Lazarus is a free guestbook script written in PHP that uses your MySQL database for storage and is based upon the excellent Advanced Guestbook script from Proxy2.

I took the Advanced Guestbook and added more features and several layers of anti spam protection to make one of the most feature rich and spam resistant guestbook scripts available for free.

I am always active on the forums and you can rest assured that if the spammers find a way past the current anti spam methods that I have others waiting in the wings. You can read my own guestbook to see what other people have had to say about Lazarus and my anti spam fixes for Advanced Guestbook.

Alpha Testers Wanted

I have just rewritten admin.php to tighten up security. In the old days it used to just grab every variable a user supplied and convert it in to a PHP variable. This lead to an exploit a few years ago and, whilst we are safe at the moment, I've decided to remove the possibility of it leading to another one.

Due to the nature of these changes I require people to test that are comfortable with making database backups just in case something does go wrong. Just make a back up of your existing admin.php and replace it with this one. Then back up your database and play away. If you find any issues post them here.

The changes are these. First we delete any variables that may already exist. This is just to deal with any servers that have global variables set to on which is a really risky thing to do and is why PHP has it set to off by default. Then instead of just looping through all the inputs I just grab the inputs that are required for that particular part of the admin. As I'm sure you can see this makes things a lot more secure.

Here is my to do list for Lazarus 1.7 so far. Anything you think needs adding let me know.

• Silence error messages if smtplog.txt does not exist
• Add message to SMTP in admin to explain about smtplog.txt
• Move all the variable grabbing from top of admin.php to after auth check and only grab what we need
• Can we just check for globally registered variables and delete them?
• Add forum link to admin section.
• Change & to & in Gravater urls
• Move menu to right to the side and make it 100% high.