/*
Snippet:
        GuestBook5 (based on GuestBook3 & 4) - Etomite v0.6.1 final - Modified 2007-01-08
Created By:    Ralph A. Dahlgren - rad14701[at]yahoo.com
Modified By:   Jarda Travnicek - jarda[at]csol-mb.net
And:           Miroslav "churchyard" H. - churchyard[at]gmail.com

New in GuestBook4:
        text formatting with bbcode
        spam protection against email address crawlers
        email notice on new post
        ip logging
New in GuestBook5:
        alias working
        calling snippets protection

To-Do:
        spam protection with captcha codes

Usage:  Create an Etomite user or admin as GuestBook owner in Etomite Manager
        Change $defaultadmin variable (to this user will be delivered the messages)
Variables:
        $gbtype - Referenced in GuestBook admin User Messages Subject
        $gbadmin - Etomite User/Admin who will receive this message
Examples:
        Use the [!SnippetName!] syntax instead of regular [[SnippetName]]:
        [!GuestBook!] - Will use snippet defaults for $gbtype and $gbadmin
        [!GuestBook?gbtype=GuestBook&gbadmin=guestbook!] - Self Explanatory
        [!GuestBook?gbadmin=someuser!] - Uses $etomite->documentObject['pagetitle'] for $gbtype
        [!GuestBook?bgtype=SomeTopic!] - Uses $defaultadmin for $gbadmin
Note:   $etomite->documentObject['createdby'] was not used for $gbadmin intentionally
        To implement this capability would entail and additonal DB Query before Inserts
*/

/* BEGIN SETTINGS ------------------------------------------------------------- */

/* Variables you may want to change */
$aliasu = "guestbook.htm"; // put page.htm or "index.php?id=$etomite->documentIdentifier" or something like that

// DEF: "index.php?id=$etomite->documentIdentifier"
$defaultadmin = "guestbook"; // Default GuestBook admin to use if $gbadmin not passed
$gap = " :: "; // Separator between $type and $subject in User Messages Subject field
$messages = 10; // Number of messages on one page
$message_box_style = 'class="message_box_style"'; // Css style for message box
$order = "DESC"; // Order of messages by postdate: DESC = descending, ASC = ascending

/* time & date zone settings */
setlocale(LC_TIME, "cs_CZ"); // for cz (for en 'LC_TIME, "en_EN"', for sk 'LC_TIME, "Slovak"')
$dateformat = "%a %d.%m.%y v %H:%M:%S"; // Preferred Date & Time display format, European dateformat is "%d.%m.%Y %H:%M:%S"

$server_offset_time = 0; // number of seconds for timezone difference
/* emails */
$toAdmin = 'admin@example.com';
$MailSubject = 'Etomite GuestBook';
$fromMail = 'guestbook@example.com';
$mailCharset = 'utf-8';

/* Czech language for guestbook */
$_lang_guestbook["write_new_message"] = "Přidat zprávu";
$_lang_guestbook["messages"] = "Zprávy";
$_lang_guestbook["name_or_alias"] = "Jméno";
$_lang_guestbook["send"] = "Poslat";
$_lang_guestbook["reset"] = "Reset";
$_lang_guestbook["next_page"] = "Další strana";
$_lang_guestbook["previous_page"] = "Předchozí strana";
$_lang_guestbook["message"] = "Text zprávy";
$_lang_guestbook["count_message"] = "Počet zpráv:";
$_lang_guestbook["date_and_time"] = "Datum zaslání:";
$_lang_guestbook["sender"] = "Zaslal:";
$_lang_guestbook["cancel"] = "Zrušit";
$_lang_guestbook["code"] = "Kód";
$_lang_guestbook["quoting"] = "Cituji";
$_lang_guestbook["error"] = "Objevila se chyba...";
$_lang_guestbook["email_author"] = "Autor: ";
$_lang_guestbook["email_message"] = "Zprava:";
$_lang_guestbook["javascript_disabled"] = 'Tlačítko nefunguje, pokud nemáte povolen JavaScript (je to <strong>slabá</strong> obrana proti jednodušším SPAM botům) - pokud váš prohlížeč nepodporuje JavaScript, napište za URL <span class="code">?new_message=TRUE</span>, nebo zkuste <a href="http://firefox.czilla.cz">Firefox</a>.';

/* Slovak language for guestbook
$_lang_guestbook["write_new_message"] = "Pridať správu";
$_lang_guestbook["messages"] = "Správy";
$_lang_guestbook["name_or_alias"] = "Meno";
$_lang_guestbook["send"] = "Poslať";
$_lang_guestbook["reset"] = "Reset";
$_lang_guestbook["next_page"] = "Ďalšia strana";
$_lang_guestbook["previous_page"] = "Predchádzajúca strana";
$_lang_guestbook["message"] = "Text správy";
$_lang_guestbook["count_message"] = "Počet správ:";
$_lang_guestbook["date_and_time"] = "Datum odoslania:";
$_lang_guestbook["sender"] = "Poslal:";
$_lang_guestbook["cancel"] = "Zrušiť";
$_lang_guestbook["code"] = "Kód";
$_lang_guestbook["quoting"] = "Citujem";
$_lang_guestbook["error"] = "Objavila sa chyba...";
$_lang_guestbook["email_author"] = "SK Autor: ";
$_lang_guestbook["email_message"] = "Zprava:";
$_lang_guestbook["javascript_disabled"] = 'Tlačítko nefunguje, pokud nemáte povolen JavaScript (je to <strong>slabá</strong> obrana proti jednodušším SPAM botům) - pokud váš prohlížeč nepodporuje JavaScript, napište za URL <span class="code">?new_message=TRUE</span>, nebo zkuste <a href="http://firefox.czilla.cz">Firefox</a>.';
*/


/* END SETTINGS --------------------------------------------------------------- */

// Variables you should not need to change
$type = isset($gbtype) ? $gbtype : $etomite->documentObject['pagetitle']; // Set $type field for new entry
$trimtype=substr($type,0,15); // Truncate $type to 15 character limit for field
$guestbookadmin = isset($gbadmin) ? $gbadmin : $defaultadmin; // Set GuestBook admin
$pageid=$etomite->documentIdentifier; // ID of the calling document
$pageurl=$etomite->makeURL($pageid); // URL if you don't have friendly uri
$tbl = $etomite->dbConfig['dbase'].".".$etomite->dbConfig['table_prefix'];
$msgdb = $tbl."user_messages"; // DB.Prefix_user_messages variable

// Function to make bbcode formatting
function bbcode($message) {
  $preg = array(
    // text
    '/\[b(?::\w+)?\](.*?)\[\/b(?::\w+)?\]/si'                 => '<strong>$1</strong>',
    '/\[i(?::\w+)?\](.*?)\[\/i(?::\w+)?\]/si'                 => '<em>$1</em>',
    '/\[u(?::\w+)?\](.*?)\[\/u(?::\w+)?\]/si'                 => '<span style="text-decoration: underline;">$1</span>',
    // code
    '/\[code(?::\w+)?\](.*?)\[\/code(?::\w+)?\]/si'           => '<div class="gb_code_box"><strong>Kód</strong>:<br /><span class="gb_code_content">$1</span></div>',
    // email
    '/\[email(?::\w+)?\](.*?)\[\/email(?::\w+)?\]/si'         => '$1',
    '/\[email=(.*?)(?::\w+)?\](.*?)\[\/email(?::\w+)?\]/si'   => '$1',
    // url
    '/\[url(?::\w+)?\](.*?)\[\/url(?::\w+)?\]/si'                                          => '$1',
    '/\[url(?::\w+)?\]^(^http|https|news|ftp|www)(.*?)\[\/url(?::\w+)?\]/si'               => 'www.$1',
    '/\[url(?::\w+)?\]((?:http|https|news|ftp)\:\/\/.*?)\[\/url(?::\w+)?\]/si'             => '$1',
    '/\[url=((?:http|https|news|ftp)\:\/\/.*?)(?::\w+)?\](.*?)\[\/url(?::\w+)?\]/si'       => '<a href="$1">$2</a>',
    '/\[url(?::\w+)?\](mailto\:)(.*?)\[\/url(?::\w+)?\]/si'                                => '$1',
    '/\[url=(mailto\:)(.*?)(?::\w+)?\](.*?)\[\/url(?::\w+)?\]/si'                          => '$2',
    // quote
    '/\[quote(?::\w+)?\](.*?)\[\/quote(?::\w+)?\]/si'                                      => '<blockquote>$1</blockquote>',
    '/\[quote=(?:&quot;|"|\')?(.*?)["\']?(?:&quot;|"|\')?\](.*?)\[\/quote(?::\w+)?\]/si'   => '<div class="gb_quote">Cituji <strong>$1</strong>:<br />$2</div>',
    /* list - not used
    '/\[\*(?::\w+)?\]\s*([^\[]*)/si'                          => '<li>$1</li>',
    '/\[list(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/si'           => '<ul>$1</ul>',
    '/\[list(?::\w+)?\](.*?)\[\/list:u(?::\w+)?\]/s'          => '<ul>$1</ul>',
    '/\[list=1(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/si'         => '<ol style="list-style-type: decimal;">$1</ol>',
    '/\[list=i(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/s'          => '<ol style="list-style-type: lower-roman;">$1</ol>',
    '/\[list=I(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/s'          => '<ol style="list-style-type: upper-roman;">$1</ol>',
    '/\[list=a(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/s'          => '<ol style="list-style-type: lower-alpha;">$1</ol>',
    '/\[list=A(?::\w+)?\](.*?)\[\/list(?::\w+)?\]/s'          => '<ol style="list-style-type: upper-alpha;">$1</ol>',
    '/\[list(?::\w+)?\](.*?)\[\/list:o(?::\w+)?\]/s'          => '<ol style="list-style-type: decimal;">$1</ol>',
    // some cosmetic :)
    '/<ol(.*?)>(?:.*?)<li(.*?)>/si'         => '<ol$1><li$2>',
    '/<ul(.*?)>(?:.*?)<li(.*?)>/si'         => '<ul$1><li$2>',
    */
  );
  $message = preg_replace(array_keys($preg), array_values($preg), $message);

  // function to make clickable() Taken from: Nathan Codding - 6th February 2001
  $ret = ' ' . $message; // adding break to make 1st line functional

  /* filtruje "xxxx://yyyy" URL na zacatku lajny nebo po mezere.
     xxxx muze byt pouze pismenny kod.
     yyyy je cokoliv po mezere, tabu, entru, carce, apostrofe nebo < . */
  $ret = preg_replace('#([\t\r\n ])([a-z0-9]+?){1}://([\w\-]+\.([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i', '$1<a href="$2://$3">$2://$3</a>', $ret);

  /* filtruje "www|ftp.xxxx.yyyy[/zzzz]", neco jako lazy URL
     Musi obsahovat aspon dve tecky. xxxx je alfanumericky nebo "-"
     zzzz je volitelny... */
  $ret = preg_replace('#([\t\r\n ])(www|ftp)\.(([\w\-]+\.)*[\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i', '$1<a href="http://$2.$3">$2.$3</a>', $ret);

  /* filtruje email@domain typy adres na zacatku lajny i na konci.
     POZNAMKA: Pouze nasledujici znaky jsou povoleny: alfanumericky, "-", "_" a/nebo ".".
     NEED [[AntiSpam]] Snippet */
  $ret = preg_replace('#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i', '$1[[AntiSpam?email=$2@$3]]', $ret);

  // Getting rid of bordel :-)...
  $ret = substr($ret, 1);
  $ret = nl2br($ret);
  return $ret;
}

// Don't allow unwanted re-posts of messages
if($_POST['submitted'] == "TRUE") header( "Location: $aliasu" );

// Send email to admin when somebody posted a message
if($_POST['submitted'] == "TRUE") {
   $MailMessage = $_lang_guestbook["email_author"].$_POST["subject"]."\r\n";
   $MailMessage .= $_lang_guestbook["email_message"]."\r\n";
   $MailMessage .= $_POST["message"]."\r\n";

   $Headers = 'MIME-Version: 1.0' . "\r\n";
   $Headers .= 'Content-type: text/plain; charset=' . $mailCharset . "\r\n";
   $Headers .= 'Content-Transfer-Encoding: QUOTED-PRINTABLE' . "\r\n";
   $Headers .= 'X-Mailer: PHP/' . phpversion() . "\r\n";
   $Headers .= 'To: ' . $toAdmin . "\r\n";
   $Headers .= 'From: ' . $fromMail . "\r\n";

   mail($toAdmin, $MailSubject, $MailMessage, $Headers);
}

// Don't allow anybody to post snippets calls in GBook
function nosnippet($nocalltext) {
  $preg = array(
    // [[neco]]
    '/\[\[(.*?)\]\]/si'   =>   "<strong>[ [</strong> $1 <strong>] ]</strong>",
    // [!neco!]
    '/\[\!(.*?)\!\]/si'   =>   "<strong>[ !</strong> $1 <strong>! ]</strong>",
    // [*neco*]
    '/\[\*(.*?)\*\]/si'   =>   "<strong>[ *</strong> $1 <strong>* ]</strong>",
  );
  $nocalltext = preg_replace(array_keys($preg), array_values($preg), $nocalltext);
  return $nocalltext;
}

// Query for the user ID (id) for the GuestBook owner
$sql = "SELECT id FROM ".$tbl."manager_users WHERE ".$tbl."manager_users.username='$guestbookadmin';";
$rs = $etomite->dbQuery($sql);
$limit = $etomite->recordCount($rs);

// Check to make sure $guestbookadmin has been created and assigned
if($limit == 1) {

    $userrec = $etomite->fetchRow($rs);
    $userid = $userrec['id'];

    // Check to see if a valid message has been submitted
    if(isset($_POST['submit']) && ($_POST['subject'] > "")  && ($_POST['message'] > "")){
        $postdate = time();
        $recipient = $userid;
        $subject = $type . $gap . strip_tags($_POST['subject']);
        $message = htmlspecialchars($_POST['message']);
        $sender_ip = $_SERVER['REMOTE_ADDR'];
        $sender_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);

        // Query to INSERT a new GuestBook message into user_messages
        $sql = "INSERT INTO $msgdb ( id , type , subject , message , sender , recipient , private , postdate , messageread , sender_ip , sender_host ) VALUES ( '', '$type', '$subject', '$message', '0', '$recipient', '0', '$postdate', '0',   '$sender_ip', '$sender_host');";

        $rs = $etomite->dbQuery($sql);  // Execute the Query
        $submitted="TRUE";
    }
    else $submitted = "TRUE";

    // Display write new message form
    if ($_GET['new_message'] == "TRUE") {
        // Display a Form for submitting a new message
        $output .= '<table style="width: 380px; margin: 0px auto;">';
        $output .= '<tr><td>';
        $output .= '<form name="gbook" method="post" action="' . $aliasu . '">';
        $output .= '<input type="hidden" name="submitted" value="' . $submitted . '" />';
        $output .= $_lang_guestbook["name_or_alias"].'<br /><input name="subject" size="40" />';
        $output .= '<br />'.$_lang_guestbook["message"].'<br />';
        $output .= '<div style="text-align: center;"><input type="button" value="b" style="width: 50px; font-weight: bold" onclick="tag(\'b\');" /><input type="button" value="i" style="width: 50px; font-style: italic" onclick="tag(\'i\');" /><input type="button" value="u" style="width: 50px; text-decoration: underline" onclick="tag(\'u\');" /><input type="button" style="width: 50px" value="quote" onclick="tag(\'quote\');" /><input type="button" value="code" style="width: 50px" onclick="tag(\'code\');" /><input type="button" value="email" style="width: 50px" onclick="tag(\'email\');" /><input type="button" value="url" style="width: 50px" onclick="tag(\'url\');" /></div>';
        $output .= '<textarea rows="8" cols="50" name="message"></textarea><br />';
        $output .= '<div style="text-align: center;"><input type="submit" name="submit" value="'.$_lang_guestbook["send"].'" />';
        $output .= ' <input type="reset" name="reset" value="'.$_lang_guestbook["reset"].'" />';
        $output .= ' <input type="button" value="'.$_lang_guestbook["cancel"].'" onclick="window.location.href=\''.$pageurl.'?new_message=FALSE\'" /></div>';
        $output .= '</form>';
        $output .= '</td></tr></table>';
    }
  
    // Display write new message link
    else {
        $output .= '<div align="center">';
        $output .= '<input type="button" value="'.$_lang_guestbook["write_new_message"].'"onclick="window.location.href=\''.$pageurl.'?new_message=TRUE\'" />';
        $output .= '<noscript><br />'.$_lang_guestbook["javascript_disabled"].'</noscript>';
        $output .= '</div>';
    }
  
    $output .= "<h3>".$_lang_guestbook["messages"]."</h3>";

    // Query to COUNT existing messages
    $sql = "SELECT * FROM ".$tbl."user_messages
    WHERE ".$tbl."user_messages.recipient=$userid
    AND ".$tbl."user_messages.type='".$trimtype."'
    ORDER BY ".$tbl."user_messages.postdate $order;";

    $rs = $etomite->dbQuery($sql);  // Execute the Query
    $total = $etomite->recordCount($rs);  // Number of messages found

    // Message page number from GET
    if (isset($_GET["page"])) { $page = $_GET["page"]; }
    else { $page = 1; }

    // Index where to start in result set
    $from = 0 + ($page-1)*$messages;

    // Query to SELECT existing messages
    $sql = "SELECT * FROM ".$tbl."user_messages
    WHERE ".$tbl."user_messages.recipient=$userid
    AND ".$tbl."user_messages.type='".$trimtype."'
    ORDER BY ".$tbl."user_messages.postdate $order LIMIT $from, $messages;";

    $rs = $etomite->dbQuery($sql);  // Execute the Query
    $limit = $etomite->recordCount($rs);  // Number of messages found

    // Number of pages
    $pages = ceil($total/$messages);

    // Previous page link
    $previouspage = $page-1;
    $previouspage_text .= '<input type="button" value="< '.$_lang_guestbook["previous_page"].' ['.$previouspage.'/'.$pages.']" onclick="window.location.href=\''.$pageurl.'&amp;page='.$previouspage.'\'" /> ';

    // Next page link

    $nextpage = $page+1;
    $nextpage_text = ' <input type="button" value="'.$_lang_guestbook["next_page"].' ['.$nextpage.'/'.$pages.'] >" onclick="window.location.href=\''.$pageurl.'&amp;page='.$nextpage.'\'" />';

    // Previous and next page links at top of the page
    $output .= '<div align="center">';
    if ($previouspage > 0) { $output .= $previouspage_text; }
    if ($nextpage <= $pages) { $output .= $nextpage_text; }
    $output .= '</div>';

    // Empty lines
    if ($total > $messages) {
        $output .= "<br /><br />";
    }

    // Show if is IP logged or not
    // (still working on it :) )    

    // Loop through each of the messages and format for display
    for ($y = 0; $y < $limit; $y++) {
        if ($order == "DESC") { $number = $total - $from - $y; }
        if ($order == "ASC") { $number = $from + $y + 1; }
        $guestbookrec = $etomite->fetchRow($rs);
        $poster = str_replace($type.$gap,"",$guestbookrec['subject']);
        $message = $guestbookrec['message'];
        $postdate = strftime($dateformat, $guestbookrec['postdate']+$server_offset_time);
        $output .= '<table ' . $message_box_style . '>';
        $output .= '<tr><td style="width: 320px; text-align: left;">'.$_lang_guestbook["sender"].' <strong>' . nosnippet($poster) . '</strong></td>';
        $output .= '<td style="width: 180px; text-align: right;">' . $postdate . '</td></tr>';
        $output .= '<tr><td style="text-align: left;" colspan="2">'.bbcode(nosnippet($message)).'</td></tr>';
        $output .= '<tr><td style="text-align: left;">&nbsp;</td>';
        $output .= '<td style="text-align: right;">'.$_lang_guestbook["count_message"].' ' . $number . '/' . $total . '</td></tr>';
        $output .= '</table><br />';
    }

    // Previous and next page links at bottom of the page
    $output .= '<div align="center">';
    if ($previouspage > 0) { $output .= $previouspage_text; }
    if ($nextpage <= $pages) { $output .= $nextpage_text; }
    $output .= '</div>';
}

// If no valid GuestBook owner is found display error message...
else  $output = $_lang_guestbook["error"];

// Output
return $output;