/* KISGB - a Guest Book script written in PHP. Copyright (C) 2001-2002 Gaylen Fraley gfraley5@earthlink.net This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the License file for more details. */ require("config.php"); require("functions.php"); metaTags(); if ($HTTP_GET_VARS['tmp_theme']>'') $theme = $HTTP_GET_VARS['tmp_theme']; if ($HTTP_GET_VARS['tmp_lang']>'') $language = $HTTP_GET_VARS['tmp_lang']; if ($HTTP_POST_VARS['tmp_theme']>'') $theme = $HTTP_POST_VARS['tmp_theme']; if ($HTTP_POST_VARS['tmp_lang']>'') $language = $HTTP_POST_VARS['tmp_lang']; require("$path_to_themes/$theme"); require("$path_to_languages/$language"); if ($use_filter_file) require("filters.inc.php"); $action = empty($HTTP_GET_VARS['action'])?$HTTP_POST_VARS['action']:$HTTP_GET_VARS['action']; $msgid = $HTTP_GET_VARS['msgid']; $vpass = $HTTP_POST_VARS['vpass']; $msg = $HTTP_POST_VARS['msg']; if ($HTTP_GET_VARS['start']>'') $start = $HTTP_GET_VARS['start']; if ($HTTP_POST_VARS['start']>'') $start = $HTTP_POST_VARS['start']; $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; $submit = $HTTP_POST_VARS['submit']; ?>
js_getPointer(); ?> if (!isset($vpass)||$vpass="") { echo "\n"; if ($use_footer) require("footer.php"); exit; } #else if(isset($submit)||$vpass>"") { $vpass = $HTTP_POST_VARS['vpass']; $msgid = $HTTP_POST_VARS['msgid']; $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; $row = 0; $tmp_data = array(); $fp = fopen("$path_to_gb","r") or die("$unable_to_access_file_msg $path_to_gb"); for ($i=0;$i<16;$i++) { $j = $i+1; $head_array[$i] = ${"col$j"}; } $rn = 0; while ($data = fgetcsv($fp,$csv_buffer_size,",")) { $row++; if ($row>1) { $num = count($data); if ($data[0]==$msgid) { if ($data[0]>10000) { $dateShift = dateShift($data[0]); $data[2] = date($date_format,$data[0]-$dateShift[1]); $data[3] = date($time_format,$data[0]-$dateShift[1]); } for ($c=0;$c<$num;$c++) { $tmp_data[$rn][$c] = $data[$c]; } } } } fclose($fp); unset($data); #release memory; $rows = $row; $user_is_editing = false; $admin_is_editing = false; if ($vpass==$tmp_data[$rn][15]||md5($vpass)==$tmp_data[$rn][15]) $user_is_editing = true; elseif ($vpass==$admin_pw||md5($vpass)==$admin_pw) $admin_is_editing = true; if ($allow_msg_lvl_edit_by_user&&$show_password) $edit_update = true; else if ($allow_msg_lvl_edit_by_admin) $edit_update = true; else $edit_update = false; /* Routine to limit when message can be updated */ if ($msgid>10000) $tmp_date = $msgid; else $edit_update = false; if (time() > $tmp_date+($cutoff_date_for_updates)) $edit_update = false; if ($admin_is_editing||($cutoff_date_for_updates<0)) $edit_update = true; if (!$edit_update||$vpass==""||(!$allow_msg_lvl_edit_by_user&&($vpass==$tmp_data[$rn][15]||md5($vpass)==$tmp_data[$rn][15]))||($vpass!=$admin_pw&&$vpass!=md5($admin_pw)&&$vpass!=$tmp_data[$rn][15]&&md5($vpass)!=$tmp_data[$rn][15])) { echo "