/lang.php>Italian and add a new line for your new language.

Additional pages name The name that will be given to the pages created by the guestbook (a new page is created each time the last page is filled up according to the "posts per page" variable). This name will be followed by progressive numbers (for example page_2.html, page_3.html etc..). The name of the very first page, the original guestbook html page, will remain as it was, it won\'t be affected by this setting

Navigation menu spacer The spacer used in the menu on the guestbook page to navigate the different pages. This spacer will separate, in this menu, the links to the pages. You cannot use semicolons (;) here, or in any other variable in this page as this will \'break\' the guestbook! In this variable spaces ( ) are allowed and matter: " - " is different from " -" for example. If you are unsure, just leave it as it is.

Posts template '.$p_template.' If you know some html you can edit the posts template here, otherwise you might probably leave this alone. This determines how the name, email and message will look like/are arrange on the guestbook page. The variables ending in _lang are the language variables for name, email and message. Their value change with the selected language. The other variables are replaced by the actual name, e-mail and message for each post.

'.$powby.'

'; } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot "; } } //end GloalConf elseif ($task=="ShowPendingMessages"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPendingMessages(); } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot "; } } elseif ($task=="approve"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ApprovePost($post_id); echo $show_pending_redir; } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot "; } } elseif ($task=="ShowPrivatePost") { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $gb->ShowPrivatePost($post_id); } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot ";} } elseif ($task=="captchaverify"){ # from the form to verify the ability to read the captcha if ($use_sessions==1){ session_start(); if ($_SESSION['new_string'] == $random){$verif=1;} else{$verif=0;} $_SESSION['new_string']=""; session_destroy(); } elseif($use_sessions==0){ $the_code=trim(file_get_contents('temp_code.txt')); unlink('temp_code.txt'); if ($the_code == $random){$verif=1;} else{$verif=0;} } if ($verif==1){ $check=1; $check_name=CheckForForbidden($name,$forbidden_strings); $check_mail=CheckForForbidden($email,$forbidden_strings); $check_message=CheckForForbidden($message,$forbidden_strings); $check_ip=CheckForForbidden($ip_addr,$forbidden_strings); if ($check_name==0 or $check_mail==0 or $check_message==0 or $check_ip==0){$check=0;} if ($check==1){ $post_id=GetNextAvailableId($posts_file); if ($moderation_active=="yes"){$approved="no";} else{$approved="yes";} $post_id=GetNextAvailableId($posts_file); //eval ($create_post_array); $post_array=array(); $post_array["email"]=$email; $post_array["post_id"]=$post_id; $post_array["gbid"]=$gbid; $post_array["name"]=$name; $post_array["message"]=$message; $post_array["date"]=$date; $post_array["ip_addr"]=$ip_addr; $post_array["show_email"]=$show_email; $post_array["show_message"]=$show_message; $post_array["approved"]=$approved; echo "Processing post...

"; $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); #$gb=new Guestbook; $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); $mail_log=$post->MailLogLine(); writelog($logfile,$post_log); if ($sendmail_onpost==1){ if ($moderation_active=="no"){ eval("\$email_mssg1 = \"$email_mssg1\";"); msendmail($gbook_email,$admin_email,$email_subj1,$email_mssg1); } elseif ($moderation_active=="yes"){ eval("\$email_mssg1 = \"$email_mssg3\";"); msendmail($gbook_email,$admin_email,$email_subj3,$email_mssg1); } } echo($confirm); } elseif ($check==0){echo($confirm2);} } else{ echo($confirm2); } } elseif ($task=="adminverify"){ # from the form with the password check if the admin is authorized to post a message (if the password is right) session_start(); if ($posted_pass==$admin_pass OR $_SESSION['adm_pass']==$admin_pass ){ $_SESSION['adm_pass']=$admin_pass; $approved="yes"; $post_id=$gb->GetNextAvailableId(); eval ($create_post_array); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); $gb->AddPost($post_array); $post_log=$post->MailLogLine("log"); writelog($logfile,$post_log); echo($confirm); } else{die($wrong_pass);} } elseif ($task=="show"){ # from the form to access the admin section session_start(); $adm_check=0; if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){$_SESSION['adm_pass']=$admin_pass; $adm_check=1;} if($adm_check==1){echo $admin_pag_style.$admin_home_line_1.$admin_navigation; echo $admin_home_line_2; } else{die("$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot ");} } # END if task=show elseif ($task=="del_edit"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $gb->CreateDelEditPage(); die(); } else{ die("$admin_pag_style\n"." $wcs_login_head

Your session has expired

Password:

$wcs_login_foot "); } # else it is not shown } elseif ($task=="delete"){ # from the admin section, call to delete a post session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $gb->DeletePost($post_id); die ($post_num_lang." ".$post_id." ".$del_success_lang.'!'.$deledit_redir); } else{die("$admin_pag_style\n"." $wcs_login_head

Your session has expired

Password:

$wcs_login_foot ");} } elseif ($task=="edit"){ # from the admin section, call to edit a post and show the editing form session_start(); echo "

$editing_p_num $post_id

\n"; if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; $post_array=$gb->GetPost($post_id); $post=new Post($post_array); #$post->SetThisVarsFromPostArray($post_array); $string=$post->SetVariablesFromPostArray(); eval($string); $email=$post->DecodeMessage($email); $message=$post->DecodeMessage($message); eval("\$post_edit_form = \"$post_edit_form\";"); die ($post_edit_form); }# end of "if password is right" block else{ echo "$admin_pag_style\n"." $wcs_login_head

Session expired, please re-login below

Password:

$wcs_login_foot "; } } elseif ($task=="modify"){ # from the message editing form, call to proceed to the modifications and update the posts flatfile and guestbook file session_start(); if ($_SESSION['adm_pass'] == $admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; eval ($create_post_array); $gb->ReplacePost($post_array); echo "$post_num_lang $post_id $edited_ok_lang $deledit_redir"; die(); }# end of "if password is right" block else{ echo "$admin_pag_style\n"." $wcs_login_head

Session expired, please re-login below

Password:

$wcs_login_foot "; } } elseif ($task=="adm_logout"){ session_start(); $_SESSION['adm_pass']=''; session_destroy(); echo "$admin_pag_style\n"."$wcs_login_head

"; echo " Password:

$wcs_login_foot "; } elseif ($task=="login"){ session_start(); $_SESSION['adm_pass']=''; session_destroy(); echo "$admin_pag_style\n"."$wcs_login_head

"; echo " Password:

$wcs_login_foot "; } elseif ($task=="configure") # creation/editing of the configuration file for the individual guestbooks { session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass){ $_SESSION['adm_pass']=$admin_pass; //$conf_file=file("include/conf.php"); $conf_file=file($gbconf); //$nxheader=implode("'", preg_split("/\\\'/", $nxheader)); //$nxfooter=implode("'", preg_split("/\\\'/", $nxfooter)); //$gbook_title= preg_split("/\\\'/", $gbook_title); //$gbook_title=implode("'", $gbook_title); $gb=new Guestbook($gbid); $header=$gb->GetHeader(); $header=htmlentities($header); $footer=$gb->GetFooter(); $footer=htmlentities($footer); //$editor->display('100%','300'); $conf_file=file($gbconf); foreach($conf_file as $value) { if (preg_match('/forbidden_strings/',$value)==1){$forbidden_strings_line=$value; break;} } $fs_splitted=preg_split('/forbidden_strings=array$/',$forbidden_strings_line); $fs_value=$fs_splitted[1]; $fs_splitted=preg_split('/$;/',$fs_value); $fs_value=$fs_splitted[0]; foreach($conf_file as $value) { if (preg_match('/banned_ips/',$value)==1){$banned_ips_line=$value; break;} } $bi_splitted=preg_split('/banned_ips=array$/',$banned_ips_line); $bi_value=$bi_splitted[1]; $bi_splitted=preg_split('/$;/',$bi_value); $bi_value=$bi_splitted[0]; if ($moderation_active=="yes"){$option1_modact="yes";$option2_modact="no";} if ($moderation_active=="no") {$option1_modact="no";$option2_modact="yes";} if ($enable_image_verification_step=="0"){$option1_imgverif="0";$option2_imgverif="1";$option_right1="no";$option_right2="yes";} elseif ($enable_image_verification_step=="1"){$option1_imgverif="1";$option2_imgverif="0";$option_right1="yes";$option_right2="no";} echo ' Guestbook configuration page '; //echo $admin_page_style2; echo $admin_pag_style; echo ''.$admin_navigation.''; eval("\$gb_admin_navigation = \"$gb_admin_navigation\";"); echo "

$gb_admin_navigation"; if ($wlc==1){die();} echo '

Guestbook configuration page

Variable	Value	Comments
		URL and Title
Guestbook URL		The full URL of your guestbook html page
Guestbook title		A smart title that describes your guestbook
		Other variables. Those are set from the ones in the central configuration, you can change them here to override the defaults in this particular guestbook
Header	'.$nxheader.'	The header used for the pages created by the guestbook. This will never be used for the original html guestbook page, only the subsequent pages created by the script when the number of posts exceeds the maximum posts per page setted in this configuration section. You may use the header of the original html page for this (show in the text area below), however you should take great care, if you use relative links (example: images/pet.jpg is a relative link) to images, scripts or style sheets, flash elements... to replace them by absolute links (http://....), as the additional pages will not be stored in the same folder as the original html guestbook page. '.$header.'
Footer	'.$nxfooter.'	The footer used for the pages created by the guestbook. This will never be used for your original html guestbook page. It will only be used the subsequent pages created by the script when the number of posts exceeds the maximum posts per page setted in this configuration section. You may use the footer of the original html page for this (show in the text area below), however you should take great care, if you use relative links (example: images/pet.jpg is a relative link) to images, scripts, style sheets, flash elements... to replace them by absolute links (http://....), as the additional pages will not be stored in the same folder as the original html guestbook page. '.$footer.'
Moderation mode active		If set to yes, each message will have to be approved by admin before it is actually posted. When a new message is posted admin gets a notification e-mail with a link to login to the pending messages tab in the admin section, where pending messages can be approved or deleted
Posts per page		The number of posts per page. Every time a multiple of this number is reached, a new page is created. If you want all the posts in a single page you can set this very high (like 10000). This can also be useful if you want to transiently move all the posts to a single page and then save this as an archive page. You can then revert to the usual number of pages by resetting the number to the usual one (tipically 10-30 posts per page)
Enable CAPTCHA verification		If set to yes (recommended), your guestbook will be protected by spam bots
Used language		Specify here the language to be used in the public part of the guestbook. This is based on text files that contain the translations of the words and sentences used throughout the guestbook, including warning messages. You can build your own \'language file\': create a folder in include/lang for your language and put inside a translation of the lang.php file that you can find in the existing directories in lang. Then look for the following line in php_guestbook.php file (it\'s toward the end of the file): <OPTION VALUE=include/lang/ita/lang.php>Italian and add a new line for your new language.
Additional pages name		The name that will be given to the pages created by the guestbook (a new page is created each time the last page is filled up according to the "posts per page" variable). This name will be followed by progressive numbers (for example page_2.html, page_3.html etc..). The name of the very first page, the original guestbook html page, will remain as it was, it won\'t be affected by this setting
Navigation menu spacer		The spacer used in the menu on the guestbook page to navigate the different pages. This spacer will separate, in this menu, the links to the pages. You cannot use semicolons (;) here, or in any other variable in this page as this will \'break\' the guestbook! In this variable spaces ( ) are allowed and matter: " - " is different from " -" for example. If you are unsure, just leave it as it is.
Posts template	'.$p_template.'	If you know some html you can edit the posts template here, otherwise you might probably leave is alone. This determines how the name, email and message will look like/are arrange on the guestbook page. The variables ending in _lang are the language variables for name, email and message. Their value change with the selected language. The other variables are replaced by the actual name, e-mail and message for each post.

'.$powby.'

'; } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot "; } } elseif ($task=="edit_config") { session_start(); if ($_SESSION['adm_pass']==$admin_pass){ if($_POST['admin_pass']){$admin_pass=trim($_POST['admin_pass']);} $_SESSION['adm_pass']=$admin_pass; if($_POST['gbook_title']){$gbook_title=trim($_POST['gbook_title']);} if($_POST['gbook_url']){$gbook_url=trim($_POST['gbook_url']);} if($_POST['posts_per_page']){$posts_per_page=trim($_POST['posts_per_page']);} $enable_image_verification_step=$_POST['enable_image_verification_step']; if($_POST['additional_pages_name']){$additional_pages_name=trim($_POST['additional_pages_name']);} if($_POST['menu_spacer']){$menu_spacer=$_POST['menu_spacer'];} # this one must not be trimmed! if($_POST['p_template']){$p_template=implode("\'", preg_split('/\'/', trim($_POST['p_template'])));} if($_POST['nxheader']){$nxheader=implode("\'", preg_split('/\'/', htmlentities(trim($_POST['nxheader']))));} if($_POST['nxfooter']){$nxfooter=implode("\'", preg_split('/\'/', htmlentities(trim($_POST['nxfooter']))));} if($_POST['gbook_title']){$gbook_title=implode("\'", preg_split('/\'/', trim($_POST['gbook_title'])));} if (function_exists('get_magic_quotes_gpc')){ $mq=get_magic_quotes_gpc(); if ($mq==1){ if($_POST['p_template']){$p_template=stripslashes(trim($_POST['p_template']));} if($_POST['nxheader']){$nxheader=implode("\'", preg_split('/\'/', htmlentities(stripslashes(trim($_POST['nxheader'])))));} if($_POST['nxfooter']){$nxfooter=implode("\'", preg_split('/\'/', htmlentities(stripslashes(trim($_POST['nxfooter'])))));} if($_POST['gbook_title']){$gbook_title=implode("\'", preg_split('/\'/', stripslashes(trim($_POST['gbook_title']))));} } } if($_POST['used_language']){$used_language=trim($_POST['used_language']);} if($_POST['moderation_active']){$moderation_active=trim($_POST['moderation_active']);} $config= 'UpdateHTMLFile(); echo ""; } } elseif ($task=="fixperms"){ session_start(); if ($_SESSION['adm_pass']==$admin_pass OR $posted_pass==$admin_pass) { $_SESSION['adm_pass']=$admin_pass; $i=1; $ftf=1000; //maximum number of folders to be fixed //while ($i<$ftf AND file_exists("gbooks/gb".$i)){ while ($i<$ftf){ $gbfold="gbooks/gb".$i; $pages_fold="gbooks/gb".$i."/pages"; $posts_fold="gbooks/gb".$i."/posts"; $conf_f="gbooks/gb".$i."/gbconf.php"; $posts_f="gbooks/gb".$i."/posts/posts.txt"; $logf="gbooks/gb".$i."/posts/gbook_log.txt"; chmod ($gbfold,0777); chmod ($pages_fold,0777); chmod ($posts_fold,0777); chmod ($posts_f,0777); chmod ($logf,0777); chmod ($conf_f,0777); $i=$i+1; } echo "All permissions of folders and files within the gbooks directory set to 0777

"; } else { echo "$admin_pag_style\n"." $wcs_login_head

Password:

$wcs_login_foot "; } } else {die ("unrecognised call");} ?>

Website Comments System central configuration page

In this section you can:

Global configuration variables

Default values for new guestbooks

$editing_p_num $post_id

Guestbook configuration page

URL and Title

Other variables. Those are set from the ones in the central configuration, you can change them here to override the defaults in this particular guestbook