"; } if ($properties['guestbook_status']) { if (isset($_POST['send']) OR isset($_POST['preview'])) { $error_msg = ""; if ($_POST['anti_spam'] !=no) $error_msg .=" You did not state that you are no spammer! You have to...
"; if ($_POST['name'] == "") { $error_msg .= "- ".$ms[3]."
"; } if ($_POST['text'] == "") { $error_msg .= "- ".$ms[4]."
"; } if ($properties['check_email'] AND !checkMail($_POST['email'])) { $error_msg .= "- ".$ms[5]."
"; } if ($properties['check_homepage']) { if ($_POST['homepage'] == "" OR $_POST['homepage'] == "http://") { $error_msg .= "- ".$ms[24]."
"; } else if (!checkHomepage($_POST['homepage'])){ $error_msg .= "- ".$ms[217]."
"; } } if ($properties['check_icq']) { if (!preg_match("/^[0-9]*$/is", $_POST['icq']) OR $_POST['icq'] == "") { $error_msg .= "- ".$ms[208]."
"; } } if (isset($_POST['icq']) AND $_POST['icq'] != "") { if (!preg_match("/^[0-9]*$/is", $_POST['icq'])) { $error_msg .= "- ".$ms[208]."
"; } } if ($properties['entry_length_limit']) { $text_length = strlen($_POST['text']); if ($text_length > $properties['entry_length_maximum']) { $error_msg .= "- ".$ms[187]." ".$properties['entry_length_maximum']."
"; } if ($text_length < $properties['entry_length_minimum']) { $error_msg .= "- ".$ms[188]." ".$properties['entry_length_minimum']."
"; } } if (extension_loaded("gd") AND $properties['captcha'] == 1 AND isset($_POST['send'])) { if ($_POST['captcha'] == "") { $error_msg .= "- ".$ms[223]."
"; } else { if (strtoupper($_POST['captcha']) != $_SESSION['captcha']) { $error_msg .= "- ".$ms[224]."
"; } } } if (!$error_msg == "") { echo "".$error_msg."
"; } else { if (isset($_POST['send'])) { $_POST['email'] = mysql_escape_string($_POST['email']); $_POST['homepage'] = mysql_escape_string($_POST['homepage']); $_POST['icq'] = mysql_escape_string($_POST['icq']); $_POST['name'] = mysql_escape_string($_POST['name']); $_POST['text'] = mysql_escape_string($_POST['text']); $time = time(); $old_time = $time-$properties['antiflood_ban']; mysql_query("DELETE FROM ".$table."_ip_ban WHERE time <= '$old_time' AND type='entry'"); $sql_select_ip = mysql_query("SELECT ip FROM ".$table."_ip_ban WHERE ip='".$_SERVER['REMOTE_ADDR']."' AND type='entry'"); $select_ip = mysql_num_rows($sql_select_ip); if ($select_ip > 0) { echo "".$ms[15].""; } else { mysql_query("INSERT INTO ".$table."_ip_ban (ip, time, type) VALUES ('".$_SERVER['REMOTE_ADDR']."', '$time', 'entry')"); mt_srand((double)microtime()*1000000); $activation_code = mt_rand(1000000,9999999); $activation_hashcode = md5($activation_code); if ($properties['notification_entries'] == 1 OR $properties['thanks_email'] == 1) { $header = "MIME-Version: 1.0\n"; $header .= "Content-type: text/plain; charset=iso-8859-1\n"; $header .= "Content-Transfer-Encoding: 8bit\n"; $header .= "X-Mailer: PHP\n"; $header .= "From: \"".$properties['guestbook_title']."\" <".$properties['admin_email'].">\n"; if ($properties['notification_entries'] == 1) { if ($properties['release_entries']) { $release_text = "\n\n".$ms['222']."\n".$url."/admin/admin.php?action=activate_entry&code=".$activation_hashcode.""; } else { $release_text = ""; } mail($properties['admin_email'], $ms['7'], "".$ms['8']."\n\n".$ms['9']." ".$_POST['name']."\n".$ms['10']." ".$_POST['email']."\n".$ms['11']." ".$_POST['homepage']."\nICQ: ".$_POST['icq']."\n\n".$ms['12']."\n".$_POST['text']."\n".$release_text."", $header); } if ($properties['thanks_email'] == 1) { mail($_POST['email'], $ms['220'], $ms['221'], $header); } } $sql_insert_entry = mysql_query("INSERT INTO ".$table."_entries (activation_code, date, email, homepage, icq, id, ip, name, status, text, time) VALUES ('$activation_hashcode', '".date("d.m.Y")."', '".$_POST['email']."', '".$_POST['homepage']."', '".$_POST['icq']."', '', '".$_SERVER['REMOTE_ADDR']."', '".$_POST['name']."', '0', '".$_POST['text']."', '".date("H:i")."')"); if ($sql_insert_entry AND !$properties['release_entries']) { echo ""; } elseif ($properties['release_entries']) { echo "".$ms['13'].""; } else { echo "".$ms[14].""; } } } if (isset($_POST['preview'])) { $text = $_POST['text']; if ($properties['deactivate_html']) { $text = htmlentities($text); } $_POST['email'] = htmlentities($_POST['email']); $_POST['email'] = stripslashes($_POST['email']); $_POST['email'] = strip_tags($_POST['email']); $_POST['homepage'] = htmlentities($_POST['homepage']); $_POST['homepage'] = stripslashes($_POST['homepage']); $_POST['homepage'] = strip_tags($_POST['homepage']); $_POST['icq'] = htmlentities($_POST['icq']); $_POST['icq'] = stripslashes($_POST['icq']); $_POST['icq'] = strip_tags($_POST['icq']); $_POST['name'] = htmlentities($_POST['name']); $_POST['name'] = stripslashes($_POST['name']); $_POST['name'] = strip_tags($_POST['name']); $text = badwords($text); $text = shortWords($text, $properties['max_word_length']); $text = nl2br($text); $text = stripslashes($text); if ($properties['bbcode']) { $text = bbcode($text); } if ($properties['smilies']) { $text = smilies($text); } if (isset($properties['release_entries']) AND $properties['release_entries'] == 1) { $sql_count_entries = mysql_query("SELECT id FROM ".$table."_entries WHERE status='1'"); } else { $sql_count_entries = mysql_query("SELECT id FROM ".$table."_entries"); } $count_entries = mysql_num_rows($sql_count_entries); $count_entries = $count_entries+1; $template_data = $template['html']; $template_data = str_replace("<\$border\$>", $template['border'], $template_data); $template_data = str_replace("<\$cellpadding\$>", $template['cellpadding'], $template_data); $template_data = str_replace("<\$cellspacing\$>", $template['cellspacing'], $template_data); $template_data = str_replace("<\$comment\$>", "", $template_data); $template_data = str_replace("<\$date\$>", date("d.m.Y"), $template_data); $template_data = str_replace("<\$id\$>", $count_entries, $template_data); $template_data = str_replace("<\$name\$>", $_POST['name'], $template_data); $template_data = str_replace("<\$tablealign\$>", $template['tablealign'], $template_data); $template_data = str_replace("<\$tablewidth\$>", $template['tablewidth'], $template_data); $template_data = str_replace("<\$tdcolor\$>", $template['tdcolor'], $template_data); $template_data = str_replace("<\$td2color\$>", $template['td2color'], $template_data); $template_data = str_replace("<\$text\$>", $text, $template_data); $template_data = str_replace("<\$time\$>", date("H:i"), $template_data); if ($properties['show_ip']) { $template_data = str_replace("<\$ip\$>", "IP: ".$_SERVER['REMOTE_ADDR']."
", $template_data); } else { $template_data = str_replace("<\$ip\$>", "", $template_data); } if ($_POST['email'] == "") { $template_data = str_replace("<\$email\$>", "", $template_data); $template_data = str_replace("<\$email_icon\$>", "", $template_data); } else { $template_data = str_replace("<\$email\$>", "".$_POST['email']."", $template_data); $template_data = str_replace("<\$email_icon\$>", "", $template_data); } if ($_POST['homepage'] == "" OR $_POST['homepage'] == "http://") { $template_data = str_replace("<\$homepage\$>", "", $template_data); $template_data = str_replace("<\$homepage_icon\$>", "", $template_data); } else { $template_data = str_replace("<\$homepage_icon\$>", "", $template_data); $template_data = str_replace("<\$homepage\$>", "".$_POST['homepage']."", $template_data); } if ($_POST['icq'] == 0) { $template_data = str_replace("<\$icq\$>", "", $template_data); $template_data = str_replace("<\$icq_icon\$>", "", $template_data); } else { $template_data = str_replace("<\$icq\$>", "".$_POST['icq']."", $template_data); $template_data = str_replace("<\$icq_icon\$>", "", $template_data); } echo ""; } } } echo "

"; echo " "; echo ""; echo "

".$ms[9]."*		"; if ($properties['bbcode']) { echo ""; } if ($properties['smilies']) { $sql_smilies_count = mysql_query("SELECT id FROM ".$table."_smilies"); $count_smilies = mysql_num_rows($sql_smilies_count); if ($count_smilies > 0) { echo ""; } $sql_smilies = mysql_query("SELECT bbcode, filename, height, name, width FROM ".$table."_smilies LIMIT 0,5"); while ($smilies = mysql_fetch_assoc($sql_smilies)) { echo ""; } if ($count_smilies > 0) { echo ""; } $sql_smilies = mysql_query("SELECT bbcode, filename, height, name, width FROM ".$table."_smilies LIMIT 5,5"); while ($smilies = mysql_fetch_assoc($sql_smilies)) { echo ""; } if ($count_smilies > 0) { echo ""; } $sql_smilies = mysql_query("SELECT bbcode, filename, height, name, width FROM ".$table."_smilies LIMIT 10,5"); while ($smilies = mysql_fetch_assoc($sql_smilies)) { echo ""; } if ($count_smilies >= 10) { echo ""; } if ($count_smilies > 15) { echo ""; } } echo " BBCodes: Text = [b]Text[/b] Text = [i]Text[/i] Text = [u]Text[/u] ".$ms[19]."   ".$ms[46].": ".$ms[19]."
".$ms[10].""; if (isset($properties['check_email']) AND $properties['check_email'] == 1) { echo "*"; } echo "
".$ms[11].""; if (isset($properties['check_homepage']) AND $properties['check_homepage'] == 1) { echo "*"; } echo "
ICQ:"; if (isset($properties['check_icq']) AND $properties['check_icq'] == 1) { echo "*"; } echo "
I am a spammer:*	(Please enter \"no\"!)
"; if (isset($_POST['text'])) { echo stripslashes($_POST['text']); } echo "
".$ms[205].""; if (extension_loaded("gd") AND $properties['captcha'] == 1) { echo "  "; } echo "

"; } else { echo "".$ms[34].""; } echo "