<?php
session_start();
define('ADMIN_PASS', 'password');
function strip_chars($var)
{
return trim(str_replace("\r", NULL, htmlspecialchars(stripslashes(strip_tags($var)), ENT_QUOTES)));
}
function bbcode($var)
{
$var = preg_replace('/http:\/\/[\w]+(.[\w]+)([\w\-\.,@?^=%&:\/~\+#]*[\w\-\@?^=%%&\/~\+#])?/i', '<a href="$0">$0</a>', $var);
$var = preg_replace('(\[b\](.+?)\[\/b\])is', '<b>$1</b>', $var);
$var = preg_replace('(\[i\](.+?)\[\/i\])is', '<i>$1</i>', $var);
$var = preg_replace('(\[u\](.+?)\[\/u\])is', '<u>$1</u>', $var);
return trim($var);
}
if (isset($_POST['password']))
{
$password = md5($_POST['password']);
if ($password == md5(ADMIN_PASS))
{
setcookie('password', $password);
}
}
else
{
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : NULL;
}
if (isset($_GET['admin']) && $_GET['admin'] == 'logout')
{
setcookie('password', '');
unset($_COOKIE['password'], $password);
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
else
if (isset($_GET['admin']) && $_GET['admin'] == 'delete')
{
if ($password == md5(ADMIN_PASS))
{
if ($file = fopen('./guestbookdb.php', 'r'))
{
$data = '';
while (!feof($file))
{
$line = fgets($file, 4096);
list($timestamp) = explode(chr(02), trim($line));
if ($timestamp == $_GET['msg'])
{
$data .= fread($file, filesize('./guestbookdb.php'));
fclose($file);
if (!$file = fopen('./guestbookdb.php', 'w'))
{
break;
}
fwrite($file, $data);
fclose($file);
break;
}
else
{
$data .= $line;
}
}
}
}
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['captcha_code'],$_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt'])
{
unset($_POST['captcha_code'],$_SESSION['random_txt']);
}
else
{
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
$_POST = str_replace(chr(02), ' ', $_POST);
$ip = $_SERVER['REMOTE_ADDR'];
$name = strip_chars($_POST['name']);
$subject = strip_chars($_POST['subject']);
$email = strip_chars($_POST['email']);
$website = strip_chars($_POST['website']);
$message = str_replace("\n", "<br>", strip_chars($_POST['message']));
$message = bbcode($message);
$timestamp = time();
if (!(empty($name) || empty($message)))
{
$file = fopen('./guestbookdb.php', 'a+');
$data = $timestamp . chr(02) . $name . chr(02) . $subject . chr(02) . $email . chr(02) . $website . chr(02) . $message . chr(02) . $ip . "\n";
fwrite($file, $data);
fclose($file);
}
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
?>
<html>
<head>
<title>Welcome to my guestbook!</title>
<style type="text/css">
body
{
background-color: #FFFFFF;
color: #125EC6;
}
td
{
font-family: Arial;
color: #125EC6;
font-size: 13px;
}
input, textarea
{
background-color: #FFFFFF;
color: #125EC6;
font-size: 13px;
border-style: solid;
border-width: 1px;
border-color: #125EC6;
}
p.title
{
font-family: Arial;
font-size: 19px;
color: #0F448E;
font-weight: bold;
}
.banner
{
font-family: Arial;
font-size: 13px;
background-color: #ABCAF6;
color: #0F448E;
font-weight: bold;
}
.message
{
font-family: Arial;
font-size: 13px;
background-color: #E0EBFB;
color: #125EC6;
}
a:link, a:visited
{
color: #125EC6;
}
a:hover
{
color: #125EC6;
}
</style>
</head>
<body>
<?php
if (isset($_GET['admin']))
{
if ($_GET['admin'] == 'login')
{
echo "<center>\n";
echo "<p class=\"title\">Guestbook login</p>\n";
echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"><p><input type=\"password\" name=\"password\" size=\"20\" /> <input type=\"submit\" value=\"Login\" name=\"submit\" /></p></form>\n";
echo "</center>\n";
}
}
else
{
echo "<p align=\"center\" class=\"title\">Welcome to my guestbook!</p>\n";
if ($password != md5(ADMIN_PASS))
{
$width = 50;
$height = 23;
$back_color = sscanf('#FFFFFF', '#%2x%2x%2x');
$text_color = sscanf('#125EC6', '#%2x%2x%2x');
$randomnr = mt_rand(1000, 9999);
$im = imagecreatetruecolor($width, $height);
$back_col = imagecolorallocate($im,$back_color[0],$back_color[1],$back_color[2]);
$text_col = imagecolorallocate($im,$text_color[0],$text_color[1],$text_color[2]);
imagefill($im, 0, 0, $back_col);
imagerectangle($im, 0, 0, $width-1, $height-1, $text_col);
imagerectangle($im, 2, 2, $width-3, $height-3, $text_col);
imagestring($im, 5, 7, 3, $randomnr, $text_col);
$_SESSION['random_txt'] = md5($randomnr);
imagepng($im,'./captcha.png');
imagedestroy($im);
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
echo "<table width=\"100%\" style=\"background-color:#C3D9F8;\">\n";
echo " <tr>\n";
echo " <td width=\"119\">Name:</td>\n";
echo " <td><input type=\"text\" value=\"\" name=\"name\" style=\"width:100%;\"/></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>Subject:</td>\n";
echo " <td><input type=\"text\" name=\"subject\" style=\"width:100%;\"/></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>E-mail:</td>\n";
echo " <td><input type=\"text\" value=\"\" name=\"email\" style=\"width:100%;\"/></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>Website:</td>\n";
echo " <td><input type=\"text\" value=\"\" name=\"website\" style=\"width:100%;\"/></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>Message:</td>\n";
echo " <td><textarea name=\"message\" rows=\"3\" style=\"width:100%;\"></textarea></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>Confirmation code:</td>\n";
echo " <td>\n";
echo " <img src=\"./captcha.png?".uniqid(time())."\" width=\"50\" height=\"23\" alt=\"\" align=\"top\"> <input name=\"captcha_code\" type=\"text\" size=\"4\"> \n";
echo " <input type=\"submit\" name=\"Submit\" value=\"Submit\"/>";
echo " <input type=\"reset\" value=\"Reset\"/>";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</form>\n";
}
if(filesize('./guestbookdb.php') == 0)
{
echo "<font style=\"font-family:Arial;color:#125EC6;font-size:13px;\">No posts found.<br></font>\n";
}
else
{
$items = file('./guestbookdb.php');
$items = array_reverse($items);
str_replace("<", "<", $items);
str_replace(">", ">", $items);
str_replace("\n", "<br>\n", $items);
foreach($items as $line)
{
list($timestamp, $name, $subject, $email, $website, $message, $ip) = explode(chr(02), trim($line));
$topic = "\n<div class=\"banner\">";
$topic .= date('m/d/Y H:i:s',$timestamp) . " ";
if ($email != "")
{
$topic .= "<a href=\"mailto:$email\">";
}
$topic .= "$name";
if ($email != "")
{
$topic .= "</a>";
}
if ($website != "")
{
$website = eregi_replace("^http://", "", $website);
$topic .= " (<a href=\"http://$website\" target=\"_blank\">$website</a>) - ";
}
else
{
$topic .= " - ";
}
$topic .= "$subject</div>\n";
$topic .= "<div class=\"message\">$message</div>\n";
echo $topic;
if ($password == md5(ADMIN_PASS))
{
echo "<div class=\"banner\"><a href=\"".$_SERVER['PHP_SELF']."?admin=delete&msg=$timestamp\">[delete]</a> <a href=\"http://whois.sc/".$ip."\" target=\"_blank\" title=\"".$ip."\">[whois]</a></div>\n";
}
echo "<br>\n";
}
}
echo "<br>\n";
if ($password == md5(ADMIN_PASS))
{
echo "<a href=\"".$_SERVER['PHP_SELF']."?admin=logout\"><font style=\"font-family:Arial;color:#125EC6;font-size:13px;\">Logout</a><br></font>\n";
}
}
?>
</body>
</html>