diff options
Diffstat (limited to 'utils/guestbook.php')
| -rw-r--r-- | utils/guestbook.php | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/utils/guestbook.php b/utils/guestbook.php new file mode 100644 index 0000000..ca9cd81 --- /dev/null +++ b/utils/guestbook.php @@ -0,0 +1,169 @@ +<?php +class GuestbookEntry { + public $remoteaddr; + public $title; + public $email; + public $time; + public $text; + + public function GuestbookEntry($title, $email, $time, $remoteaddr, $text) { + $this->title = $title; + $this->email = $email; + $this->time = $time; + $this->remoteaddr = $remoteaddr; + $this->text = $text; + } + + public function show() + { + echo "<div class=\"guestbook_entry\">\n"; + echo " <div class=\"guestbook_name\">" . $this->title . "</div>\n"; + echo " <div class=\"guestbook_time\">" . date("D M jS Y G:i", $this->time) . "</div>\n"; + echo " <div class=\"guestbook_email\">" . str_replace("@", "(A)", $this->email) . "</div>\n"; + echo " <div class=\"guestbook_text\">" . $this->text . "</div>\n"; + echo "</div>\n"; + } +} + +class Guestbook { + private $file; + private $guestbook = array(); + + public function add($entry) { + $key = $entry->time; + $this->guestbook[$key] = $entry; + } + + public function write() + { + $fp = fopen($this->file, "w"); + fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"); + + fwrite($fp, "<guestbook>\n"); + foreach($this->guestbook as $entry) { + fwrite($fp, " <entry name=\"" . + htmlspecialchars($entry->title, ENT_QUOTES, "UTF-8") . "\"\n"); + fwrite($fp, " time=\"" . $entry->time . "\"\n"); + fwrite($fp, " email=\"" . + htmlspecialchars($entry->email, ENT_QUOTES, "UTF-8") . "\"\n"); + fwrite($fp, " remoteaddr=\"" . + htmlspecialchars($entry->remoteaddr, ENT_QUOTES, "UTF-8") . "\"\n"); + fwrite($fp, " text=\"" . + htmlspecialchars($entry->text, ENT_QUOTES, "UTF-8") . "\">\n"); + fwrite($fp, " </entry>\n"); + } + fwrite($fp, "</guestbook>\n"); + + fclose($fp); + } + + public function show($number) + { + // If number is -1 show all shows. + if($number == -1) $number = 100000; + + foreach($this->guestbook as $entry) { + $entry->show(); + $number--; + if(!$number) return; + } + } + + private function read() + { + + $dom = new DomDocument; + $dom->preserveWhiteSpace = FALSE; + $dom->load($this->file); + $params = $dom->getElementsByTagName('entry'); + + foreach ($params as $param) { + $entry = new GuestbookEntry($param->getAttribute('name'), + $param->getAttribute('email'), + $param->getAttribute('time'), + $param->getAttribute('remoteaddr'), + $param->getAttribute('text')); + + $this->add($entry); + } + + // Key sort + krsort($this->guestbook); + } + + public function Guestbook($file) + { + $this->file = $file; + $this->read(); + } +} + +function filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden) +{ + global $_SERVER; + + // First filter known bad IPs + $spammers = array("85.255.118.10", + "216.32.84.82", + "220.226.63.254"); + $ip = $_SERVER['REMOTE_ADDR']; + foreach($spammers as $spamip) { + if($ip == $spamip) { + // echo "Go away evil spammer!!!!"; + return false;//die(1); + } + } + + // Bot catcher! + if($name || $email || $message) return false;//$spam .= "BOTCatch\n"; + + $name = strip_tags($name_hidden); + $email = strip_tags($email_hidden); + if($name == "" && $email == "") return false;//$spam .= "Empty name and mail\n"; + if($name == "") $name = "Name unknown"; + if($email == "") $email = "Email unknown"; + + $message = strip_tags($message_hidden); + + // Banned words + if(stristr($message, "incest")) return false;//$spam .= "Contained word 'incest'\n"; + if(stristr($message, "estate")) return false;//$spam .= "Contained word 'estate'\n"; + if(stristr($message, "phentermine")) return false;//$spam .= "Contained word 'phentermine'\n"; + if(stristr($message, "viagra")) return false;//$spam .= "Contained word 'viagra'\n"; + if(stristr($message, "ringtones")) return false;//$spam .= "Contained word 'ringtones'\n"; + //if(stristr($message, "vaginal")) return false;//$spam .= "Contained word 'vaginal'\n"; + if(stristr($message, "messed up in the email of mine")) return false;//$spam .= "Contained words 'messed up in the email of mine'\n"; + if(stristr($message, "ambien")) return false;//$spam .= "Contained word 'ambien'\n"; + if(stristr($message, "dating")) return false;//$spam .= "Contained word 'dating'\n"; + if(stristr($message, "levitra")) return false;//$spam .= "Contained word 'levitra'\n"; + //if(stristr($message, "myspace")) return false;//$spam .= "Contained word 'myspace'\n"; + + if($message == "") return false;//$spam .= "Empty message\n"; + $date = date("r"); + //if(strstr($message, "http://")) return false;//$spam .= "Contains URL\n"; + + // Message is not SPAM + return true; +} + +// +// INIT CODE: +// +if($page == "guestbook" && $action == "post" && + !filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden)) { +//!strstr($_SERVER['HTTP_REFERER'], "guestbook")) { + header("HTTP/1.0 404 Not Found"); +?> +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> +<html><head> +<title>404 Not Found</title> +</head><body> +<h1>Not Found</h1> +<p>The requested URL /?page=guestbook was not found on this server.</p> +<hr> +<address>Apache/2.0.58 (Gentoo) mod_ssl/2.0.58 OpenSSL/0.9.7j PHP/5.1.6-pl6-gentoo Server at www.executionroom.com Port 80</address> +</body></html> +<?php + exit(404); +} +?>
\ No newline at end of file |