Rev 7 | Rev 9 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 7 | Rev 8 | ||
---|---|---|---|
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | # ViaThinkSoft PHP Guestbook 2.8.3 |
3 | # ViaThinkSoft PHP Guestbook 2.8.3 |
4 | # (C) 2003-2023 ViaThinkSoft, Daniel Marschall |
4 | # (C) 2003-2023 ViaThinkSoft, Daniel Marschall |
5 | # Licensed under the Apache 2.0 License |
5 | # Licensed under the Apache 2.0 License |
6 | 6 | ||
7 | // Version des Gästebuchs |
7 | // Version des Gästebuchs |
8 | $version = '2.8.3'; |
8 | $version = '2.8.3'; |
9 | 9 | ||
10 | // START DEFAULT WERTE |
10 | // START DEFAULT WERTE |
11 | 11 | ||
12 | $charset = 'ISO-8859-1'; |
12 | $charset = 'ISO-8859-1'; |
13 | 13 | ||
14 | // Der Titel der Seite |
14 | // Der Titel der Seite |
15 | $seitentitel = 'Mein Gästebuch'; |
15 | $seitentitel = 'Mein Gästebuch'; |
16 | 16 | ||
17 | // Seitenkopf |
17 | // Seitenkopf |
18 | $seitenkopf = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
18 | $seitenkopf = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
19 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
19 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
20 | 20 | ||
21 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> |
21 | <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> |
22 | 22 | ||
23 | <head> |
23 | <head> |
24 | <meta http-equiv="Content-Type" content="text/html; charset={CHARSET}" /> |
24 | <meta http-equiv="Content-Type" content="text/html; charset={CHARSET}" /> |
25 | <title>'.htmlentities($seitentitel).' Gästebuch</title> |
25 | <title>'.htmlentities($seitentitel).' Gästebuch</title> |
26 | </head> |
26 | </head> |
27 | 27 | ||
28 | <body>'; |
28 | <body>'; |
29 | 29 | ||
30 | // Seitenfuß |
30 | // Seitenfuß |
31 | $seitenfuss = '</body></html>'; |
31 | $seitenfuss = '</body></html>'; |
32 | 32 | ||
33 | // Farben |
33 | // Farben |
34 | $farbe1 = '#505080'; // Rand eines Eintrags |
34 | $farbe1 = '#505080'; // Rand eines Eintrags |
35 | $farbe2 = '#D2DAF0'; // Eintrag Segment 2 (Text) BG |
35 | $farbe2 = '#D2DAF0'; // Eintrag Segment 2 (Text) BG |
36 | $farbe3 = '#A0B1E0'; // Eintrag Segment 1 (Kopfzeile) BG |
36 | $farbe3 = '#A0B1E0'; // Eintrag Segment 1 (Kopfzeile) BG |
37 | $farbe4 = '#333333'; // Erstellungsdatum Schrift |
37 | $farbe4 = '#333333'; // Erstellungsdatum Schrift |
38 | $farbe5 = '#E2E7F5'; // Eintrag Segment 3 (Admin-Kommentar, optional) BG |
38 | $farbe5 = '#E2E7F5'; // Eintrag Segment 3 (Admin-Kommentar, optional) BG |
39 | $farbe6 = 'red'; // Fehlermeldung |
39 | $farbe6 = 'red'; // Fehlermeldung |
40 | $farbe7 = 'blue'; // Pflichtfeld-Stern |
40 | $farbe7 = 'blue'; // Pflichtfeld-Stern |
41 | $farbe8 = 'green'; // Erfolgsmeldung |
41 | $farbe8 = 'green'; // Erfolgsmeldung |
42 | $farbe9 = 'black'; // Segment 1 (Kopfzeile) Text |
42 | $farbe9 = 'black'; // Segment 1 (Kopfzeile) Text |
43 | $farbe10 = 'black'; // Segment 2 (Text) Text |
43 | $farbe10 = 'black'; // Segment 2 (Text) Text |
44 | $farbe11 = 'black'; // Segment 3 (Admin-Kommentar, optional) Text |
44 | $farbe11 = 'black'; // Segment 3 (Admin-Kommentar, optional) Text |
45 | 45 | ||
46 | // Die MySQL-Zugangsdaten |
46 | // Die MySQL-Zugangsdaten |
47 | $mysql_server = 'localhost'; |
47 | $mysql_server = 'localhost'; |
48 | $mysql_user = 'root'; |
48 | $mysql_user = 'root'; |
49 | $mysql_pass = ''; |
49 | $mysql_pass = ''; |
50 | $mysql_database = 'guestbook'; |
50 | $mysql_database = 'guestbook'; |
51 | 51 | ||
52 | // Die Datenbanktabellennamen |
52 | // Die Datenbanktabellennamen |
53 | $table_entries = 'gaestebuch_entries'; |
53 | $table_entries = 'gaestebuch_entries'; |
54 | $table_smileys = 'gaestebuch_smileys'; |
54 | $table_smileys = 'gaestebuch_smileys'; |
55 | 55 | ||
56 | // E-Mail-Adresse |
56 | // E-Mail-Adresse |
57 | $adminmail = 'your_email_address@example.com'; |
57 | $adminmail = 'your_email_address@example.com'; |
58 | $adminmail_cc = ''; |
58 | $adminmail_cc = ''; |
59 | 59 | ||
60 | // Einträge pro Seite |
60 | // Einträge pro Seite |
61 | $eintraege_proseite = 10; |
61 | $eintraege_proseite = 10; |
62 | 62 | ||
63 | // Vorsicht: Der Server muss autorisiert sein, eine E-Mail zu über diese Domain zu senden (SPF/DKIM) |
63 | // Vorsicht: Der Server muss autorisiert sein, eine E-Mail zu über diese Domain zu senden (SPF/DKIM) |
64 | $cfg_from_email = 'noreply@example.com'; |
64 | $cfg_from_email = 'noreply@example.com'; |
65 | 65 | ||
66 | // Features |
66 | // Features |
67 | $cfg_feature_simple_antispam = true; |
67 | $cfg_feature_simple_antispam = true; |
68 | $cfg_automatisch_freischalten = false; |
68 | $cfg_automatisch_freischalten = false; |
69 | $cfg_unfreigeschaltete_anzegen = false; |
69 | $cfg_unfreigeschaltete_anzegen = false; |
70 | $cfg_vorschau = true; |
70 | $cfg_vorschau = true; |
71 | 71 | ||
72 | // Recaptcha - This is the most secure Captcha |
72 | // Recaptcha - This is the most secure Captcha |
73 | // It also helps against "F5" spamming! |
73 | // It also helps against "F5" spamming! |
74 | // Get a FREE API key here: https://www.google.com/recaptcha/admin/create |
74 | // Get a FREE API key here: https://www.google.com/recaptcha/admin/create |
75 | $cfg_recaptcha_enabled = false; |
75 | $cfg_recaptcha_enabled = false; |
76 | $cfg_recaptcha_pubkey = ''; |
76 | $cfg_recaptcha_pubkey = ''; |
77 | $cfg_recaptcha_privkey = ''; |
77 | $cfg_recaptcha_privkey = ''; |
78 | 78 | ||
79 | // see https://daniel-lange.com/archives/66-ICQ-web-status-icons.html |
79 | // see https://daniel-lange.com/archives/66-ICQ-web-status-icons.html |
80 | $cfg_icq_statusicon = 5; |
80 | $cfg_icq_statusicon = 5; |
81 | 81 | ||
82 | // ENDE DEFAULT WERTE |
82 | // ENDE DEFAULT WERTE |
83 | 83 | ||
84 | if (!file_exists(__DIR__ . '/config/config.inc.php')) { |
84 | if (!file_exists(__DIR__ . '/config/config.inc.php')) { |
85 | die('ERROR: File <b>config/config.inc.php</b> does not exist. Please create it using <b>config/config.original.inc.php</b>'); |
85 | die('ERROR: File <b>config/config.inc.php</b> does not exist. Please create it using <b>config/config.original.inc.php</b>'); |
86 | } |
86 | } |
87 | require_once __DIR__ . '/config/config.inc.php'; |
87 | require_once __DIR__ . '/config/config.inc.php'; |
88 | 88 | ||
89 | if ($cfg_recaptcha_enabled) $cfg_feature_simple_antispam = false; |
89 | if ($cfg_recaptcha_enabled) $cfg_feature_simple_antispam = false; |
90 | 90 | ||
91 | require_once __DIR__ . '/includes/database.inc.php'; |
91 | require_once __DIR__ . '/includes/database.inc.php'; |
92 | verbinden(); |
92 | verbinden(); |
93 | 93 | ||
94 | require_once __DIR__ . '/includes/SecureMailer.class.php'; |
94 | require_once __DIR__ . '/includes/SecureMailer.class.php'; |
95 | require_once __DIR__ . '/includes/ip_functions.inc.php'; |
95 | require_once __DIR__ . '/includes/ip_functions.inc.php'; |
96 | 96 | ||
97 | if ($cfg_recaptcha_enabled) { |
97 | if ($cfg_recaptcha_enabled) { |
98 | require_once __DIR__ . '/includes/recaptcha/src/autoload.php'; |
98 | require_once __DIR__ . '/includes/recaptcha/src/autoload.php'; |
99 | } |
99 | } |
100 | 100 | ||
101 | # ------------------------------ |
101 | # ------------------------------ |
102 | 102 | ||
103 | // Funktion zum sichern von E-Mail-Adressen |
103 | // Funktion zum sichern von E-Mail-Adressen |
104 | // $crypt_linktext = 0 |
104 | // $crypt_linktext = 0 |
105 | // --> geeignet für <img>-links, da $linktext nicht in ASCII übersetzt wird! |
105 | // --> geeignet für <img>-links, da $linktext nicht in ASCII übersetzt wird! |
106 | // $crypt_linktext = 1 |
106 | // $crypt_linktext = 1 |
107 | // --> geeignet für text-links für höhere Sicherheit |
107 | // --> geeignet für text-links für höhere Sicherheit |
108 | 108 | ||
109 | function secure_email($email, $linktext, $crypt_linktext) { |
109 | function secure_email($email, $linktext, $crypt_linktext) { |
110 | $aus = ''; |
110 | $aus = ''; |
111 | if ($email != '') { |
111 | if ($email != '') { |
112 | $aus .= '<script language="JavaScript" type="text/javascript"> |
112 | $aus .= '<script language="JavaScript" type="text/javascript"> |
113 | <!-- |
113 | <!-- |
114 | document.write("<a href=\"");'."\n"; |
114 | document.write("<a href=\"");'."\n"; |
115 | 115 | ||
116 | $gesamttext = 'mailto:'.$email; |
116 | $gesamttext = 'mailto:'.$email; |
117 | for ($i=0; $i<strlen($gesamttext); $i++) { |
117 | for ($i=0; $i<strlen($gesamttext); $i++) { |
118 | $aus .= ' document.write("&#'.ord(substr($gesamttext, $i, 1)).';");'."\n"; |
118 | $aus .= ' document.write("&#'.ord(substr($gesamttext, $i, 1)).';");'."\n"; |
119 | } |
119 | } |
120 | 120 | ||
121 | $aus .= ' document.write("\">");'."\n"; |
121 | $aus .= ' document.write("\">");'."\n"; |
122 | 122 | ||
123 | if ($crypt_linktext == '1') { |
123 | if ($crypt_linktext == '1') { |
124 | $gesamttext = $linktext; |
124 | $gesamttext = $linktext; |
125 | for ($i=0; $i<strlen($gesamttext); $i++) { |
125 | for ($i=0; $i<strlen($gesamttext); $i++) { |
126 | $aus .= ' document.write("&#'.ord(substr($gesamttext, $i, 1)).';");'."\n"; |
126 | $aus .= ' document.write("&#'.ord(substr($gesamttext, $i, 1)).';");'."\n"; |
127 | } |
127 | } |
128 | } else { |
128 | } else { |
129 | $gesamttext = str_replace('"', '\"', $linktext); |
129 | $gesamttext = str_replace('"', '\"', $linktext); |
130 | $aus .= ' document.write("'.$gesamttext.'");'; |
130 | $aus .= ' document.write("'.$gesamttext.'");'; |
131 | } |
131 | } |
132 | 132 | ||
133 | $aus .= ' document.write("<\/a>"); |
133 | $aus .= ' document.write("<\/a>"); |
134 | // --> |
134 | // --> |
135 | </script>'; |
135 | </script>'; |
136 | } |
136 | } |
137 | 137 | ||
138 | return $aus; |
138 | return $aus; |
139 | } |
139 | } |
140 | 140 | ||
141 | function myhtmlentities($nachricht) { |
141 | function myhtmlentities($nachricht) { |
142 | global $charset; |
142 | global $charset; |
143 | return htmlentities($nachricht, ENT_COMPAT | ENT_XHTML, $charset); |
143 | return htmlentities($nachricht, ENT_COMPAT | ENT_XHTML, $charset); |
144 | } |
144 | } |
145 | 145 | ||
146 | function parse_html($nachricht, $loc_dir = '') { |
146 | function parse_html($nachricht, $loc_dir = '') { |
147 | global $table_smileys; |
147 | global $table_smileys; |
148 | 148 | ||
149 | // Smiley pre-parsing |
149 | // Smiley pre-parsing |
150 | $uid = uniqid(); |
150 | $uid = uniqid(); |
151 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung`, `id` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' ORDER BY `id` ASC"); |
151 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung`, `id` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' ORDER BY `id` ASC"); |
152 | while ($row = db_fetch_object($result)) { |
152 | while ($row = db_fetch_object($result)) { |
153 | # $nachricht = str_replace($row->zeichen, '<img src="images/smileys/'.$row->image.'" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" />', $nachricht); |
153 | # $nachricht = str_replace($row->zeichen, '<img src="images/smileys/'.$row->image.'" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" />', $nachricht); |
154 | $nachricht = str_replace($row->zeichen, "\nSMILEY{$uid}:".$row->id.":{$uid}YELIMS\n", $nachricht); |
154 | $nachricht = str_replace($row->zeichen, "\nSMILEY{$uid}:".$row->id.":{$uid}YELIMS\n", $nachricht); |
155 | } |
155 | } |
156 | 156 | ||
157 | // HTML Parsing |
157 | // HTML Parsing |
158 | $nachricht = myhtmlentities($nachricht); |
158 | $nachricht = myhtmlentities($nachricht); |
159 | # Damit funktioniert wordwrap() nicht gescheit, was für den Mailverkehr wichtig ist. außerdem gibt es dann keinen umbruch in der voransicht |
159 | # Damit funktioniert wordwrap() nicht gescheit, was für den Mailverkehr wichtig ist. außerdem gibt es dann keinen umbruch in der voransicht |
160 | # $nachricht = str_replace(' ', ' ', $nachricht); |
160 | # $nachricht = str_replace(' ', ' ', $nachricht); |
161 | # TODO: man sollte ' '-> erst ersetzen, wenn es mehr als 1 leerzeichen ist |
161 | # TODO: man sollte ' '-> erst ersetzen, wenn es mehr als 1 leerzeichen ist |
162 | $nachricht = nl2br($nachricht); |
162 | $nachricht = nl2br($nachricht); |
163 | $nachricht = str_replace('<br>', '<br />', $nachricht); // to be sure |
163 | $nachricht = str_replace('<br>', '<br />', $nachricht); // to be sure |
164 | $nachricht = str_replace('<BR>', '<br />', $nachricht); // to be sure |
164 | $nachricht = str_replace('<BR>', '<br />', $nachricht); // to be sure |
165 | 165 | ||
166 | // Linkanalyse von phpBB |
166 | // Linkanalyse von phpBB |
167 | $nachricht = ' ' . $nachricht; |
167 | $nachricht = ' ' . $nachricht; |
168 | $nachricht = preg_replace("#([\t\r\n ])([a-z0-9]+?){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1<a href="\2://\3" target="_blank">\2://\3</a>', $nachricht); |
168 | $nachricht = preg_replace("#([\t\r\n ])([a-z0-9]+?){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1<a href="\2://\3" target="_blank">\2://\3</a>', $nachricht); |
169 | $nachricht = preg_replace("#([\t\r\n ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1<a href="http://\2.\3" target="_blank">\2.\3</a>', $nachricht); |
169 | $nachricht = preg_replace("#([\t\r\n ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\1<a href="http://\2.\3" target="_blank">\2.\3</a>', $nachricht); |
170 | $nachricht = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $nachricht); |
170 | $nachricht = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $nachricht); |
171 | $nachricht = substr($nachricht, 1); |
171 | $nachricht = substr($nachricht, 1); |
172 | 172 | ||
173 | // Final smiley parsing |
173 | // Final smiley parsing |
174 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung`, `id` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' ORDER BY `id` ASC"); |
174 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung`, `id` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' ORDER BY `id` ASC"); |
175 | while ($row = db_fetch_object($result)) { |
175 | while ($row = db_fetch_object($result)) { |
176 | $nachricht = str_replace("<br />\nSMILEY{$uid}:".$row->id.":{$uid}YELIMS<br />\n", '<img src="'.$loc_dir.'images/smileys/'.$row->image.'" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" />', $nachricht); |
176 | $nachricht = str_replace("<br />\nSMILEY{$uid}:".$row->id.":{$uid}YELIMS<br />\n", '<img src="'.$loc_dir.'images/smileys/'.$row->image.'" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" />', $nachricht); |
177 | } |
177 | } |
178 | 178 | ||
179 | return $nachricht; |
179 | return $nachricht; |
180 | } |
180 | } |
181 | 181 | ||
182 | function anznachricht($name, $ort, $email, $home, $icq, $nachricht, $kommentar, $zeit, $datum) { |
182 | function anznachricht($name, $ort, $email, $home, $icq, $nachricht, $kommentar, $zeit, $datum) { |
183 | global $farbe1, $farbe2, $farbe3, $farbe4, $farbe5, $farbe6, $farbe7, $farbe8, $farbe9, $farbe10, $farbe11, $this_dir, $cfg_icq_statusicon; |
183 | global $farbe1, $farbe2, $farbe3, $farbe4, $farbe5, $farbe6, $farbe7, $farbe8, $farbe9, $farbe10, $farbe11, $this_dir, $cfg_icq_statusicon; |
184 | 184 | ||
185 | $zzeit = explode(":", $zeit); |
185 | $zzeit = explode(":", $zeit); |
186 | $zzeit = $zzeit[0].".".$zzeit[1]; |
186 | $zzeit = $zzeit[0].".".$zzeit[1]; |
187 | $ddatum = explode("-", $datum); |
187 | $ddatum = explode("-", $datum); |
188 | $ddatum = $ddatum[2].".".$ddatum[1].".".$ddatum[0]; |
188 | $ddatum = $ddatum[2].".".$ddatum[1].".".$ddatum[0]; |
189 | $nachricht = parse_html($nachricht, $this_dir); |
189 | $nachricht = parse_html($nachricht, $this_dir); |
190 | 190 | ||
191 | echo '<table border="1" cellpadding="5" cellspacing="0" width="100%" style="border-color:'.$farbe1.';border-collapse:collapse">'; |
191 | echo '<table border="1" cellpadding="5" cellspacing="0" width="100%" style="border-color:'.$farbe1.';border-collapse:collapse">'; |
192 | echo ' <tr>'; |
192 | echo ' <tr>'; |
193 | echo ' <td width="100%" bgcolor="'.$farbe3.'" style="border-color:'.$farbe1.';border-collapse:collapse">'; |
193 | echo ' <td width="100%" bgcolor="'.$farbe3.'" style="border-color:'.$farbe1.';border-collapse:collapse">'; |
194 | echo ' <table border="0" cellpadding="0" cellspacing="0" width="100%" style="color:'.$farbe9.'">'; |
194 | echo ' <table border="0" cellpadding="0" cellspacing="0" width="100%" style="color:'.$farbe9.'">'; |
195 | echo ' <tr>'; |
195 | echo ' <tr>'; |
196 | echo ' <td width="75%" align="left"><b>'.myhtmlentities($name).'</b>'; |
196 | echo ' <td width="75%" align="left"><b>'.myhtmlentities($name).'</b>'; |
197 | if ($ort != '') echo ' aus '.myhtmlentities($ort); |
197 | if ($ort != '') echo ' aus '.myhtmlentities($ort); |
198 | echo '</td>'; |
198 | echo '</td>'; |
199 | echo ' <td width="5%"> </td>'; |
199 | echo ' <td width="5%"> </td>'; |
200 | echo ' <td width="20%" align="right">'; |
200 | echo ' <td width="20%" align="right">'; |
201 | if ($email != '') { |
201 | if ($email != '') { |
202 | echo secure_email(myhtmlentities($email), '<img src="images/email.gif" border="0" height="18" width="17" alt="E-Mail-Adresse" title="E-Mail-Adresse" />', 0); |
202 | echo secure_email(myhtmlentities($email), '<img src="images/email.gif" border="0" height="18" width="17" alt="E-Mail-Adresse" title="E-Mail-Adresse" />', 0); |
203 | } |
203 | } |
204 | if ($home != '') { |
204 | if ($home != '') { |
205 | echo ' <a href="'.myhtmlentities($home).'" target="_blank"><img src="images/homepage.gif" border="0" height="18" width="16" alt="Homepage" title="Homepage" /></a>'; |
205 | echo ' <a href="'.myhtmlentities($home).'" target="_blank"><img src="images/homepage.gif" border="0" height="18" width="16" alt="Homepage" title="Homepage" /></a>'; |
206 | } |
206 | } |
207 | if ($icq != '') { |
207 | if ($icq != '') { |
208 | echo ' <a href="https://icq.com/people/'.urlencode($icq).'" target="_blank"><img src="https://status.icq.com/online.gif?icq='.urlencode($icq).'&img='.$cfg_icq_statusicon.'" alt="Mein ICQ Status" title="Mein ICQ Status" border="0"></a></a>'; |
208 | echo ' <a href="https://icq.com/people/'.urlencode($icq).'" target="_blank"><img src="https://status.icq.com/online.gif?icq='.urlencode($icq).'&img='.$cfg_icq_statusicon.'" alt="Mein ICQ Status" title="Mein ICQ Status" border="0"></a></a>'; |
209 | } |
209 | } |
210 | echo '</td></tr></table></td></tr>'; |
210 | echo '</td></tr></table></td></tr>'; |
211 | echo '<tr><td width="100%" bgcolor="'.$farbe2.'" style="color:'.$farbe10.'" align="left">'.$nachricht.'<br /><br /><font size="2" color="'.$farbe4.'">Dieser Eintrag wurde am '.$ddatum.' um '.$zzeit.' Uhr erstellt.</font></td></tr>'; |
211 | echo '<tr><td width="100%" bgcolor="'.$farbe2.'" style="color:'.$farbe10.'" align="left">'.$nachricht.'<br /><br /><font size="2" color="'.$farbe4.'">Dieser Eintrag wurde am '.$ddatum.' um '.$zzeit.' Uhr erstellt.</font></td></tr>'; |
212 | if ($kommentar != '') { |
212 | if ($kommentar != '') { |
213 | $kommentar = parse_html($kommentar, $this_dir); |
213 | $kommentar = parse_html($kommentar, $this_dir); |
214 | echo '<tr><td width="100%" bgcolor="'.$farbe5.'" style="color:'.$farbe11.'" align="left"><b>Kommentar des Seiteneigentümers:</b><br /><br />'.$kommentar.'</td></tr>'; |
214 | echo '<tr><td width="100%" bgcolor="'.$farbe5.'" style="color:'.$farbe11.'" align="left"><b>Kommentar des Seiteneigentümers:</b><br /><br />'.$kommentar.'</td></tr>'; |
215 | } |
215 | } |
216 | echo '</table><br />'; |
216 | echo '</table><br />'; |
217 | } |
217 | } |
218 | 218 | ||
219 | # -------------------------- |
219 | # -------------------------- |
220 | 220 | ||
221 | # http://stackoverflow.com/questions/1175096/how-to-find-out-if-you-are-using-https-without-serverhttps |
221 | # http://stackoverflow.com/questions/1175096/how-to-find-out-if-you-are-using-https-without-serverhttps |
222 | $is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443); |
222 | $is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443); |
223 | 223 | ||
224 | $proto = $is_https ? 'https' : 'http'; |
224 | $proto = $is_https ? 'https' : 'http'; |
225 | $inphp = $proto.'://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; |
225 | $inphp = $proto.'://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; |
226 | $this_dir = dirname($inphp).'/'; |
226 | $this_dir = dirname($inphp).'/'; |
227 | 227 | ||
228 | $seitenkopf = str_replace('{CHARSET}', $charset, $seitenkopf); |
228 | $seitenkopf = str_replace('{CHARSET}', $charset, $seitenkopf); |
229 | echo $seitenkopf; |
229 | echo $seitenkopf; |
230 | 230 | ||
231 | // Vor der Vorschau alles prüfen |
231 | // Vor der Vorschau alles prüfen |
232 | $err_name = false; |
232 | $err_name = false; |
233 | $err_nachricht = false; |
233 | $err_nachricht = false; |
234 | $err_icq = false; |
234 | $err_icq = false; |
235 | $err_email = false; |
235 | $err_email = false; |
236 | $err_homepage = false; |
236 | $err_homepage = false; |
237 | $err_antispam = false; |
237 | $err_antispam = false; |
238 | $relfehler = ''; |
238 | $relfehler = ''; |
239 | 239 | ||
240 | $view_vorschau = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'vorschau'); |
240 | $view_vorschau = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'vorschau'); |
241 | $view_abschicken = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'abschicken'); |
241 | $view_abschicken = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'abschicken'); |
242 | $view_eintrag = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'eintrag'); |
242 | $view_eintrag = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'eintrag'); |
243 | $view_freischalten = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'freischalten'); |
243 | $view_freischalten = isset($_REQUEST['action']) && ($_REQUEST['action'] == 'freischalten'); |
244 | 244 | ||
245 | $name = (isset($_POST['name']) ? trim($_POST['name']) : ''); |
245 | $name = (isset($_POST['name']) ? trim($_POST['name']) : ''); |
246 | $ort = (isset($_POST['ort']) ? trim($_POST['ort']) : ''); |
246 | $ort = (isset($_POST['ort']) ? trim($_POST['ort']) : ''); |
247 | $email = (isset($_POST['email']) ? trim($_POST['email']) : ''); |
247 | $email = (isset($_POST['email']) ? trim($_POST['email']) : ''); |
248 | $homepage = (isset($_POST['homepage']) ? trim($_POST['homepage']) : ''); |
248 | $homepage = (isset($_POST['homepage']) ? trim($_POST['homepage']) : ''); |
249 | $icq = (isset($_POST['icq']) ? trim($_POST['icq']) : ''); |
249 | $icq = (isset($_POST['icq']) ? trim($_POST['icq']) : ''); |
250 | $nachricht = (isset($_POST['nachricht']) ? trim($_POST['nachricht']) : ''); |
250 | $nachricht = (isset($_POST['nachricht']) ? trim($_POST['nachricht']) : ''); |
251 | $antispam = (isset($_POST['antispam']) ? trim($_POST['antispam']) : ''); |
251 | $antispam = (isset($_POST['antispam']) ? trim($_POST['antispam']) : ''); |
252 | $kommentar = ''; |
252 | $kommentar = ''; |
253 | 253 | ||
254 | $icq = str_replace('-', '', $icq); // XXX-XXX-XXX -> XXXXXXXXX |
254 | $icq = str_replace('-', '', $icq); // XXX-XXX-XXX -> XXXXXXXXX |
255 | 255 | ||
256 | # ----------------------------------- |
256 | # ----------------------------------- |
257 | 257 | ||
258 | function md5_valid($id, $md5_message) { |
258 | function md5_valid($id, $md5_message) { |
259 | global $table_entries; |
259 | global $table_entries; |
260 | return md5($table_entries.'-'.$id.'-'.$md5_message.'-GBINT'); |
260 | return md5($table_entries.'-'.$id.'-'.$md5_message.'-GBINT'); |
261 | } |
261 | } |
262 | 262 | ||
263 | # ----------------------------------- |
263 | # ----------------------------------- |
264 | 264 | ||
265 | if ($view_freischalten) { |
265 | if ($view_freischalten) { |
266 | $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : ''; |
266 | $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : ''; |
267 | $md5 = isset($_REQUEST['md5']) ? $_REQUEST['md5'] : ''; |
267 | $md5 = isset($_REQUEST['md5']) ? $_REQUEST['md5'] : ''; |
268 | 268 | ||
269 | echo '<h1>Gästebucheintrag freischalten</h1>'; |
269 | echo '<h1>Gästebucheintrag freischalten</h1>'; |
270 | 270 | ||
271 | if (($id == '') || ($md5 == '')) { |
271 | if (($id == '') || ($md5 == '')) { |
272 | die('<p><font color="'.$farbe6.'">Ein Fehler ist aufgetreten. Fehler in den Parametern.</font></p>'.$seitenfuss); |
272 | die('<p><font color="'.$farbe6.'">Ein Fehler ist aufgetreten. Fehler in den Parametern.</font></p>'.$seitenfuss); |
273 | } |
273 | } |
274 | 274 | ||
275 | $result = db_query("SELECT `show`, MD5(`nachricht`) AS `md5` FROM `".db_real_escape_string($table_entries)."` WHERE `id` = '".db_real_escape_string($id)."'"); |
275 | $result = db_query("SELECT `show`, MD5(`nachricht`) AS `md5` FROM `".db_real_escape_string($table_entries)."` WHERE `id` = '".db_real_escape_string($id)."'"); |
276 | if ($row = db_fetch_object($result)) { |
276 | if ($row = db_fetch_object($result)) { |
277 | if ($row->show == 1) { |
277 | if ($row->show == 1) { |
278 | echo '<p><font color="'.$farbe8.'">Eintrag ist bereits freigeschaltet!</font></p>'; |
278 | echo '<p><font color="'.$farbe8.'">Eintrag ist bereits freigeschaltet!</font></p>'; |
279 | } else { |
279 | } else { |
280 | $md5_valid = md5_valid($id, $row->md5); |
280 | $md5_valid = md5_valid($id, $row->md5); |
281 | if (strtolower($md5) == strtolower($md5_valid)) { |
281 | if (strtolower($md5) == strtolower($md5_valid)) { |
282 | db_query("UPDATE `".db_real_escape_string($table_entries)."` SET `show` = '1' WHERE `id` = '".db_real_escape_string($id)."'"); |
282 | db_query("UPDATE `".db_real_escape_string($table_entries)."` SET `show` = '1' WHERE `id` = '".db_real_escape_string($id)."'"); |
283 | echo '<p><font color="'.$farbe8.'">Eintrag erfolgreich freigeschaltet!</font></p>'; |
283 | echo '<p><font color="'.$farbe8.'">Eintrag erfolgreich freigeschaltet!</font></p>'; |
284 | } else { |
284 | } else { |
285 | echo '<p><font color="'.$farbe6.'">Keine Berechtigung, den Eintrag freizuschalten!</font></p>'; |
285 | echo '<p><font color="'.$farbe6.'">Keine Berechtigung, den Eintrag freizuschalten!</font></p>'; |
286 | } |
286 | } |
287 | } |
287 | } |
288 | } |
288 | } |
289 | 289 | ||
290 | die($seitenfuss); |
290 | die($seitenfuss); |
291 | } |
291 | } |
292 | 292 | ||
293 | if ($cfg_feature_simple_antispam) { |
293 | if ($cfg_feature_simple_antispam) { |
294 | // NG: erster block der IP adresse hinzufügen |
294 | // NG: erster block der IP adresse hinzufügen |
295 | $antispam_awaiting = (date('d')-15) * (2+date('m')) * 2 + 1337 + date('Y'); |
295 | $antispam_awaiting = (date('d')-15) * (2+date('m')) * 2 + 1337 + date('Y'); |
296 | } |
296 | } |
297 | 297 | ||
298 | if (($view_vorschau) || ($view_abschicken)) { |
298 | if (($view_vorschau) || ($view_abschicken)) { |
299 | // Name prüfen |
299 | // Name prüfen |
300 | if ($name == '') $err_name = true; |
300 | if ($name == '') $err_name = true; |
301 | 301 | ||
302 | // Nachricht prüfen |
302 | // Nachricht prüfen |
303 | if ($nachricht == '') $err_nachricht = true; |
303 | if ($nachricht == '') $err_nachricht = true; |
304 | 304 | ||
305 | // ICQ prüfen, wenn angegeben |
305 | // ICQ prüfen, wenn angegeben |
306 | if ((!preg_match('/^[0-9]+$/', $icq)) && ($icq != '')) $err_icq = true; |
306 | if ((!preg_match('/^[0-9]+$/', $icq)) && ($icq != '')) $err_icq = true; |
307 | 307 | ||
308 | // E-Mail-Adresse prüfen, wenn angegeben |
308 | // E-Mail-Adresse prüfen, wenn angegeben |
309 | if ((!preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) && ($email != '')) $err_email = true; |
309 | if ((!preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $email)) && ($email != '')) $err_email = true; |
310 | 310 | ||
311 | // Homepage prüfen, wenn angegeben |
311 | // Homepage prüfen, wenn angegeben |
312 | if ($homepage != '') { |
312 | if ($homepage != '') { |
313 | if (!preg_match('#^http[s]?:\/\/#i', $homepage)) { |
313 | if (!preg_match('#^http[s]?:\/\/#i', $homepage)) { |
314 | $homepage = 'http://' . $homepage; |
314 | $homepage = 'http://' . $homepage; |
315 | } |
315 | } |
316 | if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $homepage)) { |
316 | if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $homepage)) { |
317 | $err_homepage = true; |
317 | $err_homepage = true; |
318 | } |
318 | } |
319 | } |
319 | } |
320 | 320 | ||
321 | // AntiSpam prüfen |
321 | // AntiSpam prüfen |
322 | if (($cfg_feature_simple_antispam) && ($antispam != $antispam_awaiting)) $err_antispam = true; |
322 | if (($cfg_feature_simple_antispam) && ($antispam != $antispam_awaiting)) $err_antispam = true; |
323 | 323 | ||
324 | // Fehler? |
324 | // Fehler? |
325 | if (($err_name) || ($err_nachricht) || ($err_icq) || ($err_email) || ($err_homepage) || ($err_antispam)) { |
325 | if (($err_name) || ($err_nachricht) || ($err_icq) || ($err_email) || ($err_homepage) || ($err_antispam)) { |
326 | $relfehler = '<font color="'.$farbe6.'"><u>Fehler</u>: Es wurden nicht alle Pflichtfelder ausgefüllt oder einige Felder enthalten einen Fehler!</font>'; |
326 | $relfehler = '<font color="'.$farbe6.'"><u>Fehler</u>: Es wurden nicht alle Pflichtfelder ausgefüllt oder einige Felder enthalten einen Fehler!</font>'; |
327 | } |
327 | } |
328 | 328 | ||
329 | if (!$relfehler) { |
329 | if (!$relfehler) { |
330 | $datum = date('Y-m-d'); |
330 | $datum = date('Y-m-d'); |
331 | $zeit = date('H:i:s'); |
331 | $zeit = date('H:i:s'); |
332 | $ip = get_real_ip(); // $_SERVER['REMOTE_ADDR']; |
332 | $ip = get_real_ip(); // $_SERVER['REMOTE_ADDR']; |
333 | $host = gethostbyaddr($ip); |
333 | $host = gethostbyaddr($ip); |
334 | $whois_service = "https://whois.viathinksoft.de/whois/$ip"; |
334 | $whois_service = "https://whois.viathinksoft.de/whois/$ip"; |
335 | 335 | ||
336 | if ($view_vorschau) { |
336 | if ($view_vorschau) { |
337 | echo '<h1>Gästebucheintrag Vorschau</h1>'; |
337 | echo '<h1>Gästebucheintrag Vorschau</h1>'; |
338 | echo '<div align="center">'; |
338 | echo '<div align="center">'; |
339 | 339 | ||
340 | anznachricht($name, $ort, $email, $homepage, $icq, $nachricht, $kommentar, $zeit, $datum); |
340 | anznachricht($name, $ort, $email, $homepage, $icq, $nachricht, $kommentar, $zeit, $datum); |
341 | 341 | ||
342 | echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\"><tr>\n"; |
342 | echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\"><tr>\n"; |
343 | 343 | ||
344 | echo "<td>\n"; |
344 | echo "<td>\n"; |
345 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm2\">\n"; |
345 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm2\">\n"; |
346 | echo "<input type=\"hidden\" name=\"action\" value=\"eintrag\" />\n"; |
346 | echo "<input type=\"hidden\" name=\"action\" value=\"eintrag\" />\n"; |
347 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
347 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
348 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
348 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
349 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
349 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
350 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
350 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
351 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
351 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
352 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
352 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
353 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
353 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
354 | echo "<a href=\"javascript:document.frm2.submit()\"><img src=\"images/buttons/aendern.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Ändern\" title=\"Ändern\" /></a>"; |
354 | echo "<a href=\"javascript:document.frm2.submit()\"><img src=\"images/buttons/aendern.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Ändern\" title=\"Ändern\" /></a>"; |
355 | echo "</form>"; |
355 | echo "</form>"; |
356 | echo "</td>"; |
356 | echo "</td>"; |
357 | 357 | ||
358 | echo "<td><img src=\"images/spacer.gif\" height=\"1\" width=\"30\" alt=\"\" /></td>"; |
358 | echo "<td><img src=\"images/spacer.gif\" height=\"1\" width=\"30\" alt=\"\" /></td>"; |
359 | 359 | ||
360 | echo "<td>\n"; |
360 | echo "<td>\n"; |
361 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm1\">\n"; |
361 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm1\">\n"; |
362 | echo "<input type=\"hidden\" name=\"action\" value=\"abschicken\" />\n"; |
362 | echo "<input type=\"hidden\" name=\"action\" value=\"abschicken\" />\n"; |
363 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
363 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
364 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
364 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
365 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
365 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
366 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
366 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
367 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
367 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
368 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
368 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
369 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
369 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
370 | echo "<a href=\"javascript:document.frm1.submit()\"><img src=\"images/buttons/abschicken.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Abschicken\" title=\"Abschicken\" /></a>"; |
370 | echo "<a href=\"javascript:document.frm1.submit()\"><img src=\"images/buttons/abschicken.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Abschicken\" title=\"Abschicken\" /></a>"; |
371 | echo "</form>"; |
371 | echo "</form>"; |
372 | echo "</td>"; |
372 | echo "</td>"; |
373 | 373 | ||
374 | echo "</tr></table></div>\n"; |
374 | echo "</tr></table></div>\n"; |
375 | } elseif ($view_abschicken) { |
375 | } elseif ($view_abschicken) { |
376 | $pass_final_recaptcha = true; |
376 | $pass_final_recaptcha = true; |
377 | if ($cfg_recaptcha_enabled) { |
377 | if ($cfg_recaptcha_enabled) { |
378 | if (!isset($_POST['g-recaptcha-response'])) { |
378 | if (!isset($_POST['g-recaptcha-response'])) { |
379 | $pass_final_recaptcha = false; |
379 | $pass_final_recaptcha = false; |
380 | } else { |
380 | } else { |
381 | $recaptcha = new \ReCaptcha\ReCaptcha($cfg_recaptcha_privkey); |
381 | $recaptcha = new \ReCaptcha\ReCaptcha($cfg_recaptcha_privkey); |
382 | $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); |
382 | $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); |
383 | $pass_final_recaptcha = $resp->isSuccess(); |
383 | $pass_final_recaptcha = $resp->isSuccess(); |
384 | } |
384 | } |
385 | } |
385 | } |
386 | 386 | ||
387 | if (!$pass_final_recaptcha) { |
387 | if (!$pass_final_recaptcha) { |
388 | echo '<h1>Bitte Sicherheitsfrage beantworten</h1>'; |
388 | echo '<h1>Bitte Sicherheitsfrage beantworten</h1>'; |
389 | echo '<p>Bitte tippen Sie den dargestellten Code ab. Dadurch wird sichergestellt dass Sie ein Mensch und kein Spam-Bot sind.</p>'; |
389 | echo '<p>Bitte tippen Sie den dargestellten Code ab. Dadurch wird sichergestellt dass Sie ein Mensch und kein Spam-Bot sind.</p>'; |
390 | 390 | ||
391 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm1\">\n"; |
391 | echo "<form action=\"$inphp\" method=\"post\" name=\"frm1\">\n"; |
392 | 392 | ||
393 | echo '<div class="g-recaptcha" data-sitekey="'.$cfg_recaptcha_pubkey.'"></div>'; |
393 | echo '<div class="g-recaptcha" data-sitekey="'.$cfg_recaptcha_pubkey.'"></div>'; |
394 | echo '<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>'; |
394 | echo '<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>'; |
395 | echo '<br>'; |
395 | echo '<br>'; |
396 | 396 | ||
397 | echo "<input type=\"hidden\" name=\"action\" value=\"abschicken\" />\n"; |
397 | echo "<input type=\"hidden\" name=\"action\" value=\"abschicken\" />\n"; |
398 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
398 | echo "<input type=\"hidden\" name=\"name\" value=\"".myhtmlentities($name)."\" />\n"; |
399 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
399 | echo "<input type=\"hidden\" name=\"ort\" value=\"".myhtmlentities($ort)."\" />\n"; |
400 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
400 | echo "<input type=\"hidden\" name=\"email\" value=\"".myhtmlentities($email)."\" />\n"; |
401 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
401 | echo "<input type=\"hidden\" name=\"homepage\" value=\"".myhtmlentities($homepage)."\" />\n"; |
402 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
402 | echo "<input type=\"hidden\" name=\"icq\" value=\"".myhtmlentities($icq)."\" />\n"; |
403 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
403 | echo "<input type=\"hidden\" name=\"nachricht\" value=\"".myhtmlentities($nachricht)."\" />\n"; |
404 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
404 | if ($cfg_feature_simple_antispam) echo "<input type=\"hidden\" name=\"antispam\" value=\"".myhtmlentities($antispam)."\" />\n"; |
405 | echo "<a href=\"javascript:document.frm1.submit()\"><img src=\"images/buttons/abschicken.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Abschicken\" title=\"Abschicken\" /></a>"; |
405 | echo "<a href=\"javascript:document.frm1.submit()\"><img src=\"images/buttons/abschicken.gif\" border=\"0\" height=\"31\" width=\"146\" alt=\"Abschicken\" title=\"Abschicken\" /></a>"; |
406 | echo "</form>"; |
406 | echo "</form>"; |
407 | } else { |
407 | } else { |
408 | $daten = "'".db_real_escape_string($name)."'"; |
408 | $daten = "'".db_real_escape_string($name)."'"; |
409 | $felder = '`name`'; |
409 | $felder = '`name`'; |
410 | 410 | ||
411 | if ($ort != '') { |
411 | if ($ort != '') { |
412 | $daten .= ", '".db_real_escape_string($ort)."'"; |
412 | $daten .= ", '".db_real_escape_string($ort)."'"; |
413 | $felder .= ', `ort`'; |
413 | $felder .= ', `ort`'; |
414 | } |
414 | } |
415 | 415 | ||
416 | if ($email != '') { |
416 | if ($email != '') { |
417 | $daten .= ", '".db_real_escape_string($email)."'"; |
417 | $daten .= ", '".db_real_escape_string($email)."'"; |
418 | $felder .= ', `email`'; |
418 | $felder .= ', `email`'; |
419 | } |
419 | } |
420 | 420 | ||
421 | if ($homepage != '') { |
421 | if ($homepage != '') { |
422 | $daten .= ", '".db_real_escape_string($homepage)."'"; |
422 | $daten .= ", '".db_real_escape_string($homepage)."'"; |
423 | $felder .= ', `homepage`'; |
423 | $felder .= ', `homepage`'; |
424 | } |
424 | } |
425 | 425 | ||
426 | if ($icq != '') { |
426 | if ($icq != '') { |
427 | $daten .= ", '".db_real_escape_string($icq)."'"; |
427 | $daten .= ", '".db_real_escape_string($icq)."'"; |
428 | $felder .= ', `icq`'; |
428 | $felder .= ', `icq`'; |
429 | } |
429 | } |
430 | 430 | ||
431 | $daten .= ", '".db_real_escape_string("$datum $zeit")."'"; |
431 | $daten .= ", '".db_real_escape_string("$datum $zeit")."'"; |
432 | $felder .= ', `timestamp`'; |
432 | $felder .= ', `timestamp`'; |
433 | 433 | ||
434 | $daten .= ", '".db_real_escape_string($ip)."'"; |
434 | $daten .= ", '".db_real_escape_string($ip)."'"; |
435 | $felder .= ', `ip`'; |
435 | $felder .= ', `ip`'; |
436 | 436 | ||
437 | $daten .= ", '".db_real_escape_string($nachricht)."'"; |
437 | $daten .= ", '".db_real_escape_string($nachricht)."'"; |
438 | $felder .= ', `nachricht`'; |
438 | $felder .= ', `nachricht`'; |
439 | 439 | ||
440 | $show = $cfg_automatisch_freischalten ? '1' : '0'; |
440 | $show = $cfg_automatisch_freischalten ? '1' : '0'; |
441 | $daten .= ", '".db_real_escape_string($show)."'"; |
441 | $daten .= ", '".db_real_escape_string($show)."'"; |
442 | $felder .= ', `show`'; |
442 | $felder .= ', `show`'; |
443 | 443 | ||
444 | $result = db_query("INSERT INTO `".db_real_escape_string($table_entries)."` ($felder) VALUES ($daten)"); |
444 | $result = db_query("INSERT INTO `".db_real_escape_string($table_entries)."` ($felder) VALUES ($daten)"); |
445 | $id = db_insert_id(); |
445 | $id = db_insert_id(); |
446 | 446 | ||
447 | $md5 = md5($nachricht); |
447 | $md5 = md5($nachricht); |
448 | $md5_valid = md5_valid($id, $md5); |
448 | $md5_valid = md5_valid($id, $md5); |
449 | 449 | ||
450 | // Send mail |
450 | // Send mail |
451 | 451 | ||
452 | $ger_datum = date('d.m.Y', strtotime($datum)); |
452 | $ger_datum = date('d.m.Y', strtotime($datum)); |
453 | 453 | ||
454 | $msg_html = "<h1>".myhtmlentities($seitentitel)." - Gästebucheintrag</h1>\n"; |
454 | $msg_html = "<h1>".myhtmlentities($seitentitel)." - Gästebucheintrag</h1>\n"; |
455 | $msg_html .= "<b>Name:</b> ".myhtmlentities($name)."<br />\n"; |
455 | $msg_html .= "<b>Name:</b> ".myhtmlentities($name)."<br />\n"; |
456 | $msg_html .= "<b>E-Mail:</b> ".myhtmlentities($email)."<br />\n"; |
456 | $msg_html .= "<b>E-Mail:</b> ".myhtmlentities($email)."<br />\n"; |
457 | $msg_html .= "<b>Ort:</b> ".myhtmlentities($ort)."<br />\n"; |
457 | $msg_html .= "<b>Ort:</b> ".myhtmlentities($ort)."<br />\n"; |
458 | $msg_html .= "<b>Homepage:</b> ".myhtmlentities($homepage)."<br />\n"; |
458 | $msg_html .= "<b>Homepage:</b> ".myhtmlentities($homepage)."<br />\n"; |
459 | $msg_html .= "<b>ICQ:</b> ".myhtmlentities($icq)."<br />\n"; |
459 | $msg_html .= "<b>ICQ:</b> ".myhtmlentities($icq)."<br />\n"; |
460 | $msg_html .= "<b>Datum:</b> $ger_datum<br />\n"; |
460 | $msg_html .= "<b>Datum:</b> $ger_datum<br />\n"; |
461 | $msg_html .= "<b>Uhrzeit:</b> $zeit<br />\n"; |
461 | $msg_html .= "<b>Uhrzeit:</b> $zeit<br />\n"; |
462 | $msg_html .= "<br />\n"; |
462 | $msg_html .= "<br />\n"; |
463 | $msg_html .= "<b>Nachricht:</b> ".parse_html($nachricht, $this_dir)."<br />\n"; |
463 | $msg_html .= "<b>Nachricht:</b> ".parse_html($nachricht, $this_dir)."<br />\n"; |
464 | $msg_html .= "<br />\n"; |
464 | $msg_html .= "<br />\n"; |
465 | $msg_html .= "<i>Datensatz Nr. $id wurde erstellt.</i><br />\n"; |
465 | $msg_html .= "<i>Datensatz Nr. $id wurde erstellt.</i><br />\n"; |
466 | $msg_html .= "<br />\n"; |
466 | $msg_html .= "<br />\n"; |
467 | $msg_html .= "<font size=\"+1\"><b>Absenderdaten:</b></font><br />\n"; |
467 | $msg_html .= "<font size=\"+1\"><b>Absenderdaten:</b></font><br />\n"; |
468 | $msg_html .= "<br />\n"; |
468 | $msg_html .= "<br />\n"; |
469 | $msg_html .= "<b>IP-Adresse:</b> <a href=\"$whois_service\" target=\"_blank\">$ip</a> ($host)<br />\n"; |
469 | $msg_html .= "<b>IP-Adresse:</b> <a href=\"$whois_service\" target=\"_blank\">$ip</a> ($host)<br />\n"; |
470 | $msg_html .= "<b>Browser:</b> ".$_SERVER['HTTP_USER_AGENT']."<br />\n"; |
470 | $msg_html .= "<b>Browser:</b> ".$_SERVER['HTTP_USER_AGENT']."<br />\n"; |
471 | $msg_html .= "<br />\n"; |
471 | $msg_html .= "<br />\n"; |
472 | if (!$cfg_automatisch_freischalten) { |
472 | if (!$cfg_automatisch_freischalten) { |
473 | $msg_html .= '<i>Klicken Sie <a href="'."$inphp?action=freischalten&id=$id&md5=".urlencode($md5_valid).'" target="_blank">hier</a>, um den Eintrag freizuschalten. Schalten Sie den Eintrag nicht frei, so bleibt er unveröffentlicht.</i><br />'."\n"; |
473 | $msg_html .= '<i>Klicken Sie <a href="'."$inphp?action=freischalten&id=$id&md5=".urlencode($md5_valid).'" target="_blank">hier</a>, um den Eintrag freizuschalten. Schalten Sie den Eintrag nicht frei, so bleibt er unveröffentlicht.</i><br />'."\n"; |
474 | } |
474 | } |
475 | 475 | ||
476 | $msg_plain = "$seitentitel - Gästebucheintrag\n\n"; |
476 | $msg_plain = "$seitentitel - Gästebucheintrag\n\n"; |
477 | $msg_plain .= "Name: $name\n"; |
477 | $msg_plain .= "Name: $name\n"; |
478 | $msg_plain .= "E-Mail: $email\n"; |
478 | $msg_plain .= "E-Mail: $email\n"; |
479 | $msg_plain .= "Ort: $ort\n"; |
479 | $msg_plain .= "Ort: $ort\n"; |
480 | $msg_plain .= "Homepage: $homepage\n"; |
480 | $msg_plain .= "Homepage: $homepage\n"; |
481 | $msg_plain .= "ICQ: $icq\n"; |
481 | $msg_plain .= "ICQ: $icq\n"; |
482 | $msg_plain .= "Datum: $ger_datum\n"; |
482 | $msg_plain .= "Datum: $ger_datum\n"; |
483 | $msg_plain .= "Uhrzeit: $zeit\n"; |
483 | $msg_plain .= "Uhrzeit: $zeit\n"; |
484 | $msg_plain .= "\n"; |
484 | $msg_plain .= "\n"; |
485 | $msg_plain .= "Nachricht: $nachricht\n"; |
485 | $msg_plain .= "Nachricht: $nachricht\n"; |
486 | $msg_plain .= "\n"; |
486 | $msg_plain .= "\n"; |
487 | $msg_plain .= "Datensatz Nr. $id wurde erstellt.\n"; |
487 | $msg_plain .= "Datensatz Nr. $id wurde erstellt.\n"; |
488 | $msg_plain .= "\n"; |
488 | $msg_plain .= "\n"; |
489 | $msg_plain .= "Absenderdaten:\n"; |
489 | $msg_plain .= "Absenderdaten:\n"; |
490 | $msg_plain .= "\n"; |
490 | $msg_plain .= "\n"; |
491 | $msg_plain .= "IP-Adresse: $ip ($host) - Whois-Lookup at $whois_service\n"; |
491 | $msg_plain .= "IP-Adresse: $ip ($host) - Whois-Lookup at $whois_service\n"; |
492 | $msg_plain .= "Browser: ".$_SERVER['HTTP_USER_AGENT']."\n"; |
492 | $msg_plain .= "Browser: ".$_SERVER['HTTP_USER_AGENT']."\n"; |
493 | $msg_plain .= "\n"; |
493 | $msg_plain .= "\n"; |
494 | if (!$cfg_automatisch_freischalten) { |
494 | if (!$cfg_automatisch_freischalten) { |
495 | $msg_plain .= "Öffnen Sie $inphp?action=freischalten&id=$id&md5=".urlencode($md5_valid)." , um den Eintrag freizuschalten. Schalten Sie den Eintrag nicht frei, so bleibt er unveröffentlicht.\n"; |
495 | $msg_plain .= "Öffnen Sie $inphp?action=freischalten&id=$id&md5=".urlencode($md5_valid)." , um den Eintrag freizuschalten. Schalten Sie den Eintrag nicht frei, so bleibt er unveröffentlicht.\n"; |
496 | } |
496 | } |
497 | 497 | ||
498 | $h = new SecureMailer(); // Includes Anti Mail-Header-Injection |
498 | $h = new SecureMailer(); // Includes Anti Mail-Header-Injection |
499 | 499 | ||
500 | /* |
500 | /* |
501 | # http://www.phpbox.de/tipsundtricks/emailsumlaute.php |
501 | # http://www.phpbox.de/tipsundtricks/emailsumlaute.php |
502 | $h->addHeader('Mime-Version', '1.0'); |
502 | $h->addHeader('Mime-Version', '1.0'); |
503 | $h->addHeader('Content-Type', 'text/html; charset='.$charset); |
503 | $h->addHeader('Content-Type', 'text/html; charset='.$charset); |
504 | 504 | ||
505 | $h->addHeader('Content-Transfer-Encoding', 'quoted-printable'); |
505 | $h->addHeader('Content-Transfer-Encoding', 'quoted-printable'); |
506 | # $msg_html = wordwrap($msg_html); |
506 | # $msg_html = wordwrap($msg_html); |
507 | # $msg_html = quoted_printable_encode($msg_html); |
507 | # $msg_html = quoted_printable_encode($msg_html); |
508 | $msg_html = quoted_printable_encode2($msg_html); |
508 | $msg_html = quoted_printable_encode2($msg_html); |
509 | */ |
509 | */ |
510 | 510 | ||
511 | if ($cfg_from_email != '') { |
511 | if ($cfg_from_email != '') { |
512 | $h->addHeader('From', $cfg_from_email); |
512 | $h->addHeader('From', $cfg_from_email); |
513 | } |
513 | } |
514 | if ($email != '') { |
514 | if ($email != '') { |
515 | $h->addHeader('Reply-To', $email); |
515 | $h->addHeader('Reply-To', $email); |
516 | } |
516 | } |
517 | 517 | ||
518 | if ($adminmail_cc != '') { |
518 | if ($adminmail_cc != '') { |
519 | $h->addHeader('CC', $adminmail_cc); |
519 | $h->addHeader('CC', $adminmail_cc); |
520 | } |
520 | } |
521 | 521 | ||
522 | $h->addHeader('X-Mailer', 'PHP/'.phpversion()); |
522 | $h->addHeader('X-Mailer', 'PHP/'.phpversion()); |
523 | 523 | ||
524 | $subject = "$seitentitel - Gästebucheintrag"; |
524 | $subject = "$seitentitel - Gästebucheintrag"; |
525 | $subject = SecureMailer::utf8Subject($subject); |
525 | $subject = SecureMailer::utf8Subject($subject); |
526 | 526 | ||
527 | # $gesendet = $h->sendMail($adminmail, $subject, $msg_html); |
527 | # $gesendet = $h->sendMail($adminmail, $subject, $msg_html); |
528 | $gesendet = $h->sendMailHTMLandPlainMultipart($adminmail, $subject, $msg_html, $msg_plain); |
528 | $gesendet = $h->sendMailHTMLandPlainMultipart($adminmail, $subject, $msg_html, $msg_plain); |
529 | 529 | ||
530 | if (!$gesendet) { |
530 | if (!$gesendet) { |
531 | echo '<p><font color="'.$farbe6.'">FEHLER BEIM SENDEN DER MAIL!</font></p>'; |
531 | echo '<p><font color="'.$farbe6.'">FEHLER BEIM SENDEN DER MAIL!</font></p>'; |
532 | } |
532 | } |
533 | 533 | ||
534 | if ($result) { |
534 | if ($result) { |
535 | echo '<h1 align="center">Gästebucheintrag abgeschickt</h1> |
535 | echo '<h1 align="center">Gästebucheintrag abgeschickt</h1> |
536 | 536 | ||
537 | <div align="center"> |
537 | <div align="center"> |
538 | 538 | ||
539 | <p><font color="'.$farbe8.'">Ihr Gästebucheintrag wurde erfolgreich eingetragen!</font></p> |
539 | <p><font color="'.$farbe8.'">Ihr Gästebucheintrag wurde erfolgreich eingetragen!</font></p> |
540 | 540 | ||
541 | <p>Bitte beachten Sie, dass der Eintrag erst nach einer Prüfung des Seiteninhabers freigeschaltet wird.</p> |
541 | <p>Bitte beachten Sie, dass der Eintrag erst nach einer Prüfung des Seiteninhabers freigeschaltet wird.</p> |
542 | 542 | ||
543 | <p><a href="'.$inphp.'"><img src="images/buttons/zurueck.gif" alt="Zurück" title="Zurück" height="31" width="146" border="0" /></a></p> |
543 | <p><a href="'.$inphp.'"><img src="images/buttons/zurueck.gif" alt="Zurück" title="Zurück" height="31" width="146" border="0" /></a></p> |
544 | 544 | ||
545 | </div>'; |
545 | </div>'; |
546 | 546 | ||
547 | } else { |
547 | } else { |
548 | echo "<p>".db_error()."</p>"; |
548 | echo "<p>".db_error()."</p>"; |
549 | echo '<p><font color="'.$farbe6.'">Es ist ein schwerer Fehler aufgetreten. Versuchen Sie es nocheinmal.</font></p>'; |
549 | echo '<p><font color="'.$farbe6.'">Es ist ein schwerer Fehler aufgetreten. Versuchen Sie es nocheinmal.</font></p>'; |
550 | } |
550 | } |
551 | } |
551 | } |
552 | } |
552 | } |
553 | } |
553 | } |
554 | } |
554 | } |
555 | 555 | ||
556 | if ($relfehler || $view_eintrag) { |
556 | if ($relfehler || $view_eintrag) { |
557 | echo '<h1>Gästebucheintrag</h1>'; |
557 | echo '<h1>Gästebucheintrag</h1>'; |
558 | 558 | ||
559 | echo '<p>Bitte füllen Sie die unteren Felder aus. Die mit <font color="'.$farbe7.'">*</font> gekennzeichneten |
559 | echo '<p>Bitte füllen Sie die unteren Felder aus. Die mit <font color="'.$farbe7.'">*</font> gekennzeichneten |
560 | Felder müssen ausgefüllt werden! Um Missbrauch zu vermeiden, wird die |
560 | Felder müssen ausgefüllt werden! Um Missbrauch zu vermeiden, wird die |
561 | IP-Adresse gespeichert.'; |
561 | IP-Adresse gespeichert.'; |
562 | echo ' Die Einträge werden erst nach einer Prüfung veröffentlicht.'; |
562 | echo ' Die Einträge werden erst nach einer Prüfung veröffentlicht.'; |
563 | echo '</p>'; |
563 | echo '</p>'; |
564 | 564 | ||
565 | if ($relfehler != '') { |
565 | if ($relfehler != '') { |
566 | echo "<p>$relfehler</p>"; |
566 | echo "<p>$relfehler</p>"; |
567 | } |
567 | } |
568 | 568 | ||
569 | echo '<br /> |
569 | echo '<br /> |
570 | 570 | ||
571 | <form action="'.$inphp.'" method="post" name="frm"> |
571 | <form action="'.$inphp.'" method="post" name="frm"> |
572 | <input type="hidden" name="action" value="'.($cfg_vorschau ? 'vorschau' : 'abschicken').'" /> |
572 | <input type="hidden" name="action" value="'.($cfg_vorschau ? 'vorschau' : 'abschicken').'" /> |
573 | 573 | ||
574 | <table cellspacing="0" cellpadding="0" border="0"> |
574 | <table cellspacing="0" cellpadding="0" border="0"> |
575 | <tr> |
575 | <tr> |
576 | <td align="right">'; |
576 | <td align="right">'; |
577 | 577 | ||
578 | if ($err_name) { |
578 | if ($err_name) { |
579 | echo '<font color="'.$farbe6.'">Name *:</font>'; |
579 | echo '<font color="'.$farbe6.'">Name *:</font>'; |
580 | } else { |
580 | } else { |
581 | echo 'Name <font color="'.$farbe7.'">*</font>:'; |
581 | echo 'Name <font color="'.$farbe7.'">*</font>:'; |
582 | } |
582 | } |
583 | 583 | ||
584 | echo '</td> |
584 | echo '</td> |
585 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
585 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
586 | <td><input maxlength="40" size="66" name="name" value="'.$name.'" /></td> |
586 | <td><input maxlength="40" size="66" name="name" value="'.$name.'" /></td> |
587 | </tr> |
587 | </tr> |
588 | <tr> |
588 | <tr> |
589 | <td align="right">Wohnort:</td> |
589 | <td align="right">Wohnort:</td> |
590 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
590 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
591 | <td><input maxlength="40" size="66" name="ort" value="'.$ort.'" /></td> |
591 | <td><input maxlength="40" size="66" name="ort" value="'.$ort.'" /></td> |
592 | </tr> |
592 | </tr> |
593 | <tr> |
593 | <tr> |
594 | <td align="right">'; |
594 | <td align="right">'; |
595 | 595 | ||
596 | if ($err_email) { |
596 | if ($err_email) { |
597 | echo '<font color="'.$farbe6.'">E-Mail:</font>'; |
597 | echo '<font color="'.$farbe6.'">E-Mail:</font>'; |
598 | } else { |
598 | } else { |
599 | echo 'E-Mail:'; |
599 | echo 'E-Mail:'; |
600 | } |
600 | } |
601 | 601 | ||
602 | echo '</td> |
602 | echo '</td> |
603 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
603 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
604 | <td><input maxlength="40" size="66" name="email" value="'.$email.'" /></td> |
604 | <td><input maxlength="40" size="66" name="email" value="'.$email.'" /></td> |
605 | </tr> |
605 | </tr> |
606 | <tr> |
606 | <tr> |
607 | <td align="right">'; |
607 | <td align="right">'; |
608 | 608 | ||
609 | if ($err_homepage) { |
609 | if ($err_homepage) { |
610 | echo '<font color="'.$farbe6.'">Homepage:</font>'; |
610 | echo '<font color="'.$farbe6.'">Homepage:</font>'; |
611 | } else { |
611 | } else { |
612 | echo 'Homepage:'; |
612 | echo 'Homepage:'; |
613 | } |
613 | } |
614 | 614 | ||
615 | echo '</td> |
615 | echo '</td> |
616 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
616 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
617 | <td><input maxlength="40" size="66" name="homepage" value="'.$homepage.'" /></td> |
617 | <td><input maxlength="40" size="66" name="homepage" value="'.$homepage.'" /></td> |
618 | </tr> |
618 | </tr> |
619 | <tr> |
619 | <tr> |
620 | <td align="right">'; |
620 | <td align="right">'; |
621 | 621 | ||
622 | if ($err_icq) { |
622 | if ($err_icq) { |
623 | echo '<font color="'.$farbe6.'">ICQ:</font>'; |
623 | echo '<font color="'.$farbe6.'">ICQ:</font>'; |
624 | } else { |
624 | } else { |
625 | echo 'ICQ:'; |
625 | echo 'ICQ:'; |
626 | } |
626 | } |
627 | 627 | ||
628 | echo '</td> |
628 | echo '</td> |
629 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
629 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
630 | <td><input maxlength="40" size="66" name="icq" value="'.$icq.'" /></td> |
630 | <td><input maxlength="40" size="66" name="icq" value="'.$icq.'" /></td> |
631 | </tr> |
631 | </tr> |
632 | <tr> |
632 | <tr> |
633 | <td colspan="3"> </td> |
633 | <td colspan="3"> </td> |
634 | </tr>'; |
634 | </tr>'; |
635 | 635 | ||
636 | if ($cfg_feature_simple_antispam) { |
636 | if ($cfg_feature_simple_antispam) { |
637 | echo '<tr> |
637 | echo '<tr> |
638 | <td align="right">'; |
638 | <td align="right">'; |
639 | 639 | ||
640 | if ($err_antispam) { |
640 | if ($err_antispam) { |
641 | echo '<font color="'.$farbe6.'">Bitte <!--"-->'.$antispam_awaiting.'<!--"--> eingeben *:</font>'; |
641 | echo '<font color="'.$farbe6.'">Bitte <!--"-->'.$antispam_awaiting.'<!--"--> eingeben *:</font>'; |
642 | } else { |
642 | } else { |
643 | echo 'Bitte <!--"-->'.$antispam_awaiting.'<!--"--> eingeben <font color="'.$farbe7.'">*</font>:'; |
643 | echo 'Bitte <!--"-->'.$antispam_awaiting.'<!--"--> eingeben <font color="'.$farbe7.'">*</font>:'; |
644 | } |
644 | } |
645 | 645 | ||
646 | echo '</td> |
646 | echo '</td> |
647 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
647 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
648 | <td><input maxlength="40" size="66" name="antispam" value="'.$antispam.'" /> (AntiSpam-Frage)</td> |
648 | <td><input maxlength="40" size="66" name="antispam" value="'.$antispam.'" /> (AntiSpam-Frage)</td> |
649 | </tr> |
649 | </tr> |
650 | 650 | ||
651 | <tr> |
651 | <tr> |
652 | <td colspan="3"> </td> |
652 | <td colspan="3"> </td> |
653 | </tr>'; |
653 | </tr>'; |
654 | } |
654 | } |
655 | 655 | ||
656 | echo '<tr> |
656 | echo '<tr> |
657 | <td align="right">Smileys:</td> |
657 | <td align="right">Smileys:</td> |
658 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
658 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
659 | <td><script language="JavaScript" type="text/javascript"> |
659 | <td><script language="JavaScript" type="text/javascript"> |
660 | <!-- |
660 | <!-- |
661 | function setsmiley(smiley) { |
661 | function setsmiley(smiley) { |
662 | frm.nachricht.value = frm.nachricht.value + smiley; |
662 | frm.nachricht.value = frm.nachricht.value + smiley; |
663 | } |
663 | } |
664 | // --> |
664 | // --> |
665 | </script>'; |
665 | </script>'; |
666 | 666 | ||
667 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' AND `show_in_editor` = '1' ORDER BY `id` ASC"); |
667 | $result = db_query("SELECT `zeichen`, `image`, `beschreibung` FROM `".db_real_escape_string($table_smileys)."` WHERE `enabled` = '1' AND `show_in_editor` = '1' ORDER BY `id` ASC"); |
668 | while ($row = db_fetch_object($result)) { |
668 | while ($row = db_fetch_object($result)) { |
669 | echo "<a href=\"javascript:setsmiley(' ".addslashes(myhtmlentities($row->zeichen))." ')\">". |
669 | echo "<a href=\"javascript:setsmiley(' ".addslashes(myhtmlentities($row->zeichen))." ')\">". |
670 | '<img src="images/smileys/'.$row->image.'" border="0" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" /></a> '; |
670 | '<img src="images/smileys/'.$row->image.'" border="0" alt="'.myhtmlentities($row->beschreibung).'" title="'.myhtmlentities($row->beschreibung).'" /></a> '; |
671 | } |
671 | } |
672 | 672 | ||
673 | echo '</td> |
673 | echo '</td> |
674 | </tr> |
674 | </tr> |
675 | <tr> |
675 | <tr> |
676 | <td colspan="3"> </td> |
676 | <td colspan="3"> </td> |
677 | </tr> |
677 | </tr> |
678 | <tr> |
678 | <tr> |
679 | <td valign="top" align="right">'; |
679 | <td valign="top" align="right">'; |
680 | 680 | ||
681 | if ($err_nachricht) { |
681 | if ($err_nachricht) { |
682 | echo '<font color="'.$farbe6.'">Nachricht *:</font>'; |
682 | echo '<font color="'.$farbe6.'">Nachricht *:</font>'; |
683 | } else { |
683 | } else { |
684 | echo 'Nachricht <font color="'.$farbe7.'">*</font>:'; |
684 | echo 'Nachricht <font color="'.$farbe7.'">*</font>:'; |
685 | } |
685 | } |
686 | 686 | ||
687 | echo '</td> |
687 | echo '</td> |
688 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
688 | <td><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
689 | <td><textarea name="nachricht" rows="5" cols="50">'.$nachricht.'</textarea><!-- wrap="virtual" --></td> |
689 | <td><textarea name="nachricht" rows="5" cols="50">'.$nachricht.'</textarea><!-- wrap="virtual" --></td> |
690 | </tr> |
690 | </tr> |
691 | <tr> |
691 | <tr> |
692 | <td colspan="2"><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
692 | <td colspan="2"><img src="images/spacer.gif" height="1" width="10" alt="" /></td> |
693 | <td><br /> |
693 | <td><br /> |
694 | <a href="javascript:document.frm.submit()">'; |
694 | <a href="javascript:document.frm.submit()">'; |
695 | if ($cfg_vorschau) { |
695 | if ($cfg_vorschau) { |
696 | echo '<img height="31" alt="Vorschau" title="Vorschau" src="images/buttons/vorschau.gif" width="146" border="0" />'; |
696 | echo '<img height="31" alt="Vorschau" title="Vorschau" src="images/buttons/vorschau.gif" width="146" border="0" />'; |
697 | } else { |
697 | } else { |
698 | echo '<img src="images/buttons/abschicken.gif" border="0" height="31" width="146" alt="Abschicken" title="Abschicken" />'; |
698 | echo '<img src="images/buttons/abschicken.gif" border="0" height="31" width="146" alt="Abschicken" title="Abschicken" />'; |
699 | } |
699 | } |
700 | echo '</a> <!-- |
700 | echo '</a> <!-- |
701 | <img src="images/spacer.gif" height="1" width="30" alt="" /> |
701 | <img src="images/spacer.gif" height="1" width="30" alt="" /> |
702 | <a href="javascript:document.frm.reset()"> |
702 | <a href="javascript:document.frm.reset()"> |
703 | <img height="31" alt="Löschen" title="Löschen" src="images/buttons/loeschen.gif" width="146" border="0" /></a> |
703 | <img height="31" alt="Löschen" title="Löschen" src="images/buttons/loeschen.gif" width="146" border="0" /></a> |
704 | --> |
704 | --> |
705 | </td> |
705 | </td> |
706 | </tr> |
706 | </tr> |
707 | </table> |
707 | </table> |
708 | 708 | ||
709 | </form> |
709 | </form> |
710 | 710 | ||
711 | <p align="center"><a href="'.$inphp.'">Zurück zu den Einträgen</a></p>'; |
711 | <p align="center"><a href="'.$inphp.'">Zurück zu den Einträgen</a></p>'; |
712 | } else if ((!$view_vorschau) && (!$view_abschicken) && (!$view_eintrag)) { |
712 | } else if ((!$view_vorschau) && (!$view_abschicken) && (!$view_eintrag)) { |
713 | echo '<h1 align="center">Gästebuch</h1> |
713 | echo '<h1 align="center">Gästebuch</h1> |
714 | 714 | ||
715 | <table width="100%" border="0" cellspacing="0" cellpadding="0"> |
715 | <table width="100%" border="0" cellspacing="0" cellpadding="0"> |
716 | <tr> |
716 | <tr> |
717 | <td align="center">[ <a href="'.$inphp.'?action=eintrag">Neuen Eintrag hinzufügen</a> ]</td></tr></table><br />'; |
717 | <td align="center">[ <a href="'.$inphp.'?action=eintrag">Neuen Eintrag hinzufügen</a> ]</td></tr></table><br />'; |
718 | 718 | ||
719 | $cond = ($cfg_unfreigeschaltete_anzegen) ? '' : " WHERE `show` = '1'"; |
719 | $cond = ($cfg_unfreigeschaltete_anzegen) ? '' : " WHERE `show` = '1'"; |
720 | 720 | ||
721 | $result = db_query("SELECT * FROM `".db_real_escape_string($table_entries)."`$cond"); |
721 | $result = db_query("SELECT * FROM `".db_real_escape_string($table_entries)."`$cond"); |
722 | if ($result) $number = db_num_rows($result); else $number = 0; |
722 | if ($result) $number = db_num_rows($result); else $number = 0; |
723 | $max_page = ceil($number / $eintraege_proseite); |
723 | $max_page = ceil($number / $eintraege_proseite); |
724 | 724 | ||
725 | $seiten = isset($_REQUEST['seiten']) ? $_REQUEST['seiten'] : 1; |
725 | $seiten = $_REQUEST['seiten'] ?? '1'; |
- | 726 | $seiten = preg_replace('@[^0-9]@', '', $seiten); |
|
726 | if (!isset($seiten) || ($seiten > $max_page) || ($seiten < 0)) $seiten = '1'; |
727 | if (($seiten > $max_page) || ($seiten < 0)) $seiten = '1'; |
727 | 728 | ||
728 | $result = db_query("SELECT * FROM `".db_real_escape_string($table_entries)."`$cond ORDER BY `id` DESC LIMIT ".($seiten-1)*$eintraege_proseite.",".$eintraege_proseite); |
729 | $result = db_query("SELECT * FROM `".db_real_escape_string($table_entries)."`$cond ORDER BY `id` DESC LIMIT ".($seiten-1)*$eintraege_proseite.",".$eintraege_proseite); |
729 | 730 | ||
730 | $keineeintraege = true; |
731 | $keineeintraege = true; |
731 | 732 | ||
732 | if ($result) { |
733 | if ($result) { |
733 | while ($row = db_fetch_object($result)) { |
734 | while ($row = db_fetch_object($result)) { |
734 | $xry = explode(' ', $row->timestamp); |
735 | $xry = explode(' ', $row->timestamp); |
735 | $datum = $xry[0]; |
736 | $datum = $xry[0]; |
736 | $zeit = $xry[1]; |
737 | $zeit = $xry[1]; |
737 | anznachricht($row->name, $row->ort, $row->email, $row->homepage, $row->icq, $row->nachricht, $row->kommentar, $zeit, $datum); |
738 | anznachricht($row->name, $row->ort, $row->email, $row->homepage, $row->icq, $row->nachricht, $row->kommentar, $zeit, $datum); |
738 | $keineeintraege = false; |
739 | $keineeintraege = false; |
739 | } |
740 | } |
740 | } |
741 | } |
741 | 742 | ||
742 | if ($keineeintraege) { |
743 | if ($keineeintraege) { |
743 | echo '<div align="center">Es sind keine Einträge vorhanden!</div>'; |
744 | echo '<div align="center">Es sind keine Einträge vorhanden!</div>'; |
744 | } |
745 | } |
745 | 746 | ||
746 | if ((!$keineeintraege) && ($max_page != 1)) { |
747 | if ((!$keineeintraege) && ($max_page != 1)) { |
747 | echo '<table cellspacing="0" cellpadding="0" border="0" width="100%"><tr><td align="center"><p class="klein2">Seite: '; |
748 | echo '<table cellspacing="0" cellpadding="0" border="0" width="100%"><tr><td align="center"><p class="klein2">Seite: '; |
748 | for ($i=1; $i<=$max_page; $i++) { |
749 | for ($i=1; $i<=$max_page; $i++) { |
749 | if ($seiten != $i) { |
750 | if ($seiten != $i) { |
750 | echo "<a href=\"$inphp?seiten=$i\">[$i]</a>\n"; |
751 | echo "<a href=\"$inphp?seiten=$i\">[$i]</a>\n"; |
751 | } else { |
752 | } else { |
752 | echo "<b>[$i]</b>\n"; |
753 | echo "<b>[$i]</b>\n"; |
753 | } |
754 | } |
754 | } |
755 | } |
755 | echo '</p></td></tr></table>'; |
756 | echo '</p></td></tr></table>'; |
756 | } |
757 | } |
757 | 758 | ||
758 | } |
759 | } |
759 | 760 | ||
760 | echo '<p align="center">OpenSource PHP-Gästebuch von <a href="http://www.viathinksoft.de/" target="_blank">ViaThinkSoft</a>, Version '.$version.'</p>'; |
761 | echo '<p align="center">OpenSource PHP-Gästebuch von <a href="http://www.viathinksoft.de/" target="_blank">ViaThinkSoft</a>, Version '.$version.'</p>'; |
761 | 762 | ||
762 | echo $seitenfuss; |
763 | echo $seitenfuss; |
763 | 764 | ||
764 | # --- |
765 | # --- |
765 | 766 | ||
766 | // This is the only function which works with GMX. |
767 | // This is the only function which works with GMX. |
767 | // wordwrap+quoted_printable_encode does not work, since it would insert whitespaces. |
768 | // wordwrap+quoted_printable_encode does not work, since it would insert whitespaces. |
768 | // http://www.php.net/manual/en/function.quoted-printable-encode.php#97230 |
769 | // http://www.php.net/manual/en/function.quoted-printable-encode.php#97230 |
769 | function quoted_printable_encode2($input, $line_max = 75) { |
770 | function quoted_printable_encode2($input, $line_max = 75) { |
770 | $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); |
771 | $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); |
771 | $lines = preg_split("/(?:\r\n|\r|\n)/", $input); |
772 | $lines = preg_split("/(?:\r\n|\r|\n)/", $input); |
772 | $linebreak = "=0D=0A=\r\n"; |
773 | $linebreak = "=0D=0A=\r\n"; |
773 | /* the linebreak also counts as characters in the mime_qp_long_line |
774 | /* the linebreak also counts as characters in the mime_qp_long_line |
774 | * rule of spam-assassin */ |
775 | * rule of spam-assassin */ |
775 | $line_max = $line_max - strlen($linebreak); |
776 | $line_max = $line_max - strlen($linebreak); |
776 | $escape = "="; |
777 | $escape = "="; |
777 | $output = ""; |
778 | $output = ""; |
778 | $cur_conv_line = ""; |
779 | $cur_conv_line = ""; |
779 | $length = 0; |
780 | $length = 0; |
780 | $whitespace_pos = 0; |
781 | $whitespace_pos = 0; |
781 | $addtl_chars = 0; |
782 | $addtl_chars = 0; |
782 | 783 | ||
783 | // iterate lines |
784 | // iterate lines |
784 | for ($j=0; $j<count($lines); $j++) { |
785 | for ($j=0; $j<count($lines); $j++) { |
785 | $line = $lines[$j]; |
786 | $line = $lines[$j]; |
786 | $linlen = strlen($line); |
787 | $linlen = strlen($line); |
787 | 788 | ||
788 | // iterate chars |
789 | // iterate chars |
789 | for ($i = 0; $i < $linlen; $i++) { |
790 | for ($i = 0; $i < $linlen; $i++) { |
790 | $c = substr($line, $i, 1); |
791 | $c = substr($line, $i, 1); |
791 | $dec = ord($c); |
792 | $dec = ord($c); |
792 | 793 | ||
793 | $length++; |
794 | $length++; |
794 | 795 | ||
795 | if ($dec == 32) { |
796 | if ($dec == 32) { |
796 | // space occurring at end of line, need to encode |
797 | // space occurring at end of line, need to encode |
797 | if (($i == ($linlen - 1))) { |
798 | if (($i == ($linlen - 1))) { |
798 | $c = "=20"; |
799 | $c = "=20"; |
799 | $length += 2; |
800 | $length += 2; |
800 | } |
801 | } |
801 | 802 | ||
802 | $addtl_chars = 0; |
803 | $addtl_chars = 0; |
803 | $whitespace_pos = $i; |
804 | $whitespace_pos = $i; |
804 | } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { |
805 | } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { |
805 | $h2 = floor($dec/16); $h1 = floor($dec%16); |
806 | $h2 = floor($dec/16); $h1 = floor($dec%16); |
806 | $c = $escape . $hex[$h2] . $hex[$h1]; |
807 | $c = $escape . $hex[$h2] . $hex[$h1]; |
807 | $length += 2; |
808 | $length += 2; |
808 | $addtl_chars += 2; |
809 | $addtl_chars += 2; |
809 | } |
810 | } |
810 | 811 | ||
811 | // length for wordwrap exceeded, get a newline into the text |
812 | // length for wordwrap exceeded, get a newline into the text |
812 | if ($length >= $line_max) { |
813 | if ($length >= $line_max) { |
813 | $cur_conv_line .= $c; |
814 | $cur_conv_line .= $c; |
814 | 815 | ||
815 | // read only up to the whitespace for the current line |
816 | // read only up to the whitespace for the current line |
816 | $whitesp_diff = $i - $whitespace_pos + $addtl_chars; |
817 | $whitesp_diff = $i - $whitespace_pos + $addtl_chars; |
817 | 818 | ||
818 | /* the text after the whitespace will have to be read |
819 | /* the text after the whitespace will have to be read |
819 | * again ( + any additional characters that came into |
820 | * again ( + any additional characters that came into |
820 | * existence as a result of the encoding process after the whitespace) |
821 | * existence as a result of the encoding process after the whitespace) |
821 | * |
822 | * |
822 | * Also, do not start at 0, if there was *no* whitespace in |
823 | * Also, do not start at 0, if there was *no* whitespace in |
823 | * the whole line */ |
824 | * the whole line */ |
824 | if (($i + $addtl_chars) > $whitesp_diff) { |
825 | if (($i + $addtl_chars) > $whitesp_diff) { |
825 | $output .= substr($cur_conv_line, 0, (strlen($cur_conv_line) - $whitesp_diff)) . $linebreak; |
826 | $output .= substr($cur_conv_line, 0, (strlen($cur_conv_line) - $whitesp_diff)) . $linebreak; |
826 | $i = $i - $whitesp_diff + $addtl_chars; |
827 | $i = $i - $whitesp_diff + $addtl_chars; |
827 | } else { |
828 | } else { |
828 | $output .= $cur_conv_line . $linebreak; |
829 | $output .= $cur_conv_line . $linebreak; |
829 | } |
830 | } |
830 | 831 | ||
831 | $cur_conv_line = ""; |
832 | $cur_conv_line = ""; |
832 | $length = 0; |
833 | $length = 0; |
833 | $whitespace_pos = 0; |
834 | $whitespace_pos = 0; |
834 | } else { |
835 | } else { |
835 | // length for wordwrap not reached, continue reading |
836 | // length for wordwrap not reached, continue reading |
836 | $cur_conv_line .= $c; |
837 | $cur_conv_line .= $c; |
837 | } |
838 | } |
838 | } // end of for |
839 | } // end of for |
839 | 840 | ||
840 | $length = 0; |
841 | $length = 0; |
841 | $whitespace_pos = 0; |
842 | $whitespace_pos = 0; |
842 | $output .= $cur_conv_line; |
843 | $output .= $cur_conv_line; |
843 | $cur_conv_line = ""; |
844 | $cur_conv_line = ""; |
844 | 845 | ||
845 | if ($j<=count($lines)-1) { |
846 | if ($j<=count($lines)-1) { |
846 | $output .= $linebreak; |
847 | $output .= $linebreak; |
847 | } |
848 | } |
848 | } // end for |
849 | } // end for |
849 | 850 | ||
850 | return trim($output); |
851 | return trim($output); |
851 | } // end quoted_printable_encode |
852 | } // end quoted_printable_encode |
852 | 853 |