Menu
'Comments datafile not found!
CommentsStack stores comments and ratings within a flat-file plain text file, which acts as your database. A new comments datafile has been generated for you. Please reload this webpage to complete the setup. You may need to reload the page twice.', 'name_missing' => 'Please provide your name.', 'rating_missing' => 'Please provide a rating.', 'reviewtitle_missing' => 'Please provide a rating.', //'url_invalid' => 'Invalid URL.', 'message_missing' => 'Please enter your message.', 'math_invalid' => 'Wrong maths answer.', 'max_length_name' => 'The name supplied is too long. Please shorten it.', //'max_length_url' => 'Maximum character length for guest URL is ' . $max_length_url, '$max_length_reviewtitle' => 'The review title is too long. Please shorten it.', 'max_length_message' => 'Maximum character length for guest message is ' . $max_length_message, 'no_content' => 'Be the first to comment!' ); $cookie_name = "commentstack-001"; $cookie_value = "submitted"; $to = 'alexking109@yahoo.co.uk'; $subject = 'New comment'; $message = 'A new comment has been posted to www.worldwar2relichanger.comindex.html'; // END CONFIGURATION // Set default timezone to adjust the timestamp. // => http://www.php.net/manual/en/function.date-default-timezone-set.php date_default_timezone_set($time_zone); // Functions to create and/or update the content of the TXT file (our database) function create_or_update_file($file_path, $data) { $handle = fopen($file_path, 'w') or die('Cannot open file: ' . $file_path); fwrite($handle, $data); } // Filter HTML outputs. // The rest will appear as plain HTML entities to prevent XSS. // => http://en.wikipedia.org/wiki/Cross-site_scripting function filter_html($data) { return preg_replace( array( '/<(\/?)(b|blockquote|br|em|i|ins|mark|q|strong|u)>/i', // Allowed HTML tags '/<center>/', // Deprecated
tag '/<\/center>/', // Deprecated
tag '/&([a-zA-Z]+|\#[0-9]+);/' // Symbols ), array( '<$1$2>', '
', '
', '&$1;' ), $data); } // Redefine database name via URL to load // Load database-002.txt => http://localhost/guestbook/index.php&data=database-002 if(isset($_GET['data'])) { $database = $_GET['data']; } // Redefine database ratings via URL to load // Load database-002.txt => http://localhost/guestbook/index.php&data=database-002 if(isset($_GET['data'])) { $database_ratings = $_GET['data']; } // Check whether the "database" is not available. If not, create one! if( ! file_exists($database . '.txt')) { // Prevent guest to create new database via `data=database-XXX` in URL // Only administrator can do this by editing the `$database` value if( ! isset($_GET['data'])) { create_or_update_file($database . '.txt', ""); echo "

" . $messages['database_missing'] . "

"; } return false; } else { $old_data = file_get_contents($database . '.txt'); } // Check whether the "database-ratings" is not available. If not, create one! if( ! file_exists($database_ratings . '.txt')) { if( ! isset($_GET['data'])) { create_or_update_file($database_ratings . '.txt', ""); echo "

" . $messages['database_missing'] . "

"; } return false; } else { $old_ratings_data = file_get_contents($database_ratings . '.txt'); } /** * Post a message */ $error = ""; // error messages if($_SERVER['REQUEST_METHOD'] == 'POST') { // Make sure the honeypot is empty. if(isset($_POST['specialtitle']) && empty($_POST['specialtitle'])) { $name = ""; $rating = ""; //$url = ""; $reviewtitle = ""; $message = ""; $timestamp = date('U'); // Make sure the guest name is not empty. if(isset($_POST['name']) && ! empty($_POST['name'])) { $name = strip_tags($_POST['name']); } else { $error .= "

" . $messages['name_missing'] . "

"; } // Make sure the rating is not empty. if(isset($_POST['rating']) && ! empty($_POST['rating'])) { $rating = strip_tags($_POST['rating']); } else { $error .= "

" . $messages['rating_missing'] . "

"; } // Make sure the review title is not empty. if(isset($_POST['reviewtitle']) && ! empty($_POST['reviewtitle'])) { $reviewtitle = strip_tags($_POST['reviewtitle']); } else { $error .= "

" . $messages['reviewtitle_missing'] . "

"; } // Make sure the URL format is valid. Set its value as `-` if empty. /* if(isset($_POST['url']) && ! empty($_POST['url'])) { if(filter_var($_POST['url'], FILTER_VALIDATE_URL)) { $url = strip_tags($_POST['url']); } else { $error .= "

" . $messages['url_invalid'] . "

"; } } else { $url = "-"; } */ // Make sure the guest message is not empty. if(isset($_POST['message']) && ! empty($_POST['message'])) { $message = preg_replace( array( '/[\n\r]{4,}/', // [1] '/\n/', '/[\r\t]/', '/ {2}/', // Multiple space characters '/  |  /', '/(.*?)<\/a>/i' // Match links ), array( '

', '
', '', '  ', '  ', '$6' // Unlink all links in message content! ), $_POST['message']); $message = htmlentities($message, ENT_QUOTES, 'UTF-8'); // [2] } else { $error .= "

" . $messages['message_missing'] . "

"; } // Check the math challenge answer to prevent spam robot. if( ! isset($_POST['math']) || empty($_POST['math']) || $_POST['math'] != $_SESSION['math']) { $error .= "

" . $messages['math_invalid'] . "

"; } // Check for character length limit if(strlen($name) > $max_length_name) $error .= "

" . $messages['max_length_name'] . "

"; //if(strlen($url) > $max_length_url) $error .= "

" . $messages['max_length_url'] . "

"; if(strlen($reviewtitle) > $max_length_reviewtitle) $error .= "

" . $messages['$max_length_reviewtitle'] . "

"; if(strlen($message) > $max_length_message) $error .= "

" . $messages['max_length_message'] . "

"; // If all data entered by guest is valid, insert new data! if($error === "") { // Main database $new_data = $name . "\n" . $rating . "\n" . $reviewtitle . "\n" . $message . "\n" . $timestamp; if( ! empty($old_data)) { create_or_update_file($database . '.txt', $new_data . "\n\n==\n" . $old_data); // Prepend data } else { create_or_update_file($database . '.txt', $new_data); // Insert data } // Ratings database $new_ratings_data = $rating . "\n"; if( ! empty($old_ratings_data)) { create_or_update_file($database_ratings . '.txt', $new_ratings_data . "\n" . $old_ratings_data); // Prepend data } else { create_or_update_file($database_ratings . '.txt', $new_ratings_data); // Insert data } // Set the tracking cookie, if enabled setcookie($cookie_name, $cookie_value, time() + (31557600 * 30), "/"); // 86400 = 1 day // Send email notification, if enabled if(mail($to, $subject, $message)){ // Email sent } else{ // Problem with email sending } } else { // else, print the error messages. echo $error; } } } // [3] $_SESSION['guest_name'] = isset($_POST['name']) ? $_POST['name'] : ""; $_SESSION['guest_rating'] = isset($_POST['rating']) ? $_POST['rating'] : ""; //$_SESSION['guest_url'] = isset($_POST['url']) ? $_POST['url'] : "http://"; $_SESSION['guest_reviewtitle'] = isset($_POST['reviewtitle']) ? $_POST['reviewtitle'] : ""; $_SESSION['guest_message'] = isset($_POST['message']) && $error != "" ? htmlentities($_POST['message'], ENT_QUOTES, 'UTF-8') : ""; // ---------------------------------------------------------------------------------------- // [1]. Prevent guest to type too many line break symbols. // People usually do these thing to make their SPAM messages looks striking. // [2]. Convert all HTML tags into HTML entities. This is done thoroughly for safety. // We can revert back the escaped HTML into normal HTML tags later via `filter_html()` // [3]. Save the form data into session. So if something goes wrong, the data entered // by guest will still be stored in the form after submitting. // ---------------------------------------------------------------------------------------- // Math challenge to prevent spam robot. // Current answer will be stored in `$_SESSION['math']` $x = mt_rand(1, 100); $y = mt_rand(1, 100); if($x - $y > 0) { $math = $x . ' - ' . $y; $_SESSION['math'] = $x - $y; } else { $math = $x . ' + ' . $y; $_SESSION['math'] = $x + $y; } // Testing... // echo $math . ' = ' . $_SESSION['math']; /** * Show the existing data. */ $data = file_get_contents($database . '.txt'); $current_page = isset($_GET['page']) ? $_GET['page'] : 1; $nav = ""; if( ! empty($data)) { $data = explode("\n\n==\n", $data); $total_pages = ceil(count($data) / $per_page); // Create navigation if the number of pages is more than 1. if($total_pages > 1) { for($i = 0; $i < $total_pages; $i++) { if($current_page == ($i + 1)) { $nav .= "
  • " . ($i + 1) . "
  • "; // Disabled navigation } else { $nav .= "
  • " . ($i + 1) . "
  • "; } } } for($i = 0; $i < count($data); $i++) { $item = explode("\n", $data[$i]); // Permalink (single item) // http://localhost/guestbook/index.php&data=database-001&guest=0123456789 if(isset($_GET['guest']) && preg_match('/[0-9]+/', $_GET['guest'])) { if($item[4] == $_GET['guest']) { echo " \n"; echo "
    \n"; echo "
    \n"; echo "
    \n"; echo $item[0]; echo " \n
    \n"; echo " "; echo " "; echo " "; echo " \n
    \n"; echo "
    " . $item[2] . "
    \n"; echo " " . filter_html($item[3]) . "\n"; echo "
    \n"; echo " \n"; } // Normal list } else { if($i <= ($per_page * $current_page) - 1 && $i > ($per_page * ($current_page - 1)) - 1) { echo "
    \n"; echo "
    \n"; echo "
    \n"; echo $item[0]; echo " \n
    \n"; echo " "; echo " "; echo " "; echo " \n
    \n"; echo "
    " . $item[2] . "
    \n"; echo " " . filter_html($item[3]) . "\n"; echo "
    \n"; } } } } else { echo "
    \n
    \n"; echo " \n"; echo " " . $messages['no_content'] . "\n"; echo "
    \n
    \n"; } // Hide form if user has already submitted it and there is a tracking cookie if(!isset($_COOKIE[$cookie_name])) { // No cookie, so do nothing } else { echo ""; } ?>
    0 / 1000
    = ?