// ***************************************************************
// * *
// * BIG SAM : Built-In Guestbook / Stand-Alone Module *
// * Version 1.0.13 - July, 17th 2000 *
// * *
// * Copyleft 2000 Georges Zadrozynski & Rémi Lecoupé-Grainville *
// * gezzed@atilla.org & rlg@atilla.org *
// * *
// * Homepage : http://www.atilla.org/bigsam *
// * Mail : bigsam@atilla.org *
// * *
// * This source is under GNU/GPL General Public License *
// * *
// ***************************************************************
$version = "1.0.13";
// $adminpassword is the password which will be asked for any administration
// actions. This password could be changed only if in admin mode (old
// $adminpassword matches $admin).
// Take care : The beginning of the line should look like "$adminpassword ="
// or "$adminpassword=" (No spaces, no tabs, etc...)
$adminpassword = "4qf";
// $myself is the name of the current script (this file) and which is going to
// be modified by itself. This means that (theoretically) this file can be
// placed anywhere on the system, with any filename.
$myself = $SCRIPT_FILENAME;
$myself2 = $SCRIPT_NAME;
if ($SERVER_PORT=="80") $BASEURL="http://$SERVER_NAME";
else $BASEURL="http://$SERVER_NAME:$SERVER_PORT";
// Compatibility for Win32 -> not tested
if (strpos($SERVER_SOFTWARE, "Win32"))
{
$myself= $PATH_TRANSLATED;
$myself2 = $PATH_INFO;
}
// Number of fields to be displayed simultaneously.
// To display everything, set $display_step to 0.
$display_step = 20;
// Beginning of the data to be displayed, default = 1
if ($display_begin=="") { $display_begin = 1; }
// Aspect of the script : Colors
// Choosing colors
/*
// Standard (Greys, bright background)
$color_white = "\"#FFFFFF\"";
$color_black = "\"#000000\"";
$color_heads = "\"#666666\"";
$color_body1 = "\"#EEEEEE\"";
$color_body2 = "\"#DDDDDD\"";
*/
// The Following is the ATILLA-type based model
$color_white = "\"#FFFFFF\"";
$color_black = "\"#000000\"";
$color_heads = "\"#42426F\"";
$color_body1 = "\"#FFF8DC\"";
$color_body2 = "\"#EFE8CC\"";
// Data submission form colors
$formheadcolor = $color_heads;
$formbodycolor = $color_body1;
$formtailcolor = $color_body2;
$formheadtext = $color_white;
$formbodytext = $color_black;
// Guestbook entries colors
$entryheadcolor = $color_heads;
$entrybodycolor1 = $color_body2;
$entrybodycolor2 = $color_body1;
$entryheadtext = $color_white;
$entrybodytext1 = $color_black;
$entrybodytext2 = $color_heads;
// Messages colors
$adminheadcolor = $color_heads;
$adminheadtext = $color_white;
$adminbodycolor1 = $color_body2;
$adminbodytext1 = $color_black;
$adminbodycolor2 = $color_body1;
$adminbodytext2 = $color_heads;
// Self regeneration of the script (The Rémi's ultime bricolage !)
$extension=substr($myself, strrpos($myself, ".")+1);
if (strpos($myself, "_temporary")!=false)
{
$thename=substr($myself, 0, strrpos($myself, "_temporary"));
$thename2=substr($myself2, 0, strrpos($myself2, "_temporary"));
$mainscript="${thename}.$extension";
$mainscript2="${thename2}.$extension";
$tempscript="${thename}_temporary.$extension";
$tempscript2="${thename2}_temporary.$extension";
if (!strpos($SERVER_SOFTWARE, "Win32")) unlink($mainscript);
copy($tempscript,$mainscript);
chmod( "$mainscript", 0666 ); // Diabolic !
// deleting the inuse file
if (!strpos($SERVER_SOFTWARE, "Win32")) unlink("${thename}_inuse.$extension");
header("Location: $BASEURL$mainscript2");
exit;
}
$thename=substr($myself, 0, strrpos($myself, "."));
$thename2=substr($myself2, 0, strrpos($myself2, "."));
$mainscript="${thename}.$extension";
$mainscript2="${thename2}.$extension";
$tempscript="${thename}_temporary.$extension";
$tempscript2="${thename2}_temporary.$extension";
if (file_exists($tempscript) && !file_exists("${thename}_inuse.$extension"))
{
if (filemtime($tempscript)>filemtime($mainscript))
{
header("Location: $BASEURL$tempscript2");
exit;
}
else if (!strpos($SERVER_SOFTWARE, "Win32"))
{
unlink($tempscript);
}
}
//******************************************************************************
// This place is where all the data are archived, before being used by the
// miscellaneous cases.
$index = 0;
// Here are automatically filled data arrays :
//#DATABEGIN
$archive_name[++$index] = "G3";
$archive_mail[ $index] = "devnull@g-3.org";
$archive_date[ $index] = "12th May 2005 - 09:48:52 AM";
$archive_text[ $index] = "About damn time that your site was back up. ;)";
$archive_name[++$index] = "Micromommy";
$archive_mail[ $index] = "bonnie804@yahoo.com";
$archive_date[ $index] = "12th May 2005 - 05:08:11 AM";
$archive_text[ $index] = "Things that make you go \"hmmmmm\" You're amazing!";
$archive_name[++$index] = "bill";
$archive_mail[ $index] = "billd@fuckyouspam.inebraska.com";
$archive_date[ $index] = "12th May 2005 - 02:04:59 AM";
$archive_text[ $index] = "OMG LOLZ U R BACK UP ROFL ROFL ROFL";
$archive_name[++$index] = "xpurple";
$archive_mail[ $index] = "none";
$archive_date[ $index] = "12th May 2005 - 01:22:31 AM";
$archive_text[ $index] = "Laura Conroy is *hot*";
$archive_name[++$index] = "xpurple";
$archive_mail[ $index] = "";
$archive_date[ $index] = "23rd October 2000 - 03:24:15 AM";
$archive_text[ $index] = "yes, seems to work fine now";
$archive_name[++$index] = "arier";
$archive_mail[ $index] = "";
$archive_date[ $index] = "23rd October 2000 - 03:03:24 AM";
$archive_text[ $index] = "is this thing on?";
$archive_name[++$index] = "xpurple";
$archive_mail[ $index] = "xpurple@xpurple.com";
$archive_date[ $index] = "23rd October 2000 - 03:00:47 AM";
$archive_text[ $index] = "test";
//#DATAEND
// From now, $index will indicate the number of data entries.
//******************************************************************************
// function displayform : Display the form which enables the client to type a
// message.
function displayform()
{
global $mainscript2;
$borderthickness = 3;
global $formheadcolor;
global $formbodycolor;
global $formtailcolor;
global $formheadtext;
global $formbodytext;
// Writing HTML Code
echo ("
");
echo ("");
echo ("
\n");
echo ("\n");
echo ("
\n");
}
//******************************************************************************
// function displayerror displays the $errormessage error message.
function displayerror($errormessage,$msgtype)
{
global $adminheadcolor;
global $adminheadtext;
global $adminbodycolor1;
global $adminbodytext1;
global $adminbodycolor2;
global $adminbodytext2;
displayheader();
echo ("
");
echo ("
");
echo (" BIG SAM Guestbook ");
echo ("
");
if ($msgtype=="1") // Admin Message
echo (" Administrator Error");
if ($msgtype=="2") // System Message
echo (" System Error");
echo ("");
echo ("
");
echo ("");
echo ("
$errormessage
");
echo ("
\n");
echo ("
");
displayfooter();
exit;
}
//******************************************************************************
// function displayheader and displayfooter displays the header/footer for your page
function displayheader()
{
global $version;
echo ("\n");
// You migh use and include instead of all this :
// include ("head.inc");
echo ("\n");
echo ("\n");
}
function displayfooter()
{
echo ("");
}
//******************************************************************************
// function standardize_text filters ambiguous chains in $str
function standardize_text($str)
{
$str = str_replace("<", "<", $str);
$str = str_replace(">", ">", $str);
$str = strip_tags($str);
$str = str_replace("\'", "'", $str);
$str = str_replace("$", "$", $str);
$str = str_replace("\r\n", " ", $str);
return $str;
}
//******************************************************************************
if ($admin=="") {
if ($name=="" || $message=="") {
displayheader();
// Use Case no 1-A
// This case is encountered when a client simply wants to add a message to the
// guestbook. (Every variable is empty);
// Displays the entry form to enable the client to type a message.
displayform();
echo ("
\n");
// Message arrays are displayed here :
echo "
\n";
// Displaying all the entries.
if ($display_step==0)
{
$display_begin=1;
$display_step=$index;
}
for ($i=$display_begin ; ($i<=($display_begin+$display_step-1)&&($i<=$index)) ; $i++)
{
$msgnumber = $index - $i + 1;
echo ("
\n";
displayfooter();
exit;
//******************************************************************************
} else {
// Use Case no 1-B
// Case is encountered when a client has just filled in the appropriate fields
// (name, mail, message).
// $name = "Some Name"
// $email = "Some@Email"
// $message = "Some Message"
// Simply add message in the top of all previous messages.
// to do : adding message to this file, then redirecting to myself
// If the inuse file exists, someone else is modifying this guestbook
// You can't continue unless it's in use for more than 5 sec
if (file_exists("${thename}_inuse.$extension"))
{
if (time()Please try again...",2);
}
else if (!strpos($SERVER_SOFTWARE, "Win32"))
{
unlink("${thename}_inuse.$extension");
if (file_exists($tempscript)) unlink($tempscript);
}
}
$fout = fopen("${thename}_inuse.$extension", "w");fclose($fout);
$fin = fopen($mainscript, "r");
$fout = fopen($tempscript, "w");
if ($fout<0 || $fin<0)
{
displayerror("Error opening files ! Be sure writing is allowed in this directory.",2);
}
$line = "";
for($i=1 ; $i<100000 && strpos($line, "#DATABEGIN")==false ; $i++)
{
$line=fgets($fin, 10000);
fputs($fout, $line);
}
$insert_msgdate = date( "dS F Y - h:i:s A" );
$name=standardize_text($name);
$email=standardize_text($email);
$message=standardize_text($message);
fputs ($fout,"\$archive_name[++\$index] = \"$name\";\n");
fputs ($fout,"\$archive_mail[ \$index] = \"$email\";\n");
fputs ($fout,"\$archive_date[ \$index] = \"$insert_msgdate\";\n");
fputs ($fout,"\$archive_text[ \$index] = \"$message\";\n");
for($i=1 ; $i<10000 && !feof($fin) ; $i++)
{
$line=fgets($fin, 10000);
fputs($fout, $line);
}
fclose($fin);
fclose($fout);
header("Location: $BASEURL$tempscript2");
exit;
//******************************************************************************
}} else {
if ($admin==$adminpassword) {
if ($command=="") {
displayheader();
// Use Case no 2-A
// Admin mode (The administrator can modify password, fields, or remove
// messages).
// $admin = $adminpassword
// Shows a password modification form.
// Shows all messages and enables to modify/delete them.
echo("
BIG SAM
Guestbook Administration
\n");
echo(" \n");
// Display the form which enables the admin to change his password
echo ("
\n");
echo ("\n");
echo ("
\n");
echo(" \n");
// Message arrays are displayed here in forms in order to modify them :
echo ("\n");
displayfooter();
exit;
//******************************************************************************
}
else if ($command=="passwd")
{
// Use Case no 2-B
// Admin mode (The administrator is modifying his password.).
// $admin = $adminpassword
// $newpassword1 = "New Password 1"
// $newpassword2 = "New Password 2"
// Check if $newpassword1 matches $newpassword2
// Set the $adminpassword line to :
// $adminpassword = "$newpassword1"
if($newpassword1!=$newpassword2)
{
// The passwords doesn't match
displayerror("The new passwords don't match !",1);
}
else
{
// If the inuse file exists, someone else is modifying this guestbook
// You can't continue
if (file_exists("${thename}_inuse.$extension")) displayerror("This GuestBook is in use ! Please try again...",2);
$fout = fopen("${thename}_inuse.$extension", "w");fclose($fout);
$fin = fopen($mainscript, "r");
$fout = fopen($tempscript, "w");
if ($fout<0 || $fin<0)
{
displayerror("Error opening files ! Be sure writing is allowed in this directory.",2);
}
$line = "";
for($i=1 ; $i<10000 && !feof($fin); $i++)
{
$line=fgets($fin, 10000);
// Seek the "$adminpassword =" line
if ((substr($line, 0, 16)=="\$adminpassword =")||(substr($line, 0, 15)=="\$adminpassword="))
{
// Replace by the new password
$newpassword1 = standardize_text($newpassword1);
fputs ($fout,"\$adminpassword = \"$newpassword1\";\n");
}
else
{
fputs($fout, $line);
}
}
fclose($fin);
fclose($fout);
header("Location: $BASEURL$tempscript2");
exit;
}
//******************************************************************************
} else if ($command=="modify") {
// Use Case no 2-C
// Admin mode (The administrator is updating entries).
// $admin = $adminpassword
// $nameXXX = "Modified name (no XXX)"
// $emailXXX = "Modified email (no XXX)"
// $messageXXX = "Modified message (no XXX)"
// $keep = "on" or ""
// Check if $admin matches $adminpassword.
// Rewrites ALL the fields except when $keepXXX = ""
// If the inuse file exists, someone else is modifying this guestbook
// You can't continue
if (file_exists("${thename}_inuse.$extension")) displayerror("This GuestBook is in use ! Please try again...",2);
$fout = fopen("${thename}_inuse.$extension", "w");fclose($fout);
$fin = fopen($mainscript, "r");
$fout = fopen($tempscript, "w");
if ($fout<0 || $fin<0)
{
displayerror("Error opening files ! Be sure writing is allowed in this directory.",2);
}
// Writes all the script lines until "#DATABEGIN"
$line = "";
for($i=1 ; $i<100000 && strpos($line, "#DATABEGIN")==false ; $i++)
{
$line=fgets($fin, 10000);
fputs($fout, $line);
}
for ($i=1 ; $i<=$index ; $i++)
{
// Get values from the form, and standardize them
$variable="name$i";
$name=standardize_text("${$variable}");
$variable="email$i";
$email=standardize_text("${$variable}");
$variable="date$i";
$insert_msgdate=standardize_text("${$variable}");
$variable="message$i";
$message=standardize_text("${$variable}");
$variable="keep$i";
if (${$variable}!="")
{
fputs ($fout,"\$archive_name[++\$index] = \"$name\";\n");
fputs ($fout,"\$archive_mail[ \$index] = \"$email\";\n");
fputs ($fout,"\$archive_date[ \$index] = \"$insert_msgdate\";\n");
fputs ($fout,"\$archive_text[ \$index] = \"$message\";\n");
}
}
// Seeks for the "#DATAEND" line, and skips all the data
$line = "";
for($i=1 ; $i<1000 && strpos($line, "#DATAEND")==false ; $i++)
{
$line=fgets($fin, 10000);
}
fputs($fout, $line);
// Writes the rest of the script
for($i=1 ; $i<10000 && !feof($fin) ; $i++)
{
$line=fgets($fin, 10000);
fputs($fout, $line);
}
fclose($fin);
fclose($fout);
header("Location: $BASEURL$tempscript2");
exit;
}
//******************************************************************************
} else {
// Use Case no 2-Z
// If $admin does NOT match $adminpassword.
// $admin != $adminpassword
// Error message : "Wrong Admin Password"
displayerror("Wrong Admin Password",1);
}}
//******************************************************************************
?>