1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
<?php
class GuestbookEntry {
public $remoteaddr;
public $title;
public $email;
public $time;
public $text;
public function GuestbookEntry($title, $email, $time, $remoteaddr, $text) {
$this->title = $title;
$this->email = $email;
$this->time = $time;
$this->remoteaddr = $remoteaddr;
$this->text = $text;
}
public function show()
{
echo "<div class=\"guestbook_entry\">\n";
echo " <div class=\"guestbook_name\">" . $this->title . "</div>\n";
echo " <div class=\"guestbook_time\">" . date("D M jS Y G:i", $this->time) . "</div>\n";
echo " <div class=\"guestbook_email\">" . str_replace("@", "(A)", $this->email) . "</div>\n";
echo " <div class=\"guestbook_text\">" . $this->text . "</div>\n";
echo "</div>\n";
}
}
class Guestbook {
private $file;
private $guestbook = array();
public function add($entry) {
$key = $entry->time;
$this->guestbook[$key] = $entry;
}
public function write()
{
$fp = fopen($this->file, "w");
fwrite($fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
fwrite($fp, "<guestbook>\n");
foreach($this->guestbook as $entry) {
fwrite($fp, " <entry name=\"" .
htmlspecialchars($entry->title, ENT_QUOTES, "UTF-8") . "\"\n");
fwrite($fp, " time=\"" . $entry->time . "\"\n");
fwrite($fp, " email=\"" .
htmlspecialchars($entry->email, ENT_QUOTES, "UTF-8") . "\"\n");
fwrite($fp, " remoteaddr=\"" .
htmlspecialchars($entry->remoteaddr, ENT_QUOTES, "UTF-8") . "\"\n");
fwrite($fp, " text=\"" .
htmlspecialchars($entry->text, ENT_QUOTES, "UTF-8") . "\">\n");
fwrite($fp, " </entry>\n");
}
fwrite($fp, "</guestbook>\n");
fclose($fp);
}
public function show($number)
{
// If number is -1 show all shows.
if($number == -1) $number = 100000;
foreach($this->guestbook as $entry) {
$entry->show();
$number--;
if(!$number) return;
}
}
private function read()
{
$dom = new DomDocument;
$dom->preserveWhiteSpace = FALSE;
$dom->load($this->file);
$params = $dom->getElementsByTagName('entry');
foreach ($params as $param) {
$entry = new GuestbookEntry($param->getAttribute('name'),
$param->getAttribute('email'),
$param->getAttribute('time'),
$param->getAttribute('remoteaddr'),
$param->getAttribute('text'));
$this->add($entry);
}
// Key sort
krsort($this->guestbook);
}
public function Guestbook($file)
{
$this->file = $file;
$this->read();
}
}
function filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden)
{
global $_SERVER;
// First filter known bad IPs
$spammers = array("85.255.118.10",
"216.32.84.82",
"220.226.63.254");
$ip = $_SERVER['REMOTE_ADDR'];
foreach($spammers as $spamip) {
if($ip == $spamip) {
// echo "Go away evil spammer!!!!";
return false;//die(1);
}
}
// Bot catcher!
if($name || $email || $message) return false;//$spam .= "BOTCatch\n";
$name = strip_tags($name_hidden);
$email = strip_tags($email_hidden);
if($name == "" && $email == "") return false;//$spam .= "Empty name and mail\n";
if($name == "") $name = "Name unknown";
if($email == "") $email = "Email unknown";
$message = strip_tags($message_hidden);
// Banned words
if(stristr($message, "incest")) return false;//$spam .= "Contained word 'incest'\n";
if(stristr($message, "estate")) return false;//$spam .= "Contained word 'estate'\n";
if(stristr($message, "phentermine")) return false;//$spam .= "Contained word 'phentermine'\n";
if(stristr($message, "viagra")) return false;//$spam .= "Contained word 'viagra'\n";
if(stristr($message, "ringtones")) return false;//$spam .= "Contained word 'ringtones'\n";
//if(stristr($message, "vaginal")) return false;//$spam .= "Contained word 'vaginal'\n";
if(stristr($message, "messed up in the email of mine")) return false;//$spam .= "Contained words 'messed up in the email of mine'\n";
if(stristr($message, "ambien")) return false;//$spam .= "Contained word 'ambien'\n";
if(stristr($message, "dating")) return false;//$spam .= "Contained word 'dating'\n";
if(stristr($message, "levitra")) return false;//$spam .= "Contained word 'levitra'\n";
//if(stristr($message, "myspace")) return false;//$spam .= "Contained word 'myspace'\n";
if($message == "") return false;//$spam .= "Empty message\n";
$date = date("r");
//if(strstr($message, "http://")) return false;//$spam .= "Contains URL\n";
// Message is not SPAM
return true;
}
//
// INIT CODE:
//
if($page == "guestbook" && $action == "post" &&
!filtermessage($name, $email, $message, $name_hidden, $email_hidden, $message_hidden)) {
//!strstr($_SERVER['HTTP_REFERER'], "guestbook")) {
header("HTTP/1.0 404 Not Found");
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /?page=guestbook was not found on this server.</p>
<hr>
<address>Apache/2.0.58 (Gentoo) mod_ssl/2.0.58 OpenSSL/0.9.7j PHP/5.1.6-pl6-gentoo Server at www.executionroom.com Port 80</address>
</body></html>
<?php
exit(404);
}
?>
|
