define("DATADIR", "data/");
function unhtmlentities($string)
{
return strtr($string, array_flip(get_html_translation_table(HTML_ENTITIES)));
}
function checkPassword($filename, $password)
{
if (strpos($filename, "/") !== false || strpos($filename, "\\") !== false)
{
echo "Error: Slash found in filename (this is not Guns & Roses!).";
die();
}
$filename = DATADIR . $filename;
if (!file_exists($filename))
{
$fp = fopen($filename, "w");
fclose($fp);
return;
}
$fp = fopen($filename, "r");
$fcnt = fread($fp, filesize($filename));
fclose($fp);
if (strlen($fcnt) != 0)
{
$pos = strpos($fcnt, "") + 10;
$passfound = false;
while ($pos !== false)
{
$end = strpos($fcnt, "");
if ($end === false)
{
$pos = strpos($fcnt, "", $pos);
continue;
}
$passfound = true;
$str = substr($fcnt, $pos, $end - $pos);
if ($str == $password)
return;
$pos = strpos($fcnt, "", $end + 11);
}
if ($passfound)
{
echo "Wrong password.";
die();
}
}
}
function register_post_var($name)
{
global $HTTP_POST_VARS, $$name;
if (isset($HTTP_POST_VARS[$name]))
$$name = $HTTP_POST_VARS[$name];
else
$$name = "";
}
register_post_var('filename');
register_post_var('password');
register_post_var('fcnt');
if (empty($filename))
{
echo '
}
else if (empty($fcnt))
{
checkPassword($filename, $password);
$fp = fopen(DATADIR . $filename, "r");
$fcnt = fread($fp, filesize(DATADIR . $filename));
fclose($fp);
echo '
}
else
{
checkPassword($filename, $password);
$fp = fopen(DATADIR . $filename, "w");
fwrite($fp, stripslashes(unhtmlentities($fcnt)));
fclose($fp);
}
?>