0) { $fieldNames=array(); $fieldNames[]='id'; $fieldNames[]='dateAndTime'; $fieldNames[]='name'; $fieldNames[]='email'; $fieldNames[]='homepage'; $fieldNames[]='location'; $fieldNames[]='comments'; $fieldNames[]='ip'; $fieldNames[]='private'; $fieldNames[]='reply'; $fieldNames[]='extraField1'; $fieldNames[]='extraField2'; $fieldNames[]='extraField3'; $fieldNames[]='extraField4'; $fieldNames[]='extraField5'; if(isset($_SERVER['REMOTE_ADDR'])) { $HTTP_POST_VARS['ip']=$_SERVER['REMOTE_ADDR']; } $HTTP_POST_VARS['id']=getID(); incrementID(); foreach($fieldNames as $value) { if(!isset($HTTP_POST_VARS[$value])) { $HTTP_POST_VARS[$value]=''; } $HTTP_POST_VARS[$value]=trim($HTTP_POST_VARS[$value]); $HTTP_POST_VARS[$value]=cleanFormData($HTTP_POST_VARS[$value]); } if($HTTP_POST_VARS['private']!=1) { $HTTP_POST_VARS['private']=0; } /*Build error page.***************************************************/ $error=0; $errorString=getErrorHeaderTemplate(); /*Check for missing required fields.**********************************/ $missingField=0; $fields=new PYGLIST('fields.php'); $perErrorTemplate=getPerErrorTemplate(); foreach($fields->list as $value) { $data=explode('',$value); if(strlen($HTTP_POST_VARS[$data[0]])==0&&$data[1]==1) { $missingField=1; /* Pre-1.0.8 ****************************************** $errorString.=str_replace( '', $data[0].' field is required!', $perErrorTemplate ); ******************************************************/ $error=1; } } if($missingField==1) { $errorString.=str_replace( '', getRequiredFieldError(), $perErrorTemplate ); } $fields->destructor(); /*END: Check for missing required fields.*****************************/ /*Check for maximum entry length being exceeded.**********************/ $maxEntryLength=getMaxEntryLength(); if($maxEntryLength>0) { $entryString=""; foreach($fieldNames as $fieldName) { $entryString.=$HTTP_POST_VARS[$fieldName]; } if($maxEntryLength', 'The maximum entry length of '.$maxEntryLength.' characters was exceeded!', $perErrorTemplate ); ******************************************************/ $error=1; $errorString.=str_replace( '', getLongEntryError(), $perErrorTemplate ); } } /*END: Check for maximum entry length being exceeded.*****************/ /*Check for submissions from banned I.P.'s.***************************/ $bannedIPList=new PYGList('banned.php'); foreach($bannedIPList->list as $value) { if(strcmp($value,$HTTP_POST_VARS['ip'])==0) { /* Pre-1.0.8 ****************************************** $errorString.=str_replace( '', 'Submissions from your I.P. address ('.$value.') are not allowed!', $perErrorTemplate ); ******************************************************/ $error=1; $errorString.=str_replace( '', getIPError(), $perErrorTemplate ); } } $bannedIPList->destructor(); /*END: Check for submissions from banned I.P.'s.**********************/ /*Check for bad words being submitted.********************************/ $foundBadWord=0; $badWordList=new PYGList('badWords.php'); $words=array(); foreach($fieldNames as $value) { $words=explode(' ',$HTTP_POST_VARS[$value]); foreach($words as $word) { foreach($badWordList->list as $badWord) { if(strcmp(strtolower($word),strtolower($badWord))==0) { /* Pre-1.0.8 ************************** $errorString.=str_replace( '', "'".$word."'".' is not allowed!', $perErrorTemplate ); **************************************/ $error=1; $foundBadWord=1; } } } } if($foundBadWord==1) { $errorString.=str_replace( '', getBadWordError(), $perErrorTemplate ); } $badWordList->destructor(); /*END: Check for bad words being submitted.***************************/ /*Check for bad strings being submitted.******************************/ $foundBadString=0; $badStringList= new PYGList('badStrings.php'); foreach($fieldNames as $value) { foreach($badStringList->list as $badString) { if(is_integer(strpos($HTTP_POST_VARS[$value],$badString))) { /* Pre-1.0.8 ********************************** $errorString.=str_replace( '', "'".$badString."'".' is not allowed!', $perErrorTemplate ); **********************************************/ $error=1; $foundBadString=1; } } } if($foundBadString==1) { $errorString.=str_replace( '', getBadStringError(), $perErrorTemplate ); } $badStringList->destructor(); /*END: Check for bad strings being submitted.*************************/ $errorString.=getErrorFooterTemplate(); $errorString=str_replace('',$title,$errorString); $errorString=str_replace('Purple Yin Guestbook Version 1.0.0',$title,$errorString); $errorString=str_replace('Purple Yin Guestbook Version 1.0.1',$title,$errorString); /*END: Build error page.**********************************************/ /*Remove "http://" from URL's.****************************************/ if(strncasecmp('http://',$HTTP_POST_VARS['homepage'],7)==0) { $HTTP_POST_VARS['homepage']=str_replace( substr($HTTP_POST_VARS['homepage'],0,7), '', $HTTP_POST_VARS['homepage'] ); } /*END: Remove "http://" from URL's.***********************************/ /*Get date and time info.*********************************************/ $now=getdate(time()+(3600*getTimeOffset())); $HTTP_POST_VARS['dateAndTime']= $now['mon'].'.'. $now['wday'].'.'. $now['mday'].'.'. $now['year'].'.'. $now['hours'].'.'. $now['minutes'].'.'. $now['seconds'] ; /*END: Get date and time info.****************************************/ foreach($fieldNames as $value) { $HTTP_POST_VARS[$value]= str_replace("\r\n",'
',htmlentities($HTTP_POST_VARS[$value])) ; } /*Either print errors or add entry to database.***********************/ if($error==1) { print($errorString); } else { if(getEmailNotification()==1) { $message= str_replace('
',"\r\n",$HTTP_POST_VARS['name'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['email'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['homepage'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['location'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['comments'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['extraField1'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['extraField2'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['extraField3'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['extraField4'])."\r\n\r\n". str_replace('
',"\r\n",$HTTP_POST_VARS['extraField5'])."\r\n\r\n" ; if($HTTP_POST_VARS['private']==1) { $message.="private\r\n\r\n"; } mail( getAdminEmail(), "New Guestbook Entry Notification", $message, "From: Purple@Yin.Guestbook\r\n" ); } /*Make sure reply is not submitted.***************************/ $HTTP_POST_VARS[$fieldNames[9]]=""; /*END: Make sure reply is not submitted.**********************/ addRow( $HTTP_POST_VARS[$fieldNames[0]], $HTTP_POST_VARS[$fieldNames[1]], $HTTP_POST_VARS[$fieldNames[2]], $HTTP_POST_VARS[$fieldNames[3]], $HTTP_POST_VARS[$fieldNames[4]], $HTTP_POST_VARS[$fieldNames[5]], $HTTP_POST_VARS[$fieldNames[6]], $HTTP_POST_VARS[$fieldNames[7]], $HTTP_POST_VARS[$fieldNames[8]], $HTTP_POST_VARS[$fieldNames[9]], $HTTP_POST_VARS[$fieldNames[10]], $HTTP_POST_VARS[$fieldNames[11]], $HTTP_POST_VARS[$fieldNames[12]], $HTTP_POST_VARS[$fieldNames[13]], $HTTP_POST_VARS[$fieldNames[14]] ); header("Location: view.php"); } /*END: Either print errors or add entry to database.******************/ } else { header("Location: sign.php"); } ?>