value="<?=$_SESSION['email']?>">
</td>
</tr>
<tr bgcolor="<?=$table_content_1a?>">
<td width="28%">
<div align="right"><font size="2">Website : </font></div>
</td>
<td width="72%">
<input type="text" name="vurl" size="30" maxlength="150" value="<?=$_SESSION['url']?>">
</td>
</tr>
<tr bgcolor="<?=$table_content_1a?>">
<td valign="top" width="28%">
<div align="right"><font size="2">*Comment : </font></div>
</td>
<td width="72%">
<textarea name="vcomment" cols="40" rows="7" wrap="virtual"><?=$_SESSION['comment']?></textarea>
<br><font size="1">* Required field</font>
</td>
</tr>
<tr bgcolor="<?=$table_content_1a?>">
<td width="28%">
<div align="right"><font size="2">Verification Code :</font></div>
</td>
<td width="72%">
<font size="1">Please retype this code below :</font>
<font size="2"><b><?=$_SESSION['secc']?></b></font><br>
<input type="text" name="vsecc" size="4" maxlength="4">
</td>
</tr>
<tr bgcolor="<?=$table_content_1b?>">
<td colspan="2">
<div align="center">
<font size="2">
<input type="submit" value="Submit">
<input type="reset" value="Reset">
<input type="button" value="Back" onclick="window.location='<?="$self?page=$page"?>'">
</font>
</div>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</form>
</div>
</body>
</html>
<!-- End of entry form -->
<?
break;
case "add":
$vname = isset($_POST['vname']) ? trim($_POST['vname']) : "";
$vemail = isset($_POST['vemail']) ? trim($_POST['vemail']) : "";
$vurl = isset($_POST['vurl']) ? trim($_POST['vurl']) : "";
$vcomment = isset($_POST['vcomment']) ? trim($_POST['vcomment']) : "";
$vsecc = isset($_POST['vsecc']) ? strtoupper($_POST['vsecc']) : "";
if (strlen($vname) > 70) $vname = substr($vname,0,70);
if (strlen($vemail) > 100) $vemail = substr($vemail,0,100);
if (strlen($vurl) > 150) $vurl = substr($vurl,0,150);
$_SESSION['name'] = $vname;
$_SESSION['email'] = $vemail;
$_SESSION['url'] = $vurl;
$_SESSION['comment'] = stripslashes($vcomment);
if ($vname == "" || $vcomment == "") {
input_err("You may left some fields.");
}
if ($vemail != "" && !preg_match("/([\w\.\-]+)(\@[\w\.\-]+)(\.[a-z]{2,4})+/i", $vemail)) {
input_err("Invalid email address.");
}
if ($vurl != "" && strtolower($vurl) != "http://") {
if (!preg_match ("#^[url]http://[_a-z0-9-]+\\[/url].[_a-z0-9-]+#i", $vurl)) {
input_err("Invalid URL format.");
}
}
$test_comment = preg_split("/[\s]+/",$vcomment);
$jmltest = count($test_comment);
for ($t=0; $t<$jmltest; $t++) {
if (strlen(trim($test_comment[$t])) > 70) {
input_err("Invalid word found on your entry : ".stripslashes($test_comment[$t]));
}
}
if (isset($_SESSION['add']) && $_SESSION['add'] >= $max_entry_per_session) {
input_err("Sorry, only $max_entry_per_session message(s) allowed per session.",false);
} elseif (!isset($_SESSION['add'])) {
exit;
}
if ($vsecc != $_SESSION['secc']) {
input_err("Invalid verification code");
}
//--only 2000 characters allowed for comment, change this value if necessary
$maxchar = 2000;
if (strlen($vcomment) > $maxchar) $vcomment = substr($vcomment,0,$maxchar)."...";
$idx = date("YmdHis");
$tgl = date("F d, Y - h:i A");
$vname = str_replace("<","<",$vname);
$vname = str_replace(">",">",$vname);
$vname = str_replace("~","-",$vname);
$vname = str_replace("\"",""",$vname);
$vcomment = str_replace("<","<",$vcomment);
$vcomment = str_replace(">",">",$vcomment);
$vcomment = str_replace("|","",$vcomment);
$vcomment = str_replace("\"",""",$vcomment);
$vurl = str_replace("<","",$vurl);
$vurl = str_replace(">","",$vurl);
$vurl = str_replace("|","",$vurl);
$vemail = str_replace("<","",$vemail);
$vemail = str_replace(">","",$vemail);
$vemail = str_replace("|","",$vemail);
if (strtoupper($os) == "WIN") {
$vcomment = str_replace($newline,"<br>",$vcomment);
$vcomment = str_replace("\r","",$vcomment);
$vcomment = str_replace("\n","",$vcomment);
} else {
$vcomment = str_replace($newline,"<br>",$vcomment);
$vcomment = str_replace("\r","",$vcomment);
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && eregi("^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$",$_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ipnum = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ipnum = getenv("REMOTE_ADDR");
}
$newdata = "|~|$idx|~|$tgl|~|$vname|~|$vemail|~|$vcomment|~|$vurl|~|$ipnum|~|";
$newdata = stripslashes($newdata);
$newdata .= $newline;
$tambah = fopen($data_file,"a");
if (strtoupper($os)=="UNIX") {
if (flock($tambah,LOCK_EX)) {
fwrite($tambah,$newdata);
flock($tambah,LOCK_UN);
}
} else {
fwrite($tambah,$newdata);
}
fclose($tambah);
//--send mail
if (strtoupper($notify) == "YES") {
$msgtitle = "Someone signed your guestbook";
$vcomment = str_replace(""","\"",$vcomment);
$vcomment = stripslashes($vcomment);
$vcomment = str_replace("<br>","\n",$vcomment);
$msgcontent = "Local time : $tgl\n\nThe addition from $vname :\n----------------------------\n\n$vcomment\n\n-----End Message-----";
@mail($admin_email,$msgtitle,$msgcontent,"From: $vemail\n");
}
//--clear session
$_SESSION['name'] = "";
$_SESSION['email'] = "";
$_SESSION['url'] = "http://";
$_SESSION['comment'] = "";
$_SESSION['add']++;
$_SESSION['secc'] = "";
redir($self,"Thank you, your entry has been added.");
break;
case "del":
$record = file($data_file);
$jmlrec = count($record);
for ($i=0; $i<$jmlrec; $i++) {
$row = explode("|~|",$record[$i]);
if ($id == $row[1]) {
?>
<html>
<head><title>Delete record</title></head>
<body bgcolor="<?=$background?>" style="font-family:<?=$font_face?>">
<center>
<font size="4" color="<?=$title_color?>">Delete Confirmation</font>
<br><br>
<table border="0" cellpadding="5" cellspacing="1" width="450">
<tr>
<td bgcolor="<?=$table_top?>">
<font size="2">
<font size="1"><b><?=$row[2]?></font><br><?=$row[3]?></b> - <a href="mailto:<?=$row[4]?>"><?=$row[4]?></a>
<br><br><?=$row[5]?>
<br><br><font size="1">IP : <?=$row[7]?></font>
</font>
</td>
</tr>
</table>
<form action="<?=$self?>" method="post">
<input type="hidden" name="do" value="del2">
<input type="hidden" name="id" value="<?=$id?>">
<input type="hidden" name="page" value="<?=$page?>">
<font color="<?=$title_color?>" size="2"><b>Admin password : </b></font> <input type="password" name="pwd">
<br><br>
<font size="2" color="<?=$title_color?>"><b>»</b><input type="checkbox" name="byip" value="<?=$row[7]?>"> Delete all record that using this IP : <?=$row[7]?></font>
<br><br>
<input type="submit" value="Delete"> <input type="button" value="Cancel" onclick="window.location='<?="$self?page=$page"?>'">
</form>
</center>
</body>
</html>
<?
}
}
break;
case "del2":
$pwd = isset($_POST['pwd']) ? trim($_POST['pwd']) : "";
$id = isset($_POST['id']) ? trim($_POST['id']) : "";
$page = isset($_POST['page']) ? $_POST['page'] : 1;
$byip = isset($_POST['byip']) ? $_POST['byip'] : "";
if ($pwd != $admin_password) {
redir("$self?page=$page","Invalid admin password !");
}