<?php
session_start();
/*include settings (db included)*/
include("settings.php");
if ($_POST['name'] and $_POST['email'] and $_POST['history'] and $_POST['return'])
{
/////////////////////
$_SESSION['the_name'] = $_POST['name'];
$_SESSION['the_email'] = $_POST['email'];
$_SESSION['the_history'] = $_POST['history'];
//vars
$name = (string)$_POST['name'];
$email = (string)$_POST['email'];
$history = (string)$_POST['history'];
$ip = (string)$_POST['ip'];
$return = (string)$_POST['return'];
/////////////////
/*check lenghts*/
$name_lenght = strlen($name);
$email_lenght = strlen($email);
$history_lenght = strlen($history);
if ($name_lenght > $max_name or $email_lenght > $max_email or $history_lenght > $max_history)
{
if ($show_error_messages == "on") $_SESSION['lenght'] = "on";
header("location: ".$return);
die("too long name");
}
/*check spam*/
if ($allow_urls == "off")
{
$findme = array('www', 'http', '.com', '.org', '.net', '.ly', '.es', '.cat', '.ar', '.tv', '[dot]');
/*cheekings*/
$pos = strpos($history, $findme[0]);
$pos2 = strpos($history, $findme[1]);
$pos3 = strpos($history, $findme[2]);
$pos4 = strpos($history, $findme[3]);
$pos5 = strpos($history, $findme[4]);
$pos6 = strpos($history, $findme[5]);
$pos7 = strpos($history, $findme[6]);
$pos8 = strpos($history, $findme[7]);
$pos9 = strpos($history, $findme[8]);
$pos10 = strpos($history, $findme[9]);
$pos11 = strpos($history, $findme[10]);
if (($pos or $pos2 or $pos3 or $pos4 or $pos5 or $pos6 or $pos7 or $pos8 or $pos9 or $pos10 or $pos11) === true)
{
if ($show_error_messages == "on") $_SESSION['spam'] = "on";
header("location: ".$_POST['return']);
die("nospaaaap");
}
}
//we check if the written email is correct
$check_email = strpos($email, '@'); //find the @ char
if ($check_email === false)
{
if ($show_error_messages == "on") $_SESSION['email'] = "on";
header("location: ".$_POST['return']);
}
else
{
/*we replace < and > in the message, name and history*/
$marks = array("<", ">");
$replaced = array("<", ">");
$new_name = str_replace($marks, $replaced, $name);
$new_history = str_replace($marks, $replaced, $history);
/*population of the db*/
$date = date("d/m/Y");
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("
INSERT INTO comments VALUES (
'".$new_name."', '".$email."', '".$new_history."', '".$ip."', '".$date."', '".$return."', ''
)
") or die('error trying to populate the db');
if ($show_error_messages == "on") $_SESSION['published'] = "yes";
/*get back*/
header("location: ".$return);
}
}
else
{
$_SESSION['fields'] = "on";
header("location: ".$return);
}
?>
|
Download
