<?php
# Copyright by: Manuel
# Support: www.ilch.de
defined ('main') or die ( 'no direct access' );
$title = $allgAr['title'].' :: Gästebuch';
$hmenu = 'Gästebuch';
$design = new design ( $title , $hmenu );
$design->header();
include "include/includes/class/antispam.php";
# time sperre in sekunden
$timeSperre = $allgAr['Gsperre'];
switch($um) {
case 1 :
$tpl = new tpl ( 'gbook.htm' );
$ar = array ('ANTISPAM' => get_antispam ('gbook', 1), 'SMILIES' => getsmilies() , 'TXTL' => $allgAr['Gtxtl']);
$tpl->set_ar_out($ar,4);
break;
case 2 :
if(chk_antispam ('gbook' ) != false) {
if( trim($_POST['name']) != "" AND trim($_POST['txt']) != "") {
if ( strlen ($_POST['txt']) <= $allgAr['Gtxtl'] ) {
$timeSperre = time() - $timeSperre;
$abf = 'SELECT id FROM prefix_gbook WHERE time > "'.$timeSperre.'" AND ip = "'.$_SERVER['REMOTE_ADDR'].'"';
$erg = db_query($abf) or die (db_error() );
if ( db_num_rows($erg) == 0 ) {
$txt = escape($_POST['txt'], 'textarea');
$name = escape($_POST['name'], 'string');
$mail = escape($_POST['mail'], 'string');
$page = escape($_POST['page'], 'string');
db_query('INSERT INTO prefix_gbook
VALUES
(
"",
"'.$name.'",
"'.$mail.'",
"'.$page.'",
"'.time().'",
"'.$_SERVER['REMOTE_ADDR'].'",
"'.$txt.'"
) ' );
wd('?m=gbook','Eintrag erfolgreich eingetragen');
} else {
echo 'Bitte nicht so oft schreiben, ein Beitrag sollte ja reichen.';
}
} else {
echo 'Der Text ist länger als '.$allgAr['Gtxtl'].' erlaubte Zeichen';
}
} else {
echo 'Bitte einen Namen und einen Text eingeben';
}} else {
echo 'Sicherheitscode ist falsch';
}
break;
case 3 :
if ( $_SESSION['authright'] == -5 ) {
if ( empty ($_GET['del_ok']) ) {
echo '<form action="?m=gbook&um=3&del_ok=1" method="POST">';
$i = 0;
foreach ($_POST as $key => $a) {
if ( ereg ('del', $key) ) {
$i++;
echo '<input type="hidden" name="del'.$a.'" value="'.$a.'">';
}
}
echo '<br>Wollen Sie ';
if ($i > 1) { echo 'die ('.$i.') Beiträge ';
} else { echo 'den Beitrag '; }
echo 'wirklich löschen ?<br><br>
<input type="submit" value=" Ja "> <input type="button" value="Nein" onclick="document.location.href =\'?m=gbook\'"></form>';
} else {
$i = 0;
foreach ($_POST as $key => $a) {
if ( ereg ('del', $key) ) {
db_query("DELETE FROM prefix_gbook WHERE id = '".$a."'");
$i++;
}
}
echo 'Es wurd';
if ($i > 1) { echo 'en ('.$i.') Beiträge ';
} else { echo 'e ein Beitrag '; }
echo 'erfolgreich gelöscht <br /><br /><a href="?m=gbook">zum Gästebuch</a>';
}
} else {
header ('location: ?m=gbook');
}
break;
default :
$limit = $allgAr['gbook_posts_per_site'];
if(empty($_GET['page'])) { $_GET['page'] = 1; }
$MPL = db_make_sites ($_GET['page'] , "" , $limit , "?m=gbook" , 'gbook' );
$anfang = ($_GET['page'] - 1) * $limit;
$tpl = new tpl ( 'gbook.htm' );
$ei1 = @db_query("SELECT COUNT(ID) FROM prefix_gbook");
$ein = @db_result($ei1,0);
if ( check_rights(array(),'gbook') ) {
$type = 'checkbox';
$form = '<form action="?m=gbook&um=3" method="POST" name="form">';
$admin_check = true;
} else {
$admin_check = false;
$form = '';
$type = 'hidden';
}
$ar = array ('EINTRAGE' => $ein, 'FORM' => $form );
$tpl->set_ar_out($ar,0);
$erg = db_query("SELECT * FROM prefix_gbook ORDER BY time DESC LIMIT ".$anfang.",".$limit) or die (db_error());
while ($row = db_fetch_object($erg)) {
if ($row->page) {
if (substr($row->page,0,7) == 'http://') { $page = ' <a href="'.$row->page.'" target="_blank"><img src="include/images/icons/page.gif" border="0" alt="Homepage von '.$row->name.'"></a>';
} else {
$page = ' <a href="http://'.$row->page.'" target="_blank"><img src="include/images/icons/page.gif" border="0" alt="Homepage von '.$row->name.'"></a>'; }
} else {
$page = '';
}
if ($row->mail) {
$mail = ' <a href="mailto:'.$row->mail.'"><img src="include/images/icons/mail.gif" border="0" alt="E-Mail von '.$row->name.'"></a>';
} else { $mail = ''; }
$ar = array ( 'NAME' => $row->name,
'DATE' => date("d.m.Y",$row->time),
'MAIL' => $mail,
'ID' => $row->id,
'TYPE' => $type,
'PAGE' => $page,
'TEXT' => BBCode($row->txt)
);
$tpl->set_ar_out($ar,1);
}
$tpl->set_out('SITELINK', $MPL, 2 );
if ( $admin_check ) {
$tpl->out(3);
}
break;
}
$design->footer();
?>
