"; } // -------- success text when db was written --------- // (reload block) if($_REQUEST['success']==1) { // success text $success = "$lang_success
"; // if admin review (flag=1) if($var_admin_review==1) {$success.="$lang_admin_review
";} if($var_formpos=="bottom") {$DMSGuestbookContent .= ""; } } // --------- save the guestbook entry -------- if($_REQUEST['newentry']==1) { // --------------------- check the old HTTP_POST_VARS and new $_POST var ------------- if(!empty($HTTP_POST_VARS)) { $POSTVARIABLE = $HTTP_POST_VARS; } else { $POSTVARIABLE = $_POST; } // check the result of visual antispam if($var_require_antispam==1) { if(($_REQUEST['antispam_hash_key']) == sprintf("%s", strip_tags(md5($POSTVARIABLE["securecode"] . $var_antispam_key)))) { $antispam_result=1; $antispamcheck=1; }else { $antispam_result=0; $error5 = "$lang_antispam_error";} } // check the result of mathematic antispam if($var_require_antispam==2) { if(($_REQUEST['antispam_hash_key']) == sprintf("%s", strip_tags(md5($POSTVARIABLE["securecode"] . $var_antispam_key)))) { $antispam_result=1; $antispamcheck=1; } else { $antispam_result=0; $error5 = "$lang_antispam_error";} } // check the result of reCAPTCHA if($var_require_antispam==3) { require_once(RECAPTCHAPATH); // Get a key from http://recaptcha.net/api/getkey $privatekey = $var_recaptcha_privatekey; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # was there a reCAPTCHA response? if ($_POST["recaptcha_response_field"]) { $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { $antispam_result=1; $antispamcheck=1; } else { # set the error code so that we can display it $error5 = $resp->error; $antispam_result=0; } } } if($var_require_antispam==0){ $antispam_result=1; $antispamcheck=1; } // if antispam valid or off if($antispam_result==1 || $antispam_result==0) { /* remove all invalid chars from name field*/ //$_REQUEST[gbname] = preg_replace("/[[:punct:]]+/i", "", $_REQUEST[gbname]); $_REQUEST['gbname'] = preg_replace("/[\\\\\"<=>\(\)\{\}\/]+/i", "", $_REQUEST['gbname']); // check name text lenght min. 1 char if(strlen($_REQUEST['gbname'])>=1) { $namecheck="1"; } else {$error1 = "$lang_name_error
";} /* remove all invalid chars from email field */ $_REQUEST['gbemail'] = preg_replace("/[^a-z-0-9-_\.@]+/i", "", $_REQUEST['gbemail']); // check email email adress were is valid if(strlen($_REQUEST['gbemail'])>=1 || $var_require_email == 1) { if(preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $_REQUEST['gbemail'])) {$emailcheck="1";} else {$error2 = "$lang_email_error
";} } else {$emailcheck=1;} /* remove all invalid chars from gravatar email field */ $_REQUEST['gbgravataremail'] = strtolower(preg_replace("/[^a-z-0-9-_\.@]+/i", "", $_REQUEST['gbgravataremail'])); // check email email adress were is valid if(strlen($_REQUEST['gbgravataremail'])>=1) { if(preg_match("/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/", $_REQUEST['gbgravataremail'])) {$gravataremailcheck="1";} else {$error6 = "$lang_email_error [Gravatar]
";} } else {$gravataremailcheck=1;} /* remove all invalid chars from url field */ $_REQUEST['gburl'] = preg_replace("/[^a-z-0-9-_,.:?&%=\/]+/i", "", $_REQUEST['gburl']); // check url adress were is valid if(strlen($_REQUEST['gburl'])>=1 || $var_require_url == 1) { if(preg_match ("/^([^.-:\/][a-z0-9-.:\/]*)\.?+([a-z0-9-]+)*\.([a-z]{2,6})(\/)?([a-z0-9-_,.?&%=\/]*)$/i", $_REQUEST['gburl'])) {$urlcheck="1";} else {$error3 = "$lang_url_error
";} } else {$urlcheck=1;} /* remove all html tags from message field */ $_REQUEST['gbmsg'] = strip_tags($_REQUEST['gbmsg']); /* if user want to set admin [html] tags */ $_REQUEST['gbmsg']=str_replace("[html]", "", $_REQUEST['gbmsg']); $_REQUEST['gbmsg']=str_replace("[/html]", "", $_REQUEST['gbmsg']); $_REQUEST['gbmsg']=str_replace("&", "&", $_REQUEST['gbmsg']); // check message text lengt. min. 1 char if(strlen($_REQUEST['gbmsg'])>=1) { $messagecheck="1"; } else {$error4 = "$lang_message_error
";} if($namecheck=='1' && $emailcheck=='1' && $gravataremailcheck=='1' && $urlcheck=='1' && $messagecheck=='1' && $antispamcheck=='1') { //set the http:// string if is missing if(preg_match ("/^(http(s)?:\/\/)/i", $_REQUEST['gburl'])) {$newurl = $_REQUEST['gburl'];} else {$newurl="http://" . $_REQUEST['gburl'];} $nname=addslashes($_REQUEST['gbname']); $mmu=addslashes($_REQUEST['gbmsg']); $date = mktime(date("H")+$var_offset, date("i"), date("s"), date("m"), date("d"), date("Y")); $ip = getenv('REMOTE_ADDR'); if(strlen($_REQUEST['gbgravataremail']) > 0) { $gravataremail = md5($_REQUEST['gbgravataremail']); } /* akismet */ if($var_akismet == 1) { $query_akismet = $wpdb->get_results("SELECT * FROM $table_option WHERE option_name = 'wordpress_api_key'"); $num_rows_akismet = $wpdb->num_rows; foreach ($query_akismet as $result) { $var_akismet_key = $result->option_value; } $spam_detect = akismet($var_akismet_key, $nname, $_REQUEST['gbemail'], $newurl, $mmu, $lang_spam_detect); if($spam_detect==1 && $var_akismet_action==1) { $error1 .= $lang_spam_detect; } } else { $spam_detect==0; } /* cut the message text if $var_messagetext_length is not 0 */ if($var_messagetext_length != 0) { $mmu = substr($mmu, 0, $var_messagetext_length); // } if($spam_detect==0 || $var_akismet_action!=1) { $sql=$wpdb->query("INSERT INTO $table_name ( name, email, gravatar, url, date, ip, message, flag, guestbook, spam, additional ) VALUES ( '" . mysql_real_escape_string($nname) . "', '" . mysql_real_escape_string($_REQUEST['gbemail']) . "', '" . mysql_real_escape_string($gravataremail) . "', '" . mysql_real_escape_string($newurl) . "', '" . mysql_real_escape_string($date) . "', '" . mysql_real_escape_string($ip) . "', '" . mysql_real_escape_string($mmu) . "', '" . sprintf("%d", $var_admin_review) . "', '" . sprintf("%d", $var_multi_gb_id) . "', '" . sprintf("%d", $spam_detect) . "', '" . mysql_real_escape_string($_REQUEST['gbadditional']) . "')") or die (__("Database not available!", "dmsguestbook")); $abspath = str_replace("\\","/", ABSPATH); require_once($abspath . 'wp-admin/upgrade-functions.php'); dbDelta($sql); // send mail if($var_send_mail==1) { $DMSGuestbookContent .= send_email($var_mail_adress, $nname, $_REQUEST['gbemail'], $newurl, $ip, $mmu, $var_mail_method, $var_smtp_host, $var_smtp_port, $var_smtp_username, $var_smtp_password, $var_smtp_auth, $var_smtp_ssl, $_REQUEST['gbadditional']); } // unset variables unset($_REQUEST['gbname']); unset($_REQUEST['gbemail']); unset($_REQUEST['gbgravataremail']); unset($_REQUEST['gburl']); unset($_REQUEST['gbmsg']); unset($_REQUEST['gbadditional']); unset($antireload); $permalink = get_permalink($var_page_id); if(strstr($permalink, '?')) { if(headers_sent() == 1) { $antireload = $permalink . "&success=1"; $DMSGuestbookContent .= ""; } else { header('Refresh: 0; url=' . $permalink . '&success=1'); } } else if(headers_sent() == 1) { $antireload = $permalink . "?success=1"; $DMSGuestbookContent .= ""; } else { header('Refresh: 0; url=' . $permalink . '?success=1'); } } // akismet spam check } } if($var_formpos=="bottom") {$DMSGuestbookContent .= "$error1 $error2 $error3 $error4 $error5 $error6

";} } // if guestbook form is on top the side if ($var_formpos =="top") { $DMSGuestbookContent .= input_form($error1, $error2, $error3, $error4, $error5, $error6, $success, $url, $var_page_id, $lang_name, $lang_email, $var_require_email, $lang_url, $var_require_url, $lang_message, $submitid, $lang_require, $var_require_antispam, $lang_antispam, $lang_submit, $var_url_overruled,$var_mandatory_char, $var_form_template, $var_antispam_key, $var_captcha_color, $var_gravatar, $var_additional_option, $var_additional_option_title, $var_recaptcha_publickey, $var_messagetext_length); } else { $DMSGuestbookContent .= "$var_formposlink"; } # start init $select = sprintf("%d", $_REQUEST['select']); $from = sprintf("%d", $_REQUEST['from']); if($_REQUEST['from']=="") {$from=0; $select=1;} # count all guestbook entries # if flag = 1 the admin will review this post $query1 = $wpdb->get_results("SELECT id FROM $table_name WHERE flag != '1' && guestbook = '" . sprintf("%d", $var_multi_gb_id) . "' && spam = '0' "); $num_rows1 = $wpdb->num_rows; /* if widget get_results("SELECT * FROM $table_name WHERE flag != '1' && guestbook = '" . sprintf("%d", $var_multi_gb_id) ."' && spam = '0' ORDER BY id " . sprintf("%s", $var_sortitem) . " LIMIT " . $from . "," . sprintf("%d", $var_step) . ";"); $num_rows2 = $wpdb->num_rows; $next=$from+$var_step; $back=$from-$var_step; $DMSGuestbookContent .= "

($num_rows1)

"; $DMSGuestbookContent .= ""; // navigation char forward construct if($next>=$num_rows1) {} else { $_REQUEST['select_forward']=$select+1; $forward ="$var_forwardchar"; } // navigation char backward construct if($back<=-1) {} else { $_REQUEST['select_backward']=$select-1; $backward = "$var_backwardchar"; } // show top navigation $DMSGuestbookContent .= navigation($num_rows1, $var_step, $var_width, $backward, $forward); // setlocale setlocale(LC_TIME, "$var_setlocale"); // show DMSGuestbook entries foreach ($query2 as $dbresult) { if($var_sortitem=="ASC"){ $itemnr=($from++)+1; } if($var_sortitem=="DESC"){ $itemnr=($num_rows1 - $from++); } #### $gravatar_url = "http://www.gravatar.com/avatar/".$dbresult->gravatar . "?r=" . $var_gravatar_rating . "&s=" . $var_gravatar_size; ##### // DMSGuestbook post container $DMSGuestbookContent .= ""; $DMSGuestbookContent .= $GuestbookEntries4; } // show bottom navigation $DMSGuestbookContent .= navigation($num_rows1, $var_step, $var_width, $backward, $forward); // if guestbook form is on bottom the side if ($var_formpos =="bottom") { $DMSGuestbookContent .= ""; $DMSGuestbookContent .= input_form($error1, $error2, $error3, $error4, $error5, $error6, $success, $url, $var_page_id, $lang_name, $lang_email, $var_require_email, $lang_url, $var_require_url, $lang_message, $submitid, $lang_require, $var_require_antispam, $lang_antispam, $lang_submit, $var_url_overruled,$var_mandatory_char, $var_form_template, $var_antispam_key, $var_captcha_color, $var_gravatar, $var_additional_option, $var_additional_option_title, $var_recaptcha_publickey, $var_messagetext_length); } $DMSGuestbookContent .= "