1<?php
2/**
3 * @author    Gerry wei�bach <gerry.w@gammaproduction.de>
4 */
5
6if (!class_exists('guestbook_database')) {
7	class guestbook_database {
8
9		var $db = null;
10		var $direct_post = null;
11		var $notify = false;
12		var $parent = null;
13		var $show_max = 10;
14
15		function guestbook_database($parent=NULL)
16		{
17			//$this->direct_post = 1; // uncomment if you want the posts to be directly visible
18			if ( !is_null($parent) ) {
19				$this->parent = $parent;
20				$this->direct_post = $parent->getConf('direct_post');
21				$this->notify = $parent->getConf('notify');
22				$this->post_url = $parent->getConf('post_url');
23				$this->show_max = $parent->getConf('show_max');
24			}
25		}
26
27		function connect_db($parent=NULL, $admin=NULL)
28		{
29			if ( is_null($this->parent) && !is_null($parent))
30				$this->parent = $parent;
31
32			$db_server = $this->parent->getConf('db_server');
33			$db_user = $this->parent->getConf('db_user');
34			$db_name = $this->parent->getConf('db_name');
35			$db_password = $this->parent->getConf('db_passwd');
36			$this->direct_post = $this->parent->getConf('direct_post');
37			$this->notify = $this->parent->getConf('notify');
38			$this->post_url = $parent->getConf('post_url');
39
40			$this->db = @mysql_connect($db_server, $db_user, $db_password) or die ("Konnte keine Verbindung zur Datenbank herstellen");
41			@mysql_select_db($db_name, $this->db);
42
43		}
44
45		function close_db()
46		{
47			@mysql_close($this->db);
48			$this->db = null;
49		}
50
51		function quote_smart($value)
52		{
53		   // stripslashes, falls n�tig
54		   if (get_magic_quotes_gpc()) {
55		       $value = stripslashes($value);
56		   }
57
58		   // quotieren, falls kein integer
59		   if (!is_numeric($value)) {
60		       $value = "'" . mysql_real_escape_string($value) . "'";
61		   }
62
63		   return $value;
64		}
65
66		function checkStatus($parent)
67		{
68			global $INFO;
69
70			if ( $INFO['perm'] == AUTH_ADMIN) {
71
72				$name="wiki_guestbook";
73				if ( !empty($name) ) {
74					$this->connect_db($parent);
75					$sql = "SHOW TABLES";
76					$result = mysql_query($sql);
77					$tables = array();
78
79					$guestbookExists = NULL;
80					while ($data=mysql_fetch_row($result))
81						if ($data[0] == $name)
82							$guestbookExists = 1;
83
84					if ( is_null($guestbookExists) )	{
85
86						$sql1 = "CREATE TABLE `wiki_guestbook` (".
87									  "`ID` int(11) NOT NULL auto_increment,".
88									  "`messagehead` varchar(50) default NULL,".
89									  "`messagetext` longtext,".
90									  "`name` varchar(50) default NULL,".
91//									  "`url` varchar(255) default NULL,".
92									  "`date` datetime NOT NULL default '0000-00-00 00:00:00',".
93									  "`active` tinyint(1) default 0,".
94									  "PRIMARY KEY  (`ID`)".
95									") ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=70 ;";
96
97						mysql_query($sql1);
98					}
99					$this->close_db();
100				}
101			}
102			else {
103				$name = ereg_replace("[ \t\r.]", "_", htmlentities($_SERVER['REMOTE_USER']));
104			}
105
106			return $name;
107		}
108	}
109}
110
111if (!class_exists('guestbook')) {
112	class guestbook {
113
114		var $admin;
115		function guestbook($admin=false)
116		{
117			$this->admin = $admin;
118		}
119
120		function html($parent)
121		{
122			global $ID;
123			$output = "";
124
125			$nav = $this->navBar($parent);
126
127			$output .= '<form class="newEntry" action="' . wl($ID) . '" method="post"><input type="submit" class="button" name="createEntry" value="Neuer Eintrag" />' . (!$this->admin?'':'<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />') .'</form>';
128
129			$output .= $nav[0];
130			$start = $nav[1];
131			$row = $nav[2];
132
133			$guestbook_database = new guestbook_database($parent);
134			$guestbook_database->connect_db($parent, TRUE);
135
136			$sql="SELECT messagehead, messagetext, name, date, ID, active FROM wiki_guestbook " . (!$this->admin?'WHERE active=1 ':'') . "ORDER BY date DESC LIMIT $start, " . intval($guestbook_database->show_max);
137			$result = mysql_query($sql);
138
139			while($data = mysql_fetch_array($result))
140			{
141				$output .= '<div class="message">';
142				if ($this->admin) {
143					$output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestEdit" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/edit.png" name="submit" title="bearbeiten" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
144					$output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestDelete" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/delete.png" name="submit" title="l&ouml;schen" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
145					if ( intval($data['active']) == 0 ) $output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestActivate" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/activate.png" name="submit" title="aktivieren" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
146				}
147				$output .= '<h1>'. $data['messagehead'] .'</h1>';
148				$output .= '<p>' . nl2br($data['messagetext']) . '</p>';
149				$output .= '<span>eingetragen von: ' . $data['name']. ' (' . date("d.m.Y H:i", strtotime($data['date'])) . ')</span>';
150//				if ( $guestbook_database->post_url )
151//					$output .= '<span>URL/Mail: ' . $data['url']. '</span>';
152				$output .= '</div>';
153			}
154
155			$guestbook_database->close_db;
156
157			$output .= $nav[0];
158
159			if ( mysql_num_rows($result)>0 )
160				$output .= '<form class="newEntry" action="' . wl($ID) . '" method="post"><input type="submit" class="button" name="createEntry" value="Neuer Eintrag" />' . (!$this->admin?'':'<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />') .'</form>';
161			else
162				$output .= '<div class="error">Es sind noch keine Eintr&auml;ge vorhanden.</div>';
163
164			return $output;
165		}
166
167		function form($parent, $admin=NULL)
168		{
169			global $ID;
170			$guestbook_database = new guestbook_database($parent);
171			if ($this->admin && intval($admin)>0)
172			{
173				$guestbook_database->connect_db($parent, TRUE);
174
175				$sql = "SELECT * FROM wiki_guestbook WHERE ID=" . intval($admin) . "; ";
176				$data=mysql_fetch_array(mysql_query($sql));
177
178				$_POST['name'] = $data['name'];
179				$_POST['subject'] = $data['messagehead'];
180				$_POST['body'] = $data['messagetext'];
181				$_POST['mailurl'] = $data['url'];
182				$guestbook_database->close_db;
183			}
184
185			$output = "<h1>Neuer G&auml;stebucheintrag</h1>";
186			$output .= '<form action="' . wl($ID) . '" method="post" name="forum">';
187			if ($this->admin) $output .= '<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />';
188			$output .= '<div class="guestbookform">';
189			$output .= $this->error_handle();
190			$output .= '<label for="name">Name:</label><input id="name" type="text" name="name" size="51" value="' . $_POST['name'] . '" /><br />';
191//			$output .= '<label for="name">URL/Mail:</label><input type="text" name="mailurl" size="255" value="' . $_POST['mailurl'] . '" /><br />';
192			$output .= '<label for="name">Titel:</label><input type="text" name="subject" size="51" maxlength="51"value="' . $_POST['subject'] . '" /><br />';
193			$output .= '<label for="name">Text:</label><textarea name="body" cols="36" rows="6" class="forum">' . $_POST['body'] . '</textarea><br /><br />';
194			$output .= '<label for="name">&nbsp;</label><input type="submit" name="newEntry" value="eintragen" class="button"/><input type="reset" name="reset" value="zur&uuml;cksetzen" class="button"/>';
195
196			if ($this->admin && intval($admin)>0) $output .= '<input type="hidden" name="oldID" value="' . intval($admin) . '" />';
197
198			$output .= '</form>';
199			if (is_null($guestbook_database->direct_post) || intval($guestbook_database->direct_post)==0 || !$guestbook_database->direct_post) $output .= '<br /><span class="error">Um Spam zu vermeiden wird der Eintrag erst freigeschaltet, wenn er als unbedenklich eingestuft wurde. Wir bitten um Ihr Verst&auml;ndnis.</span></div>';
200
201			return $output;
202		}
203
204		function navBar($parent)
205		{
206			global $ID;
207			if(!isset($_SESSION['showmax']))
208			{
209				$guestbook_database = new guestbook_database($parent);
210				$guestbook_database->connect_db($parent, TRUE);
211
212				$result = mysql_query("SELECT ID FROM wiki_guestbook ORDER BY date DESC");
213				if(isset($result))
214				{
215					$_SESSION['showmax'] = mysql_num_rows($result);
216				}else{
217					$_SESSION['showmax'] = 0;
218				}
219
220				$guestbook_database->close_db();
221			}
222
223			if(!isset($_REQUEST['startcount']))
224			{
225				$startzahl = 0;
226			}else{
227				$startzahl=(ceil($_REQUEST['startcount'])-1)*$guestbook_database->show_max;
228			}
229
230			$pages = ceil($_SESSION['showmax']/ $guestbook_database->show_max);
231
232			$output="";
233			if($pages>1)
234			{
235				$output .= '<div class="guestbooknav"><form action="' . wl($ID) . '" method="post"><p>'; // <input type="hidden" name="showmax" value="' . $_SESSION['showmax'] . '" />
236				for ($i=1; $i<=$pages; $i++)
237				{ 		$startcount = ($i-1)*$guestbook_database->show_max;
238						$output .= '<input type="submit" name="startcount" value="' . $i . '" class="navButton' . ($startcount==$startzahl ?' active':'') . '" />';
239						if ($i != $pages)
240							$output .= "-";
241				}
242				$output .= '</p></form></div>';
243			}
244
245			return array($output, $startzahl, $pages);
246		}
247
248		function deleteEntry($parent)
249		{
250			if(intval($_POST['guestDelete'])>0 && $this->admin) {
251				$guestbook_database = new guestbook_database();
252				$guestbook_database->connect_db($parent);
253
254				$sql = "DELETE FROM wiki_guestbook WHERE ID=" . intval($_POST['guestDelete']) . ";";
255				mysql_query($sql);
256				$guestbook_database->close_db;
257			}
258		}
259
260		function guestActivate($parent)
261		{
262			if(intval($_POST['guestActivate']) > 0 && $this->admin) {
263				$guestbook_database = new guestbook_database();
264				$guestbook_database->connect_db($parent);
265
266				$sql = "UPDATE wiki_guestbook SET active=NOT active WHERE ID=" . intval($_POST['guestActivate']) . ";";
267				mysql_query($sql);
268				$guestbook_database->close_db;
269			}
270		}
271
272		function guestActivateViaMail($parent)
273		{
274			if(intval($_GET['activate']) > 0 && $this->admin) {
275				$guestbook_database = new guestbook_database();
276				$guestbook_database->connect_db($parent);
277
278				$sql = "UPDATE wiki_guestbook SET active=NOT active WHERE ID=" . intval($_GET['activate']) . ";";
279				mysql_query($sql);
280				$guestbook_database->close_db;
281			}
282		}
283
284
285		function newEntry($parent, $admin=NULL)
286		{
287			global $conf;
288
289			if(empty($_POST['name']) || preg_match("/<[^>]*>/", $_POST['name'])) $error['name']="Bitte geben Sie Ihren Namen an.";
290			if(empty($_POST['subject']) || preg_match("/<[^>]*>/", $_POST['subject'])) $error['subject']="Bitte geben Sie einen Betreff an.";
291			if(empty($_POST['body']) || preg_match("/<[^>]*>/", $_POST['body'])) $error['body']="Bitte geben Sie den Text ein.";
292
293			if(preg_match("/<[^>]*>/", $_POST['name']) || preg_match("/<[^>]*>/", $_POST['subject']) || preg_match("/<[^>]*>/", $_POST['body'])) $error['html']="HTML ist nicht erlaubt!.";
294
295			$spam = is_array($conf['plugin']['guestbook']['spam_array']) ? $conf['plugin']['guestbook']['spam_array'] : array('http', 'www', '@');
296			foreach ( $spam AS $check )
297				if (strstr($_POST['name'], $check) || strstr($_POST['subject'], $check) || strstr($_POST['body'], $check) )
298					$error['spam']="Es scheint Sie wollen Spam verbreiten ... nicht mit uns!";
299
300			if (empty($error))
301			{
302				$guestbook_database = new guestbook_database();
303				$guestbook_database->connect_db($parent);
304
305				if (intval($admin) > 0 && $this->admin)
306				{
307					$sql="UPDATE wiki_guestbook SET messagehead=".$guestbook_database->quote_smart($_POST['subject']).", messagetext=".$guestbook_database->quote_smart($_POST['body']).", name=".$guestbook_database->quote_smart($_POST['name'])." WHERE ID=".intval($admin).";";
308				}
309				else
310				{
311					$sql="INSERT INTO wiki_guestbook (messagehead, messagetext, name, date" . ($guestbook_database->direct_post?', active':'') . ") VALUES(".$guestbook_database->quote_smart($_POST['subject']).", ".$guestbook_database->quote_smart($_POST['body']).", ".$guestbook_database->quote_smart($_POST['name']).", ".$guestbook_database->quote_smart(date("Y-m-d H:i:s")) . ($guestbook_database->direct_post?', 1':'') . ");";
312				}
313
314				mysql_query($sql);
315
316				if ( $guestbook_database->notify && strstr($sql, 'INSERT') )
317				{
318					$email_to = !empty($conf['plugin']['guestbook']['mail_to'])? $conf['plugin']['guestbook']['mail_to'] : "root@localhost";
319					$header="From: DokuWiki Guestbook <guestbook.wiki@".$_SERVER['HTTP_HOST'].">\n";
320					$header .= "Subject: new entry in guestbook\n";
321					$header .= "Content-Type: text/html";
322					mail($email_to, $subject, $this->emailbody($guestbook_database->quote_smart($_POST['subject']), $guestbook_database->quote_smart($_POST['body']), $guestbook_database->quote_smart($_POST['name']), mysql_insert_id()), $header);
323				}
324
325
326				$guestbook_database->close_db();
327
328				$_POST['name'] = null;
329				$_POST['subject'] = null;
330				$_POST['body'] = null;
331				$_POST['newEntry'] = null;
332				$_POST['createEntry'] = null;
333				$_POST['guestEdit'] = null;
334				$_POST['oldID'] = null;
335			}
336			else {
337	    			session_start();
338				$_SESSION['error']=$error;
339				if (intval($admin) > 0 && $this->admin)
340					$_POST['guestEdit'] = $_POST['oldID'];
341				else
342					$_POST['createEntry']=1;
343			}
344
345			return ((is_null($guestbook_database->direct_post) || intval($guestbook_database->direct_post)==0)?'<div class="error">Bitte bedenken Sie, dass der Eintrag erst nach einem Check von unserem Adminstrator freigeschaltet wird.</div>':null);
346		}
347
348		function error_handle()
349		{
350			$error = $_SESSION['error'];
351			if(!empty($error))
352			{
353				if (!is_array($error)) $error=array($error);
354				array_unique($error);
355
356				$output = '<table align="center"><tr><td class="error">Es ist ein Fehler aufgetreten:</td></tr><tr><td class="error"><ul>';
357
358				foreach($error as $err)
359					$output .= '<li>' . wordwrap($err, 70, '<br />') . '</li>';
360
361				$output .= '</ul></td></tr></table>';
362				$_SESSION['error']=null;
363
364				return $output;
365			}
366		}
367
368		function emailBody($subject, $body, $name, $id)
369		{
370			$emailbody='
371			  <!--
372			  Hello,
373			  your system does not support HTML mails!
374			  The following message has been submited to your Dokuwiki guestbook:'."\n".'
375			  Subject: '.$subject."\n".'
376			  Name: '.$name."\n".'
377			  Body: '.$body."\n".'
378			  -->
379				<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
380				<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de" dir="ltr">
381				<head>
382					<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
383					<title>new entry in guestbook</title>
384				</head>
385			  <body bgcolor="#fffff" text="#000000">
386			  <div id="header">New entry in DokuWiki Guestbook at <i>'.$_SERVER['HTTP_HOST'].'</i></div>
387			  <div id="subject">' . $name . ' says: ' . $subject . '</div>
388			  <div id="body">' . $body . '</div>
389			  <div id="confirm"><a href="' . array_shift(split(':', $_SERVER['HTTP_REFERER'], 2)) . '://' . $_SERVER['HTTP_HOST'] . '?do=admin&page=guestbook&activate=' . $id . '">activate this message</a></div>
390			</html>
391			';
392
393			return $emailbody;
394		}
395	}
396}
397
398
399if (!class_exists('timing_handler')) {
400  class timing_handler {
401
402 	var $actualDate = null;
403	var $actualTime = null;
404	var $actualTimestamp = null;
405
406  	function timing_handler()
407  	{
408	  	$this->actualDate = !empty($_POST['oldDate'])?date("Y-m-d", strtotime($_POST['oldDate'])):(empty($_POST['date'])?date("Y-m-d"):date("Y-m-d", (strtotime($_POST['date'])>0?strtotime($_POST['date']):$_POST['date'])));
409			$this->actualTime = (empty($_POST['date'])?date("H:i", time()):date("H:i", $_POST['date']));
410			$this->actualTimestamp = !empty($_POST['oldDate'])?strtotime($_POST['oldDate']):(empty($_POST['date'])?time():(strtotime($_POST['date'])>0?strtotime($_POST['date']):$_POST['date']));
411  	}
412
413  	function timingDate()
414  	{
415  		return $this->actualDate;
416  	}
417
418  	function timingTime()
419  	{
420  		return $this->actualTime;
421  	}
422
423  	function timingTimestamp()
424  	{
425  		return $this->actualTimestamp;
426  	}
427
428  	function map_month($month)
429  	{
430		switch($month)
431		{
432			case "January": return "Januar";
433			case "February": return "Februar";
434			case "March": return "M&auml;rz";
435			case "May": return "Mai";
436			case "June": return "Juni";
437			case "July": return "Juli";
438			case "October": return "Oktober";
439			case "December": return "Dezember";
440			default: return $month;
441		}
442  	}
443
444	function map_day($day)
445	{
446		switch($day)
447		{
448			case "Monday": return "Montag";
449			case "Tuesday": return "Dienstag";
450			case "Wednesday": return "Mittwoch";
451			case "Thursday": return "Donnerstag";
452			case "Friday": return "Freitag";
453			case "Saturday": return "Samstag";
454			case "Sunday": return "Sonntag";
455
456			case 1: return "Montag";
457			case 2: return "Dienstag";
458			case 3: return "Mittwoch";
459			case 4: return "Donnerstag";
460			case 5: return "Freitag";
461			case 6: return "Samstag";
462			case 0: return "Sonntag";
463			default: return $day;
464		}
465	}
466  }
467}
468