'; print ''; print ''; print ''; print '

Name:
Password:
Headline (75 chars):	' . $headline . '

'; print ''; print ''; print ''; print '

Content (limited to 1000 characters, HTML will not be rendered):
' . $content . '

'; } # verify parameters passed in and create news item as appropriate function valid ( &$name, &$password, &$content, &$headline ) { # clean the input scrub ( $name ); scrub ( $password ); scrub ( $content ); scrub ( $headline ); # sanity checks on input if ( strlen ( $content ) > 1000 ){ print "

Comment is too long... 1000 character max please.

"; return (FALSE); } if ( strlen ( $content ) < 4 ){ print "

Valid news must be at least 50 characters.

"; return (FALSE); } if ( strlen ( $headline ) < 10 ) { print "

Valid headlines must be at least 10 characters.

"; return (FALSE); } # open the users data if possible if ( ( is_file ( "../../../cgi_data/users.data" ) ) && ( $fp = fopen("../../../cgi_data/users.data", "r") ) ){ flock($fp, LOCK_SH); # basically lookup a user while ( !feof ( $fp ) ){ list( $namef, $ignore, $ignore, $passwordf ) = explode ( ":", fgets ( $fp ) ); scrub ( $namef ); scrub ( $passwordf ); # check name and password against db if ( ($name == $namef) && ($password == str_rot13( $passwordf ) ) ){ flock($fp, LOCK_UN); fclose($fp); list($usec, $sec) = explode(" ", microtime()); if (! is_dir ("../../../cgi_data/news") ) { mkdir ( "../../../cgi_data/news" ); } $dir = "../../../cgi_data/news/news" . ( $sec + $usec ) ; mkdir ($dir); $dir = $dir . "/"; # since user checked out add news item if ( $fp = fopen($dir . "news", "w") ){ flock($fp, LOCK_EX); fputs($fp, '' . $headline. "
\n"); fputs($fp, "Author: " . $name . "
" ); fputs($fp, "Date: " . date("l dS of F Y h:i:s A") . "

"); fputs($fp, htmlspecialchars($content) . "

"); flock($fp, LOCK_UN); fclose($fp); } return(TRUE); } elseif ( $name == $namef ) { # user didn't pass checks print '

Invalid password

'; flock($fp, LOCK_UN); fclose($fp); return(FALSE); } } # never found the username so bomb print '

Unknown user. Click here to register or fix the mistake.

'; flock($fp, LOCK_UN); fclose($fp); return(FALSE); } else { # if we reach this point it means a user db didnt exist print '

Couldn\'t open user file... most likely caused by no users being registered. Please register here.

'; return(FALSE); } } # scrub function scrub(&$value) { $value = trim($value); } # check to see if we have a new comment submittal $name = $_REQUEST['name']; $password = $_REQUEST['password']; $content = $_REQUEST['content']; $headline = $_REQUEST['headline']; if ( ( isset ($name) ) && ( strlen($name) > 0 ) ) { if ( valid ( $name, $password, $content, $headline ) ) { print '

News added. Click here.'; } else { printform ( $name, $password, $content, $headline ); } } else { if ( isset ($name) ) { print "

Please enter a valid name.

"; } printform ( $name, $password, $content, $headline ); } ?>