<?php
/*
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
~= YapGB - Yet Another Php Guest Book                              =~
~= v0.5.1                                                          =~
~= Nov 7th, 2004                                                   =~
~= http://www.hewop.com/~yapgb                                     =~
~= yapgb@hewop.com                                                 =~
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
~= AUTHOR:                                                         =~
~=    José Jorge Enríquez Rodríguez                                =~
~=    geo@geosoft.tk (redirected email)                            =~
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
~= YapGB is a free guestbook system written in PHP that does not   =~
~= require a database, entries are stored in a plain text file.    =~
~= Copyright (C) 2003-2004 José Jorge Enríquez Rodríguez           =~
~=                                                                 =~
~= This program is free software; you can redistribute it and/or   =~
~= modify it under the terms of the GNU General Public License     =~
~= as published by the Free Software Foundation; either version 2  =~
~= of the License, or (at your option) any later version.          =~
~=                                                                 =~
~= This program is distributed in the hope that it will be useful, =~
~= but WITHOUT ANY WARRANTY; without even the implied warranty of  =~
~= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   =~
~= GNU General Public License for more details.                    =~
~=                                                                 =~
~= You should have received a copy of the GNU General Public       =~
~= License along with this program; if not, write to the Free      =~
~= Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, =~
~= MA  02111-1307, USA                                             =~
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
~= CHANGES                                                         =~
~= v0.5.1:                                                         =~
~= - Small correction: date was not acquired with register_globals =~
~=   disabled.                                                     =~
~= v0.5:                                                           =~
~= - Improved security when deleting entries. Now the date field   =~
~=   is checked so that it corresponds to the one being deleted.   =~
~=   This way we avoid undesired behavior when two or more people  =~
~=   have access to the admin page.                                =~
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
*/

# Disable magic quotes at runtime.
# It is used to avoid the addition of back slashes (\) to every new
# entry.
set_magic_quotes_runtime(0);

# Include configuration file.
include ("config.php");
# Include functions file.
include("func.php");

# Get action to perform and page number, it is done this way so that
# YapGB works with older versions of PHP.
if ( !empty($_GET) ) {
  if ( isset($_GET["id"]) )
    $id = $_GET["id"];
}
else if ( !empty($_HTTP_GET_VARS) ) {
  if ( isset($HTTP_GET_VARS["id"]) )
    $id = $HTTP_GET_VARS["id"];
}

if ( !empty($_POST) ) {
  if ( isset($_POST["action"]) )
    $action = $_POST["action"];
  if ( isset($_POST["id"]) )
    $id = $_POST["id"];
  if ( isset($_POST["passwd"]) )
    $passwd = $_POST["passwd"];
  // Date is now required, I forgot to include it with version 0.5
  if ( isset($_POST["date"]) )
    $date = $_POST["date"];
}
else if ( !empty($HTTP_POST_VARS) ) {
  if ( isset($HTTP_POST_VARS["action"]) )
    $action = $HTTP_POST_VARS["action"];
  if ( isset($HTTP_POST_VARS["id"]) )
    $id = $HTTP_POST_VARS["id"];
  if ( isset($HTTP_POST_VARS["passwd"]) )
    $passwd = $HTTP_POST_VARS["passwd"];
  if ( isset($HTTP_POST_VARS["date"]) )
    $date = $HTTP_POST_VARS["date"];
}

# If action is set
if ( isset($action) ) {
  # Password is required to perform an action, so we check it first.
  # Exit if password is not correct.
  if ( $passwd != $gbAdminPass ) {
    die("$msgError: Wrong password!");
  }

  switch($action) {
    case "delete": {
      # Exit if id is not set.
      if ( !isset($id) )
        die("$msgError: Nothing to delete!<br>Please <a href=\"javascript:history.go(-1);\">go back.</a> and try again.");

      if ( !isset($date) )
        die("$msgError: Date field was not received!\n");


      $fp = fopen($gbFile, "r") or die("$msgError: Data file not found! (01)<br>");
      fseek($fp, 0);
      $content = fread($fp, filesize($gbFile));
      fclose($fp);
      $text = explode("\n", $content);

      //$text = file($gbFile);
      $lines = count($text) - 1;

      # Improved security.
      # It helps when two or more people have access to deleting
      # entries, if id number has changed: if someone deleted an entry
      # and someone else is trying to delete another one at the same
      # moment, line number could have changed. So we check whether
      # the date is the same to the one we wanted to delete. If not,
      # we don't delete anything, it's better than deleting something
      # you don't want to :).
      # It won't happen if only one person has access to the admin
      # system (or if onlye one person is accessing it at a time).
      $entry = explode("|", $text[$id]);
      if ( $date != $entry[1] ) {
        echo "date: $date<br>date: $entry[1] - $entry[0]<hr>";
        die("$msgError: date does not match.<br>\n");
      }
      if ($id > $lines - 1)
        die("$msgError: Entry with id = $id does not exist anymore.<br>\n
          Someone else should have deleted a previous entry\n
          while you were trying to delete this one.<br>\n
          <a href=\"$gbIndex\">Go back to guestbook</a> and try again.");

      # Move all entries after $id one place up
      # ($id becomes $id's next)
      for ($i = $id; $i < $lines - 1; $i++) {
        $text[$i] = $text[$i + 1];
      }

      # Save the new entries array.
      $fp = fopen($gbFile, "w") or die("$msgError: Data file not found! (02)");

      for ($i = 0; $i < $lines - 1; $i++)
        fputs($fp, "$text[$i]\n");

      fclose($fp);

      echo "Message deleted succesfully!<br>\n<a href=\"$gbIndex\">Go back to book.</a>";
      break;
    }
    case "modify": {
      # Exit if id is not set.
      if ( !isset($id) )
        die("$msgError: Nothing to modify!<br>Please <a href=\"javascript:history.go(-1);\">go back.</a> and try again.");

      $fp = fopen($gbFile, "r") or die("$msgError: Data file not found! (03)<br>");
      fseek($fp, 0);
      $content = fread($fp, filesize($gbFile));
      fclose($fp);

      $text = explode("\n", $content);

      $contents = readTemplate("temp_modify.html");

      list($name, $date, $email, $url, $message) = explode("|", $text[$_POST["id"]]);
      $message = str_replace("<br>", "\n", $message);

      $contents = swapEntryTags($contents, $id, $name, $date, $email, $url, $message);
      $contents = swapGlobalTags($contents);

      echo $contents;
      break;
    }
    case "update": {
      # Exit if id is not set.
      if ( !isset($id) )
        die("$msgError: Nothing to modify!<br>Please <a href=\"javascript:history.go(-1);\">go back.</a> and try again.");

      $fp = fopen($gbFile, "r") or die("$msgError: Data file not found! (04)");
      fseek($fp, 0);
      $content = fread($fp, filesize($gbFile));
      fclose($fp);

      $text = explode("\n", $content);
      $lines = count($text);

      if ( !empty($_POST) ) {
        if ( isset($_POST["name"]) )
        $name = $_POST["name"];
        if ( isset($_POST["email"]) )
          $email = $_POST["email"];
        if ( isset($_POST["url"]) )
          $url = $_POST["url"];
        if ( isset($_POST["message"]) )
          $message = $_POST["message"];
      }
      else if ( !empty($HTTP_POST_VARS) ) {
        if ( isset($HTTP_POST_VARS["name"]) )
          $name = $HTTP_POST_VARS["name"];
        if ( isset($HTTP_POST_VARS["email"]) )
          $email = $HTTP_POST_VARS["email"];
        if ( isset($HTTP_POST_VARS["url"]) )
          $url = $HTTP_POST_VARS["url"];
        if ( isset($HTTP_POST_VARS["message"]) )
          $message = $HTTP_POST_VARS["message"];
      }

      $name = cleanField($name);
      $email = cleanField($email);
      $url = cleanField($url);
      $message = cleanMessage($message);

      $modEntry = $name."|".$date."|".$email."|".$url."|".$message."|[end]";

      $text[$id] = $modEntry;

      $fp = fopen($gbFile, "w") or die("$msgDataFileNotFound");
      for ($i = 0; $i < $lines - 1; $i++)
        fputs($fp, "$text[$i]\n");

      fclose($fp);

      echo "Message with id = $id was updated succesfully!.<br>\n<a href=\"$gbIndex\">Go back to book</a>\n";

      break;
    }
    default: {
      die("$msgError: Unknown action!<br><a href=\"$gbIndex\">Go back to book</a>");
    }
  }
}
# Action is not set, show the modify/delete selection page.
else {
  # If id is not set, we can not show anything, so exit.
  if ( !isset($id) )
    die("$msgError: No entry was selected!<br>Please <a href=\"javascript:history.go(-1);\">go back.</a> and try again.");

  $text = file($gbFile);
  list($name, $date, $email, $url, $message) = explode("|", $text[$id]);

  $adminContent = readTemplate("temp_admin.html");
  $adminContent = swapEntryTags($adminContent, $id, $name, $date, $email, $url, $message);
  $adminContent = swapGlobalTags($adminContent);

  echo $adminContent;
}

?>