<?php
# You must set this correctly to a
# location where you are allowed to
# create a file!
$guestbook = 'guestbook.dat';
# Choose your own password
$adminPassword = 'test123';
# Hide harmless warning messages that confuse users.
# If you have problems and you don't know why,
# comment this line out for a while to get more
# information from PHP
error_reporting (E_ALL ^ (E_NOTICE | E_WARNING));
# No changes required below here
$admin = 0;
if ($adminPassword == 'CHANGEME') {
die("You need to change \$adminPassword first.");
}
# Undo magic quotes - useless for flat files,
# and inadequate and therefore dangerous for databases. See:
# http://www.boutell.com/newfaq/creating/magicquotes.html
function stripslashes_nested($v)
{
if (is_array($v)) {
return array_map('stripslashes_nested', $v);
} else {
return stripslashes($v);
}
}
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_nested($_GET);
$_POST = stripslashes_nested($_POST);
}
?>
<html>
<head>
<title>Rally drivers profile page</title>
<style type="text/css">
<!--
.style1 {font-family: Verdana, Arial, Helvetica, sans-serif}
.style3 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 9px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<h1 align="center" class="style1">Rally drivers profile page</h1>
<div align="center">
<?php
$password = "";
if ($_POST['password'] == $adminPassword) {
$admin = 1;
$password = $adminPassword;
} else if (strlen($_POST['password'])) {
echo("<h2>Login Failed (Bad Password)</h2>\n");
}
?>
<table width="600" border="1" cellpadding="3" cellspacing="3">
<tr>
<th>
<span class="style1">Name driver</span>
</th>
<th>
<span class="style1">Since</span>
</th>
<th>
<span class="style1">Country</span>
</th>
<th>
<span class="style1">Co drivers</span>
</th>
<th>
<span class="style1">Latest rally car</span>
</th>
<?php
if ($admin) {
echo "<th>Controls</th>";
}
?>
</tr>
<?php
if ($_POST['submit']) {
$file = fopen($guestbook, "a");
if (!$file) {
die("Can't write to guestbook file");
}
$date = date('F j, Y, g:i a');
$id = rand();
$driverName = $_POST['driverName'];
$since = $_POST['since'];
$country = $_POST['country'];
$coDrivers = $_POST['coDrivers'];
$latestRallyCar = $_POST['latestRallyCar'];
$driverName = clean($driverName, 40);
$since = clean($since, 40);
$country = clean($country, 40);
$coDrivers = clean($coDrivers, 40);
$latestRallyCar = clean($latestRallyCar, 40);
fwrite($file,
"$date\t$driverName\t$since\t$country\t$coDrivers\t$latestRallyCar\t$id\n");
fclose($file);
}
$file = fopen($guestbook, 'r');
$tfile = null;
$delete = 0;
$deleteId = '';
if ($admin && $_POST['delete']) {
$delete = 1;
$deleteId = $_POST['id'];
$tfile = @fopen("$guestbook.tmp", 'w');
if (!$tfile) {
die("Can't create temporary file for delete operation");
}
}
if ($file) {
while (!feof($file)) {
$line = fgets($file);
$line = trim($line);
list ($date, $driverName, $since, $country, $coDrivers, $latestRallyCar, $id) =
split("\t", $line, 7);
if (!strlen($date)) {
break;
}
if (!strlen($id)) {
// Support my old version
$id = $date;
}
if ($delete) {
if ($id == $deleteId) {
continue;
} else {
fwrite($tfile,
"$date\t$driverName\t$since\t$country\t$coDrivers\t$latestRallyCar\t$id\n");
}
}
echo "<tr>";
echo "<td> $driverName </td>";
echo "<td> $since </td>";
echo "<td> $country </td>";
echo "<td> $coDrivers </td>";
echo "<td> $latestRallyCar </td>";
if ($admin) {
echo "<td>";
echo "<form action=\"guestbook.php\" " .
"method=\"POST\">";
passwordField();
hiddenField('id', $id);
echo "<input type=\"submit\" " .
"value=\"Delete\" " .
"name=\"delete\">";
echo "</form>";
echo "</td>";
}
echo "</tr>\n";
}
fclose($file);
if ($delete) {
fclose($tfile);
unlink($guestbook);
rename("$guestbook.tmp", $guestbook);
}
}
function clean($name, $max) {
# Turn tabs and CRs into spaces so they can't
# fake other fields or extra entries
$name = ereg_replace("[[:space:]]", ' ', $name);
# Escape < > and and & so they
# can't mess withour HTML markup
$name = ereg_replace('&', '&', $name);
$name = ereg_replace('<', '<', $name);
$name = ereg_replace('>', '>', $name);
# Don't allow excessively long entries
$name = substr($name, 0, $max);
# Undo PHP's "magic quotes" feature, which has
# inserted a \ in front of any " characters.
# We undo this because we're using a file, not a
# database, so we don't want " escaped. Those
# using databases should do the opposite:
# call addslashes if get_magic_quotes_gpc()
# returns false.
return $name;
}
function passwordField() {
global $admin;
global $password;
if (!$admin) {
return;
}
hiddenField('password', $password);
}
function hiddenField($name, $value) {
echo "<input type=\"hidden\" " .
"name=\"$name\" value=\"$value\">";
}
?>
</table>
<?php
if (!$admin) {
?>
<form action="guestbook.php" method="POST">
<span class="style3">Admin Login</span>
<br>
<input type="password" name="password">
<input type="submit" name="login" value="Log In">
</form>
<?php
}
?>
<form action="guestbook.php" method="POST">
<table width="600" border="0" cellpadding="5" cellspacing="5">
<tr>
<th>Name driver</th><td><input id="driverName" name="driverName" maxlength="40"></td>
</tr>
<tr>
<th>Since</th><td><input id="since" name="since" maxlength="40"></td>
</tr>
<tr>
<th>Country</th><td><input id="country" name="country" maxlength="40"></td>
</tr>
<tr>
<th>Co drivers</th><td><input id="coDrivers" name="coDrivers" maxlength="40"></td>
</tr>
<tr>
<th>Latest rally car</th><td><input id="latestRallyCar" name="latestRallyCar" maxlength="40"></td>
</tr>
<tr>
<th colspan="2">
<input type="submit" name="submit" value="Voeg profiel toe / Add profile">
</th>
</tr>
</table>
<?php
passwordField();
?>
</form>
</div>
</body>
</html>