skirogaining.krk-litvinov.cz/sboard.php

<?php

$sbnum = 0;
if (0 == 9) {
    header('HTTP/1.0 303 See Other');
}
/** replaces bb tags on html
 * @param string $buffer text with bb codes
 *
 * @return string replaced string
 *
 * @copyright Jan Tojnar, http://jtojnar.php5.cz/
 */
function bb2html($buffer) {
    $buffer = ereg_replace("\[b\](.*)\[/b\]", '<span class="bold">\\1</span>', $buffer);
    $buffer = ereg_replace("\[i\](.*)\[/i\]", '<span class="italic">\\1</span>', $buffer);
    $buffer = ereg_replace("\[red\](.*)\[/red\]", '<span class="red">\\1</span>', $buffer);
    $buffer = ereg_replace("\[green\](.*)\[/green\]", '<span class="green">\\1</span>', $buffer);
    $buffer = ereg_replace("\[blue\](.*)\[/blue\]", '<span class="blue">\\1</span>', $buffer);
    $buffer = ereg_replace("\[purple\](.*)\[/purple\]", '<span class="purple">\\1</span>', $buffer);
    $buffer = ereg_replace("\[yellow\](.*)\[/yellow\]", '<span class="yellow">\\1</span>', $buffer);
    $buffer = ereg_replace('%(.*)%', '&#37;\\1&#37;', $buffer);
    $buffer = ereg_replace("\n", "<br>\n", $buffer);
    $buffer = ereg_replace("\r\n", "<br>\n", $buffer);
    $buffer = ereg_replace("\r", "<br>\n", $buffer);

    return htmlspecialchars($buffer);
}
/** control e-mail address
 * @param string $email e-mail address
 *
 * @return bool is right address syntax
 *
 * @copyright Jakub Vrána, http://php.vrana.cz
 */
function check_email($email) {
    $atom = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]';
    $domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])';

    return eregi("^$atom+(\\.$atom+)*@($domain?\\.)+$domain\$", $email);
}

/** control www address
 * @param string $url www address
 *
 * @return bool is right address syntax
 *
 * @copyright Jan Tojnar, http://jtojnar.php5.cz
 */
function check_url($url) {
    return eregi("^http[s]?://[-a-z0-9]*\.[-a-z0-9]+\.[a-z]+$", $url);
}

/** returns text of shoutboard
 * @param string $file page filename
 *
 * @return string shoutboard html
 *
 * @copyright Jan Tojnar, http://jtojnar.php5.cz/
 */
function sboard_generate($file) {
    ++$sbnum;
    $name = htmlspecialchars($_POST['name']);
    $www = htmlspecialchars($_POST['www']);
    $post = htmlspecialchars($_POST['post']);
    $ip = $_SERVER['REMOTE_ADDR'];
    $timestamp = date(rplc('%dateFormat%'));
    $formCaptchaSum = sha1($_POST['captcha']);
    $showmail = $_POST['showmail'];
    $checkedshowmailfalse = $showmail == 'false' ? ' checked="checked"' : '';
    $checkedshowmailtrue = empty($showmail) ? ' checked="checked"' : ($showmail == 'true' ? ' checked="checked"' : '');
    if ($showmail == 'true') {
        $email = htmlspecialchars($_POST['email']);
    } else {
        $hemail = htmlspecialchars($_POST['email']);
    }
    $formCaptchaSumPre = $_POST['captchasum'];
    $captcha = mt_rand(0, 9) . mt_rand(0, 9) . mt_rand(0, 9) . mt_rand(0, 9);
    $_SESSION['captcha'] = $captcha;
    $captchasum = sha1($captcha);
    //echo($timestamp);
    //echo($post);
    if (isset($_POST['post'])) {
        if (empty($post)) {
            $sbError .= '<p>' . '%misspost%' . "</p>\n";
        }
        if (empty($name)) {
            $sbError .= '<p>' . '%missname%' . "</p>\n";
        }
        if ($formCaptchaSumPre != $formCaptchaSum) {
            $sbError .= '<p>' . '%wrongcode%' . "</p>\n";
        }
        if (!empty($email) && !check_email($email)) {
            $sbError .= '<p>' . '%wrongmail%' . "</p>\n";
        }
        if (!empty($www) && !check_url($www)) {
            $sbError .= '<p>' . '%wrongwww%' . "</p>\n";
        }
        if (empty($sbError)) {
            $sbmail = !empty($email) ? "<span class=\"sbmail\"><span>{$email}</span></span>\n" : (!empty($hemail) ? "<hemail>{$hemail}</hemail>" : '');
            $sbwww = !empty($www) ? "<span class=\"sbwww\"><span>{$www}</span></span>\n" : '';
            $post = bb2html($post);
            $write = <<<EOT
<div class="sbcomment">
<div class="sbheader">
<span class="sbname">{$name}</span>
<span class="sbdate">{$timestamp}</span>
<ip>{$ip}</ip>
{$sbmail}{$sbwww}</div>
{$post}
</div>


EOT;
            $shoutfile = fopen($file . 'c' . $sbnum, 'a+');
            chmod($file . 'c' . $sbnum, 0777);
            if (fwrite($shoutfile, $write)) {
                $sbError .= '<p>' . '%saved%' . "</p>\n";
                unset($name,$email,$www,$captcha,$post,$ip,$timestamp,$formCaptchaSum,$formCaptchaSumPre,$captchasum,$sbname,$sbdate,$sbwww,$sbmail);
                fclose($shoutfile);
            } else {
                $sbError .= '<p>' . '%notsaved%' . "</p>\n";
            }
        }
    }
    if (file_exists($file . 'c' . $sbnum)) {
        $comments = ereg_replace('<ip>([^<]+)</ip>', '', ereg_replace('<hemail>([^<]+)</hemail>', '', file_get_contents($file . 'c' . $sbnum)));
    } else {
        $comments = '';
    }
    $form = $comments . "<hr class=\"sboard\" id=\"sboard{$sbnum}\">" . (empty($sbError) ? '' : '<div class="sberrors">' . rplc($sbError) . '</div>') . <<<EOT
<form method="post" action="#sboard{$sbnum}" class="sbform">
<div>
<dl>
<dt><label for="name">%name:% %req%</label></dt><dd><input type="text" name="name" id="name" value="{$name}"></dd>
<dt><label for="email">%email:%</label></dt><dd><input type="text" name="email" id="email" value="{$email}"></dd>
<dt>%showmail%</dt><dd><label><input type="radio" name="showmail" value="true"{$checkedshowmailtrue}>%yes%</label><label><input type="radio" name="showmail" value="false"{$checkedshowmailfalse}>%no%</label></dd>
<dt><label for="www">%www:%</label></dt><dd><input type="text" name="www" id="www" value="{$www}"></dd>
<dt id="captchaLabelParent"><label for="captcha"><img src="%root%/3DCaptcha.php" alt="captcha"></label></dt><dd id="captchaParent"><input type="text" name="captcha" id="captcha" size="4" maxlength="4"></dd>
<dt><label for="post">%message:% %req%</label></dt><dd><textarea name="post" id="post" rows="5" cols="25">{$post}</textarea></dd>
<dt><button>%send%</button></dt><dd><input type="hidden" name="captchasum" value="{$captchasum}"></dd>
</dl>
</div>
</form>
<div class="sbhelp">
%sbhelp%
</div>
EOT;

    return $form;
}