<?php
if($_POST['save']) {
include("_mysql.php");
include("_settings.php");
include("_functions.php");
$date = time();
$run=0;
if($userID) {
$name=getnickname($userID);
$email=getemail($userID);
$url=gethomepage($userID);
$icq=geticq($userID);
$run=1;
}
else {
$name = $_POST['gbname'];
$email = $_POST['gbemail'];
$url = $_POST['gburl'];
$icq = $_POST['icq'];
$CAPCLASS = new Captcha;
if($CAPCLASS->check_captcha($_POST['captcha'], $_POST['captcha_hash'])) $run=1;
}
if($run) {
safe_query("INSERT INTO ".PREFIX."guestbook (date, name, email, hp, icq, ip, comment)
values('$date', '".$name."', '".$email."', '".$url."', '".$icq."', '$ip', '".$_POST['message']."')");
if($gb_info) {
$ergebnis=safe_query("SELECT userID FROM ".PREFIX."user_groups WHERE feedback='1'");
while($ds=mysql_fetch_array($ergebnis)) {
$touser[]=$ds[userID];
}
$message = '
There is a new guestbook entry! Click here ';
foreach($touser as $id) {
sendmessage($id,'New guestbook comment',$message);
}
}
}
header("Location: index.php?site=guestbook");
}
elseif($_GET['delete']) {
include("_mysql.php");
include("_settings.php");
include("_functions.php");
if(!isanyadmin($userID)) die('no access!');
foreach($_POST['gbID'] as $id) {
safe_query("DELETE FROM ".PREFIX."guestbook WHERE gbID='$id'");
}
header("Location: index.php?site=guestbook");
}
elseif($_POST['savecomment']) {
include("_mysql.php");
include("_settings.php");
include("_functions.php");
if(!isfeedbackadmin($userID)) die('no access!');
safe_query("UPDATE ".PREFIX."guestbook SET admincomment='".$_POST['comment']."' WHERE gbID='".$_POST['guestbookID']."' ");
redirect('index.php?site=guestbook','',0);
}
elseif($_GET['action'] == 'comment') {
if(!isfeedbackadmin($userID)) die('no access!');
$ergebnis = safe_query("SELECT admincomment FROM ".PREFIX."guestbook WHERE gbID='".$_GET['guestbookID']."'");
$ds = mysql_fetch_array($ergebnis);
eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
echo $title_guestbook;
eval ("\$guestbook_comment = \"".gettemplate("guestbook_comment")."\";");
echo $guestbook_comment;
}
elseif($_GET['action'] == 'add') {
if($_GET['messageID']) {
$ds=mysql_fetch_array(safe_query("SELECT comment, name FROM `".PREFIX."guestbook` WHERE gbID='".$_GET['messageID']."'"));
$message='
'.$ds['name'].' wrote: [br]'.$ds['comment'].'
';
} else $message='';
if($loggedin) {
eval ("\$guestbook_loggedin = \"".gettemplate("guestbook_loggedin")."\";");
echo $guestbook_loggedin;
}
else {
$CAPCLASS = new Captcha;
$captcha = $CAPCLASS->create_captcha();
$hash = $CAPCLASS->get_hash();
$CAPCLASS->clear_oldcaptcha();
eval ("\$guestbook_notloggedin = \"".gettemplate("guestbook_notloggedin")."\";") ;
echo $guestbook_notloggedin;
}
}
else {
eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
echo $title_guestbook;
$gesamt = mysql_num_rows(safe_query("SELECT gbID FROM ".PREFIX."guestbook"));
$pages=1;
$page = $_GET['page'];
$type = $_GET['type'];
if(!isset($page)) $page = 1;
if(!isset($type)) $type = "DESC";
$max=$maxguestbook;
for ($n=$max; $n<=$gesamt; $n+=$max) {
if($gesamt>$n) $pages++;
}
if($pages>1) $page_link = makepagelink("index.php?site=guestbook&type=$type" , $page, $pages);
if ($page == "1") {
$ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT 0,$max");
if($type=="DESC") $n=$gesamt;
else $n=1;
}
else {
$start=$page*$max-$max;
$ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT $start,$max");
if($type=="DESC") $n = $gesamt-($page-1)*$max;
else $n = ($page-1)*$max+1;
}
if($type=="ASC")
$sorter='
Sort: [img]images/icons/asc.gif[/img]';
else
$sorter='
Sort: [img]images/icons/desc.gif[/img]';
echo'<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td>'.$sorter.' '.$page_link.'</td>
<td align="right"><input type="button" onClick="MM_goToURL(\'parent\',\'index.php?site=gu estbook&action=add\');return document.MM_returnValue" value="new entry"></td>
</tr>
</table>';
echo '<form method="post" name="form" action="guestbook.php?delete=true">';
while ($ds = mysql_fetch_array($ergebnis)) {
$n%2 ? $bg1=BG_1 : $bg1=BG_2;
$date = date("d.m.Y - H:i", $ds[date]);
$sem = '^[a-z0-9_\.-]+@[a-z0-9_-]+\.[a-z0-9_\.-]+$';
if(eregi($sem, $ds[email])) $email = '[img]images/icons/email.gif[/img]';
else $email='';
$sem = '^[
http://]+[a-z0-9_\.-]+[a-z0-9_-]+$';
if(eregi($sem, $ds[hp])) $hp='
[img]images/icons/hp.gif[/img]';
else $hp='';
$sem = '[0-9]{7,11}';
$icq_number = str_replace('-','',$ds['icq']);
if(eregi($sem, $ds[icq])) $icq = '
';
else $icq="";
$name=strip_tags($ds[name]);
$message=cleartext($ds[comment]);
unset($admincomment);
if($ds[admincomment] != "") {
$admincomment = '<hr width="50%" size="1" noshade align="left" color="'.$border.'">
Admin comment:
'.htmloutput($ds[admincomment]).'';
}
$actions='';
$ip='logged';
$quote='
[img]images/icons/quote.gif[/img]';
if(isfeedbackadmin($userID)) {
$actions='
[img]images/icons/admincomment.gif[/img] <input class="input" type="checkbox" name="gbID[]" value="'.$ds[gbID].'">';
$ip=$ds[ip];
}
eval ("\$guestbook = \"".gettemplate("guestbook")."\";");
echo $guestbook;
if($type=="DESC") $n--;
else $n++;
}
if(isfeedbackadmin($userID)) $submit='<input class="input" type="checkbox" name="ALL" value="ALL" onClick="SelectAll(this.form);"> select all
<input type="submit" value="delete selected">';
echo'<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>'.$page_link.'</td>
<td align="right">'.$submit.'</td>
</tr>
</table></form>';
}
?>