" . $messages['database_missing'] . "
"; } return false; } else { $old_data = file_get_contents($database . '.txt'); } /** * Post a message */ $error = ""; // error messages if($_SERVER['REQUEST_METHOD'] == 'POST') { $name = ""; //$url = ""; $message = ""; $timestamp = date('U'); // Make sure the guest name is not empty. if(isset($_POST['name']) && ! empty($_POST['name'])) { $name = strip_tags($_POST['name']); } else { $error .= "" . $messages['name_missing'] . "
"; } // Make sure the guest message is not empty. if(isset($_POST['message']) && ! empty($_POST['message'])) { $message = preg_replace( array( '/[\n\r]{4,}/', // [1] '/\n/', '/[\r\t]/', '/ {2}/', // Multiple space characters '/ | /', '/(.*?)<\/a>/i' // Match links ), array( '" . $messages['message_missing'] . "
"; } // Check for character length limit if(strlen($name) > $max_length_name) $error .= "" . $messages['max_length_name'] . "
"; if(strlen($message) > $max_length_message) $error .= "" . $messages['max_length_message'] . "
"; // If all data entered by guest is valid, insert new data! if($error === "") { $new_data = " 💌 " . $name ." 🕊 " . "\n" . "\n" . $message . "\n" . $timestamp; if( ! empty($old_data)) { create_or_update_file($database . '.txt', $new_data . "\n\n==\n" . $old_data); // Prepend data } else { create_or_update_file($database . '.txt', $new_data); // Insert data } } else { // else, print the error messages. echo $error; } } // [3] $_SESSION['guest_name'] = isset($_POST['name']) ? $_POST['name'] : ""; $_SESSION['guest_message'] = isset($_POST['message']) && $error != "" ? htmlentities($_POST['message'], ENT_QUOTES, 'UTF-8') : ""; // ---------------------------------------------------------------------------------------- // [1]. Prevent guest to type too many line break symbols. // People usually do these thing to make their SPAM messages looks striking. // [2]. Convert all HTML tags into HTML entities. This is done thoroughly for safety. // We can revert back the escaped HTML into normal HTML tags later via `filter_html()` // [3]. Save the form data into session. So if something goes wrong, the data entered // by guest will still be stored in the form after submitting. // ---------------------------------------------------------------------------------------- /** * Show the existing data. */ $data = file_get_contents($database . '.txt'); $current_page = isset($_GET['page']) ? $_GET['page'] : 1; $nav = ""; if( ! empty($data)) { $data = explode("\n\n==\n", $data); $total_pages = ceil(count($data) / $per_page); // Create navigation if the number of pages is more than 1. if($total_pages > 1) { for($i = 0; $i < $total_pages; $i++) { if($current_page == ($i + 1)) { $nav .= " " . ($i + 1) . ""; // Disabled navigation } else { $nav .= " " . ($i + 1) . ""; } } } for($i = 0; $i < count($data); $i++) { $item = explode("\n", $data[$i]); // Permalink (single item) // http://localhost/guestbook/index.php&data=database-001&guest=0123456789 if(isset($_GET['guest']) && preg_match('/[0-9]+/', $_GET['guest'])) { if($item[3] == $_GET['guest']) { echo "