|
The text you entered didn't match the image, please try again.";
include('footer.php');
exit;
}
if (isset($_SESSION['key']) && isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-36000, '/');
$_SESSION = array();
session_destroy();
}
}
include('header.php');
// let's do some pattern matching on the IP to make sure this visitor is legit, not banned and not flooding
$ipPattern = '/\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/i';
if (filesize(IPBLOCKLST) > 0) {
$BlockedIPs = array();
$fh = fopen(IPBLOCKLST, "r") or die ("Error: couldn't open the blocked IP list file.");
while(!feof($fh)) {
$badip = fgetcsv($fh, 4096);
for ($i=0; $i<1; $i++) {
$BlockedIPs[] = $badip[0];
}
}
fclose($fh);
$iplist = '/(' . implode('|', $BlockedIPs) . ')/';
}
if ($floodcontrol == "yes" && filesize(ENTRIES) > 0) {
$open2check = file(ENTRIES);
$expodelineone = explode(",", $open2check['0']);
if ($_SERVER['REMOTE_ADDR'] == $expodelineone['4']) {
echo " Sorry, you can't sign the guestbook twice in a row. "; exit(include('footer.php')); } } if (!preg_match($ipPattern, $_SERVER['REMOTE_ADDR']) || (isset($iplist) && preg_match($iplist, $_SERVER['REMOTE_ADDR']))) { echo "Your IP is not valid or it has been banned, you cannot sign the guestbook. \n\n"; exit(include('footer.php')); } // check to make sure it's not a known bot $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer|T8Abot|Syntryx|WinHttp|WebBandit|nicebot|Jakarta|curl|Snoopy|PHPcrawl|id-search)/i"; if (preg_match($bots, $_SERVER['HTTP_USER_AGENT']) || empty($_SERVER['HTTP_USER_AGENT'])) { echo "Known spam bots are not allowed. "; exit(include('footer.php')); } // check for links before we clean up so they don't get removed with strip_tags if (isset($allowlinks) && $allowlinks == "no" && (substr_count($_POST['comments'], 'http://') > 0 || substr_count($_POST['comments'], 'URL=') > 0)) { echo "Your message contains URLs. To cut down on spam, the posting of URLs/links has been disabled. \n "; exit(include('footer.php')); } // prepare spam words if (filesize(SPAMWDS) > 0) { $spamlist = file(SPAMWDS); $SpamWords = '/(' . implode('|', $spamlist) . ')/i'; } // check for javascript exploits/spam and clean up the data $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; foreach ($_POST as $key => $val) { if (isset($SpamWords) && preg_match($SpamWords, $val)) { echo "Your message contains words in the spam list, please go back and remove references to obvious 'spam' material. \n "; exit(include('footer.php')); } if (preg_match($exploits, $val)) { echo "No meta injection, please. \n "; exit(include('footer.php')); } $c[$key] = cleanUp($val); } // do some final checks $error_msg = NULL; if (!empty($c['human'])) { $error_msg .= "Spam detection tells me you're not human."; } elseif (empty($c['name']) || !ereg("^[A-Za-z' -]", $c['name']) || strlen($clean['name']) > 15) { $error_msg .= "Name is a invalid: must not be blank, must have no special characters, must not exceed 15 characters."; } elseif (empty($c['lastname']) || !ereg("^[A-Za-z' -]", $c['lastname']) || strlen($clean['lastname']) > 20) { $error_msg .= "Last Name is a invalid: must not be blank, must have no special characters, must not exceed 20 characters."; } elseif ($emailrequired == "yes" && empty($c['email'])) { $error_msg .= "E-mail is a required field, please fill it in."; } elseif (!empty($c['email']) && !ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", strtolower($c['email']))) { $error_msg .= "The e-mail address that you provided is not valid."; } elseif (empty($c['city']) || !ereg("^[A-Za-z' -]", $c['city']) || strlen($clean['city']) > 20) { $error_msg .= "City is a invalid: must not be blank, must have no special characters, must not exceed 20 characters."; } elseif (empty($c['state']) || !ereg("^[A-Za-z' -]", $c['state']) || strlen($clean['state']) > 20) { $error_msg .= "State is a invalid: must not be blank, must have no special characters, must not exceed 20 characters."; } elseif (empty($c['comments']) || strlen($c['comments']) < 10) { $error_msg .= "Your comment is too short."; } if ($error_msg == NULL) { $show_form = false; // let's make the data look nice and pretty $c['name'] = ucwords(strtolower($c['name'])); $c['lastname'] = ucwords(strtolower($c['lastname'])); $c['email'] = strtolower($c['email']); $c['city'] = ucwords(strtolower($c['city'])); $c['state'] = ucwords(strtolower($c['state'])); $c['comments'] = str_replace("", " ", preg_replace("/,(?! )/", ", ", preg_replace("([\r\n])", " ", $c['comments']))); $signdate = date("Y-m-d H:i:s"); if ($emailentries == "yes") { $subject = "New entry in guestbook ($title)"; $message = "Name: ".$c['name']." \r\n"; $message = "Last Name: ".$c['lastname']." \r\n"; $message .= "E-mail: ".$c['email']." \r\n"; $message = "City: ".$c['city']." \r\n"; $message = "State: ".$c['state']." \r\n"; $message .= "Comments: ".$c['comments']." \r\n"; $message .= "Signed: ".date($dateformat, strtotime($signdate))." \r\n\r\n"; $message .= "-- ADMIN INFO -- \r\n"; $message .= "IP: ".$_SERVER['REMOTE_ADDR']." \r\n"; $message .= "Browser: ".$_SERVER['HTTP_USER_AGENT']." \r\n"; $message .= "Referrer: ".$_SERVER['HTTP_REFERER']." \r\n"; $message .= "Admin Panel: ".$admin_gburl."/admin.php \r\n"; if ($moderate == "yes") $message .= "\r\nYou will need to approve this entry for it to appear in your guestbook."; $headers = "From: ".$title." <$admin_email> \r\nReply-To: <$email>"; mail($admin_email,$subject,$message,$headers); } $entryformat = $c['name'].",".$c['lastname'].",".$c['email'].",".$c['city'].",".$c['state'].",".$signdate.",".$_SERVER['REMOTE_ADDR'].',"'.$c['comments'].'"'."\r\n"; if ($moderate == "yes") sign_gbook(TEMPENTRIES); else sign_gbook(ENTRIES); } } if (!isset($_POST['submit']) || $show_form == true) { require_once('config.php'); include_once('header.php'); function get_data($var) { if (isset($_POST[$var])) echo cleanUp($_POST[$var]); } ?> ERROR: '.$error_msg.''; } ?> |