Add dynamic comment field display

- Hide comment field by default.
- Add JavaScript to reveal comment field when first name, last name, and location have at least 3 characters.
- Update form instructions to inform users about the comment field.

app.py

@@ -2,6 +2,7 @@ from flask import Flask, render_template, request, redirect, url_for
 import sqlite3
 import re
 import logging
+import os
 
 # Set up basic logging
 logging.basicConfig(level=logging.INFO)
@@ -10,6 +11,42 @@ logger = logging.getLogger(__name__)
 app = Flask(__name__)
 DATABASE = 'guestbook.db'
 
+def load_banned_words():
+    """Load a set of banned words from a local file.
+
+    Expects 'en.txt' to be in the same directory as this script.
+    If the file is missing, a minimal fallback set is used.
+    """
+    banned_words = set()
+    file_path = os.path.join(os.path.dirname(__file__), 'en.txt')
+    if os.path.exists(file_path):
+        try:
+            with open(file_path, 'r', encoding='utf-8') as f:
+                for line in f:
+                    word = line.strip().lower()
+                    if word:
+                        banned_words.add(word)
+            logger.info("Loaded %d banned words from file.", len(banned_words))
+        except Exception as e:
+            logger.error("Error reading banned words file: %s", e)
+            banned_words = {"fuck", "shit", "damn", "bitch", "asshole", "cunt", "dick", "piss", "crap", "hell"}
+    else:
+        logger.warning("Banned words file not found. Using fallback minimal list.")
+        banned_words = {"fuck", "shit", "damn", "bitch", "asshole", "cunt", "dick", "piss", "crap", "hell"}
+    return banned_words
+
+# Load the banned words using the helper function.
+BANNED_WORDS = load_banned_words()
+
+def contains_banned_words(text):
+    """Check if the provided text contains any banned words."""
+    words = text.lower().split()
+    for word in words:
+        word_clean = word.strip(".,!?;:\"'")
+        if word_clean in BANNED_WORDS:
+            return True
+    return False
+
 def init_db():
     conn = sqlite3.connect(DATABASE)
     c = conn.cursor()
@@ -20,6 +57,7 @@ def init_db():
             last_name TEXT NOT NULL,
             email TEXT,
             location TEXT NOT NULL,
+            comment TEXT,
             timestamp DATETIME DEFAULT CURRENT_TIMESTAMP
         )
     ''')
@@ -28,7 +66,6 @@ def init_db():
     logger.info("Database initialized.")
 
 def is_valid_email(email):
-    # A simple regex for basic email validation
     pattern = r'^[\w\.-]+@[\w\.-]+\.\w+$'
     return re.match(pattern, email)
 
@@ -41,17 +78,19 @@ def index():
         last_name = request.form.get('last_name', '').strip()
         email = request.form.get('email', '').strip()
         location = request.form.get('location', '').strip()
+        comment = request.form.get('comment', '').strip()
 
-        # Basic validation checks (email is optional)
         if not (first_name and last_name and location):
             error = "First name, last name, and location are required."
-            logger.warning("Validation error: Missing required fields (first name, last name, location).")
+            logger.warning("Validation error: Missing required fields.")
         elif email and not is_valid_email(email):
             error = "Invalid email address."
             logger.warning("Validation error: Invalid email address '%s'.", email)
+        elif comment and contains_banned_words(comment):
+            error = "Your comment contains inappropriate language. Please revise."
+            logger.warning("Validation error: Inappropriate language detected in comment.")
 
         if error:
-            # Retrieve guest entries to display on the page.
             conn = sqlite3.connect(DATABASE)
             c = conn.cursor()
             c.execute('SELECT first_name, location FROM guests ORDER BY id DESC')
@@ -59,19 +98,17 @@ def index():
             conn.close()
             return render_template('index.html', error=error, guests=guests)
 
-        # If validations pass, insert the data into the database.
         conn = sqlite3.connect(DATABASE)
         c = conn.cursor()
         c.execute(
-            'INSERT INTO guests (first_name, last_name, email, location) VALUES (?, ?, ?, ?)',
-            (first_name, last_name, email, location)
+            'INSERT INTO guests (first_name, last_name, email, location, comment) VALUES (?, ?, ?, ?, ?)',
+            (first_name, last_name, email, location, comment)
         )
         conn.commit()
         conn.close()
         logger.info("New guest entry added: %s from %s.", first_name, location)
         return redirect(url_for('index'))
 
-    # For GET requests, retrieve guest entries to display.
     conn = sqlite3.connect(DATABASE)
     c = conn.cursor()
     c.execute('SELECT first_name, location FROM guests ORDER BY id DESC')