// JavaScript Document
            
function strltrim() {
  return this.replace(/^\s+/,'');
}

function strrtrim() {
	 return this.replace(/\s+$/,'');
}
function strtrim() {
	 return this.replace(/^\s+/,'').replace(/\s+$/,'');
}

String.prototype.ltrim = strltrim;
String.prototype.rtrim = strrtrim;
String.prototype.trim  = strtrim;


function setfocus() {
  document.guestform.realname.focus();
}

function blockIP ( ip ) { 
   // ip = '82.128.2.147';
   var pattern; 
   var isBad = false;
	
   // 80.179.102.0 - 80.179.103.255
   pattern = /^80\.179\.10[23]\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
	
   // 216.139.180.0 - 216.139.180.255
   pattern = /^216\.139\.180\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
	
   // 204.39.0.0 - 204.39.199.255
   pattern = /^204\.39\.([0-9]|[0-9][0-9]|[1][0-9][0-9])\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
	
   // 212.199.251.0 - 212.199.251.127
   pattern = /^212\.199\.251\.([0-9]|[0-9][0-9]|[1][01][0-9]|12[0-7])$/;
   if (pattern.test( ip )) isBad = true;
	
   // 212.165.142.0 - 212.165.143.255
   pattern = /^212\.165\.14[23]\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
	
   // 82.128.0.0 - 82.128.31.255
   pattern = /^82\.128\.([0-9]|[12][0-9]|3[01])\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
	
   // 61.172.0.0 - 61.173.255.255
	// CHINANET Shanghai province network
   pattern = /^61\.17[23]\.\d{1,3}\.\d{1,3}$/;
   if (pattern.test( ip )) isBad = true;
   
   // 67.131.58.93
   pattern = /^67\.131\.58\.93$/;
   if (pattern.test( ip )) isBad = true;
	
   return isBad;
}


function isURL(addr) {
	var myRegExp=/(http:\/\/)/gi;
	var myArray = myRegExp.exec(document.myForm.myTextfield.value);
	
	return ((myArray) && (myArray.length == 1) && (myRegExp.lastIndex == 7));
}

function buildForm() {
   var formcode;
   formcode  = '<form name="guestform" action="../cgi-bin/guestbook.pl"';
   formcode += ' method="post" onSubmit="return checkForm()">';
   formcode += '<input type="hidden" name="url" value="">';
   formcode += '<input type="hidden" name="userid" value="cashultz" size=9>';
   formcode += '<input type="hidden" name="city" value="">';
   formcode += '<input type="hidden" name="state" value="">';
   formcode += '<input type="hidden" name="country" value="">';
	
   formcode += '<table border="0" cellspacing="2" cellpadding="2">';
   formcode += '<tr><td align="right" bgcolor="#DBD5C7" nowrap>Your Name:</td>';
   formcode += '<td><input type="text" name="realname" size=38></td></tr>';
   formcode += '<tr><td align="right" bgcolor="#DBD5C7">E-Mail:</td>';
   formcode += '<td><input type="text" name="username" size=38></td></tr>';
	
	/*
   formcode += '<tr><td align="right" bgcolor="#DBD5C7">City:</td>';
   formcode += '<td><input type="text" name="city" size=32></td></tr>';
   formcode += '<tr><td align="right" bgcolor="#DBD5C7">State:</td>';
   formcode += '<td><input type="text" name="state" size=3></td></tr>';
   formcode += '<tr><td align="right" bgcolor="#DBD5C7">Country:</td>';
   formcode += '<td><input type="text" name="country" size=15 value="USA"></td></tr>';
	*/
	
   formcode += '<tr><td align="right" bgcolor="#DBD5C7">Comments:</td>';
   formcode += '<td><textarea name="comments" cols=60 rows=10></textarea></td></tr>';
   formcode += '</table>';
   formcode += '<p><input type="submit" value="Submit Comments" onClick="tagIP()"> &nbsp; &nbsp;';
   formcode += '<input type="reset" value="Clear Form"></p>';
   formcode += '</form>';
   document.write(formcode);
}


function tagIP() {    
   // append ip address to comment
   if (remoteAddr) {
      //var gbComment = document.guestform.comments.value;
      //document.guestform.comments.value = gbComment + '<!-- ' + remoteAddr + ' -->';
      //document.guestform.url.value = "javascript:alert('Guest:  " + remoteAddr + "')";
   }
}


//==============================================================================
function emailCheck (emailStr) {
   /* The following pattern is used to check if the entered e-mail address
      fits the user@domain format.  It also is used to separate the username
      from the domain. */
   var emailPat=/^(.+)@(.+)$/
   /* The following string represents the pattern for matching all special
      characters.  We don't want to allow special characters in the address. 
      These characters include ( ) < > @ , ; : \ " . [ ]    */
   var specialChars="\\(\\)<>@,;:\\\\\\\"\\.\\[\\]"
   /* The following string represents the range of characters allowed in a 
      username or domainname.  It really states which chars aren't allowed. */
   var validChars="\[^\\s" + specialChars + "\]"
   /* The following pattern applies if the "user" is a quoted string (in
      which case, there are no rules about which characters are allowed
      and which aren't; anything goes).  E.g. "jiminy cricket"@disney.com
      is a legal e-mail address. */
   var quotedUser="(\"[^\"]*\")"
   /* The following pattern applies for domains that are IP addresses,
      rather than symbolic names.  E.g. joe@[123.124.233.4] is a legal
      e-mail address. NOTE: The square brackets are required. */
   var ipDomainPat=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/
   /* The following string represents an atom (basically a series of
      non-special characters.) */
   var atom=validChars + '+'
   /* The following string represents one word in the typical username.
      For example, in john.doe@somewhere.com, john and doe are words.
      Basically, a word is either an atom or quoted string. */
   var word="(" + atom + "|" + quotedUser + ")"
   // The following pattern describes the structure of the user
   var userPat=new RegExp("^" + word + "(\\." + word + ")*$")
   /* The following pattern describes the structure of a normal symbolic
      domain, as opposed to ipDomainPat, shown above. */
   var domainPat=new RegExp("^" + atom + "(\\." + atom +")*$")
   
   
   /* Finally, let's start trying to figure out if the supplied address is
      valid. */
   
   /* Begin with the coarse pattern to simply break up user@domain into
      different pieces that are easy to analyze. */
   var matchArray=emailStr.match(emailPat)
   if (matchArray==null) {
     /* Too many/few @'s or something; basically, this address doesn't
        even fit the general mould of a valid e-mail address. */
   	alert("Email address seems incorrect (check @ and .'s)")
   	return false
   }
   var user=matchArray[1]
   var domain=matchArray[2]
   
   // See if "user" is valid 
   if (user.match(userPat)==null) {
       // user is not valid
       alert("The username doesn't seem to be valid.")
       return false
   }
   
   /* if the e-mail address is at an IP address (as opposed to a symbolic
      host name) make sure the IP address is valid. */
   var IPArray=domain.match(ipDomainPat)
   if (IPArray!=null) {
       // this is an IP address
   	  for (var i=1;i<=4;i++) {
   	    if (IPArray[i]>255) {
   	        alert("Destination IP address is invalid!")
   		return false
   	    }
       }
       return true
   }
   
   // Domain is symbolic name
   var domainArray=domain.match(domainPat)
   if (domainArray==null) {
   	alert("The domain name doesn't seem to be valid.")
       return false
   }
   
   /* domain name seems valid, but now make sure that it ends in a
      three-letter word (like com, edu, gov) or a two-letter word,
      representing country (uk, nl), and that there's a hostname preceding 
      the domain or country. */
   
   /* Now we need to break up the domain to get a count of how many atoms
      it consists of. */
   var atomPat=new RegExp(atom,"g")
   var domArr=domain.match(atomPat)
   var len=domArr.length
   if (domArr[domArr.length-1].length<2 || 
       domArr[domArr.length-1].length>3) {
      // the address must end in a two letter or three letter word.
      alert("The address must end in a three-letter domain, or two letter country.")
      return false
   }
   
   // Make sure there's a host name preceding the domain.
   if (len<2) {
      var errStr="This address is missing a hostname!"
      alert(errStr)
      return false
   }
   
   // If we've gotten this far, everything's valid!
   return true;
}

//==============================================================================
function checkForm() {
   var theName    = document.guestform.realname.value.trim();
   var theEmail   = document.guestform.username.value.trim();
   var theURL     = document.guestform.url.value.trim();
   var theCity    = document.guestform.city.value.trim();
   var theState   = document.guestform.state.value.trim();
   var theCountry = document.guestform.country.value.trim();
   var theComment = document.guestform.comments.value.trim();
   var theValue   = '';
   var badComment = false;
   var badEmail = false;
    
    theValue = theName.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.indexOf("<") != -1) {
        alert("Please enter a valid Name.");
        return false;
    }
    if (theName.length < 1) {
        alert("Name required!");
        return false;
    }
    
    theValue = theEmail.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.length > 0) {
       if (theValue.indexOf("<script") != -1) 
       {
           alert("Please enter a valid E-mail address.");
           return false;
       } 
       else if (theValue.indexOf("lagos.com") != -1) {
           badEmail = true;
       }
       else if (theValue.indexOf("mugu.com") != -1) {
           badEmail = true;
       }
       else if (!emailCheck(theValue)) {
           return false;
       }
    }
      
	// reject if banned email addresses
    if (badEmail) {
        window.location.href = "http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htm";
        return false;
    }
    
    theValue = theURL.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.indexOf("<script") != -1) 
    {
        alert("Please enter a valid Home Page address.");
        return false;
    }
    
    theValue = theCity.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.indexOf("<script") != -1) {
        alert("Please enter a valid City.");
        return false;
    }
    
    theValue = theState.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.indexOf("<script") != -1) {
        alert("Please enter a valid State.");
        return false;
    }
    
    theValue = theCountry.toLowerCase();
    theValue = theValue.replace(RegExp(' ','g'), '');
    if (theValue.indexOf("<script") != -1) {
        alert("Please enter a valid Country.");
        return false;
    }
    
    theValue = theComment.toLowerCase();
	// remove blanks for comparisons
    theValue = theValue.replace(RegExp(' ','g'), '');
	// script tags or banned hyperlinks in comment
    if (theValue.indexOf("<script") != -1)
       badComment = true;
    else if (theValue.indexOf("www.1heluva.com") != -1)
       badComment = true;
    else if (theValue.indexOf("debt-consolidation") != -1)
       badComment = true;
    else if (theValue.indexOf("www.bcsave.com") != -1)
       badComment = true;
    else if (theValue.indexOf("guyman") != -1)
       badComment = true;
      
	// reject if bad comment
    if (badComment) {
        alert("Please enter a valid Comment.");
        return false;
    }
	// reject if missing comment
    if (theComment.length < 1) {
        alert("Comment required!");
        return false;
    }
}