| px | top | add code | search | signup | login | help |
<?php
//******************************************************************
//
// PHP-mySQL GuestBook
// by Shane Caraveo (shane@caraveo.com)
//
// DO NOT EMAIL ME ASKING HOW TO SET THIS UP!
// I do not support this script in any way. If you fix a bug,
// or add a cool feature, let me know.
//
// use of this script means you recognize the fact that I am not
// responsible if this script blows up your machine (or causes
// any other problems).
//
// feel free to use and abuse this script in whatever
// form or fashion you feel fit.
//
// In somefile.php you need to have the following code:
//
// $user="shane"; // admin username
// $password="test"; // admin password
// $bookname="mybook"; // the name of the table within the mysql db
// $autodelete=0; //number of days before removal. 0 = disabled
// $notify=0; //notify via email new postings 1=on 0=off
// $email=""; //address to notify
// require("guestbook.inc");
//
//
// accessing your guestbook page with ?admin gets you the admin logon
// which you use the above user and password to gain entry. The admin
// page is identical to the regular guestbook page except that it lets
// you delete entries.
//
//
// mysql table info:
//
// create table <tablename>(
// id int not null auto_increment,
// posted int not null,
// name char(50) not null,
// email char(40),
// company char(40),
// message text,
// index (posted),
// index (id)
// )\g
//
//
//******************************************************************
//******************************************************************
//initialize database info
//******************************************************************
$server="localhost"; //mysql server address
$dbname="guestbooks"; // mysql database name
$uid="guestbook"; // username for that database
$pwd="password"; // password for that database
$maxmessagelength=1024; //set to 0 if you dont care how long it gets
//******************************************************************
//no need to edit below this line
//******************************************************************
//******************************************************************
//check to see if admin login requested
//******************************************************************
if($argv[0]=="admin"){ //show login form
?>
<form action="<?php echo($PHP_SELF);?>" method="POST">
Login Name: <input type="Text" name="loginname"><br>
Password: <input type="Password" name="pword"><br>
<input type="Submit" value="Login">
</form>
<?php
//******************************************************************
}else{ //do guestbook
?>
<a href="#post">Sign the Guest Book</a><br>
<?php
//******************************************************************
//make connection to the database
//******************************************************************
$conn=mysql_connect($server,$uid,$pwd);
mysql_select_db($dbname, $conn);
//******************************************************************
//I know, it can be faked
//we'll skip db updates if not matched, but let them see the entries
//******************************************************************
if(eregi($PHP_SELF,$HTTP_REFERER)){
//******************************************************************
//if autodelete, delete old entries
//******************************************************************
if($autodelete){
$sql="delete from $bookname where posted<".
(time()-($autodelete * 86400));
mysql_query($sql,$conn);
}
//******************************************************************
//Are deleting an entry?
//******************************************************************
if($d>0){
$sql="delete from $bookname where id=$d";
mysql_query($sql,$conn);
}
//******************************************************************
// The most basic, easy to do post verification
// can be faked by someone with knowhow, but so is life.
// lets over-write some variables from the postvars to be sure
// they were at least done via post method.
//******************************************************************
$name=$email=$company=$message=$loginname=$pword="";
while(list($header,$value)=each($HTTP_POST_VARS)){
eval("$".$header."=\"$value\";");
}
//******************************************************************
//check to see if admin logged in
//******************************************************************
$isadmin=0;
if($loginname==$user && $pword==$password)$isadmin=1;
//******************************************************************
//Are posting a new entry?
//******************************************************************
if($action=="Submit"){
if($maxmessagelength && strlen($message)>$maxmessagelength){
echo("<p>Your message is too long, please click on your back ".
"button and shorten the message. Thank You!</p>");
}else{
if($name && $email && $company && $message){
$sql="insert into $bookname (posted,name,email,company,message) ".
"values (".time().",'".addslashes($name)."', ".
"'".addslashes($email)."', '".addslashes($company)."', ".
"'".addslashes($message)."')";
$result=mysql_query($sql,$conn);
if(!$result){
echo("There was an error! ".mysql_errno().": ".mysql_error());
}else{
echo('<center><p><b>Thank you for signing our guestbook!</b></p></center>');
//notify via email
if($notify){
$emailmessage="Your guestbook has been signed:\n\n".
"By: $name\nemail: $email\nCompany: $company\n".
"Message:\n$message\n\n";
mail($email,"Guestbook Notification",$emailmessage);
}
}
}else{
?>
<p>You didn't fill in all the form variables, please click
on your browsers back button now, and complete the form.
Thank You!</p>
<?php
}
}
}
//******************************************************************
}//end HTTP_REFERER check
//******************************************************************
//show guestbook entries
//******************************************************************
$sql="select id,name,email,company,posted,message from $bookname order by posted desc";
if(($result=mysql_query($sql,$conn))){
while(($rs=mysql_fetch_array($result))){
echo('<hr><p>');
if($isadmin){?>
<form action="<?php echo($PHP_SELF);?>" method="POST">
<input type="hidden" name="loginname" value="<?php echo($loginname);?>">
<input type="hidden" name="password" value="<?php echo($password);?>">
<input type="hidden" name="d" value="<?php echo($rs[0]);?>">
<input type="Submit" value="Delete"><br>
<?php }
echo("Name: <b>$rs[1]</b><br>\n");
echo("Email: <a href=\"mailto:$rs[2]\">$rs[2]</a><br>\n");
echo("Company: $rs[3]<br>\n");
echo("Date: ".date("m-d-Y",$rs[4])."<br>\n");
echo("Message:<br>$rs[5]</p>");
if($isadmin)echo('</form>');
}
mysql_freeresult($result);
}else{
echo("There was an error! ".mysql_errno().": ".mysql_error());
}
//******************************************************************
//shutdown database connection
//******************************************************************
mysql_close($conn);
?>
<hr>
<a name="post"><b>Please sign our Guest Book</b></a><br>
<form action="<?php echo($PHP_SELF);?>" method="POST">
Name: <input type="Text" name="name" size="40" maxlength="50"><br>
Email: <input type="Text" name="email" size="35" maxlength="40"><br>
Company: <input type="Text" name="company" size="35" maxlength="40"><br>
Message:<br>
<textarea name="message" cols="40" rows="8" wrap="PHYSICAL"></textarea><br>
<input type="Submit" name="action" value="Submit">
<input type="reset">
</form>
<hr>
<?php
//******************************************************************
} //end guestbook
//******************************************************************
?>
Comments or questions?
PX is running PHP 5.2.11
Thanks to Miranda Productions for hosting and bandwidth.
Use of any code from PX is at your own risk.