'; print ''; print ''; print '

Name:
Password:

'; print ''; print ''; print ''; print '

Content (limited to 500 characters, HTML will not be rendered):
' . $content . '

'; } # display all the comments about a news item function printpage( $name, $password, $content ){ $subdir = $_REQUEST['dir']; $dir = "../../../cgi_data/news/" . $subdir . "/"; if ( (isset ( $subdir ) ) && ( $dh = opendir( $dir ) ) ) { print ''; print ''; print ''; print ''; while ( $file = readdir($dh)) { if ( ereg ( '^news$', $file ) ){ if (! $newsF = fopen( $dir . $file, "r")) { echo "Error processing news. Please contact system administrator."; } else { flock($newsF, LOCK_EX); print "\n"; if ( count($comments) ){ sort ($comments); reset ($comments); # print comments foreach ( $comments as $comment ){ if ( $commF = fopen( $dir . $comment, "r")) { print "\n"; } else { print "Error opening comment."; } } } print '

'; print '

"; while ( !feof ( $newsF ) ) { print fgets( $newsF ); } flock($newsF, LOCK_UN); fclose ( $newsF ); } } elseif ( ereg ( '^comment[0-9]+', $file ) ){ $comments[] = $travdir . $file; } } closedir($dh); print "Comments: " . count($comments) . "

"; flock($commF, LOCK_EX); while ( !feof ( $commF ) ) { print fgets( $commF ); } flock($commF, LOCK_UN); fclose ( $commF ); print "

'; printform($name,$password,$content); } else { print "Error opening news directory!"; } } # verify parameters passed in and store comment function valid ( &$name, &$password, &$content ) { scrub ( $name ); scrub ( $password ); scrub ( $content ); # sanity check input if ( ( strlen ( $content ) > 500 ) || ( strlen ( $content ) < 4 ) ){ print "

Comment must be between 4 and 500 characters.

"; return (FALSE); } # open user db if ( ( is_file ("../../../cgi_data/users.data") ) && ($fp = fopen("../../../cgi_data/users.data", "r") ) ){ flock($fp, LOCK_SH); # verify user while ( !feof ( $fp ) ){ list( $namef, $ignore, $ignore, $passwordf ) = explode ( ":", fgets ( $fp ) ); scrub ( $namef ); scrub ( $passwordf ); if ( ($name == $namef) && ($password == str_rot13( $passwordf ) ) ){ flock($fp, LOCK_UN); fclose($fp); list($usec, $sec) = explode(" ", microtime()); $subdir = $_REQUEST['dir']; $dir = "../../../cgi_data/news/" . $subdir . "/"; # we have a good user so log comment if ( $fp = fopen($dir . "comment" . ( $sec + $usec ), "w") ){ flock($fp, LOCK_EX); fputs($fp, "Author: " . $name . "
"); fputs($fp, "Date: " . date("l dS of F Y h:i:s A") . "

"); fputs($fp, htmlspecialchars($content)); flock($fp, LOCK_UN); fclose($fp); } return(TRUE); } elseif ( $name == $namef ) { print '

Invalid password

'; flock($fp, LOCK_UN); fclose($fp); return(FALSE); } } print '

Unknown user. Click here to register or fix the mistake.

'; flock($fp, LOCK_UN); fclose($fp); return(FALSE); } else { # if we reach this point it means a user db didnt exist print '

Couldn\'t open user file... most likely caused by no users being registered. Please register here.

'; return(FALSE); } } # scrub function scrub(&$value) { $value = trim($value); } # check to see if we have a new comment submittal $name = $_REQUEST['name']; $password = $_REQUEST['password']; $content = $_REQUEST['content']; # some sanity checking if ( isset( $name ) ) { if ( ( strlen($name) > 0 ) && valid ( $name, $password, $content ) ) { print '

Comment added. Click here.'; } else { if ( strlen($name) == 0 ){ print "

Enter a valid username please.

"; } printform ( $name, $password, $content ); } } else { # display the typical comment page printpage( $name, $password, $content ); } ?>