]*>", "", $name); $email=addslashes($email); $email=ereg_replace("<[^>]*>", "", $email); $title=addslashes($title1); $title=ereg_replace("<[^>]*>", "", $title); $comment=addslashes($comment); $comment=ereg_replace("<[^>]*>", "", $comment); $query="UPDATE $dbTable set name='$name', email='$email', url='$url', title='$title1', "; $query.="comment='$comment', city='$city', state='$state', country='$country' WHERE id = '$record'"; $result=MYSQL_QUERY($query) or die(mysql_error()); $record=$id; $record=0; include("$header"); include "./gb_display.php"; include("$footer"); } } elseif ($action=="edit") { # EDIT RECORD include("$header"); include "./gb_post.php"; include("$footer"); } else { # SHOW GUESTBOOK include("$header"); include "./gb_display.php"; include("$footer"); } } else { if ($action=="post") { # GOTO POST NEW RECORD SCREEN include("$header"); include "./gb_post.php"; include("$footer"); } else if ($action=="down") { # PROBOOK DOWN include("$header"); #include "./gb_down.php"; echo ''; echo ''; echo '
'; echo ''; echo ''; echo ''; echo '
'; echo '

'.$ListDown.'


'; echo '
'; echo '
'; include("$footer"); } elseif ($action == "write") { if ($section == "post") { ########################## # VALIDATE POSTING ENTRY # ########################## $postpass=true; $posterrmsg=""; # CHECK MISSING NAME if ($name == ""){ $posterrmsg.="
  • $FormErrNameMsg
  • "; $postpass=false; } # CHECK MISSING CITY if ($city == ""){ $posterrmsg.="
  • $FormErrCityMsg
  • "; $postpass=false; } # CHECK MISSING COUNTRY if ($country == ""){ $posterrmsg.="
  • $FormErrCountryMsg
  • "; $postpass=false; } # CHECK MISSING COMMENT if ($comment == ""){ $posterrmsg.="
  • $FormErrCommentMsg
  • "; $postpass=false; } ######################## # CHECK BAD EMAIL LIST # ######################## $badfile=file("./bad_emails.cfg"); $bademails=array(); for($index=0; $index < count($badfile); $index++) { $str=$badfile[$index]; $str=trim($str); if (substr($str,0,1)!="#") { $bademails[]=$str; } } if(is_array($bademails)){ $cnt=count($bademails); for($index=0;$index<$cnt;$index++){ if(strstr(strtoupper($email), strtoupper($bademails[$index]) )){ $posterrmsg.="
  • $FormErrBannedMsg
  • "; $postpass=false; } } } ####################### # CHECK BAD WORD LIST # ####################### $badfile=file("./bad_words.cfg"); $badwords=array(); for($index=0; $index < count($badfile); $index++) { $str=$badfile[$index]; $str=trim($str); if (substr($str,0,1)!="#") { $badwords[]=$str; } } if(is_array($badwords)){ $cnt=count($badwords); for($index=0;$index<$cnt;$index++){ if( strstr( strtoupper($name), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($email), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($city), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($state), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($country), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($url), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($title), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } if( strstr( strtoupper($comment), strtoupper($badwords[$index]) )) { $posterrmsg.="
  • $badwords[$index] $FormErrBadWord
  • "; $postpass=false; } } } ####################### # CHECK BAD HOST LIST # ####################### $badfile=file("./bad_hosts.cfg"); $badhosts=array(); for($index=0; $index < count($badfile); $index++) { $str=$badfile[$index]; $str=trim($str); if (substr($str,0,1)!="#") { $badhosts[]=$str; } } if(!$host){ $host = getenv('REMOTE_HOST'); } if(!$host){ $host = getenv('REMOTE_ADDR'); } $host = @GetHostByAddr($host); if(is_array($badhosts)){ $cnt=count($badhosts); for($index=0;$index<$cnt;$index++){ if(ereg($badhosts[$index],$host)){ $posterrmsg.="
  • $FormErrBannedMsg
  • "; $postpass=false; } } } if (!$postpass) { include("$header"); include "./gb_post.php"; include("$footer"); exit(); } else { $section="writepost"; } } if ($section == "writepost") { ################# # SAVE NEW POST # ################# $name = addslashes($name); $name = ereg_replace("<[^>]*>", "", $name); $email = addslashes($email); $email = ereg_replace("<[^>]*>", "", $email); $title = addslashes($title1); $title = ereg_replace("<[^>]*>", "", $title); $comment = addslashes($comment); $comment = ereg_replace("<[^>]*>", "", $comment); $query = "INSERT INTO $dbTable (name,email,url,title,comment,host,date,time,city,state,country) VALUES('$name','$email','$url','$title','$comment','$hostid','$datestamp','$timestamp','$city','$state','$country')"; $result = MYSQL_QUERY($query) or die(mysql_error()); if ($notify == "yes"){ $mailmsg="----------------------------------\n"; $mailmsg.="Name: $name\n"; $mailmsg.="Email: $email\n"; $mailmsg.="Host: $hostid\n"; $mailmsg.="Date: $datestamp at $timestamp\n"; $mailmsg.="City: $city\n"; $mailmsg.="State: $state\n"; $mailmsg.="Country: $country\n"; $mailmsg.="URL: $url\n"; $mailmsg.="Title: $title\n"; $mailmsg.="\nComments:\n $comment\n"; $mailmsg.="----------------------------------\n"; mail("$AdminEmail","[PROBOOK] New Entry in Guestbook",$mailmsg, "From: $email\nX-Mailer: ProBook"); } $record=0; include("$header"); include "./gb_display.php"; include("$footer"); } } else { # SHOW GUESTBOOK include("$header"); include "./gb_display.php"; include("$footer"); } } ?>