<?php
class GuestbookEntry {
	public $remoteaddr;
	public $title;
	public $email;
	public $time;
	public $text;

	public function GuestbookEntry($title, $email, $time, $remoteaddr, $text) {
		$this->title = $title;
		$this->email = $email;
		$this->time = $time;
		$this->remoteaddr = $remoteaddr;
		$this->text = $text;
	}

	public function show()
	{
		echo "<div class=\"guestbook_entry\">\n";
		echo "  <div class=\"guestbook_name\">" . $this->title . "</div>\n";
		echo "  <div class=\"guestbook_time\">" . date("D M jS Y G:i", $this->time) . "</div>\n";
		echo "  <div class=\"guestbook_email\">" . str_replace("@", "(A)", $this->email) . "</div>\n";
		echo "  <div class=\"guestbook_text\">" . $this->text . "</div>\n";
		echo "</div>\n";
	}
}

class Guestbook {
	private $file;
	private $guestbook = array();

	public function add($entry) {
		$key = $entry->time;
		$this->guestbook[$key] = $entry;
	}

	public function write()
	{
		$fp = fopen($this->file, "w");
		fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");

		fwrite($fp, "<guestbook>\n");
		foreach($this->guestbook as $entry) {
			fwrite($fp, "  <entry name=\"" .
						 htmlspecialchars($entry->title, ENT_QUOTES, "UTF-8") . "\"\n");
			fwrite($fp, "         time=\"" . $entry->time . "\"\n");
 			fwrite($fp, "         email=\"" .
						 htmlspecialchars($entry->email, ENT_QUOTES, "UTF-8") . "\"\n");
 			fwrite($fp, "         remoteaddr=\"" .
						 htmlspecialchars($entry->remoteaddr, ENT_QUOTES, "UTF-8") . "\"\n");
 			fwrite($fp, "         text=\"" .
						 htmlspecialchars($entry->text, ENT_QUOTES, "UTF-8") . "\">\n");
			fwrite($fp, "  </entry>\n");
		}
		fwrite($fp, "</guestbook>\n");

		fclose($fp);
	}

	public function show($number)
	{
		// If number is -1 show all shows.
		if($number == -1) $number = 100000;
		
		foreach($this->guestbook as $entry) {
			$entry->show();
			$number--;
			if(!$number) return;
		}
	}

	private function read()
	{

		$dom = new DomDocument;
		$dom->preserveWhiteSpace = FALSE;
		$dom->load($this->file);
		$params = $dom->getElementsByTagName('entry');

		foreach ($params as $param) {
			$entry = new GuestbookEntry($param->getAttribute('name'),
																	$param->getAttribute('email'),
																	$param->getAttribute('time'),
																	$param->getAttribute('remoteaddr'),
																	$param->getAttribute('text'));

			$this->add($entry);
		}
		
		// Key sort
		krsort($this->guestbook);
	}

	public function Guestbook($file)
	{
		$this->file = $file;
		$this->read();
	}
}

function filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden)
{
	global $_SERVER;

	// First filter known bad IPs
	$spammers = array("85.255.118.10",
										"216.32.84.82",
										"220.226.63.254");
	$ip = $_SERVER['REMOTE_ADDR'];
	foreach($spammers as $spamip) {
		if($ip == $spamip) {
			//		echo "Go away evil spammer!!!!";
			return false;//die(1);
		}
	}

	// Bot catcher!
	if($name || $email || $message) return false;//$spam .= "BOTCatch\n";
	
	$name = strip_tags($name_hidden);
	$email = strip_tags($email_hidden);
	if($name == "" && $email == "") return false;//$spam .= "Empty name and mail\n";
	if($name == "") $name = "Name unknown";
	if($email == "") $email = "Email unknown";
	
	$message = strip_tags($message_hidden);
	
	// Banned words
	if(stristr($message, "incest")) return false;//$spam .= "Contained word 'incest'\n";
	if(stristr($message, "estate")) return false;//$spam .= "Contained word 'estate'\n";
	if(stristr($message, "phentermine")) return false;//$spam .= "Contained word 'phentermine'\n";
	if(stristr($message, "viagra")) return false;//$spam .= "Contained word 'viagra'\n";
	if(stristr($message, "ringtones")) return false;//$spam .= "Contained word 'ringtones'\n";
	//if(stristr($message, "vaginal")) return false;//$spam .= "Contained word 'vaginal'\n";
	if(stristr($message, "messed up in the email of mine")) return false;//$spam .= "Contained words 'messed up in the email of mine'\n";
	if(stristr($message, "ambien")) return false;//$spam .= "Contained word 'ambien'\n";
	if(stristr($message, "dating")) return false;//$spam .= "Contained word 'dating'\n";
	if(stristr($message, "levitra")) return false;//$spam .= "Contained word 'levitra'\n";
	//if(stristr($message, "myspace")) return false;//$spam .= "Contained word 'myspace'\n";
	
	if($message == "") return false;//$spam .= "Empty message\n";
	$date = date("r");
	//if(strstr($message, "http://")) return false;//$spam .= "Contains URL\n";

	// Message is not SPAM
	return true;
}

//
// INIT CODE:
//
if($page == "guestbook" && $action == "post" && 
	 !filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden)) {
//!strstr($_SERVER['HTTP_REFERER'], "guestbook")) {
	header("HTTP/1.0 404 Not Found");
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /?page=guestbook was not found on this server.</p>
<hr>
<address>Apache/2.0.58 (Gentoo) mod_ssl/2.0.58 OpenSSL/0.9.7j PHP/5.1.6-pl6-gentoo Server at www.executionroom.com Port 80</address>
</body></html>
<?php
	exit(404);
} 
?>