Flat file Guesbook

[Jurge]

I am creating a guestbook for a friend who has access to a hosting server for free, however they are reluctant to let us create databases so i have used a flat file system to create a simple login and register system. On this site I have also included a flatfile guestbook, I've not coded this from scratch as I'm just not php freak enough for it. The guestbook requires a name and email address to submit a post, i would like to change this so that it takes the details straight from the flatfile and not be displayed at all if there is no-one logged in.

 

Guestbook.php

<?php
  // find out the domain:
  $domain = $_SERVER['HTTP_HOST'];
  // find out the path to the current file:
  $path = $_SERVER['SCRIPT_NAME'];
$url = "http://" . $domain . $path  ;
extract($_POST);
if($Submit){
$date = date('D d Y h:i');

$comment=eregi_replace("\r\n","*",$comment);
$comment=eregi_replace("\n","*",$comment);
$fp = fopen("bin/guestbook.nfo","a+");

if(!$fp) {
    echo 'Error: Cannot open file.';
    exit;
}

fwrite($fp, $date."||".$name."||".$email."||".$comment."\n");

fclose($fp);

}
?>



<div align="center">
  <h2><span class="style1">Guestbook </span><br>
  </h2>
</div>
<form name="form1" method="post" action="<?php echo $url;?>">
  <label>Name
  <input type="text" name="name">
  </label>




  <label>Email
  <input type="text" name="email">
  </label>
  <p> </p>
  <p>
    comment<br>
    <textarea name="comment" cols="40" rows="10"></textarea>

    <br>
    <label>
    <input type="submit" name="Submit" value="Sign">
    </label>
    <br>
    </p>
</form>
<hr>

<?php

$userinfo = file("cgi-bin/guestbook.nfo");

   echo '<table border="0">';

foreach($userinfo as $val)

{
   //explode that data into a new array:
   $data = explode("||", $val);


  echo '<tr><td>'.$data[0].'</td></tr>';
   echo '<tr><td>'.$data[1].' Wrote:</td></tr>';

    $data[3]=eregi_replace("\*","<br>",$data[3]);

   echo '<tr><td>'.$data[3].'</td></tr>';
   echo '<tr><td>Email:'.$data[2].'<hr></td></tr>';
}


   echo '</table>';



?>

 

[Adam]

We can't really help you without seeing how your login system works..

[Jurge]

Login:

<?php
  // find out the domain:
  $domain = $_SERVER['HTTP_HOST'];
  // find out the path to the current file:
  $path = $_SERVER['SCRIPT_NAME'];
$url = "http://" . $domain . $path  ;
extract($_POST);
if($Submit){
$date = date('D d Y h:i');

$comment=eregi_replace("\r\n","*",$comment);
$comment=eregi_replace("\n","*",$comment);
$fp = fopen("bin/guestbook.nfo","a+");

if(!$fp) {
    echo 'Error: Cannot open file.';
    exit;
}

fwrite($fp, $date."||".$name."||".$email."||".$comment."\n");

fclose($fp);

}
?>



<div align="center">
  <h2><span class="style1">Guestbook </span><br>
  </h2>
</div>
<form name="form1" method="post" action="<?php echo $url;?>">
  <label>Name
  <input type="text" name="name">
  </label>




  <label>Email
  <input type="text" name="email">
  </label>
  <p> </p>
  <p>
    comment<br>
    <textarea name="comment" cols="40" rows="10"></textarea>

    <br>
    <label>
    <input type="submit" name="Submit" value="Sign">
    </label>
    <br>
    </p>
</form>
<hr>

<?php

$userinfo = file("cgi-bin/guestbook.nfo");

   echo '<table border="0">';

foreach($userinfo as $val)

{
   //explode that data into a new array:
   $data = explode("||", $val);


  echo '<tr><td>'.$data[0].'</td></tr>';
   echo '<tr><td>'.$data[1].' Wrote:</td></tr>';

    $data[3]=eregi_replace("\*","<br>",$data[3]);

   echo '<tr><td>'.$data[3].'</td></tr>';
   echo '<tr><td>Email:'.$data[2].'<hr></td></tr>';
}


   echo '</table>';



?>

 

Session:

<?php 
class user { 
    var $file_dir = ""; 
     
    function start($time = 3600) { 
        session_set_cookie_params($time , ''); 
        session_name('afroxav-login'); 
        session_start(); 

         // Reset the expiration time upon page load 
        if (isset($_COOKIE['afroxav-login'])) { 
            setcookie('afroxav-login', $_COOKIE['afroxav-login'], time() + $time, '', 'localhost', 0, 1); 
        } 

        if (!isset($_SESSION['info'])) { 
            $this->data = array('name' => 'Anonymous', 'logged' => false); 
        } else { 
            $this->data = $_SESSION['info']; 
        } 
    } 

    function check_login() { 
        if ($this->data['logged'] !== true) { 
            return false; 
        } else if ($this->data['logged'] === true) { 
            if ($this->data['name'] !== 'Anonymous') { 
                return true; 
            } 
            return false; 
        } 
        return false; 
    } 

    function login($user, $pass) { 
        $logins_raw = @file_get_contents($this->file_dir . 'users.php'); 
        $logins_processed = str_replace('<?php exit; ?>', '', $logins_raw); 
        $logins_array = explode('\n', $logins_processed); 
        foreach ($logins_array as $id => $line) { 
            $logins[$id] = explode('|', $line); 
        } 
        $pass = $this->hash_pass($pass); 

        foreach ($logins as $user_info) { 
            if ($user_info[1] == $user) { 
                if ($user_info[2] == $pass) { 
                    $this->update_session($user_info); 
                    return true; 
                } 
            } 
        } 

        return false; 
    } 

    function hash_pass($string) { 
        return hash('sha512', $string); 
    } 

    function logout() { 
        $_SESSION['info'] = array('name' => 'Anonymous', 'logged' => false); 
        $this->data = $_SESSION['info']; 
        return true; 
    } 

    function prep_reg_array($name, $pass, $email, $mod = 'false', $admin = 'false') {
        $id_raw = @file_get_contents($this->file_dir . 'id.php'); 
        $id = str_replace('<?php exit; ?>', '', $id_raw); 
        $id = $id + 1; 
        @file_put_contents($this->file_dir . 'id.php', '<?php exit; ?>' . $id); 
        return array($id, $name, $this->hash_pass($pass), $email, $mod, $admin); 
    } 

    function register($userdata) { 
        $write = file_put_contents($this->file_dir . 'users.php', '\n' . implode('|', $userdata), FILE_APPEND); 
        return ($write !== false) ? true : false; 
    } 

    function update_session($array) { 
        $_SESSION['info'] = array( 
            'id'        => $array[0], 
            'name'        => $array[1], 
            'pass'        => $array[2], 
            'email'        => $array[3], 
            'mod'        => $array[4], 
            'admin'        => $array[5], 
            'logged'    => true 
        ); 
        $this->data = $_SESSION['info']; 
    } 
}; 

//html related functions 
//not related at all with the sessions 
function html_start($title) { 
    header('Content-type: text/html'); 

    echo "<html>\n"; 
    echo "<head>\n"; 
    echo "<title>\n"; 
    echo $title; 
    echo "</title>\n"; 
    echo "</head>\n"; 
    echo "<body>\n"; 
    echo "<h1>\n"; 
    echo $title; 
    echo "</h1>\n"; 
} 

function html_nav() { 
    global $user; 
     
    echo "<div>\n"; 
    echo "Navigation\n"; 
    echo "<ul>\n"; 
    echo "<li><a href=\"?page=home\">Home</a></li>\n"; 
    if ($user->check_login() == true) { 
        echo "<li><a href=\"?page=logout\">Log Out</a></li>\n"; 
    } else { 
        echo "<li><a href=\"?page=login\">Log In</a></li>\n"; 
        echo "<li><a href=\"?page=register\">Register</a></li>\n"; 
    } 
    echo "</ul>\n"; 
    echo "</div>\n";     
} 

function html_end() { 
    echo "</body>\n"; 
    echo "</html>\n"; 
} 
?>

 

 

The user details are just stored in a file called users.php

[Maq]

Did you have a question, what's the issue?

[Jurge]

Did you have a question, what's the issue?

 

It's in my first post.

[The Eagle]

       if (!isset($_COOKIE['afroxav-login'])) { 
echo "Not logged in.";
} else {
echo "guestbook here.";
}

 

Your question was a bit difficult to understand...

?? 

[Jurge]

Pardon me, I've just read through it and realised i've not explained very well, let me try again.

 

I have a flat file login system on my site, I also have a flat file guestbook. After the user has logged in i want the guestbook to be able to find the username and email address from the flat file login, and therefore when a user signs the guestbook with a comment, there username and email are displayed, as opposed to the current one which requires the user to type in the name and email.

 

Thanks