readTemplateFromFile($vxg_root_path."template/".$template."/add_message.tpl"); $tpl->setVariable ("phpEx",$phpEx); $ERROR = ""; $REQFS = "*"; if ($_POST['addmessage']) { $poster_name = Get_Clean_Value(($_POST['poster_name'])); if(empty($ERROR) && (empty($poster_name) || strlen($poster_name) < 3)) { $ERROR = $lang['add_error_name']; } $poster_mail = Get_Clean_Value(($_POST['poster_mail'])); if(empty($ERROR) && (Get_Req_Value("poster_mail") == 1 || !empty($poster_mail))) { if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$poster_mail) || empty($poster_mail)) { $ERROR = $lang['add_error_mail']; } } $poster_location = Get_Clean_Value(($_POST['poster_location'])); if(empty($ERROR) && (Get_Req_Value("poster_location") == 1 || !empty($poster_location))) { if (empty($poster_location) || strlen($poster_location) < 3) { $ERROR = $lang['add_error_location']; } } $msn = Get_Clean_Value(($_POST['msn'])); if(empty($ERROR) && (Get_Req_Value("msn") == 1 || !empty($msn))) { if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$msn) || empty($msn)) { $ERROR = $lang['add_error_msn']; } } $aim = Get_Clean_Value(($_POST['aim'])); if(empty($ERROR) && (Get_Req_Value("aim") == 1 || !empty($aim))) { if (empty($aim)) { $ERROR = $lang['add_error_aim']; } } $yim = Get_Clean_Value(($_POST['yim'])); if(empty($ERROR) && (Get_Req_Value("yim") == 1 || !empty($yim))) { if (empty($yim)) { $ERROR = $lang['add_error_yim']; } } $icq = intval(Get_Clean_Value(($_POST['icq']))); if(empty($ERROR) && (Get_Req_Value("icq") == 1 || !empty($icq))) { if (empty($icq) || ($icq < 10000 || $icq > 999999999)) { $ERROR = $lang['add_error_icq']; } } $homepage = str_replace("http://","",Get_Clean_Value(($_POST['homepage']))); if(empty($ERROR) && (Get_Req_Value("homepage") == 1 || !empty($homepage))) { if (empty($homepage) || strlen($homepage) < 3) { $ERROR = $lang['add_error_homepage']; } } $gender = Get_Clean_Value(($_POST['gender'])); if(empty($ERROR) && (Get_Req_Value("gender") == 1 || !empty($gender))) { if (empty($gender) || ($gender != "M" && $gender != "F")) { $ERROR = $lang['add_error_gender']; } } $age = intval(Get_Clean_Value(($_POST['age']))); if(empty($ERROR) && (Get_Req_Value("age") == 1 || !empty($age))) { if (empty($age) || $age == 0 || $age > 100) { $ERROR = $lang['add_error_age']; } } $c_field_1 = Get_Clean_Value(($_POST['c_field_1'])); if(empty($ERROR) && (Get_Req_Value("c_field_1") == 1 || !empty($c_field_1))) { if (empty($c_field_1)) { $ERROR = $lang['add_error_cfield'] . " " . Get_Name_Value("c_field_1"); } } $c_field_2 = Get_Clean_Value(($_POST['c_field_2'])); if(empty($ERROR) && (Get_Req_Value("c_field_2") == 1 || !empty($c_field_2))) { if (empty($c_field_2)) { $ERROR = $lang['add_error_cfield'] . " " . Get_Name_Value("c_field_2"); } } $c_field_3 = Get_Clean_Value(($_POST['c_field_3'])); if(empty($ERROR) && (Get_Req_Value("c_field_3") == 1 || !empty($c_field_3))) { if (empty($c_field_3)) { $ERROR = $lang['add_error_cfield'] . " " . Get_Name_Value("c_field_3"); } } $c_field_4 = Get_Clean_Value(($_POST['c_field_4'])); if(empty($ERROR) && (Get_Req_Value("c_field_4") == 1 || !empty($c_field_4))) { if (empty($c_field_4)) { $ERROR = $lang['add_error_cfield'] . " " . Get_Name_Value("c_field_4"); } } $c_field_5 = Get_Clean_Value(($_POST['c_field_5'])); if(empty($ERROR) && (Get_Req_Value("c_field_5") == 1 || !empty($c_field_5))) { if (empty($c_field_5)) { $ERROR = $lang['add_error_cfield'] . " " . Get_Name_Value("c_field_5"); } } $captcha = quote_smart(Get_Clean_Value(($_POST['captcha']))); if (empty($ERROR) && Get_Value("captcha") == 1) { $tstamp = intval($_POST['tstamp']); $SQL = mysql_query("SELECT sval FROM ".$TABLE_PREFIX."sessions WHERE stime='".$tstamp."' AND sname='key' AND sval='".$captcha."'"); if (mysql_num_rows($SQL) < 1) { $ERROR = $lang['add_error_captcha']; } } // ******************************************************************** // ********* Clean Message Text Block ********* // ******************************************************************** if (empty($ERROR) && (Get_Value("allow_html") == 1)) { $message = strip_tags($_POST['message'],Get_Value("allowed_tags")); } else { $message = strip_tags($_POST['message']); } if (empty($ERROR) && (strlen($message) < Get_Value("min_len"))) { $ERROR = $lang['add_error_short']; } if (empty($ERROR) && (strlen($message) > Get_Value("max_len"))) { $ERROR = $lang['add_error_long']; } if (empty($ERROR) && (wordwrap_check($message,Get_Value("max_word_lenght"))) == 1) { $ERROR = $lang['add_error_lwords']; } if (empty($ERROR) && (Get_Value("word_censor") == 1)) { if (word_censor_check($message)) { $ERROR = $lang['add_error_censored'] . " " . word_censor_check($message); } } if (empty($ERROR) && bannedip_check($_SERVER['REMOTE_ADDR'])) { $ERROR = $lang['add_error_bannedip'] . " " . bannedip_check($_SERVER['REMOTE_ADDR']); } if (empty($ERROR) && !empty($poster_mail)) { if (bannedmail_check($poster_mail)) { $ERROR = $lang['add_error_bannedmail'] . " " . bannedmail_check($poster_mail); } } // ******************************************************************** // ********* Flood Control Block ********* // ******************************************************************** if (empty($ERROR) && flood_check($_SERVER['REMOTE_ADDR'])) { $ERROR = $lang['add_error_flood']; } if ($ERROR) { $tpl->setVariable ("MESSAGE",$ERROR); } else { $message = get_quotes($message); $admin_validation = Get_Value ("admin_valid"); if ($admin_validation != 0) { $validated = 0; } else { $validated = 1; } mysql_query ("INSERT INTO ".$TABLE_PREFIX."posts (date, text, poster, location, posteremail, msn, aim, yim, homepage, icq, useragent, gender, age, validated, c_field_1, c_field_2, c_field_3, c_field_4, c_field_5, pip) VALUES ( " . time() . ", '" . $message . "', '" . $poster_name . "', '" . $poster_location . "', '" . $poster_mail . "', '" . $msn . "', '" . $aim . "', '" . $yim . "', '" . $homepage . "', " . $icq . ", '" . $_SERVER['HTTP_USER_AGENT'] . "', '" . $gender . "', " . $age . ", " . $validated . ", '" . $c_field_1 . "', '" . $c_field_2 . "', '" . $c_field_3 . "', '" . $c_field_4 . "', '" . $c_field_5 . "', '" . $_SERVER['REMOTE_ADDR'] . "' )") or die (mysql_error()); $tpl->setVariable ("MESSAGE",$lang['add_noerror']); if (Get_Value("enot") == 1) { $headers = 'From: ' . Get_Value("admin_mail") . "\r\n" . 'Reply-To: ' . Get_Value("admin_mail") . "\r\n" . 'X-Mailer: PHP/ Free PHP VX Guestbook'; mail(Get_Value("admin_mail"), $lang['add_mail_subj'], $lang['add_mail_msg'] , $headers); } } } $tpl->setVariable ("view_guestbook",$lang['view_guestbook']); $tpl->setVariable ("add_message",$lang['add_message']); $tpl->setVariable ("add_name",$lang['add_name']); $tpl->setVariable ("vposter_name",$_REQUEST['poster_name']); if (Get_Value("poster_mail") == 1) { if (Get_Req_Value("poster_mail") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_mail",$rs." ".$lang['add_mail']); $tpl->setVariable ("vposter_mail",$_REQUEST['poster_mail']); $tpl->addBlock ("add_bemail"); } if (Get_Value("poster_location") == 1) { if (Get_Req_Value("poster_location") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_location",$rs." ".$lang['add_location']); $tpl->setVariable ("vposter_location",$_REQUEST['poster_location']); $tpl->addBlock ("add_blocation"); } if (Get_Value("msn") == 1) { if (Get_Req_Value("msn") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_msn",$rs." ".$lang['add_msn']); $tpl->setVariable ("vmsn",$_REQUEST['msn']); $tpl->addBlock ("add_bmsn"); } if (Get_Value("aim") == 1) { if (Get_Req_Value("aim") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_aim",$rs." ".$lang['add_aim']); $tpl->setVariable ("vaim",$_REQUEST['aim']); $tpl->addBlock ("add_baim"); } if (Get_Value("yim") == 1) { if (Get_Req_Value("yim") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_yim",$rs." ".$lang['add_yim']); $tpl->setVariable ("vyim",$_REQUEST['yim']); $tpl->addBlock ("add_byim"); } if (Get_Value("icq") == 1) { if (Get_Req_Value("icq") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_icq",$rs." ".$lang['add_icq']); $tpl->setVariable ("vicq",$_REQUEST['icq']); $tpl->addBlock ("add_bicq"); } if (Get_Value("homepage") == 1) { if (Get_Req_Value("homepage") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_homepage",$rs." ".$lang['add_homepage']); $tpl->setVariable ("vhomepage",$_REQUEST['homepage']); $tpl->addBlock ("add_bhomepage"); } if (Get_Value("gender") == 1) { if (Get_Req_Value("gender") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_gender",$rs." ".$lang['add_gender']); $tpl->setVariable ("add_gender_male",$lang['add_gender_male']); $tpl->setVariable ("add_gender_female",$lang['add_gender_female']); if ($_POST['gender'] == "M") { $tpl->setVariable ("vmgender","SELECTED") ; $tpl->setVariable ("vfgender","") ; } if ($_POST['gender'] == "F") { $tpl->setVariable ("vfgender","SELECTED") ; $tpl->setVariable ("vmgender","") ; } $tpl->addBlock ("add_bgender"); } if (Get_Value("age") == 1) { if (Get_Req_Value("age") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("add_age",$rs." ".$lang['add_age']); $tpl->setVariable ("vage",$_REQUEST['age']); $tpl->addBlock ("add_bage"); } if (Get_Value("c_field_1") == 1) { if (Get_Req_Value("c_field_1") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("c_field_1",$rs." ".Get_Name_Value("c_field_1")); $tpl->setVariable ("vc_field_1",$_REQUEST['c_field_1']); $tpl->addBlock ("add_bc_field_1"); } if (Get_Value("c_field_2") == 1) { if (Get_Req_Value("c_field_2") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("c_field_2",$rs." ".Get_Name_Value("c_field_2")); $tpl->setVariable ("vc_field_2",$_REQUEST['c_field_2']); $tpl->addBlock ("add_bc_field_2"); } if (Get_Value("c_field_3") == 1) { if (Get_Req_Value("c_field_3") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("c_field_3",$rs." ".Get_Name_Value("c_field_3")); $tpl->setVariable ("vc_field_3",$_REQUEST['c_field_3']); $tpl->addBlock ("add_bc_field_3"); } if (Get_Value("c_field_4") == 1) { if (Get_Req_Value("c_field_4") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("c_field_4",$rs." ".Get_Name_Value("c_field_4")); $tpl->setVariable ("vc_field_4",$_REQUEST['c_field_4']); $tpl->addBlock ("add_bc_field_4"); } if (Get_Value("c_field_5") == 1) { if (Get_Req_Value("c_field_5") == 1) { $rs = $REQFS; } else { $rs = ""; } $tpl->setVariable ("c_field_5",$rs." ".Get_Name_Value("c_field_5")); $tpl->setVariable ("vc_field_5",$_REQUEST['c_field_5']); $tpl->addBlock ("add_bc_field_5"); } if (Get_Value("captcha") == 1) { // Generate random text $Key = Make_Text(); $tstamp = time(); // Delete old keys from sessions table (15 mins) mysql_query("DELETE FROM ".$TABLE_PREFIX."sessions WHERE stime < '".(time()-900)."' AND sname='key'"); // Insert New Key to sessions table for current session mysql_query("INSERT INTO ".$TABLE_PREFIX."sessions (ip,stime,sname,sval) VALUES ('".$_SERVER['REMOTE_ADDR']."','".$tstamp."','key','".$Key."')"); $tpl->setVariable ("captcha",$lang['add_captcha']); $tpl->setVariable ("tstamp",$tstamp); $tpl->setVariable ("md5tstamp",md5($tstamp)); $tpl->setVariable ("key",md5($Key)); $tpl->addBlock ("add_bcaptcha"); } $tpl->setVariable ("add_message_text",$lang['add_message_text']); if (Get_Value("allow_html") == 1) { $tpl->setVariable ("add_html",$lang['add_html']); $tpl->setVariable ("allow_html",$lang['yes']); $tpl->setVariable ("add_html_tags",$lang['add_html_tags']); $tpl->setVariable ("allowed_tags",htmlspecialchars(Get_Value("allowed_tags"))); $tpl->addBlock ("add_bhtml"); } else { $tpl->setVariable ("add_html",$lang['add_html']); $tpl->setVariable ("allow_html",$lang['no']); $tpl->addBlock ("add_bhtml"); } $SQL = mysql_query ("SELECT * FROM " . $TABLE_PREFIX . "smilies"); while ($row = mysql_fetch_array($SQL)) { $tpl->setVariable ("add_emoticon",""); $tpl->addBlock ("add_bemoticons"); } $tpl->setVariable ("vmessage",$_REQUEST['message']); $tpl->setVariable ("REQFS",$REQFS." "); $tpl->setVariable ("add_req",$lang['add_req']); $tpl->generateOutput(); include('footer.' . $phpEx); ?>