xref: /plugin/guestbook/basic.class.php

<?php
/**
 * @author    Gerry wei�bach <gerry.w@gammaproduction.de>
 */

if (!class_exists('guestbook_database')) {
	class guestbook_database {

		var $db = null;
		var $direct_post = null;
		var $notify = false;
		var $parent = null;
		var $show_max = 10;

		function guestbook_database($parent=NULL)
		{
			//$this->direct_post = 1; // uncomment if you want the posts to be directly visible
			if ( !is_null($parent) ) {
				$this->parent = $parent;
				$this->direct_post = $parent->getConf('direct_post');
				$this->notify = $parent->getConf('notify');
				$this->post_url = $parent->getConf('post_url');
				$this->show_max = $parent->getConf('show_max');
			}
		}

		function connect_db($parent=NULL, $admin=NULL)
		{
			if ( is_null($this->parent) && !is_null($parent))
				$this->parent = $parent;

			$db_server = $this->parent->getConf('db_server');
			$db_user = $this->parent->getConf('db_user');
			$db_name = $this->parent->getConf('db_name');
			$db_password = $this->parent->getConf('db_passwd');
			$this->direct_post = $this->parent->getConf('direct_post');
			$this->notify = $this->parent->getConf('notify');
			$this->post_url = $parent->getConf('post_url');

			$this->db = @mysql_connect($db_server, $db_user, $db_password) or die ("Konnte keine Verbindung zur Datenbank herstellen");
			@mysql_select_db($db_name, $this->db);

		}

		function close_db()
		{
			@mysql_close($this->db);
			$this->db = null;
		}

		function quote_smart($value)
		{
		   // stripslashes, falls n�tig
		   if (get_magic_quotes_gpc()) {
		       $value = stripslashes($value);
		   }

		   // quotieren, falls kein integer
		   if (!is_numeric($value)) {
		       $value = "'" . mysql_real_escape_string($value) . "'";
		   }

		   return $value;
		}

		function checkStatus($parent)
		{
			global $INFO;

			if ( $INFO['perm'] == AUTH_ADMIN) {

				$name="wiki_guestbook";
				if ( !empty($name) ) {
					$this->connect_db($parent);
					$sql = "SHOW TABLES";
					$result = mysql_query($sql);
					$tables = array();

					$guestbookExists = NULL;
					while ($data=mysql_fetch_row($result))
						if ($data[0] == $name)
							$guestbookExists = 1;

					if ( is_null($guestbookExists) )	{

						$sql1 = "CREATE TABLE `wiki_guestbook` (".
									  "`ID` int(11) NOT NULL auto_increment,".
									  "`messagehead` varchar(50) default NULL,".
									  "`messagetext` longtext,".
									  "`name` varchar(50) default NULL,".
//									  "`url` varchar(255) default NULL,".
									  "`date` datetime NOT NULL default '0000-00-00 00:00:00',".
									  "`active` tinyint(1) default 0,".
									  "PRIMARY KEY  (`ID`)".
									") ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=70 ;";

						mysql_query($sql1);
					}
					$this->close_db();
				}
			}
			else {
				$name = ereg_replace("[ \t\r.]", "_", htmlentities($_SERVER['REMOTE_USER']));
			}

			return $name;
		}
	}
}

if (!class_exists('guestbook')) {
	class guestbook {

		var $admin;
		function guestbook($admin=false)
		{
			$this->admin = $admin;
		}

		function html($parent)
		{
			global $ID;
			$output = "";

			$nav = $this->navBar($parent);

			$output .= '<form class="newEntry" action="' . wl($ID) . '" method="post"><input type="submit" class="button" name="createEntry" value="Neuer Eintrag" />' . (!$this->admin?'':'<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />') .'</form>';

			$output .= $nav[0];
			$start = $nav[1];
			$row = $nav[2];

			$guestbook_database = new guestbook_database($parent);
			$guestbook_database->connect_db($parent, TRUE);

			$sql="SELECT messagehead, messagetext, name, date, ID, active FROM wiki_guestbook " . (!$this->admin?'WHERE active=1 ':'') . "ORDER BY date DESC LIMIT $start, " . intval($guestbook_database->show_max);
			$result = mysql_query($sql);

			while($data = mysql_fetch_array($result))
			{
				$output .= '<div class="message">';
				if ($this->admin) {
					$output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestEdit" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/edit.png" name="submit" title="bearbeiten" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
					$output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestDelete" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/delete.png" name="submit" title="l&ouml;schen" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
					if ( intval($data['active']) == 0 ) $output .= '<form class="edit" action="' . wl($ID) . '" method="post"><input type="hidden" value="'.$data['ID'].'" name="guestActivate" /><input type="image" src="' . DOKU_BASE . 'lib/plugins/guestbook/images/activate.png" name="submit" title="aktivieren" /><input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" /></form>';
				}
				$output .= '<h1>'. $data['messagehead'] .'</h1>';
				$output .= '<p>' . nl2br($data['messagetext']) . '</p>';
				$output .= '<span>eingetragen von: ' . $data['name']. ' (' . date("d.m.Y H:i", strtotime($data['date'])) . ')</span>';
//				if ( $guestbook_database->post_url )
//					$output .= '<span>URL/Mail: ' . $data['url']. '</span>';
				$output .= '</div>';
			}

			$guestbook_database->close_db;

			$output .= $nav[0];

			if ( mysql_num_rows($result)>0 )
				$output .= '<form class="newEntry" action="' . wl($ID) . '" method="post"><input type="submit" class="button" name="createEntry" value="Neuer Eintrag" />' . (!$this->admin?'':'<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />') .'</form>';
			else
				$output .= '<div class="error">Es sind noch keine Eintr&auml;ge vorhanden.</div>';

			return $output;
		}

		function form($parent, $admin=NULL)
		{
			global $ID;
			$guestbook_database = new guestbook_database($parent);
			if ($this->admin && intval($admin)>0)
			{
				$guestbook_database->connect_db($parent, TRUE);

				$sql = "SELECT * FROM wiki_guestbook WHERE ID=" . intval($admin) . "; ";
				$data=mysql_fetch_array(mysql_query($sql));

				$_POST['name'] = $data['name'];
				$_POST['subject'] = $data['messagehead'];
				$_POST['body'] = $data['messagetext'];
				$_POST['mailurl'] = $data['url'];
				$guestbook_database->close_db;
			}

			$output = "<h1>Neuer G&auml;stebucheintrag</h1>";
			$output .= '<form action="' . wl($ID) . '" method="post" name="forum">';
			if ($this->admin) $output .= '<input type="hidden" name="do" value="admin" /><input type="hidden" name="page" value="guestbook" />';
			$output .= '<div class="guestbookform">';
			$output .= $this->error_handle();
			$output .= '<label for="name">Name:</label><input id="name" type="text" name="name" size="51" value="' . $_POST['name'] . '" /><br />';
//			$output .= '<label for="name">URL/Mail:</label><input type="text" name="mailurl" size="255" value="' . $_POST['mailurl'] . '" /><br />';
			$output .= '<label for="name">Titel:</label><input type="text" name="subject" size="51" maxlength="51"value="' . $_POST['subject'] . '" /><br />';
			$output .= '<label for="name">Text:</label><textarea name="body" cols="36" rows="6" class="forum">' . $_POST['body'] . '</textarea><br /><br />';
			$output .= '<label for="name">&nbsp;</label><input type="submit" name="newEntry" value="eintragen" class="button"/><input type="reset" name="reset" value="zur&uuml;cksetzen" class="button"/>';

			if ($this->admin && intval($admin)>0) $output .= '<input type="hidden" name="oldID" value="' . intval($admin) . '" />';

			$output .= '</form>';
			if (is_null($guestbook_database->direct_post) || intval($guestbook_database->direct_post)==0 || !$guestbook_database->direct_post) $output .= '<br /><span class="error">Um Spam zu vermeiden wird der Eintrag erst freigeschaltet, wenn er als unbedenklich eingestuft wurde. Wir bitten um Ihr Verst&auml;ndnis.</span></div>';

			return $output;
		}

		function navBar($parent)
		{
			global $ID;
			if(!isset($_SESSION['showmax']))
			{
				$guestbook_database = new guestbook_database($parent);
				$guestbook_database->connect_db($parent, TRUE);

				$result = mysql_query("SELECT ID FROM wiki_guestbook ORDER BY date DESC");
				if(isset($result))
				{
					$_SESSION['showmax'] = mysql_num_rows($result);
				}else{
					$_SESSION['showmax'] = 0;
				}

				$guestbook_database->close_db();
			}

			if(!isset($_REQUEST['startcount']))
			{
				$startzahl = 0;
			}else{
				$startzahl=(ceil($_REQUEST['startcount'])-1)*$guestbook_database->show_max;
			}

			$pages = ceil($_SESSION['showmax']/ $guestbook_database->show_max);

			$output="";
			if($pages>1)
			{
				$output .= '<div class="guestbooknav"><form action="' . wl($ID) . '" method="post"><p>'; // <input type="hidden" name="showmax" value="' . $_SESSION['showmax'] . '" />
				for ($i=1; $i<=$pages; $i++)
				{ 		$startcount = ($i-1)*$guestbook_database->show_max;
						$output .= '<input type="submit" name="startcount" value="' . $i . '" class="navButton' . ($startcount==$startzahl ?' active':'') . '" />';
						if ($i != $pages)
							$output .= "-";
				}
				$output .= '</p></form></div>';
			}

			return array($output, $startzahl, $pages);
		}

		function deleteEntry($parent)
		{
			if(intval($_POST['guestDelete'])>0 && $this->admin) {
				$guestbook_database = new guestbook_database();
				$guestbook_database->connect_db($parent);

				$sql = "DELETE FROM wiki_guestbook WHERE ID=" . intval($_POST['guestDelete']) . ";";
				mysql_query($sql);
				$guestbook_database->close_db;
			}
		}

		function guestActivate($parent)
		{
			if(intval($_POST['guestActivate']) > 0 && $this->admin) {
				$guestbook_database = new guestbook_database();
				$guestbook_database->connect_db($parent);

				$sql = "UPDATE wiki_guestbook SET active=NOT active WHERE ID=" . intval($_POST['guestActivate']) . ";";
				mysql_query($sql);
				$guestbook_database->close_db;
			}
		}

		function guestActivateViaMail($parent)
		{
			if(intval($_GET['activate']) > 0 && $this->admin) {
				$guestbook_database = new guestbook_database();
				$guestbook_database->connect_db($parent);

				$sql = "UPDATE wiki_guestbook SET active=NOT active WHERE ID=" . intval($_GET['activate']) . ";";
				mysql_query($sql);
				$guestbook_database->close_db;
			}
		}


		function newEntry($parent, $admin=NULL)
		{
			global $conf;

			if(empty($_POST['name']) || preg_match("/<[^>]*>/", $_POST['name'])) $error['name']="Bitte geben Sie Ihren Namen an.";
			if(empty($_POST['subject']) || preg_match("/<[^>]*>/", $_POST['subject'])) $error['subject']="Bitte geben Sie einen Betreff an.";
			if(empty($_POST['body']) || preg_match("/<[^>]*>/", $_POST['body'])) $error['body']="Bitte geben Sie den Text ein.";

			if(preg_match("/<[^>]*>/", $_POST['name']) || preg_match("/<[^>]*>/", $_POST['subject']) || preg_match("/<[^>]*>/", $_POST['body'])) $error['html']="HTML ist nicht erlaubt!.";

			$spam = is_array($conf['plugin']['guestbook']['spam_array']) ? $conf['plugin']['guestbook']['spam_array'] : array('http', 'www', '@');
			foreach ( $spam AS $check )
				if (strstr($_POST['name'], $check) || strstr($_POST['subject'], $check) || strstr($_POST['body'], $check) )
					$error['spam']="Es scheint Sie wollen Spam verbreiten ... nicht mit uns!";

			if (empty($error))
			{
				$guestbook_database = new guestbook_database();
				$guestbook_database->connect_db($parent);

				if (intval($admin) > 0 && $this->admin)
				{
					$sql="UPDATE wiki_guestbook SET messagehead=".$guestbook_database->quote_smart($_POST['subject']).", messagetext=".$guestbook_database->quote_smart($_POST['body']).", name=".$guestbook_database->quote_smart($_POST['name'])." WHERE ID=".intval($admin).";";
				}
				else
				{
					$sql="INSERT INTO wiki_guestbook (messagehead, messagetext, name, date" . ($guestbook_database->direct_post?', active':'') . ") VALUES(".$guestbook_database->quote_smart($_POST['subject']).", ".$guestbook_database->quote_smart($_POST['body']).", ".$guestbook_database->quote_smart($_POST['name']).", ".$guestbook_database->quote_smart(date("Y-m-d H:i:s")) . ($guestbook_database->direct_post?', 1':'') . ");";
				}

				mysql_query($sql);

				if ( $guestbook_database->notify && strstr($sql, 'INSERT') )
				{
					$email_to = !empty($conf['plugin']['guestbook']['mail_to'])? $conf['plugin']['guestbook']['mail_to'] : "root@localhost";
					$header="From: DokuWiki Guestbook <guestbook.wiki@".$_SERVER['HTTP_HOST'].">\n";
					$header .= "Subject: new entry in guestbook\n";
					$header .= "Content-Type: text/html";
					mail($email_to, $subject, $this->emailbody($guestbook_database->quote_smart($_POST['subject']), $guestbook_database->quote_smart($_POST['body']), $guestbook_database->quote_smart($_POST['name']), mysql_insert_id()), $header);
				}


				$guestbook_database->close_db();

				$_POST['name'] = null;
				$_POST['subject'] = null;
				$_POST['body'] = null;
				$_POST['newEntry'] = null;
				$_POST['createEntry'] = null;
				$_POST['guestEdit'] = null;
				$_POST['oldID'] = null;
			}
			else {
	    			session_start();
				$_SESSION['error']=$error;
				if (intval($admin) > 0 && $this->admin)
					$_POST['guestEdit'] = $_POST['oldID'];
				else
					$_POST['createEntry']=1;
			}

			return ((is_null($guestbook_database->direct_post) || intval($guestbook_database->direct_post)==0)?'<div class="error">Bitte bedenken Sie, dass der Eintrag erst nach einem Check von unserem Adminstrator freigeschaltet wird.</div>':null);
		}

		function error_handle()
		{
			$error = $_SESSION['error'];
			if(!empty($error))
			{
				if (!is_array($error)) $error=array($error);
				array_unique($error);

				$output = '<table align="center"><tr><td class="error">Es ist ein Fehler aufgetreten:</td></tr><tr><td class="error"><ul>';

				foreach($error as $err)
					$output .= '<li>' . wordwrap($err, 70, '<br />') . '</li>';

				$output .= '</ul></td></tr></table>';
				$_SESSION['error']=null;

				return $output;
			}
		}

		function emailBody($subject, $body, $name, $id)
		{
			$emailbody='
			  <!--
			  Hello,
			  your system does not support HTML mails!
			  The following message has been submited to your Dokuwiki guestbook:'."\n".'
			  Subject: '.$subject."\n".'
			  Name: '.$name."\n".'
			  Body: '.$body."\n".'
			  -->
				<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
				<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de" dir="ltr">
				<head>
					<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
					<title>new entry in guestbook</title>
				</head>
			  <body bgcolor="#fffff" text="#000000">
			  <div id="header">New entry in DokuWiki Guestbook at <i>'.$_SERVER['HTTP_HOST'].'</i></div>
			  <div id="subject">' . $name . ' says: ' . $subject . '</div>
			  <div id="body">' . $body . '</div>
			  <div id="confirm"><a href="' . array_shift(split(':', $_SERVER['HTTP_REFERER'], 2)) . '://' . $_SERVER['HTTP_HOST'] . '?do=admin&page=guestbook&activate=' . $id . '">activate this message</a></div>
			</html>
			';

			return $emailbody;
		}
	}
}


if (!class_exists('timing_handler')) {
  class timing_handler {

 	var $actualDate = null;
	var $actualTime = null;
	var $actualTimestamp = null;

  	function timing_handler()
  	{
	  	$this->actualDate = !empty($_POST['oldDate'])?date("Y-m-d", strtotime($_POST['oldDate'])):(empty($_POST['date'])?date("Y-m-d"):date("Y-m-d", (strtotime($_POST['date'])>0?strtotime($_POST['date']):$_POST['date'])));
			$this->actualTime = (empty($_POST['date'])?date("H:i", time()):date("H:i", $_POST['date']));
			$this->actualTimestamp = !empty($_POST['oldDate'])?strtotime($_POST['oldDate']):(empty($_POST['date'])?time():(strtotime($_POST['date'])>0?strtotime($_POST['date']):$_POST['date']));
  	}

  	function timingDate()
  	{
  		return $this->actualDate;
  	}

  	function timingTime()
  	{
  		return $this->actualTime;
  	}

  	function timingTimestamp()
  	{
  		return $this->actualTimestamp;
  	}

  	function map_month($month)
  	{
		switch($month)
		{
			case "January": return "Januar";
			case "February": return "Februar";
			case "March": return "M&auml;rz";
			case "May": return "Mai";
			case "June": return "Juni";
			case "July": return "Juli";
			case "October": return "Oktober";
			case "December": return "Dezember";
			default: return $month;
		}
  	}

	function map_day($day)
	{
		switch($day)
		{
			case "Monday": return "Montag";
			case "Tuesday": return "Dienstag";
			case "Wednesday": return "Mittwoch";
			case "Thursday": return "Donnerstag";
			case "Friday": return "Freitag";
			case "Saturday": return "Samstag";
			case "Sunday": return "Sonntag";

			case 1: return "Montag";
			case 2: return "Dienstag";
			case 3: return "Mittwoch";
			case 4: return "Donnerstag";
			case 5: return "Freitag";
			case 6: return "Samstag";
			case 0: return "Sonntag";
			default: return $day;
		}
	}
  }
}