PHP guestbook script

PLEASE NOTE: I cannot provide free installation support for this free script! Please use the above e-mail address to contact me ONLY about possible bug reports, suggestions or comments! Thank you!



Copyright 2004-2007 Klemen Stirn. All Rights Reserved.

The GBook may be used and modified free of charge by anyone so long as this copyright notice and the comments above remain intact. By using this code you agree to indemnify Klemen Stirn from any liability that might arise from it's use.

Selling the code for this program without prior written consent is expressly forbidden.

Obtain permission before redistributing this software over the Internet or in any other medium. In all cases copyright and header must remain intact. This Copyright is in full effect in any country that has International Trade Agreements with the United States of America or with the European Union.

Removing copyright notice ("Powered by" statement)
Removing any of the copyright notices without purchasing a license is illegal! To remove PHPJunkyard copyright notice you must purchase a license for this script. For more information on how to obtain a license please visit the site below:


PHP guestbook where you visitors can post comments about your website. Comes with good anti-SPAM protetction.

Changes in 1.5
- Gbook is now XHTML 1.0 valid (set to Transitional, but valdiates also as Strict)
- added IP address banning
- added fixes for two most common problems with sessions
- improved anti-SPAM features
- multiple empty lines will now be reduced to only one empty line
- fixed display of special language characters


» Installation

Please take 5 minutes time and read installation instructions carefully and completely! This will ensure a proper and easy installation.

  1. Open file settings.php in your favorite PLAIN TEXT editor (like Notepad or Wordpad on Windows systems, DO NOT use MS Word or similar editor) and set these variables:

    Variable Description/Setup
    $settings['apass'] This will be your password for the admin panel. Change it from the default password admin. Use only letters a-Z, A-Z and numbers 0-9
    $settings['website_title'] A short title of your website, eg "My lovely website"
    $settings['website_url'] URL of your website. This is the URL your link partners will have to place on their website.
    $settings['gbook_title'] Title of your guestbook, eg "John's guestbook"
    $settings['logfile'] Name of the file where posts will be stored. I strongly recommend that you rename this file from the default name entries.txt to some hard-to-guess name, for example g3isht39a.txt
    $settings['use_url'] As of version 1.4 you can easily enable/disable the "Your website:" field of the GBook. Set to 1 to enable people posting their website URL and 0 to disable. This option has been added to further minimize the odds of people posting your guestbook just to advertise their website. The Your website field is DISABLED by default since version 1.4
    $settings['use_private'] If set to 1 your visitors will have an option to make their post PRIVATE (not publicly displayed and readable only with admin password). Set to 0 to disable private posts.
    $settings['smileys'] If set to 1 text like :), ;) etc will be replaced by smileys (image icons). Individual visitors will still be able to disable smileys for their entry. If you don't want to allow smileys set to 0.
    $settings['notify'] If set to 1 you will receive an e-mail notification at your admin e-mail address every time a new entry is added to your guestbook. Set to 0 if you don't want to be notified.
    $settings['admin_email'] Your e-mail address where new entry notifications will be sent. Only required if $settings['notify'] is set to 1.
    $settings['gbook_url'] URL of the gbook.php script. For example
    $settings['filter'] If set to 1 all new posts will be filtered for bad words and replaced by ****.
    $settings['filter_lang'] The language of bad words file. For now only English language is supported so you can only use "en" (CaSe SeNSiTiVe). Please read section "Adding / Translating bad words list" further down for info on how to add/translate bad words.
    $settings['autosubmit'] Setting this to 1 or 2 will require entering a "security number" in order to successfully submit a new entry to the guestbook. I have added this to prevent SPAMing the guestbook. Set to 0 if you want to disable the security number check.

    Setting to 1 will display the security number in a generated image. For this to work your server must have GD library installed. You can test if your server supports all the required functions by uploading the gd_test.php file to your server and open it in your browser. If you get a red image with text WORKS your server shouldn't have problems with it. If you get an error when opening gd_test.php try using the text version as explained below or ask your hosting company to install the GD library for PHP.

    Setting to 2 will display the security number in text format. While this is not as effective as an image it will still block the majority of known spam robots.

    RECOMMENDED SETTING: $settings['autosubmit']=1;
    OR if the above doesn't work try
    RECOMMENDED SETTING: $settings['autosubmit']=2;
    $settings['filter_sum'] This variable is used in the preventing automated submissions and is just a little trick that should make it all even more reliable. The idea is to set this to some random sequence of chars and numbers, for example dhjx72js. It doesn't really matter how long it is, but you should use only chars (a-zA-Z) and digits (0-9). Don't leave the default value (as it would loose the whole point), set it to something of your own. Examples would be g3oyf98, p9ak85i, h398dgf and similar. Again, DO NOT USE these examples, just type some chars of your own!

    This is one of the most important anti-SPAM setting so don't forget to set it!
    $settings['junkmark_use'] Version 1.35 introduces new mechanism for fighting guestbook spam JunkMarkTM, developed by Klemen Stirn (the author). It is designed to catch spammers who actually visit your guestbook and get past the security number check. Setting this variable to 1 will enable JunkMarkTM, setting it to 0 will disable it. JunkMarkTM calculates probability of a message being SPAM and gives it a score between 0 (not SPAM) and 100 (SPAM). The higher the score the more likely the message is SPAM

    RECOMMENDED SETTING: $settings['junkmark_use']=1;
    $settings['junkmark_limit'] Set to the score after which messages are rejected as SPAM. Messages which are given a JunkMarkTM score same or higher to this limit will not be added to the guestbook. Possible values are between 0 and 100. I don't recommend setting it below 50! The optimal value is around 60 to 70.

    RECOMMENDED SETTING: $settings['junkmark_limit']=60;
    New in 1.5
    If set to 1 Gbook will automatically ban IP if the JunkMark score is 100 (meaning 100% SPAM). Set to 0 to disable automatic banning.

    RECOMMENDED SETTING: $settings['junkmark_ban100']=1;
    $settings['show_nospam'] If set to 1 a small banner promoting "NO GUESTBOOK SPAM" with a link to my Guestbook SPAM article will be placed at the bottom of your guestbook. Not required, but very welcome and you help notifying people about the guestbook SPAM problem and how to avoid it. Set to 0 to disable the banner.
    $settings['one_per_session'] If set to 1 each person will be able to make only one post per browser session. As of version 1.33 you can officially disable this by setting this variable to 0.

    RECOMMENDED SETTING: $settings['one_per_session']=1;
    $settings['max_word'] The maximum length of each line of comments. This is to prevent long "words" like ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff from stretching your guestbook.
  2. Save and close the settings.php file.
    Don't forget to rename the entries.txt file to the name you set as $settings['logfile'] in settings.php!

  3. Go to your FTP client and FTP to the public directory on your server (where the rest of your website is; usually "public_html", "www" or "site") and create a folder where you will install GBook.
    Example: /public_html/gbook Corresponding URL:

  4. Upload all GBook files to this folder. The "images" folder (all files in this folder) must be transferred in BINARY mode, other files in ASCII mode (refer to your FTP client instructions for details on how to set transfer mode properly).

Make sure that PHP scripts have permission to write to files banned_ip.txt and entries.txt (or the renamed file as set in
$settings['logfile']) - on UNIX (Linux) servers you must CHMOD (set permissions for) these two files to 666 (rw-rw-rw).

If you have done all this your guestbook should work now. In your browser open your GBook, for example: and test it. You can delete messages by clicking the red [X] icon and entering your admin password.

You may edit header.txt and footer.txt files to add your own header and footer to the links page. You will have to use full image URLs in the code. For example instead of <IMG SRC="images/image.jpg" ... > use <IMG SRC="" ... >! Same goes for any Javascripts or CSS files if you are calling them from within the header or footer.

Upgrading from version 1.4, 1.41, 1.42 or 1.43

To upgrade from version 1.4x to version 1.5 follow these steps:

  1. BACKUP your old Gbook
  2. Edit the new settings.php file (more info under "Installation") as new variables have been added
  3. Upload these files to your server in ASCII mode: banned_ip.txt, gbook.php, print_sec_img.php,,, smileys.htm, style.css
  4. CHMOD file banned_ip.txt to 666 (rw-rw-rw)
  5. Test everything. All your current posts should stay intact.

NOTE: File "" has been renamed to "" so make sure you have the lower-case file on your server! There were some changes in the style.css and smileys.htm files, don't forget to upload these two files (and edit style.css if you like)!

Good luck with the script!

Upgrading from version 1.34 or 1.35

To upgrade from version 1.34 or 1.35 to version 1.5 follow these steps:

  1. BACKUP your old Gbook
  2. Edit the new settings.php file (more info under "Installation") as new variables have been added
  3. Upload these files to your server (all in ASCII mode): banned_ip.txt, gbook.php, print_sec_img.php,, settings.php, smileys.htm, style.css
  4. CHMOD file banned_ip.txt to 666 (rw-rw-rw)
  5. Upload these new/edited images from the images folder: delete.gif, ip.gif, nospam.gif, reply.gif
  6. Test everything. All your current posts should stay intact.

Good luck with the script!

» Troubleshooting

PLEASE READ BEFORE ASKING Since this script is free no support is guaranteed. You will find solutions for some common problems below. If you can't get the script to work please go through this readme file again carefully and repeat the installation step-by-step (also delete old files and folders from the server). Also please feel free to FIRST SEARCH for solutions and then post any questions or problems you might have to PHPJunkyard forum!

1. What is CHMOD and FTP?

I have prepared a simple FTP and CHMOD tutorial which will help you FTP files to your server and set correct CHMOD settings.

2. My guestbook doesn't work, HELP!

Here are a few things to check:

  1. did you upload the images folder in BINARY mode and all other files ASCII mode?
  2. did you upload the entries.txt file and RENAMED it to the name you set as $settings['logfile'] in settings.php
  3. are entries.txt (or the file named as set under $settings['logfile'] in settings.php) and banned_ip.txt files world writable? CHMOD them to 666 (rw-rw-rw) if you are on a UNIX server
  4. if images don't display correctly check if you uploaded them (the entire "images" folder) correctly. The images folder must be place within the guestbook folder, for example
  5. go through the entire setup process again carefully

3. The security number image/text doesn't work (show up)?

For the image to work your server must have GD library installed. You can test if your server supports all the required functions by uploading the gd_test.php file to your server and open it in your browser. If you get an error when opening gd_test.php you should either ask your hosting company to install the GD library for PHP or try with $settings['autosubmit'] set to 2. This will display the security number in text format which is not as effective but better than nothing.

If you get the red WORKS image but the security image still doesn't work you probably have problems with sessions. Ask your hosting company to check PHP sessions configuration. Same thing if $settings['autosubmit'] set to 2 doesn't work.

4. I installed GBook but I still get many SPAM messages?

Make sure you have the latest version of GBook and that you have variables $settings['autosubmit'] set to 1 or 2 and $settings['junkmark_use'] set to 1. Also make sure the variable $settings['junkmark_limit'] is not set too high or too low (recommended value is 60) and that you have changed variable $settings['filter_sum'] as explained under Installation.

5. May I use JunkMarkTM SPAM filter in my other scripts?

No, you are not allowed to use JunkMarkTM SPAM filter in any other script (commercial or open source) without my express written permission. It may only be used in GBook and scripts that are direct derivates of GBook (customized/modified versions).

6. How can I ban an IP address?

Select "Ban IP address" when deleting a post or viewing IP address from GBook.

You can manually ban an IP address by adding IP% to the banned_ip.txt file. For example to ban IP add this to the banned_ip.txt file:

You don't have to put it in a new line, IPs can be listed like this:

7. How can I remove an IP address from ban?

Open banned_ip.txt, find and delete the IP address you wish to stop banning, save changes and you're done!

» Adding / Translating bad words list

As of version 1.2 GBook can search for bad words in the comments and replace them with ****. Files with bad words list are stored in folder "badwords" and have two letter names. For now only English version is available (named "en.php").

Before adding new words please install GBook and test it so you are sure it works properly!

To add new bad words open the en.php file in your favorite PLAIN TEXT editor (like Notepad or Wordpad on Windows systems, DO NOT use MS Word or similar editor), find the comment saying INSERT NEW BAD WORDS BELOW THIS LINE and add new bad words in this format:


For example if "asfhkjhfasf" is a bad word you would add this line to the file:

"asfhkjhfasf" => "a**********",

Don't forget to add a comma ( , ) after the line!

If you are translating the bad words file I suggest you leave the English words and add new ones in your language as explained above. Then save the file as two letter country code php file. For example, if you are translating the file in French, you should save the file as fr.php (CaSe SeNSiTiVe!). Upload fr.php to your "badwords" folder, go to settings.php again and set $settings['filter_lang'] to "fr" (file name without .php).

Now test the GBook again. If you get an Error or Warning when you try to post a new message this means something is wrong with your language file. It either can't be found (check the name of the file, on most servers names are CaSe SeNsiTiVe!) or something is wrong with PHP syntax in it (make sure all the words are added in
"BADWORD" => "REPLACEMENT", syntax).

Please send me the translated file. If you translate the bad words file to your language please send it to info AT phpjunkyard DOT com (or contact me through contact form) and I will make it available to others for download. You may include your name, website URL and e-mail address and I will give you proper credit (translated by John Doe. Visit

» Copyright removal

You may NOT edit or remove any copyright or Powered by statements in Gbook code without purchasing a license! For more information please visit

» Stay updated!

Join my FREE newsletter and you will be notified about new scripts, new versions of the existing scripts and other important news from PHPJunkYard.
Click here for more info

» Please rate this script

If you like this script please rate it or even write a review at:

Rate this Script @ Hot Scripts

Rate this Script @ The PHP Resource Index

» What else?

That's it! If you use PHPJunkYard free scripts or any portion of their code please place a link to on your website. I won't sue you if you don't, but I believe it is a fair trade for a free script/code. Think about it. You can find link suggestions here.

Best regards,

Klemen Stirn
PHP JunkYard