<?php
# You must set this correctly to a
# location where you are allowed to
# create a file!
$guestbook = 'guestbook.dat';
# Choose your own password
$adminPassword = '$uP3rDUP3r';
# Hide harmless warning messages that confuse users.
# If you have problems and you don't know why,
# comment this line out for a while to get more
# information from PHP
error_reporting (E_ALL ^ (E_NOTICE | E_WARNING));
# No changes required below here
$admin = 0;
if ($adminPassword == 'Change$') {
die("You need to change \$adminPassword first.");
}
# Undo magic quotes - useless for flat files,
# and inadequate and therefore dangerous for databases. See:
# http://www.boutell.com/newfaq/creating/magicquotes.html
function stripslashes_nested($v)
{
if (is_array($v)) {
return array_map('stripslashes_nested', $v);
} else {
return stripslashes($v);
}
}
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_nested($_GET);
$_POST = stripslashes_nested($_POST);
}
?>
<html>
<head>
<title>Guestbook</title>
</head>
<body>
<h1 align="center">Triumphant Personal Care Guestbook</h1>
<div align="center">
<?php
$password = "";
if ($_POST['password'] == $adminPassword) {
$admin = 1;
$password = $adminPassword;
} else if (strlen($_POST['password'])) {
echo("<h2>Login Failed (Bad Password)</h2>\n");
}
?>
<table border="0" cellpadding="3" cellspacing="3">
<tr><th>Date</th><th>Last Name</th><th>Comment</th>
<?php
if ($admin) {
echo "<th>Controls</th>";
}
?>
</tr>
<?php
if ($_POST['submit']) {
$file = fopen($guestbook, "a");
if (!$file) {
die("Can't write to guestbook file");
}
$date = date('F j, Y, g:i a');
$id = rand();
$name = $_POST['name'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$name = clean($name, 40);
$lastname = clean($lastname, 40);
$email = clean($email, 40);
$comment = clean($comment, 40);
fwrite($file,
"$date\t$name\t$lastname\t$email\t$comment\t$id\n");
fclose($file);
}
$file = fopen($guestbook, 'r');
$tfile = null;
$delete = 0;
$deleteId = '';
if ($admin && $_POST['delete']) {
$delete = 1;
$deleteId = $_POST['id'];
$tfile = @fopen("$guestbook.tmp", 'w');
if (!$tfile) {
die("Can't create temporary file for delete operation");
}
}
if ($file) {
while (!feof($file)) {
$line = fgets($file);
$line = trim($line);
list ($date, $name, $lastname, $email, $comment, $id) =
split("\t", $line, 6);
if (!strlen($date)) {
break;
}
if (!strlen($id)) {
// Support my old version
$id = $date;
}
if ($delete) {
if ($id == $deleteId) {
continue;
} else {
fwrite($tfile,
"$date\t$name\t$lastname\t$email\t$comment\t$id\n");
}
}
echo "<tr><td>$date</td><td>$lastname</td><td>$comment</td>";
if ($admin) {
echo "<td>";
echo "<form action=\"keith.php\" " .
"method=\"POST\">";
passwordField();
hiddenField('id', $id);
echo "<input type=\"submit\" " .
"value=\"Delete\" " .
"name=\"delete\">";
echo "</form>";
echo "</td>";
}
echo "</tr>\n";
}
fclose($file);
if ($delete) {
fclose($tfile);
unlink($guestbook);
rename("$guestbook.tmp", $guestbook);
}
}
function clean($name, $max) {
# Turn tabs and CRs into spaces so they can't
# fake other fields or extra entries
$name = ereg_replace("[[:space:]]", ' ', $name);
# Escape < > and and & so they
# can't mess withour HTML markup
$name = ereg_replace('&', '&', $name);
$name = ereg_replace('<', '<', $name);
$name = ereg_replace('>', '>', $name);
# Don't allow excessively long entries
$name = substr($name, 0, $max);
# Undo PHP's "magic quotes" feature, which has
# inserted a \ in front of any " characters.
# We undo this because we're using a file, not a
# database, so we don't want " escaped. Those
# using databases should do the opposite:
# call addslashes if get_magic_quotes_gpc()
# returns false.
return $name;
}
function passwordField() {
global $admin;
global $password;
if (!$admin) {
return;
}
hiddenField('password', $password);
}
function hiddenField($name, $value) {
echo "<input type=\"hidden\" " .
"name=\"$name\" value=\"$value\">";
}
?>
</table>
<?php
if (!$admin) {
?>
<form action="keith.php" method="POST">
<b>Admin Login</b>
<p>
Admin Password: <input type="password" name="password">
<input type="submit" name="login" value="Log In">
</form>
<?php
}
?>
<form action="keith.php" method="POST">
<table border="0" cellpadding="5" cellspacing="5">
<tr>
<td colspan="2">Sign My Guestbook!</td>
</tr>
<tr>
<th>Name</th><td><input name="name" maxlength="40"></td>
</tr>
<tr>
<th>Last Name</th><td><input name="lastname" maxlength="40"></td>
</tr>
<tr>
<th>Email</th><td><input name="email" maxlength="40"></td>
</tr>
<tr>
<th>Comment</th><td><input name="comment" maxlength="40"></td>
</tr>
<tr>
<th colspan="2">
<input type="submit" name="submit" value="Sign the Guestbook">
</th>
</tr>
</table>
<?php
passwordField();
?>
</form>
</div>
</body>
</html>
preferences:
30.65 ms | 402 KiB | 5 Q