'Comments datafile not found! CommentsStack stores comments and ratings within a flat-file plain text file, which acts as your database. A new comments datafile has been generated for you. Please reload this webpage to complete the setup. You may need to reload the page twice.',
'name_missing' => 'Please provide your name.',
'rating_missing' => 'Please provide a rating.',
'reviewtitle_missing' => 'Please provide an applicable title',
//'url_invalid' => 'Invalid URL.',
'message_missing' => 'Please enter your message.',
'math_invalid' => 'Wrong math answer.',
'spammer' => 'Spammer test failed.',
'max_length_name' => 'The name supplied is too long. Please shorten it.',
//'max_length_url' => 'Maximum character length for guest URL is ' . $max_length_url,
'$max_length_reviewtitle' => 'The title . Please shorten it.',
'max_length_message' => 'Maximum character length for guest message is ' . $max_length_message,
'no_content' => 'Be the first to submit your experience / knowledge'
);
$cookie_name = "commentstack-001";
$cookie_value = "submitted";
// END CONFIGURATION
// Set default timezone to adjust the timestamp.
// => http://www.php.net/manual/en/function.date-default-timezone-set.php
date_default_timezone_set($time_zone);
// Functions to create and/or update the content of the TXT file (our database)
function create_or_update_file($file_path, $data) {
$handle = fopen($file_path, 'w') or die('Cannot open file: ' . $file_path);
fwrite($handle, $data);
}
// Filter HTML outputs.
// The rest will appear as plain HTML entities to prevent XSS.
// => http://en.wikipedia.org/wiki/Cross-site_scripting
function filter_html($data) {
return preg_replace(
array(
'/<(\/?)(b|blockquote|br|em|i|ins|mark|q|strong|u)>/i', // Allowed HTML tags
'/<center>/', // Deprecated
tag
'/<\/center>/', // Deprecated
tag
'/&([a-zA-Z]+|\#[0-9]+);/' // Symbols
),
array(
'<$1$2>',
'
',
'
',
'&$1;'
),
$data);
}
// Redefine database name via URL to load
// Load database-002.txt => http://localhost/guestbook/index.php&data=database-002
if(isset($_GET['data'])) {
$database = $_GET['data'];
}
// Redefine database ratings via URL to load
// Load database-002.txt => http://localhost/guestbook/index.php&data=database-002
if(isset($_GET['data'])) {
$database_ratings = $_GET['data'];
}
// Check whether the "database" is not available. If not, create one!
if( ! file_exists($database . '.txt')) {
// Prevent guest to create new database via `data=database-XXX` in URL
// Only administrator can do this by editing the `$database` value
if( ! isset($_GET['data'])) {
create_or_update_file($database . '.txt', "");
echo "
\n";
}
// Hide form if user has already submitted it and there is a tracking cookie
if(!isset($_COOKIE[$cookie_name])) {
// No cookie, so do nothing
} else {
echo "";
}
?>
This webpage uses the free demo version of CommentsStack v1.5.0
CommentsStack stores comments and ratings within a flat-file plain text file, which acts as your database. A new comments datafile has been generated for you. Please reload this webpage to complete the setup. You may need to reload the page twice.', 'name_missing' => 'Please provide your name.', 'rating_missing' => 'Please provide a rating.', 'reviewtitle_missing' => 'Please provide an applicable title', //'url_invalid' => 'Invalid URL.', 'message_missing' => 'Please enter your message.', 'math_invalid' => 'Wrong math answer.', 'spammer' => 'Spammer test failed.', 'max_length_name' => 'The name supplied is too long. Please shorten it.', //'max_length_url' => 'Maximum character length for guest URL is ' . $max_length_url, '$max_length_reviewtitle' => 'The title . Please shorten it.', 'max_length_message' => 'Maximum character length for guest message is ' . $max_length_message, 'no_content' => 'Be the first to submit your experience / knowledge' ); $cookie_name = "commentstack-001"; $cookie_value = "submitted"; // END CONFIGURATION // Set default timezone to adjust the timestamp. // => http://www.php.net/manual/en/function.date-default-timezone-set.php date_default_timezone_set($time_zone); // Functions to create and/or update the content of the TXT file (our database) function create_or_update_file($file_path, $data) { $handle = fopen($file_path, 'w') or die('Cannot open file: ' . $file_path); fwrite($handle, $data); } // Filter HTML outputs. // The rest will appear as plain HTML entities to prevent XSS. // => http://en.wikipedia.org/wiki/Cross-site_scripting function filter_html($data) { return preg_replace( array( '/<(\/?)(b|blockquote|br|em|i|ins|mark|q|strong|u)>/i', // Allowed HTML tags '/<center>/', // Deprecated
', '
', '', ' ', ' ', '$6' // Unlink all links in message content! ), $_POST['message']); $user_comments = htmlentities($user_comments, ENT_QUOTES, 'UTF-8'); // [2] } else { $error .= ""; } // Check the math challenge answer to prevent spam robot. if( ! isset($_POST['math']) || empty($_POST['math']) || $_POST['math'] != $_SESSION['math']) { $error .= ""; } // Check for character length limit if(strlen($name) > $max_length_name) $error .= ""; //if(strlen($url) > $max_length_url) $error .= ""; if(strlen($reviewtitle) > $max_length_reviewtitle) $error .= ""; if(strlen($user_comments) > $max_length_message) $error .= ""; // If all data entered by guest is valid, insert new data! if($error === "" ) { // Main database $new_data = $name . "\n" . $rating . "\n" . $reviewtitle . "\n" . $user_comments . "\n" . $timestamp; if( ! empty($old_data)) { create_or_update_file($database . '.txt', $new_data . "\n\n==\n" . $old_data); // Prepend data } else { create_or_update_file($database . '.txt', $new_data); // Insert data } // Ratings database $new_ratings_data = $rating . "\n"; if( ! empty($old_ratings_data)) { create_or_update_file($database_ratings . '.txt', $new_ratings_data . $old_ratings_data); // Prepend data } else { create_or_update_file($database_ratings . '.txt', $new_ratings_data); // Insert data } // Set the tracking cookie, if enabled setcookie($cookie_name, $cookie_value, time() + (31557600 * 30), "/"); // 86400 = 1 day } else { // else, print the error messages. echo $error; } } } // [3] $_SESSION['guest_name'] = isset($_POST['name']) ? $_POST['name'] : ""; $_SESSION['guest_rating'] = isset($_POST['rating']) ? $_POST['rating'] : ""; //$_SESSION['guest_url'] = isset($_POST['url']) ? $_POST['url'] : "http://"; $_SESSION['guest_reviewtitle'] = isset($_POST['reviewtitle']) ? $_POST['reviewtitle'] : ""; $_SESSION['guest_message'] = isset($_POST['message']) && $error != "" ? htmlentities($_POST['message'], ENT_QUOTES, 'UTF-8') : ""; // ---------------------------------------------------------------------------------------- // [1]. Prevent guest to type too many line break symbols. // People usually do these thing to make their SPAM messages looks striking. // [2]. Convert all HTML tags into HTML entities. This is done thoroughly for safety. // We can revert back the escaped HTML into normal HTML tags later via `filter_html()` // [3]. Save the form data into session. So if something goes wrong, the data entered // by guest will still be stored in the form after submitting. // ---------------------------------------------------------------------------------------- // Math challenge to prevent spam robot. // Current answer will be stored in `$_SESSION['math']` $x = mt_rand(1, 100); $y = mt_rand(1, 100); if($x - $y > 0) { $math = $x . ' - ' . $y; $_SESSION['math'] = $x - $y; } else { $math = $x . ' + ' . $y; $_SESSION['math'] = $x + $y; } // Testing... // echo $math . ' = ' . $_SESSION['math']; /** * Show the existing data. */ $data = file_get_contents($database . '.txt'); $current_page = isset($_GET['page']) ? $_GET['page'] : 1; $nav = ""; if( ! empty($data)) { $data = explode("\n\n==\n", $data); $total_pages = ceil(count($data) / $per_page); // Create navigation if the number of pages is more than 1. if($total_pages > 1) { for($i = 0; $i < $total_pages; $i++) { if($current_page == ($i + 1)) { $nav .= "
\n"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " \n
\n"; echo " "; echo " "; echo " "; echo " "; echo " "; echo " \n