<?php
/*
 ########################################################################
#                                                                        #
#           Version 4       /                        /   /               #
#          -----------__---/__---__------__----__---/---/-               #
#           | /| /  /___) /   ) (_ `   /   ) /___) /   /                 #
#          _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___               #
#                       Free Content / Management System                 #
#                                   /                                    #
#                                                                        #
#                                                                        #
#   Copyright 2005-2006 by webspell.org                                  #
#                                                                        #
#   visit webSPELL.org, webspell.info to get webSPELL for free           #
#   - Script runs under the GNU GENERAL PUBLIC LICENSE                   #
#   - It's NOT allowed to remove this copyright-tag                      #
#   -- http://www.fsf.org/licensing/licenses/gpl.html                    #
#                                                                        #
#   Code based on WebSPELL Clanpackage (Michael Gruber - webspell.at),   #
#   Far Development by Development Team - webspell.org                   #
#                                                                        #
#   visit webspell.org                                                   #
#                                                                        #
 ########################################################################
*/

if($_POST['save']) {
  include("_mysql.php");
	include("_settings.php");
	include("_functions.php");

	$date = time();
	$run=0;

	if($userID) {
	  $name=getnickname($userID);
		$email=getemail($userID);
		$url=gethomepage($userID);
		$icq=geticq($userID);
		$run=1;
	}
	else {
    $name = $_POST['gbname'];
    $email = $_POST['gbemail'];
    $url = $_POST['gburl'];
    $icq = $_POST['icq'];
		$CAPCLASS = new Captcha;	
		if($CAPCLASS->check_captcha($_POST['captcha'], $_POST['captcha_hash'])) $run=1;
	}
	
	if($run) {
		safe_query("INSERT INTO ".PREFIX."guestbook (date, name, email, hp, icq, ip, comment)
		                values('$date', '".$name."', '".$email."', '".$url."', '".$icq."', '$ip', '".$_POST['message']."')");
		                
  	if($gb_info) {

 	 		$ergebnis=safe_query("SELECT userID FROM ".PREFIX."user_groups WHERE feedback='1'");
	 		while($ds=mysql_fetch_array($ergebnis)) {
				$touser[]=$ds[userID];
	 		}

	 		$message = '[b]There is a new guestbook entry![/b]\n\n [URL=index.php?site=guestbook#'.mysql_insert_id().']Click here[/URL] ';
	 		foreach($touser as $id) {
    		sendmessage($id,'New guestbook comment',$message);
   		}
  	}
	}
	header("Location: index.php?site=guestbook");
}
elseif($_GET['delete']) {
  include("_mysql.php");
	include("_settings.php");
	include("_functions.php");
  if(!isanyadmin($userID)) die('no access!');

	foreach($_POST['gbID'] as $id) {
    	safe_query("DELETE FROM ".PREFIX."guestbook WHERE gbID='$id'");
	}
	header("Location: index.php?site=guestbook");
}
elseif($_POST['savecomment']) {
  include("_mysql.php");
	include("_settings.php");
	include("_functions.php");
  if(!isfeedbackadmin($userID)) die('no access!');

	safe_query("UPDATE ".PREFIX."guestbook SET admincomment='".$_POST['comment']."' WHERE gbID='".$_POST['guestbookID']."' ");

	redirect('index.php?site=guestbook','',0);
}
elseif($_GET['action'] == 'comment') {
  if(!isfeedbackadmin($userID)) die('no access!');
  $ergebnis = safe_query("SELECT admincomment FROM ".PREFIX."guestbook WHERE gbID='".$_GET['guestbookID']."'");

  $ds = mysql_fetch_array($ergebnis);
	eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
	echo $title_guestbook;
	eval ("\$guestbook_comment = \"".gettemplate("guestbook_comment")."\";");
	echo $guestbook_comment;

}
elseif($_GET['action'] == 'add') {
	
	if($_GET['messageID']) {
		$ds=mysql_fetch_array(safe_query("SELECT comment, name FROM `".PREFIX."guestbook` WHERE gbID='".$_GET['messageID']."'"));
		$message='[quote]'.$ds['name'].' wrote: [br]'.$ds['comment'].'[/quote]';
	} else $message='';

	if($loggedin) {
		eval ("\$guestbook_loggedin = \"".gettemplate("guestbook_loggedin")."\";");
	  echo $guestbook_loggedin;
	}
	else {
		$CAPCLASS = new Captcha;
		$captcha = $CAPCLASS->create_captcha();
		$hash = $CAPCLASS->get_hash();
		$CAPCLASS->clear_oldcaptcha();
		
		eval ("\$guestbook_notloggedin = \"".gettemplate("guestbook_notloggedin")."\";");
	  echo $guestbook_notloggedin;
	}	
}
else {
	eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
	echo $title_guestbook;
	
	$gesamt = mysql_num_rows(safe_query("SELECT gbID FROM ".PREFIX."guestbook"));
	
	$pages=1;
  $page = $_GET['page'];
  $type = $_GET['type'];
  if(!isset($page)) $page = 1;
	if(!isset($type)) $type = "DESC";
	
	$max=$maxguestbook;
		
	for ($n=$max; $n<=$gesamt; $n+=$max) {
	    if($gesamt>$n) $pages++;
	}
		
	if($pages>1) $page_link = makepagelink("index.php?site=guestbook&type=$type", $page, $pages);
		
	if ($page == 1) {
	    $ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT 0,$max");
		if($type=="DESC") $n=$gesamt;
		else $n=1;
	}
	else {
	    $start=$page*$max-$max;
		$ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT $start,$max");
		if($type=="DESC") $n = $all-($page-1)*$max;
		else $n = ($page-1)*$max+1;
	}
			
    if($type=="ASC") 
	    $sorter='<a href="index.php?site=guestbook&page='.$page.'&type=DESC">Sort:</a> <img src="images/icons/asc.gif" width="9" height="7" border="0">&nbsp;&nbsp;&nbsp;';
	else 
	    $sorter='<a href="index.php?site=guestbook&page='.$page.'&type=ASC">Sort:</a> <img src="images/icons/desc.gif" width="9" height="7" border="0">&nbsp;&nbsp;&nbsp;';
		
	echo'<table width="100%" cellspacing="0" cellpadding="0">
		  <tr>
		    <td>'.$sorter.' '.$page_link.'</td>
		    <td align="right"><input type="button" onClick="MM_goToURL(\'parent\',\'index.php?site=guestbook&action=add\');return document.MM_returnValue" value="new entry"></td>
		  </tr>
		</table>';

    echo '<form method="post" name="form" action="guestbook.php?delete=true">';
	while ($ds = mysql_fetch_array($ergebnis)) {
	    $n%2 ? $bg1=BG_1 : $bg1=BG_2;
		$date = date("d.m.Y - H:i", $ds[date]);
		
		$sem = '^[a-z0-9_\.-]+@[a-z0-9_-]+\.[a-z0-9_\.-]+$';
		if(eregi($sem, $ds[email])) $email = '<a href="mailto:'.$ds[email].'"><img src="images/icons/email.gif" border="0" width="15" height="11" alt="email"></a>';
		else $email='';
			
		$sem = '^[http://]+[a-z0-9_\.-]+[a-z0-9_-]+$';
        if(eregi($sem, $ds[hp])) $hp='<a href="'.$ds[hp].'" target="_blank"><img src="images/icons/hp.gif" border="0" width="14" height="14" alt="homepage"></a>';
	    else $hp='';
			
		$sem = '[0-9]{7,11}';
		if(eregi($sem, $ds[icq])) $icq = '<a href="http://wwp.icq.com/scripts/search.dll?to='.$ds[icq].'"><img src="http://online.mirabilis.com/scripts/online.dll?icq='.$ds[icq].'&img=5" border="0" alt="icq"></a>';
		else $icq="";
			
		$name=strip_tags($ds[name]);
		$message=cleartext($ds[comment]);
		
		unset($admincomment);
		if($ds[admincomment] != "") {
      $admincomment = '<hr width="50%" size="1" noshade align="left" color="'.$border.'">
      <small><b>Admin comment:</b><br>'.htmloutput($ds[admincomment]).'</small>';
    }

		$actions='';
		$ip='logged';
		$quote='<a href="index.php?site=guestbook&action=add&messageID='.$ds['gbID'].'"><img src="images/icons/quote.gif" border="0" alt="quote"></a>';
		if(isfeedbackadmin($userID)) {
		    $actions=' <a href="index.php?site=guestbook&action=comment&guestbookID='.$ds[gbID].'"><img src="images/icons/admincomment.gif" border="0"></a> <input class="input" type="checkbox" name="gbID[]" value="'.$ds[gbID].'">';
			$ip=$ds[ip];
		}
						
		eval ("\$guestbook = \"".gettemplate("guestbook")."\";");
    echo $guestbook;

		if($type=="DESC") $n--;
		else $n++;
	}		

	if(isfeedbackadmin($userID)) $submit='<input class="input" type="checkbox" name="ALL" value="ALL" onClick="SelectAll(this.form);"> select all
										  <input type="submit" value="delete selected">';
	echo'<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr>
  		<td>'.$page_link.'</td>
   		<td align="right">'.$submit.'</td>
		</tr>
		</table></form>';
}

?>