"Fossies" - the Fresh Open Source Software Archive

Member "php3guest-1.8.0/index.php" (16 May 2006, 23323 Bytes) of package /linux/www/old/php3guest-1.8.0.tgz:


The requested HTML page contains a <FORM> tag that is unusable on "Fossies" in "automatic" (rendered) mode so that page is shown as HTML source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "index.php" see the Fossies "Dox" file reference documentation.

    1 <script language="php">
    2 
    3 /*********************************************************************************
    4                                 php3guest
    5                                 v. 1.8.0
    6                     (c) Bastian Friedrich 2000-2006
    7 
    8 http://www.bastian-friedrich.de/comp/guestbook/
    9 
   10 php3guest is a web frontend useing mySQL as a backend to provide a guestbook for
   11 your web page.
   12 
   13 php3guest is developed under the GPL. Please read the COPYING for further info.
   14 
   15 *********************************************************************************/
   16 
   17 //////////////////////////////////////////////////////////////////////////////////
   18 // A list of possible arguments, some of which may and will have to be passed to
   19 // successor pages:
   20 // $act       - view, insert, submit, askpass
   21 // $from      - first entry to view in view- or edit mode
   22 
   23 // \"$scriptname?from=$from\"
   24 
   25 /*------------------------  ------------------------*/
   26 /*------------------------ Script starts HERE! ------------------------*/
   27 
   28 
   29 /*------------------------ Functions ------------------------*/
   30 
   31 /*------------------------ encode mail addresses ------------------------*/
   32 
   33 // common spammers' address harvesters are unable to parse %xy-encoded mail addresses
   34 // may be useful in "mailto:" links
   35 function encodemail($my_mail) {
   36   $out = "";
   37   for ($i = 0; $i < strlen($my_mail); $i++)
   38     $out .= "%".dechex(ord($my_mail[$i]));
   39   return $out;
   40 }
   41 
   42 /*------------------------ Check forbidden words ------------------------*/
   43 
   44 function checkForbiddenWords($haystack) {
   45   global $forbiddenWords;
   46 
   47   $found = false;
   48 
   49   foreach ($forbiddenWords as $needle) {
   50     if (strlen($needle["word"])) {
   51       $pos = strpos(strtolower($haystack), strtolower($needle["word"]));
   52       if (!($pos === false)) {
   53         $found = $needle["rejectText"];
   54       }
   55     }
   56   }
   57 
   58   return $found;
   59 }
   60 
   61 /*------------------------ Open Database ------------------------*/
   62 
   63 function openDatabase() {
   64 
   65   // import global variables
   66   global $db_host,
   67          $db_user,
   68          $db_pass,
   69 
   70          $db_db;
   71 
   72 // open database connection and select database
   73   mysql_connect($db_host,$db_user,$db_pass) || die("Could not contact mySQL!");
   74   mysql_select_db($db_db) || die("Connected mySQL, but database is unavailable!");
   75 }
   76 
   77 /*------------------------ Print the entry form ------------------------*/
   78 
   79 function printInsertForm($name = "", $mail = "", $url = "http://", $hp = "", $private = "", $entry = "", $editid = "", $update = "") {
   80 
   81   // import global variables
   82   global $scriptname,
   83      $languagefile,
   84      $antiSpamImage;
   85 
   86   // read language definition file
   87   require($languagefile);
   88 
   89   if (!isset($from)) $from = "";
   90   if (!isset($scriptname)) $scriptname= "";
   91 
   92   // print header
   93   print('<p>');
   94   print(($update) ? $changeGreeting : $insertGreeting);
   95   print('</p>');
   96 
   97   // add values in edit mode
   98   $private_str = ($private) ? " checked " : "";
   99 
  100   if ($antiSpamImage && (!$update)) {
  101     $security = '<p>'.$labelSecurityGfx.'&nbsp;<img src="'.$scriptname.'?act=randomgfx" />&nbsp;<input name="security" size="8" maxlength="8" value="" /></p>';
  102   }
  103 
  104   // print the actual form inserting the labels from config and eventually passed fields in edit mode
  105   print('
  106 <form action="'.$scriptname."?from=$from".'&act=submit" method="post">
  107 <input type="hidden" name="editid" value="'.$editid.'" />
  108 <input type="hidden" name="update" value="'.$update.'" />
  109   <table>
  110     <tr>
  111       <td><p>'.$labelInsertName.'</p></td>
  112       <td><input name="name" size="50" maxlength="50" value="'.$name.'" /></td>
  113     </tr>
  114     <tr>
  115       <td><p>'.$labelInsertMail.'</p></td>
  116       <td><input name="mail" size="50" maxlength="100" value="'.$mail.'" /></td>
  117     </tr>
  118     <tr>
  119       <td><p>'.$labelInsertURL.'</p></td>
  120       <td><input name="url" size="50" maxlength="100" value="'.$url.'" /></td>
  121     </tr>
  122     <tr>
  123       <td><p>'.$labelInsertHP.'</p></td>
  124       <td><input name="hp" size="50" maxlength="100" value="'.$hp.'" /></td>
  125     </tr>
  126   </table>
  127 
  128   <p>'.$labelInsertPrivate.'<input type=checkbox name="private" '.$private_str.' value="1" /></p>
  129 
  130   <p>'.$labelInsertEntry.'</p><p><textarea name="entry" rows="15" cols="60" wrap="virtual">'.$entry.'</textarea></p>
  131 
  132     '.$security.'
  133 
  134   <input type="submit" value="'.$labelInsertSubmit.'" />
  135   <input type="reset" value="'.$labelInsertReset.'" />
  136   
  137 </form>
  138 ');
  139 }
  140 
  141 /*------------------------ put submitted data into the database ------------------------*/
  142 
  143 function submitThis() {
  144 
  145   // import global variables and form data
  146 
  147   global $scriptname,
  148      $maxEntryLength,
  149          $db_table,
  150          $mailEntries,
  151          $mailEntriesSubject,
  152          $mailEntriesTo,
  153      $mailEntriesFrom,
  154          $languagefile,
  155          $antiSpamImage;
  156 
  157   $name    = $_POST["name"];
  158   $mail    = $_POST["mail"];
  159   $url     = $_POST["url"];
  160   $hp      = $_POST["hp"];
  161   $private = $_POST["private"];
  162   $entry   = $_POST["entry"];
  163   $editid  = $_POST["editid"];
  164   $update  = $_POST["update"];
  165 
  166   if (($rejection = checkForbiddenWords($url)) != false) {
  167     print("<p>$rejection</p>");
  168     return;
  169   }
  170   if ($rejection = checkForbiddenWords($hp)) {
  171     print("<p>$rejection</p>");
  172     return;
  173   }
  174   if ($rejection = checkForbiddenWords($name)) {
  175     print("<p>$rejection</p>");
  176     return;
  177   }
  178   if ($rejection = checkForbiddenWords($entry)) {
  179     print("<p>$rejection</p>");
  180     return;
  181   }
  182 
  183   // read language definition file
  184   require($languagefile);
  185 
  186   if ($antiSpamImage) {
  187     if ($_SESSION["randomGfxNr"] != $_POST["security"]) {
  188       print("<p>$labelSecurityFailure</p>");
  189       return;
  190     }
  191     if ($_SESSION["secIP"] != $_SERVER["REMOTE_ADDR"]) {
  192       print("<p>$labelInvalidSession</p>");
  193       return;
  194     }
  195   }
  196 
  197   // Is there any data to submit? We don't want empty entries
  198   if (!$name || !$entry) {
  199     print('<p>'.$insufficientEntry.'</p>');
  200   } else if (strlen($entry) > $maxEntryLength) {
  201     print('<p>'.$entryTooLong.'</p>');
  202   } else {
  203 
  204     // take away predefined "http://" of the url, if nothing was added
  205     if ($url == "http://") $url = "";
  206 
  207     // Check for magic_quotes settings in PHP and add or remove slashes
  208     if (get_magic_quotes_gpc()) {
  209       // Remove Slashes from output data
  210       $_name  = $name;  $name  = StripSlashes($name);
  211       $_mail  = $mail;  $mail  = StripSlashes($mail);
  212       $_url   = $url;   $url   = StripSlashes($url);
  213       $_hp    = $hp;    $hp    = StripSlashes($hp);
  214       $_entry = $entry; $entry = StripSlashes($entry);
  215     } else {
  216       // Escape any '," and such. MySQL would not like this. Create date and "private entry" string, depending on checkbox
  217       $_name    = AddSlashes($name);
  218       $_mail    = AddSlashes($mail);
  219       $_url     = AddSlashes($url);
  220       $_hp      = AddSlashes($hp);
  221       $_entry   = AddSlashes($entry);
  222     }
  223     $_private = ($private) ? $labelYes : $labelNo;
  224     $_idate   = date("Y-m-d H:i:s");
  225 
  226     // MySQL does not like it being passed "nothing" as a value, so set private to "0", if it was not set.
  227     if ($private != 1) $private = 0;
  228 
  229     // Our insertion/update query string
  230     if ($update)
  231       $query = "update $db_table set name='$_name', mail='$_mail', url='$_url', hp='$_hp', private=$private, entry='$_entry' where eid=$editid;";
  232     else
  233       $query = "insert into $db_table values ('','$_name','$_mail','$_url','$_hp',$private,'$_idate','$_entry');";
  234 
  235     // Insert/update or die
  236     mysql_query($query) || die('Error submitting data! Please contact administrator or try again!');
  237 
  238     // mail the entry to the owner, if turned on in config file
  239     if ($mailEntries) 
  240       mail($mailEntriesTo, $mailEntriesSubject, "
  241         $labelInsertName $name
  242         $labelInsertMail $mail
  243         $labelInsertURL $url
  244         $labelInsertHP $hp
  245         $labelInsertPrivate $_private
  246         $labelInsertDate $_idate
  247         $labelInsertEntry $entry",
  248     "From: $mailEntriesFrom");
  249 
  250     // escape eventual html content in the entry if user wishes
  251     if (!$_SESSION["viewhtml"]) $entry = htmlentities($entry);
  252 
  253     // change linebreaks to html paragraphs or linebreaks
  254     $entry = str_replace("\n\r\n\r", "</p><p>", $entry);
  255     $entry = str_replace("\n\n", "</p><p>", $entry);
  256     $entry = str_replace("\n\r", "<br />", $entry);
  257 
  258     // Output submitted data
  259     print('
  260 <p>'.$submitGreeting.'</p>
  261 <p>
  262 '.$labelInsertName.htmlentities($name).'<br />
  263 '.$labelInsertMail.htmlentities($mail).'<br />
  264 '.$labelInsertURL.htmlentities($url).'<br />
  265 '.$labelInsertHP.htmlentities($hp).'<br />
  266 '.$labelInsertPrivate.$_private.'<br />
  267 '.$labelInsertDate.$_idate.'<br />
  268 '.$labelInsertEntry.$entry.'
  269 </p>
  270 <p><a href="'."$scriptname?from=$from".'">'.$submitBack.'</a></p>
  271 ');
  272 
  273   }
  274 }
  275 
  276 /*------------------------ View Single Entry -------------------*/
  277 
  278 function viewSingleEntry($name, $mail, $url, $hp, $private, $idate, $entry) {
  279 
  280   // import global variables
  281   global $linkNewWindow,
  282          $languagefile,
  283      $publishMail;
  284 
  285   $name = htmlentities($name);
  286   $mail = htmlentities($mail);
  287   $url  = htmlentities($url);
  288   $hp   = htmlentities($hp);
  289 
  290   if (!isset($from)) $from = "";
  291   if (!isset($scriptname)) $scriptname= "";
  292 
  293   // read language definition file
  294   require($languagefile);
  295 
  296   // if the visitor provided a mail address, set it as a "mailto:" - a-href in $_name
  297   $_name = $labelViewName;
  298 
  299   if ($mail) {
  300     if (!$publishMail && !$_SESSION["pass"])
  301       $mail="mail address hidden in public mode.";
  302 
  303     $_name .= '<a href="mailto:'.encodemail($mail).'">';
  304     $_name .= $name;
  305     $_name .= '</a>';
  306   } else {
  307     $_name .= $name;
  308   }
  309   $_name .= "<br />";
  310 
  311   // if the visitor provided a homepage, set it as a <a href>. Use it's name as a link if there is any, otherwise take the url
  312   $_hp = "";
  313   if ($url) {
  314     $_hp = "$labelViewHP<a href=\"$url\"";
  315     if ($linkNewWindow) $_hp .= ' target="_new"';
  316     $_hp .= ">";
  317     $_hp .= ($hp) ? $hp : $url;
  318     $_hp .= "</a><br />";
  319   }
  320 
  321   // if entry is private, check for a password (which must be correct by now, if it is set)
  322   // output entry or a message that this is a private entry
  323   $_entry = "";
  324   if ($private && (!$_SESSION["pass"])) {
  325     $_entry = $notifyPrivateEntry;
  326     $_entry .= "<br /><a href=\"$scriptname?from=$from&act=askpass&nextact=view\">";
  327     $_entry .= $privateLink;
  328     $_entry .= "</a>";
  329   } else {
  330     if ($private) $_entry = "$privateInfo</p><p>";
  331     $_entry .= ($_SESSION["viewhtml"]) ? $entry : htmlentities($entry);
  332   }
  333 
  334   // Escape any linebreaks as HTML paragraphs or linebreaks
  335   $_entry = str_replace("\n.\n", "</p><p>", $_entry);
  336   $_entry = str_replace("\n", "<br />", $_entry);
  337 
  338   ///////////////////////
  339   // output data
  340 
  341 $labelViewEntry = ""; // While updating to PHP5: Some bug here?! This var. is not needed...
  342 
  343       print("
  344 <p>
  345 $labelViewDate $idate<br />
  346 $_name
  347 $_hp
  348 <p>$labelViewEntry</p>
  349 <p>$_entry
  350 </p>");
  351 
  352 }
  353 
  354 /*------------------------ View Entries ------------------------*/
  355 
  356 function viewEntries() {
  357 
  358   // import global variables
  359   global $from,
  360          $entriesPerPage,
  361          $act,
  362          $scriptname,
  363          $db_table,
  364          $languagefile,
  365          $possibleLanguages,
  366          $usableWithoutJavascript,
  367      $entriesCount;
  368 
  369   // read language definition file
  370   require($languagefile);
  371 
  372   // Are we administrating without proper password?
  373   if (($act == "admin") && (!$_SESSION["pass"])) {
  374     print("<p>$adminNoPass<br />");
  375     print("<a href=\"$scriptname?from=$from&act=askpass&nextact=admin\">$adminNoPassLink</a></p>");
  376   } else {
  377 
  378     // Are we viewing or administrating the entries?
  379     if ($act != "admin")
  380       print("<p><a href=\"$scriptname?from=$from&act=admin\">$adminLink</a></p>\n");
  381 
  382     if ($_SESSION["pass"])
  383       print("<p><a href=\"$scriptname?from=$from&act=logout\">$adminLogout</a></p>\n");
  384 
  385     // Print drop down box
  386     if (strlen($possibleLanguages) > 0) {
  387       print('<form action="'.$scriptname.'" method="get">'.$labelLanguage.'<select name="language" size="1" onchange="submit()">');
  388       $possLang = strtok($possibleLanguages, " ");
  389       while ($possLang) {
  390         if ($_SESSION["language"] == $possLang) $sel = 'selected="selected"';
  391         print("<option value=\"$possLang\" $sel>$possLang</option>");
  392         $sel="";
  393         $possLang = strtok(" ");
  394       }
  395       print('</select>');
  396       // Give people without javascript a chance to change the language
  397       if ($usableWithoutJavascript)
  398                print('&nbsp;<input type="submit" value="'.$adminSubmit.'" />');
  399       print('</form>');
  400     }
  401 
  402     // query the database
  403     $query = "select * from $db_table order by idate desc;";
  404     $arowid = mysql_query($query);
  405     $entriesCount = mysql_num_rows($arowid);
  406 
  407     // are there any entries?
  408     if (($arowid == 0) || (mysql_num_rows($arowid) == 0)) {
  409       print("<p>$noEntries</p>");
  410     } else {
  411 
  412       // calculate the entries from and to which we want to view
  413       $from = ($from) ? $from : 0;
  414       $to = min($from+$entriesPerPage-1, mysql_num_rows($arowid)-1);
  415 
  416       // Tell visitor which entries he is seeing
  417       $d_from = $from+1;
  418       $d_to   = $to+1;
  419       print("<p>$labelViewEntryIDs ".($entriesCount-$d_to+1).' - '.($entriesCount-$d_from+1)."</p>");
  420 
  421 
  422       // Bogus request? This really should not happen - anyway. Don't want php3 errors on screen.
  423       if ($from < 0 || $from > mysql_num_rows($arowid)-1) {
  424         die('<p>Ouch! You are requesting entries that do not exist! Go away!</p>');
  425       }
  426 
  427       // Seek to the first entry to be viewed
  428       mysql_data_seek($arowid, $from);
  429 
  430       $nr = 0;
  431 
  432       // In admin mode, we want a table of selectable entries as a form
  433       if ($act == "admin")
  434         print("<form action=\"$scriptname?from=$from&act=edit\" method=\"post\"><table border=\"1\">");
  435       else
  436         print('<table border="0"><tr><td>&nbsp;</td><td><hr /></td></tr>');
  437 
  438       // read $entriesPerPage entries
  439       while ($nr < $entriesPerPage) {
  440 
  441         // is there such an entry? If not -> out of this loop (Well, this really should not happen...
  442         if (!$arow = mysql_fetch_array($arowid)) break;
  443 
  444     $currentNr = $entriesCount-$from-$nr;
  445 
  446         // create radio buttons in admin mode 
  447         if ($act == "admin")
  448           print('<tr><td style="vertical-align : top;"><p>['.$currentNr.']<br /><input type="radio" name="editid" value="'.$arow["eid"].'" /></p></td><td>');
  449         else
  450           print('<tr><td style="vertical-align : top;"><p>['.$currentNr.']</p></td><td>');
  451 
  452         // Display entry with data from database
  453         viewSingleEntry($arow["name"], $arow["mail"], $arow["url"], $arow["hp"], $arow["private"], $arow["idate"], $arow["entry"]);
  454 
  455         // seperate entries (ruler or cell)
  456         print(($act == "admin") ? "</td></tr>" : "<hr /></td></tr>");
  457 
  458         $nr++;
  459       }
  460 
  461       // finish table and form in admin mode: radio buttons to select next step and submission button
  462       if ($act == "admin")
  463         print("</table>
  464         <p>
  465         <input type=\"radio\" name=\"editremove\" checked value=\"1\" />$adminEdit&nbsp;</input><input type=\"radio\" name=\"editremove\" value=\"2\" />$adminRemove</input><br />
  466         <input type=\"submit\" value=\"$adminSubmit\" />
  467         </p>
  468         </form>");
  469       else
  470         print("</table>");
  471 
  472       ///////////////////////
  473       // Next and Last Page Links
  474 
  475       print("<p>$labelViewEntryIDs: ");
  476 
  477       // make sure we can selected newer entries
  478       $newfrom=0;
  479       while ( $newfrom < $from ) {
  480         $newto = min($newfrom+$entriesPerPage-1,$from-1);
  481 
  482         // print the link
  483         $d_newfrom = $newfrom+1;
  484         $d_newto = $newto+1;
  485         print("[&nbsp;<a href=\"$scriptname?from=$newfrom&act=$act\">".($entriesCount-$d_newto+1)."&nbsp;-&nbsp;".($entriesCount-$d_newfrom+1)."</a>&nbsp;] ");
  486         $newfrom = $newto+1;
  487       }
  488 
  489       print("[&nbsp;".($entriesCount-$d_to+1)."&nbsp;-&nbsp;".($entriesCount-$d_from+1)."&nbsp;] ");
  490 
  491       // are there any older entries?
  492       $newto=$to;
  493       while ($newto < mysql_num_rows($arowid)-1) {
  494         // start and end?
  495         $newfrom = $newto+1;
  496         $newto = min(mysql_num_rows($arowid), $newfrom+$entriesPerPage)-1;
  497         // print the link
  498         $d_newfrom = $newfrom+1;
  499         $d_newto = $newto+1;
  500         print("[&nbsp<a href=\"$scriptname?from=$newfrom&act=$act\">".($entriesCount-$d_newto+1)."&nbsp;-&nbsp;".($entriesCount-$d_newfrom+1)."</a>&nbsp;] ");
  501       }
  502       print("</p>");
  503     }
  504   }
  505 }
  506 
  507 /*------------------------ askPass ------------------------*/
  508 
  509 function askPass() {
  510 
  511   // import global variables
  512   global $from,
  513          $view,
  514          $languagefile,
  515          $nextact,
  516          $scriptname;
  517 
  518 
  519   // read language definition file
  520   require($languagefile);
  521 
  522   // print a little form using the labels from the config file
  523 
  524   print("
  525 <p>
  526 <form action=\"$scriptname?from=$from&act=$nextact\" method=\"post\">
  527 $labelPassPass <input type=\"password\" name=\"pass\" size=\"20\" maxlength=\"20\" /><br />
  528 <input type=\"radio\" name=\"viewhtml\" value=\"0\"".($_SESSION["viewhtml"] ? "" : " checked")." /> $labelNoHTML<br />
  529 <input type=\"radio\" name=\"viewhtml\" value=\"1\"".($_SESSION["viewhtml"] ? " checked" : "")." /> $labelHTML<br />
  530 <input type=\"submit\" value=\"$labelPassSubmit\" />
  531 </form>
  532 </p>");
  533 
  534 }
  535 
  536 /*------------------------ editEntry ------------------------*/
  537 
  538 function editEntry() {
  539 
  540   // import global variables
  541   global $from,
  542          $entriesPerPage,
  543          $act,
  544          $scriptname,
  545          $db_table,
  546          $languagefile;
  547 
  548   $editid     = $_POST["editid"];
  549   $editremove = $_POST["editremove"];
  550 
  551   // read language definition file
  552   require($languagefile);
  553 
  554   if (!$editid) 
  555     print("<p>$noEditSelection</p><p><a href=\"$scriptname?from=$from&act=admin\">$adminLink</a></p>");
  556   else {
  557     // check for password
  558     if (!$_SESSION["pass"]) {
  559       // no? print error message
  560       print("<p>$adminNoPass<br />");
  561       print("<a href=\"$scriptname?from=$from&act=askpass&nextact=admin\">$adminNoPassLink</a></p>");
  562     } else {
  563       // yep - do we want to remove an entry or edit one?
  564       switch ($editremove) {
  565         case 1 :
  566           // edit mode: get row from database and pass arguments to insert form if available
  567           $query = "select * from $db_table where eid = $editid";
  568           $arowid = mysql_query($query);
  569           if ($arowid) {
  570             $arow = mysql_fetch_array($arowid);
  571             printInsertForm($arow["name"], $arow["mail"], $arow["url"], $arow["hp"], $arow["private"], $arow["entry"], $arow["eid"], 1); 
  572           } else die("Ooops! Severe database error!");
  573           break;
  574 
  575         case 2 :
  576           // remove mode: remove row from database, if possible and print status message.
  577           $query = "delete from $db_table where eid=$editid";
  578           $queryresult = mysql_query($query);
  579           if ($queryresult)
  580             print("<p>$labelSuccessfullRemove</p>");
  581           else die("Ooops! Severe database error!");
  582           print("<p><a href=\"$scriptname?from=$from\">$submitBack</a></p>");
  583           print("<p><a href=\"$scriptname?from=$from&act=admin\">$adminLink</a></p>");
  584           break;
  585       }
  586     }
  587   }
  588 }
  589 
  590 /*------------------------ randomGfx ------------------------*/
  591 
  592 function randomGfx() {
  593   $random = rand(10000, 99999);
  594   
  595   Header("Content-type: image/png");
  596 
  597   $font  = 5;
  598   $offset = 5;
  599   $width  = ImageFontWidth($font) * 5 + $offset*2;
  600   $height = ImageFontHeight($font) + $offset*2;
  601 
  602   $img = imagecreate($width+1, $height+1);
  603 
  604   $background_color = imagecolorallocate ($img, 223, 223, 223);
  605 
  606   $black = imagecolorallocate($img, 0, 0, 0);
  607   $grey = imagecolorallocate($img, 63, 63, 63);
  608 
  609   imageline($img, 0, 0, $width, 0, $black);
  610   imageline($img, 0, 0, 0, $height, $black);
  611   imageline($img, 0, $height, $width, $height, $black);
  612   imageline($img, $width, 0, $width, $height, $black);
  613 
  614   $text_color = imagecolorallocate ($img, 127, 127, 127);
  615   imagestring ($img, $font, $offset, $offset,  $random, $text_color);
  616 
  617   $i=4;
  618   while ($i < $height) {
  619     imageline($img, 0, $i, $width, $i, $text_color);
  620     $i+=8;
  621   }
  622 
  623   $i=4;
  624   while ($i < $width) {
  625     imageline($img, $i, 0, $i, $height, $text_color);
  626     $i+=8;
  627   }
  628 
  629   imagepng ($img);
  630   
  631   ImageDestroy($img);
  632 
  633   $_SESSION["randomGfxNr"] = $random;
  634   $_SESSION["secIP"] = $_SERVER["REMOTE_ADDR"];
  635 }
  636 
  637 /*------------------------ importVariables ------------------------*/
  638 
  639 function importVariables() {
  640   global $act,
  641      $nextact,
  642      $from;
  643 
  644   if (isset($_GET["act"]))
  645     $act = $_GET["act"];
  646   if (isset($_GET["nextact"]))
  647     $nextact = $_GET["nextact"];
  648   if (isset($_GET["from"]))
  649     $from    = $_GET["from"];
  650 
  651   if (isset($_POST["pass"])) $_SESSION["pass"] = $_POST["pass"]; 
  652   if (isset($_POST["viewhtml"])) $_SESSION["viewhtml"] = $_POST["viewhtml"];
  653 
  654   if (isset($_GET["viewhtml"])) $_SESSION["viewhtml"] = $_GET["viewhtml"];
  655   if (isset($_GET["language"])) $_SESSION["language"] = $_GET["language"];
  656 }
  657 
  658 /*------------------------ init Session ------------------------*/
  659 
  660 function initSession() {
  661   global $viewHTMLentries,
  662      $defaultLanguage;
  663 
  664   if (!isset($_SESSION["viewhtml"])) $_SESSION["viewhtml"] = $viewHTMLentries;
  665   if (!isset($_SESSION["language"])) $_SESSION["language"] = $defaultLanguage;
  666   if (!isset($_SESSION["pass"]))     $_SESSION["pass"]     = "";
  667 
  668 }
  669 
  670 
  671 /*------------------------  ------------------------*/
  672 /*------------------------ Main ------------------------*/
  673 /*------------------------  ------------------------*/
  674 
  675   // Start PHP Session; note
  676   ini_set("session.use_trans_sid", "1");
  677   session_start();
  678 
  679   // Random number image. Do not do anything but this function!
  680   if ($_GET["act"] == "randomgfx") {
  681     randomGfx();
  682     exit;
  683   }
  684 
  685   // Read Config File
  686   require("php3guestrc.php");
  687 
  688 
  689   // Turn off magic quotes
  690   set_magic_quotes_runtime(0);
  691 
  692 
  693   // Get GET, POST, COOKIE Variables; init Session
  694   initSession();
  695   importVariables();
  696 
  697   // read language definition file
  698   if (!file_exists($languagefile = 'php3guest.'.$_SESSION["language"].'.inc'))
  699     $_SESSION["language"] = $defaultLanguage;
  700 
  701   if (!file_exists($languagefile = 'php3guest.'.$_SESSION["language"].'.inc'))
  702     die("Default Language is not available!");
  703 
  704   require($languagefile);
  705 
  706   // Print page header
  707   print($pageHeader);
  708 
  709 
  710   // Password set? Is it correct? Else die at an earlier stage
  711   if ($_SESSION["pass"] && $_SESSION["pass"] != $ownerPass) {
  712     $_SESSION["pass"] = "";
  713     die($wrongPass.'<br /><a href="'.$scriptname.'?act='.$act.'">'.$submitBack.'</a><br />'.$pageFooter);
  714   }
  715 
  716   // Well... Why am I commenting all this stuff? It IS self explaining...
  717   openDatabase();
  718 
  719   // Well, what shall we do at all?
  720   switch ($act) {
  721   // insert an entry
  722     case "insert" :
  723       printInsertForm();
  724       $_SESSION["validSession"] = 1;
  725       break;
  726 
  727   // submit an entry
  728     case "submit" :
  729       if ($_SESSION["validSession"] != 1) {
  730         print("<p>".$labelInvalidSession."</p>");
  731       } else {
  732         submitThis();
  733       }
  734       break;
  735 
  736   // ask for a owner password
  737     case "askpass" :
  738       askPass();
  739       $_SESSION["validSession"] = 1;
  740       break;
  741 
  742   // Edit an entry
  743     case "edit" :
  744       editEntry();
  745       $_SESSION["validSession"] = 1;
  746       break;
  747 
  748   // logout
  749     case "logout" :
  750       $_SESSION["pass"] = "";
  751 
  752   // else we want to view or admin all this stuff
  753     default :
  754       viewEntries();
  755       break;
  756 
  757     }
  758 
  759   // output page footer
  760   print($pageFooter);
  761 
  762 </script>
  763