3v4l.org

run code in 300+ PHP versions simultaneously
<?php # You must set this correctly to a # location where you are allowed to # create a file! $guestbook = 'guestbook.dat'; # Choose your own password $adminPassword = '$uP3rDUP3r'; # Hide harmless warning messages that confuse users. # If you have problems and you don't know why, # comment this line out for a while to get more # information from PHP error_reporting (E_ALL ^ (E_NOTICE | E_WARNING)); # No changes required below here $admin = 0; if ($adminPassword == 'Change$') { die("You need to change \$adminPassword first."); } # Undo magic quotes - useless for flat files, # and inadequate and therefore dangerous for databases. See: # http://www.boutell.com/newfaq/creating/magicquotes.html function stripslashes_nested($v) { if (is_array($v)) { return array_map('stripslashes_nested', $v); } else { return stripslashes($v); } } if (get_magic_quotes_gpc()) { $_GET = stripslashes_nested($_GET); $_POST = stripslashes_nested($_POST); } ?> <html> <head> <title>Guestbook</title> </head> <body> <h1 align="center">Triumphant Personal Care Guestbook</h1> <div align="center"> <?php $password = ""; if ($_POST['password'] == $adminPassword) { $admin = 1; $password = $adminPassword; } else if (strlen($_POST['password'])) { echo("<h2>Login Failed (Bad Password)</h2>\n"); } ?> <table border="0" cellpadding="3" cellspacing="3"> <tr><th>Date</th><th>Last Name</th><th>Comment</th> <?php if ($admin) { echo "<th>Controls</th>"; } ?> </tr> <?php if ($_POST['submit']) { $file = fopen($guestbook, "a"); if (!$file) { die("Can't write to guestbook file"); } $date = date('F j, Y, g:i a'); $id = rand(); $name = $_POST['name']; $lastname = $_POST['lastname']; $email = $_POST['email']; $comment = $_POST['comment']; $name = clean($name, 40); $lastname = clean($lastname, 40); $email = clean($email, 40); $comment = clean($comment, 40); fwrite($file, "$date\t$name\t$lastname\t$email\t$comment\t$id\n"); fclose($file); } $file = fopen($guestbook, 'r'); $tfile = null; $delete = 0; $deleteId = ''; if ($admin && $_POST['delete']) { $delete = 1; $deleteId = $_POST['id']; $tfile = @fopen("$guestbook.tmp", 'w'); if (!$tfile) { die("Can't create temporary file for delete operation"); } } if ($file) { while (!feof($file)) { $line = fgets($file); $line = trim($line); list ($date, $name, $lastname, $email, $comment, $id) = split("\t", $line, 6); if (!strlen($date)) { break; } if (!strlen($id)) { // Support my old version $id = $date; } if ($delete) { if ($id == $deleteId) { continue; } else { fwrite($tfile, "$date\t$name\t$lastname\t$email\t$comment\t$id\n"); } } echo "<tr><td>$date</td><td>$lastname</td><td>$comment</td>"; if ($admin) { echo "<td>"; echo "<form action=\"keith.php\" " . "method=\"POST\">"; passwordField(); hiddenField('id', $id); echo "<input type=\"submit\" " . "value=\"Delete\" " . "name=\"delete\">"; echo "</form>"; echo "</td>"; } echo "</tr>\n"; } fclose($file); if ($delete) { fclose($tfile); unlink($guestbook); rename("$guestbook.tmp", $guestbook); } } function clean($name, $max) { # Turn tabs and CRs into spaces so they can't # fake other fields or extra entries $name = ereg_replace("[[:space:]]", ' ', $name); # Escape < > and and & so they # can't mess withour HTML markup $name = ereg_replace('&', '&amp;', $name); $name = ereg_replace('<', '&lt;', $name); $name = ereg_replace('>', '&gt;', $name); # Don't allow excessively long entries $name = substr($name, 0, $max); # Undo PHP's "magic quotes" feature, which has # inserted a \ in front of any " characters. # We undo this because we're using a file, not a # database, so we don't want " escaped. Those # using databases should do the opposite: # call addslashes if get_magic_quotes_gpc() # returns false. return $name; } function passwordField() { global $admin; global $password; if (!$admin) { return; } hiddenField('password', $password); } function hiddenField($name, $value) { echo "<input type=\"hidden\" " . "name=\"$name\" value=\"$value\">"; } ?> </table> <?php if (!$admin) { ?> <form action="keith.php" method="POST"> <b>Admin Login</b> <p> Admin Password: <input type="password" name="password"> <input type="submit" name="login" value="Log In"> </form> <?php } ?> <form action="keith.php" method="POST"> <table border="0" cellpadding="5" cellspacing="5"> <tr> <td colspan="2">Sign My Guestbook!</td> </tr> <tr> <th>Name</th><td><input name="name" maxlength="40"></td> </tr> <tr> <th>Last Name</th><td><input name="lastname" maxlength="40"></td> </tr> <tr> <th>Email</th><td><input name="email" maxlength="40"></td> </tr> <tr> <th>Comment</th><td><input name="comment" maxlength="40"></td> </tr> <tr> <th colspan="2"> <input type="submit" name="submit" value="Sign the Guestbook"> </th> </tr> </table> <?php passwordField(); ?> </form> </div> </body> </html>
preferences:
30.65 ms | 402 KiB | 5 Q