<?php session_start(); define('ADMIN_PASS', 'password'); function strip_chars($var) { return trim(str_replace("\r", NULL, htmlspecialchars(stripslashes(strip_tags($var)), ENT_QUOTES))); } function bbcode($var) { $var = preg_replace('/http:\/\/[\w]+(.[\w]+)([\w\-\.,@?^=%&:\/~\+#]*[\w\-\@?^=%%&\/~\+#])?/i', '<a href="$0">$0</a>', $var); $var = preg_replace('(\[b\](.+?)\[\/b\])is', '<b>$1</b>', $var); $var = preg_replace('(\[i\](.+?)\[\/i\])is', '<i>$1</i>', $var); $var = preg_replace('(\[u\](.+?)\[\/u\])is', '<u>$1</u>', $var); return trim($var); } if (isset($_POST['password'])) { $password = md5($_POST['password']); if ($password == md5(ADMIN_PASS)) { setcookie('password', $password); } } else { $password = isset($_COOKIE['password']) ? $_COOKIE['password'] : NULL; } if (isset($_GET['admin']) && $_GET['admin'] == 'logout') { setcookie('password', ''); unset($_COOKIE['password'], $password); header("Location: ".$_SERVER['PHP_SELF']); exit; } else if (isset($_GET['admin']) && $_GET['admin'] == 'delete') { if ($password == md5(ADMIN_PASS)) { if ($file = fopen('./guestbookdb.php', 'r')) { $data = ''; while (!feof($file)) { $line = fgets($file, 4096); list($timestamp) = explode(chr(02), trim($line)); if ($timestamp == $_GET['msg']) { $data .= fread($file, filesize('./guestbookdb.php')); fclose($file); if (!$file = fopen('./guestbookdb.php', 'w')) { break; } fwrite($file, $data); fclose($file); break; } else { $data .= $line; } } } } header("Location: ".$_SERVER['PHP_SELF']); exit; } if($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['captcha_code'],$_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt']) { unset($_POST['captcha_code'],$_SESSION['random_txt']); } else { header("Location: ".$_SERVER['PHP_SELF']); exit; } $_POST = str_replace(chr(02), ' ', $_POST); $ip = $_SERVER['REMOTE_ADDR']; $name = strip_chars($_POST['name']); $subject = strip_chars($_POST['subject']); $email = strip_chars($_POST['email']); $website = strip_chars($_POST['website']); $message = str_replace("\n", "<br>", strip_chars($_POST['message'])); $message = bbcode($message); $timestamp = time(); if (!(empty($name) || empty($message))) { $file = fopen('./guestbookdb.php', 'a+'); $data = $timestamp . chr(02) . $name . chr(02) . $subject . chr(02) . $email . chr(02) . $website . chr(02) . $message . chr(02) . $ip . "\n"; fwrite($file, $data); fclose($file); } header("Location: ".$_SERVER['PHP_SELF']); exit; } ?> <html> <head> <title>Welcome to my guestbook!</title> <style type="text/css"> body { background-color: #FFFFFF; color: #125EC6; } td { font-family: Arial; color: #125EC6; font-size: 13px; } input, textarea { background-color: #FFFFFF; color: #125EC6; font-size: 13px; border-style: solid; border-width: 1px; border-color: #125EC6; } p.title { font-family: Arial; font-size: 19px; color: #0F448E; font-weight: bold; } .banner { font-family: Arial; font-size: 13px; background-color: #ABCAF6; color: #0F448E; font-weight: bold; } .message { font-family: Arial; font-size: 13px; background-color: #E0EBFB; color: #125EC6; } a:link, a:visited { color: #125EC6; } a:hover { color: #125EC6; } </style> </head> <body> <?php if (isset($_GET['admin'])) { if ($_GET['admin'] == 'login') { echo "<center>\n"; echo "<p class=\"title\">Guestbook login</p>\n"; echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"><p><input type=\"password\" name=\"password\" size=\"20\" /> <input type=\"submit\" value=\"Login\" name=\"submit\" /></p></form>\n"; echo "</center>\n"; } } else { echo "<p align=\"center\" class=\"title\">Welcome to my guestbook!</p>\n"; if ($password != md5(ADMIN_PASS)) { $width = 50; $height = 23; $back_color = sscanf('#FFFFFF', '#%2x%2x%2x'); $text_color = sscanf('#125EC6', '#%2x%2x%2x'); $randomnr = mt_rand(1000, 9999); $im = imagecreatetruecolor($width, $height); $back_col = imagecolorallocate($im,$back_color[0],$back_color[1],$back_color[2]); $text_col = imagecolorallocate($im,$text_color[0],$text_color[1],$text_color[2]); imagefill($im, 0, 0, $back_col); imagerectangle($im, 0, 0, $width-1, $height-1, $text_col); imagerectangle($im, 2, 2, $width-3, $height-3, $text_col); imagestring($im, 5, 7, 3, $randomnr, $text_col); $_SESSION['random_txt'] = md5($randomnr); imagepng($im,'./captcha.png'); imagedestroy($im); echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n"; echo "<table width=\"100%\" style=\"background-color:#C3D9F8;\">\n"; echo " <tr>\n"; echo " <td width=\"119\">Name:</td>\n"; echo " <td><input type=\"text\" value=\"\" name=\"name\" style=\"width:100%;\"/></td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td>Subject:</td>\n"; echo " <td><input type=\"text\" name=\"subject\" style=\"width:100%;\"/></td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td>E-mail:</td>\n"; echo " <td><input type=\"text\" value=\"\" name=\"email\" style=\"width:100%;\"/></td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td>Website:</td>\n"; echo " <td><input type=\"text\" value=\"\" name=\"website\" style=\"width:100%;\"/></td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td>Message:</td>\n"; echo " <td><textarea name=\"message\" rows=\"3\" style=\"width:100%;\"></textarea></td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td>Confirmation code:</td>\n"; echo " <td>\n"; echo " <img src=\"./captcha.png?".uniqid(time())."\" width=\"50\" height=\"23\" alt=\"\" align=\"top\"> <input name=\"captcha_code\" type=\"text\" size=\"4\"> \n"; echo " <input type=\"submit\" name=\"Submit\" value=\"Submit\"/>"; echo " <input type=\"reset\" value=\"Reset\"/>"; echo " </td>\n"; echo " </tr>\n"; echo "</table>\n"; echo "</form>\n"; } if(filesize('./guestbookdb.php') == 0) { echo "<font style=\"font-family:Arial;color:#125EC6;font-size:13px;\">No posts found.<br></font>\n"; } else { $items = file('./guestbookdb.php'); $items = array_reverse($items); str_replace("<", "<", $items); str_replace(">", ">", $items); str_replace("\n", "<br>\n", $items); foreach($items as $line) { list($timestamp, $name, $subject, $email, $website, $message, $ip) = explode(chr(02), trim($line)); $topic = "\n<div class=\"banner\">"; $topic .= date('m/d/Y H:i:s',$timestamp) . " "; if ($email != "") { $topic .= "<a href=\"mailto:$email\">"; } $topic .= "$name"; if ($email != "") { $topic .= "</a>"; } if ($website != "") { $website = eregi_replace("^http://", "", $website); $topic .= " (<a href=\"http://$website\" target=\"_blank\">$website</a>) - "; } else { $topic .= " - "; } $topic .= "$subject</div>\n"; $topic .= "<div class=\"message\">$message</div>\n"; echo $topic; if ($password == md5(ADMIN_PASS)) { echo "<div class=\"banner\"><a href=\"".$_SERVER['PHP_SELF']."?admin=delete&msg=$timestamp\">[delete]</a> <a href=\"http://whois.sc/".$ip."\" target=\"_blank\" title=\"".$ip."\">[whois]</a></div>\n"; } echo "<br>\n"; } } echo "<br>\n"; if ($password == md5(ADMIN_PASS)) { echo "<a href=\"".$_SERVER['PHP_SELF']."?admin=logout\"><font style=\"font-family:Arial;color:#125EC6;font-size:13px;\">Logout</a><br></font>\n"; } } ?> </body> </html>