- updated to 7.5

[packages/PHP-nuke.git] / PHP-nuke-admin.php.patch

--- PHP-Nuke-7.4/html/admin.php 2004-07-23 14:46:00.000000000 +0000
+++ PHP-Nuke-7.4.new/html/admin.php     2004-11-01 20:50:15.217447320 +0000
@@ -1,431 +1,440 @@
-<?php\r
-\r
-/************************************************************************/\r
-/* PHP-NUKE: Advanced Content Management System                         */\r
-/* ============================================                         */\r
-/*                                                                      */\r
-/* Copyright (c) 2002 by Francisco Burzi                                */\r
-/* http://phpnuke.org                                                   */\r
-/*                                                                      */\r
-/* This program is free software. You can redistribute it and/or modify */\r
-/* it under the terms of the GNU General Public License as published by */\r
-/* the Free Software Foundation; either version 2 of the License.       */\r
-/*                                                                      */\r
-/************************************************************************/\r
-/* Additional security checking code 2003 by chatserv                   */\r
-/* http://www.nukefixes.com -- http://www.nukeresources.com             */\r
-/************************************************************************/\r
-if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {\r
-       die("Illegal Operation");\r
-}\r
-$checkurl = $_SERVER['REQUEST_URI']; \r
-\r
-if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) { \r
-       echo "die"; \r
-       exit; \r
-}\r
-require_once("mainfile.php");\r
-get_lang(admin);\r
-\r
-function create_first($name, $url, $email, $pwd, $user_new) {\r
-    global $prefix, $db, $user_prefix;\r
-    $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));\r
-    if ($first == 0) {\r
-       $pwd = md5($pwd);\r
-       $the_adm = "God";\r
-       $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')");\r
-       if ($user_new == 1) {\r
-           $user_regdate = date("M d, Y");\r
-           $user_avatar = "gallery/blank.gif";\r
-           $commentlimit = 4096;\r
-           if ($url == "http://") { $url = ""; }\r
-            $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");\r
-       }\r
-       login();\r
-    }\r
-}\r
-\r
-$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));\r
-if ($the_first == 0) {\r
-    if (!$name) {\r
-    include("header.php");\r
-    title("$sitename: "._ADMINISTRATION."");\r
-    OpenTable();\r
-    echo "<center><b>"._NOADMINYET."</b></center><br><br>"\r
-       ."<form action=\"admin.php\" method=\"post\">"\r
-       ."<table border=\"0\">"\r
-       ."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"\r
-       ."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"\r
-       ."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"\r
-       ."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"\r
-       ."<tr><td colspan=\"2\">"._CREATEUSERDATA."  <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES."&nbsp;&nbsp;<input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"\r
-       ."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"\r
-       ."<input type=\"submit\" value=\""._SUBMIT."\">"\r
-       ."</td></tr></table></form>";\r
-    CloseTable();\r
-    include("footer.php");\r
-    }\r
-    switch($fop) {\r
-       case "create_first":\r
-       create_first($name, $url, $email, $pwd, $user_new);\r
-       break;\r
-    }\r
-    die();\r
-}\r
-\r
-require("auth.php");\r
-\r
-if(!isset($op)) { $op = "adminMain"; }\r
-$pagetitle = "- "._ADMINMENU."";\r
-\r
-/*********************************************************/\r
-/* Login Function                                        */\r
-/*********************************************************/\r
-\r
-function login() {\r
-    global $gfx_chk;\r
-    include ("header.php");\r
-    mt_srand ((double)microtime()*1000000);\r
-    $maxran = 1000000;\r
-    $random_num = mt_rand(0, $maxran);\r
-    OpenTable();\r
-    echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";\r
-    CloseTable();\r
-    echo "<br>";\r
-    OpenTable();\r
-    echo "<form action=\"admin.php\" method=\"post\">"\r
-        ."<table border=\"0\">"\r
-       ."<tr><td>"._ADMINID."</td>"\r
-       ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"\r
-       ."<tr><td>"._PASSWORD."</td>"\r
-       ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";\r
-    if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {\r
-       echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"\r
-           ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";\r
-    }\r
-    echo "<tr><td>"\r
-       ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"\r
-       ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"\r
-       ."<input type=\"submit\" VALUE=\""._LOGIN."\">"\r
-       ."</td></tr></table>"\r
-       ."</form>";\r
-    CloseTable();\r
-    include ("footer.php");\r
-}\r
-\r
-function gfx($random_num) {\r
-    global $prefix, $db;\r
-    require("config.php");\r
-    $datekey = date("F j");\r
-    $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));\r
-    $code = substr($rcode, 2, 6);\r
-    $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");\r
-    $text_color = ImageColorAllocate($image, 80, 80, 80);\r
-    Header("Content-type: image/jpeg");\r
-    ImageString ($image, 5, 12, 2, $code, $text_color);\r
-    ImageJPEG($image, '', 75);\r
-    ImageDestroy($image);\r
-    die();\r
-}\r
-\r
-function deleteNotice($id) { \r
-    global $prefix, $db; \r
-    $id = intval($id); \r
-    $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); \r
-    Header("Location: admin.php?op=reviews"); \r
-}\r
-\r
-/*********************************************************/\r
-/* Administration Menu Function                          */\r
-/*********************************************************/\r
-\r
-function adminmenu($url, $title, $image) {\r
-    global $counter, $admingraphic, $Default_Theme;\r
-    $ThemeSel = get_theme();\r
-    if (file_exists("themes/$ThemeSel/images/admin/$image")) {\r
-       $image = "themes/$ThemeSel/images/admin/$image";\r
-    } else {\r
-       $image = "images/admin/$image";\r
-    }\r
-    if ($admingraphic == 1) {\r
-       $img = "<img src=\"$image\" border=\"0\" alt=\"$title\" title=\"$title\"></a><br>";\r
-       $close = "";\r
-    } else {\r
-       $img = "";\r
-       $close = "</a>";\r
-    }\r
-    echo "<td align=\"center\" valign=\"top\" width=\"16%\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close<br><br></font></td>";\r
-    if ($counter == 5) {\r
-       echo "</tr><tr>";\r
-       $counter = 0;\r
-    } else {\r
-       $counter++;\r
-    }\r
-}\r
-\r
-function GraphicAdmin() {\r
-    global $aid, $admingraphic, $language, $admin, $prefix, $db;\r
-    $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue"));\r
-    $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));\r
-    $radminarticle = intval($row['radminarticle']);\r
-    $radmintopic = intval($row['radmintopic']);\r
-    $radminuser = intval($row['radminuser']);\r
-    $radminsurvey = intval($row['radminsurvey']);\r
-    $radminlink = intval($row['radminlink']);\r
-    $radminfaq = intval($row['radminfaq']);\r
-    $radmindownload = intval($row['radmindownload']);\r
-    $radminreviews = intval($row['radminreviews']);\r
-    $radminnewsletter = intval($row['radminnewsletter']);\r
-    $radminforum = intval($row['radminforum']);\r
-    $radmincontent = intval($row['radmincontent']);\r
-    $radminency = intval($row['radminency']);\r
-    $radminsuper = intval($row['radminsuper']);\r
-    OpenTable();\r
-    echo "<center><a href=\"admin.php\"><font class='title'>"._ADMINMENU."</font></a>";\r
-    echo "<br><br>";\r
-    echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";\r
-    $linksdir = dir("admin/links");\r
-    while($func=$linksdir->read()) {\r
-        if(substr($func, 0, 6) == "links.") {\r
-           $menulist .= "$func ";\r
-       }\r
-    }\r
-    closedir($linksdir->handle);\r
-    $menulist = explode(" ", $menulist);\r
-    sort($menulist);\r
-    for ($i=0; $i < sizeof($menulist); $i++) {\r
-       if($menulist[$i]!="") {\r
-           $counter = 0;\r
-           include($linksdir->path."/$menulist[$i]");\r
-       }\r
-    }\r
-    adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif");\r
-    echo"</tr></table></center>";\r
-    CloseTable();\r
-    echo "<br>";\r
-}\r
-\r
-/*********************************************************/\r
-/* Administration Main Function                          */\r
-/*********************************************************/\r
-\r
-function adminMain() {\r
-    global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix;\r
-    include ("header.php");\r
-    $dummy = 0;\r
-    $Today = getdate();\r
-    $month = $Today['month'];\r
-    $mday = $Today['mday'];\r
-    $year = $Today['year'];\r
-    $pmonth = $Today['month'];\r
-    $pmday = $Today['mday'];\r
-    $pmday = $mday-1;\r
-    $pyear = $Today['year'];\r
-    if ($pmonth=="January") { $pmonth=1; } else\r
-    if ($pmonth=="February") { $pmonth=2; } else\r
-    if ($pmonth=="March") { $pmonth=3; } else\r
-    if ($pmonth=="April") { $pmonth=4; } else\r
-    if ($pmonth=="May") { $pmonth=5; } else\r
-    if ($pmonth=="June") { $pmonth=6; } else\r
-    if ($pmonth=="July") { $pmonth=7; } else\r
-    if ($pmonth=="August") { $pmonth=8; } else\r
-    if ($pmonth=="September") { $pmonth=9; } else\r
-    if ($pmonth=="October") { $pmonth=10; } else\r
-    if ($pmonth=="November") { $pmonth=11; } else\r
-    if ($pmonth=="December") { $pmonth=12; };\r
-    $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);\r
-    $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";\r
-    $preday = strftime ("%d",$test);\r
-    $premonth = strftime ("%B",$test);\r
-    $preyear = strftime ("%Y",$test);\r
-    $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";\r
-    GraphicAdmin();\r
-    $aid = substr("$aid", 0,25);\r
-    $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"));\r
-    $radminarticle = intval($row['radminarticle']);\r
-    $radminsuper = intval($row['radminsuper']);\r
-    $admlanguage = $row['admlanguage'];\r
-    if ($admlanguage != "" ) {\r
-       $queryalang = "WHERE alanguage='$admlanguage' ";\r
-    } else {\r
-       $queryalang = "";\r
-    }\r
-    $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));\r
-    $main_module = $row2['main_module'];\r
-    OpenTable();\r
-    echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"\r
-       .""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";\r
-    CloseTable();\r
-    echo "<br>";\r
-    OpenTable();\r
-    $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'"));\r
-    $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'"));\r
-    $who_online_num = $guest_online_num + $member_online_num;\r
-    $who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";\r
-    $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'"));\r
-    $userCount = $row3['userCount'];\r
-    $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'"));\r
-    $userCount2 = $row4['userCount'];\r
-    echo "<center>$who_online<br>"\r
-       .""._BTD.": <b>$userCount</b> - "._BYD.": <b>$userCount2</b></center>";\r
-    CloseTable();\r
-    echo "<br>";\r
-    OpenTable();\r
-    echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";\r
-    $count = 0;\r
-    $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC");\r
-    while ($row5 = $db->sql_fetchrow($result5)) {\r
-       $anid = intval($row5['anid']);\r
-       $aid = $row5['aid'];\r
-       $said = substr("$aid", 0,25);\r
-       $title = $row5['title'];\r
-       $time = $row5['time'];\r
-       $alanguage = $row5['alanguage'];\r
-       if ($alanguage == "") {\r
-           $alanguage = ""._ALL."";\r
-       }\r
-       if ($anid != "") {\r
-           if ($count == 0) {\r
-               echo "<table border=\"1\" width=\"100%\">";\r
-               $count = 1;\r
-           }\r
-           $time = ereg_replace(" ", "@", $time);\r
-           if (($radminarticle==1) OR ($radminsuper==1)) {\r
-               if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {\r
-                   echo "<tr><td nowrap>&nbsp;(<a href=\"admin.php?op=autoEdit&amp;anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&amp;anid=$anid\">"._DELETE."</a>)&nbsp;</td><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */\r
-               } else {\r
-                   echo "<tr><td>&nbsp;("._NOFUNCTIONS.")&nbsp;</td><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */\r
-               }\r
-           } else {\r
-               echo "<tr><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */\r
-           }\r
-       }\r
-    }\r
-    if (($anid == "") AND ($count == 0)) {\r
-       echo "<center><i>"._NOAUTOARTICLES."</i></center>";\r
-    }\r
-    if ($count == 1) {\r
-        echo "</table>";\r
-    }\r
-    CloseTable();\r
-    echo "<br>";\r
-    OpenTable();\r
-    echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";\r
-    $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20");\r
-    echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";\r
-    while ($row6 = $db->sql_fetchrow($result6)) {\r
-       $sid = intval($row6['sid']);\r
-       $aid = $row6['aid'];\r
-       $said = substr("$aid", 0,25);\r
-       $title = $row6['title'];\r
-       $time = $row6['time'];\r
-       $topic = $row6['topic'];\r
-       $informant = $row6['informant'];\r
-       $alanguage = $row6['alanguage'];\r
-       $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'"));\r
-       $topicname = $row7['topicname'];\r
-       if ($alanguage == "") {\r
-           $alanguage = ""._ALL."";\r
-       }\r
-       formatTimestamp($time);\r
-       echo "<tr><td align=\"right\"><b>$sid</b>"\r
-           ."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&amp;file=article&amp;sid=$sid\">$title</a>"\r
-           ."</td><td align=\"center\">$alanguage"\r
-           ."</td><td align=\"right\">$topicname";\r
-       if (($radminarticle==1) OR ($radminsuper==1)) {\r
-           if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {\r
-               echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&amp;sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&amp;sid=$sid\">"._DELETE."</a>)"\r
-                   ."</td></tr>";\r
-           } else {\r
-               echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"\r
-                   ."</td></tr>";\r
-           }\r
-       } else {\r
-           echo "</td></tr>";\r
-       }\r
-    }\r
-    echo "</table>";\r
-    if (($radminarticle==1) OR ($radminsuper==1)) {\r
-       echo "<center>"\r
-           ."<form action=\"admin.php\" method=\"post\">"\r
-           .""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"\r
-           ."<select name=\"op\">"\r
-           ."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"\r
-           ."<option value=\"RemoveStory\">"._DELETE."</option>"\r
-           ."</select>"\r
-           ."<input type=\"submit\" value=\""._GO."\">"\r
-           ."</form></center>";\r
-    }\r
-    CloseTable();\r
-    $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1"));\r
-    $pollID = intval($row8['pollID']);\r
-    $pollTitle = $row8['pollTitle'];\r
-    echo "<br>";\r
-    OpenTable();\r
-    echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&amp;pollID=$pollID\">"._EDIT."</a> | <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";\r
-    CloseTable();\r
-    include ("footer.php");\r
-}\r
-\r
-if($admintest) {\r
-\r
-    switch($op) {\r
-\r
-       case "do_gfx":\r
-       do_gfx();\r
-       break;\r
-\r
-       case "deleteNotice":\r
-       deleteNotice($id);\r
-       break;\r
-\r
-       case "GraphicAdmin":\r
-        GraphicAdmin();\r
-        break;\r
-\r
-       case "adminMain":\r
-       adminMain();\r
-       break;\r
-\r
-       case "logout":\r
-       setcookie("admin");\r
-       $admin = "";\r
-       include("header.php");\r
-       OpenTable();\r
-       echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";\r
-       CloseTable();\r
-       include("footer.php");\r
-       break;\r
-\r
-       case "login";\r
-       unset($op);\r
-\r
-       default:\r
-       $casedir = dir("admin/case");\r
-       while($func=$casedir->read()) {\r
-           if(substr($func, 0, 5) == "case.") {\r
-               include($casedir->path."/$func");\r
-           }\r
-       }\r
-       closedir($casedir->handle);\r
-       break;\r
-\r
-       }\r
-\r
-} else {\r
-\r
-    switch($op) {\r
-\r
-       case "gfx":\r
-       gfx($random_num);\r
-       break;\r
-       \r
-       default:\r
-       login();\r
-       break;\r
-\r
-    }\r
-\r
-}\r
-\r
-?>
\ No newline at end of file
+<?php
+
+/************************************************************************/
+/* PHP-NUKE: Advanced Content Management System                         */
+/* ============================================                         */
+/*                                                                      */
+/* Copyright (c) 2002 by Francisco Burzi                                */
+/* http://phpnuke.org                                                   */
+/*                                                                      */
+/* This program is free software. You can redistribute it and/or modify */
+/* it under the terms of the GNU General Public License as published by */
+/* the Free Software Foundation; either version 2 of the License.       */
+/*                                                                      */
+/************************************************************************/
+/* Additional security checking code 2003 by chatserv                   */
+/* http://www.nukefixes.com -- http://www.nukeresources.com             */
+/************************************************************************/
+
+if ( !empty($HTTP_GET_VARS['op']) ) {
+$op = $HTTP_GET_VARS['op'];
+}
+
+if ( !empty($HTTP_POST_VARS['op']) ) {
+$op = $HTTP_POST_VARS['op'];
+}
+
+if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
+       die("Illegal Operation");
+}
+$checkurl = $_SERVER['REQUEST_URI']; 
+
+if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) { 
+       echo "die"; 
+       exit; 
+}
+require_once("mainfile.php");
+get_lang(admin);
+
+function create_first($name, $url, $email, $pwd, $user_new) {
+    global $prefix, $db, $user_prefix;
+    $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
+    if ($first == 0) {
+       $pwd = md5($pwd);
+       $the_adm = "God";
+       $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')");
+       if ($user_new == 1) {
+           $user_regdate = date("M d, Y");
+           $user_avatar = "gallery/blank.gif";
+           $commentlimit = 4096;
+           if ($url == "http://") { $url = ""; }
+            $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");
+       }
+       login();
+    }
+}
+
+$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
+if ($the_first == 0) {
+    if (!$name) {
+    include("header.php");
+    title("$sitename: "._ADMINISTRATION."");
+    OpenTable();
+    echo "<center><b>"._NOADMINYET."</b></center><br><br>"
+       ."<form action=\"admin.php\" method=\"post\">"
+       ."<table border=\"0\">"
+       ."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"
+       ."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"
+       ."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"
+       ."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"
+       ."<tr><td colspan=\"2\">"._CREATEUSERDATA."  <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES."&nbsp;&nbsp;<input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"
+       ."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"
+       ."<input type=\"submit\" value=\""._SUBMIT."\">"
+       ."</td></tr></table></form>";
+    CloseTable();
+    include("footer.php");
+    }
+    switch($fop) {
+       case "create_first":
+       create_first($name, $url, $email, $pwd, $user_new);
+       break;
+    }
+    die();
+}
+
+require("auth.php");
+
+if(!isset($op)) { $op = "adminMain"; }
+$pagetitle = "- "._ADMINMENU."";
+
+/*********************************************************/
+/* Login Function                                        */
+/*********************************************************/
+
+function login() {
+    global $gfx_chk;
+    include ("header.php");
+    mt_srand ((double)microtime()*1000000);
+    $maxran = 1000000;
+    $random_num = mt_rand(0, $maxran);
+    OpenTable();
+    echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
+    CloseTable();
+    echo "<br>";
+    OpenTable();
+    echo "<form action=\"admin.php\" method=\"post\">"
+        ."<table border=\"0\">"
+       ."<tr><td>"._ADMINID."</td>"
+       ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
+       ."<tr><td>"._PASSWORD."</td>"
+       ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";
+    if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
+       echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
+           ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
+    }
+    echo "<tr><td>"
+       ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
+       ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
+       ."<input type=\"submit\" VALUE=\""._LOGIN."\">"
+       ."</td></tr></table>"
+       ."</form>";
+    CloseTable();
+    include ("footer.php");
+}
+
+function gfx($random_num) {
+    global $prefix, $db;
+    require("config.php");
+    $datekey = date("F j");
+    $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
+    $code = substr($rcode, 2, 6);
+    $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");
+    $text_color = ImageColorAllocate($image, 80, 80, 80);
+    Header("Content-type: image/jpeg");
+    ImageString ($image, 5, 12, 2, $code, $text_color);
+    ImageJPEG($image, '', 75);
+    ImageDestroy($image);
+    die();
+}
+
+function deleteNotice($id) { 
+    global $prefix, $db; 
+    $id = intval($id); 
+    $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); 
+    Header("Location: admin.php?op=reviews"); 
+}
+
+/*********************************************************/
+/* Administration Menu Function                          */
+/*********************************************************/
+
+function adminmenu($url, $title, $image) {
+    global $counter, $admingraphic, $Default_Theme;
+    $ThemeSel = get_theme();
+    if (file_exists("themes/$ThemeSel/images/admin/$image")) {
+       $image = "themes/$ThemeSel/images/admin/$image";
+    } else {
+       $image = "images/admin/$image";
+    }
+    if ($admingraphic == 1) {
+       $img = "<img src=\"$image\" border=\"0\" alt=\"$title\" title=\"$title\"></a><br>";
+       $close = "";
+    } else {
+       $img = "";
+       $close = "</a>";
+    }
+    echo "<td align=\"center\" valign=\"top\" width=\"16%\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close<br><br></font></td>";
+    if ($counter == 5) {
+       echo "</tr><tr>";
+       $counter = 0;
+    } else {
+       $counter++;
+    }
+}
+
+function GraphicAdmin() {
+    global $aid, $admingraphic, $language, $admin, $prefix, $db;
+    $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue"));
+    $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
+    $radminarticle = intval($row['radminarticle']);
+    $radmintopic = intval($row['radmintopic']);
+    $radminuser = intval($row['radminuser']);
+    $radminsurvey = intval($row['radminsurvey']);
+    $radminlink = intval($row['radminlink']);
+    $radminfaq = intval($row['radminfaq']);
+    $radmindownload = intval($row['radmindownload']);
+    $radminreviews = intval($row['radminreviews']);
+    $radminnewsletter = intval($row['radminnewsletter']);
+    $radminforum = intval($row['radminforum']);
+    $radmincontent = intval($row['radmincontent']);
+    $radminency = intval($row['radminency']);
+    $radminsuper = intval($row['radminsuper']);
+    OpenTable();
+    echo "<center><a href=\"admin.php\"><font class='title'>"._ADMINMENU."</font></a>";
+    echo "<br><br>";
+    echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";
+    $linksdir = dir("admin/links");
+    while($func=$linksdir->read()) {
+        if(substr($func, 0, 6) == "links.") {
+           $menulist .= "$func ";
+       }
+    }
+    closedir($linksdir->handle);
+    $menulist = explode(" ", $menulist);
+    sort($menulist);
+    for ($i=0; $i < sizeof($menulist); $i++) {
+       if($menulist[$i]!="") {
+           $counter = 0;
+           include($linksdir->path."/$menulist[$i]");
+       }
+    }
+    adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif");
+    echo"</tr></table></center>";
+    CloseTable();
+    echo "<br>";
+}
+
+/*********************************************************/
+/* Administration Main Function                          */
+/*********************************************************/
+
+function adminMain() {
+    global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix;
+    include ("header.php");
+    $dummy = 0;
+    $Today = getdate();
+    $month = $Today['month'];
+    $mday = $Today['mday'];
+    $year = $Today['year'];
+    $pmonth = $Today['month'];
+    $pmday = $Today['mday'];
+    $pmday = $mday-1;
+    $pyear = $Today['year'];
+    if ($pmonth=="January") { $pmonth=1; } else
+    if ($pmonth=="February") { $pmonth=2; } else
+    if ($pmonth=="March") { $pmonth=3; } else
+    if ($pmonth=="April") { $pmonth=4; } else
+    if ($pmonth=="May") { $pmonth=5; } else
+    if ($pmonth=="June") { $pmonth=6; } else
+    if ($pmonth=="July") { $pmonth=7; } else
+    if ($pmonth=="August") { $pmonth=8; } else
+    if ($pmonth=="September") { $pmonth=9; } else
+    if ($pmonth=="October") { $pmonth=10; } else
+    if ($pmonth=="November") { $pmonth=11; } else
+    if ($pmonth=="December") { $pmonth=12; };
+    $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);
+    $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";
+    $preday = strftime ("%d",$test);
+    $premonth = strftime ("%B",$test);
+    $preyear = strftime ("%Y",$test);
+    $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";
+    GraphicAdmin();
+    $aid = substr("$aid", 0,25);
+    $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"));
+    $radminarticle = intval($row['radminarticle']);
+    $radminsuper = intval($row['radminsuper']);
+    $admlanguage = $row['admlanguage'];
+    if ($admlanguage != "" ) {
+       $queryalang = "WHERE alanguage='$admlanguage' ";
+    } else {
+       $queryalang = "";
+    }
+    $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));
+    $main_module = $row2['main_module'];
+    OpenTable();
+    echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"
+       .""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";
+    CloseTable();
+    echo "<br>";
+    OpenTable();
+    $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'"));
+    $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'"));
+    $who_online_num = $guest_online_num + $member_online_num;
+    $who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";
+    $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'"));
+    $userCount = $row3['userCount'];
+    $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'"));
+    $userCount2 = $row4['userCount'];
+    echo "<center>$who_online<br>"
+       .""._BTD.": <b>$userCount</b> - "._BYD.": <b>$userCount2</b></center>";
+    CloseTable();
+    echo "<br>";
+    OpenTable();
+    echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";
+    $count = 0;
+    $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC");
+    while ($row5 = $db->sql_fetchrow($result5)) {
+       $anid = intval($row5['anid']);
+       $aid = $row5['aid'];
+       $said = substr("$aid", 0,25);
+       $title = $row5['title'];
+       $time = $row5['time'];
+       $alanguage = $row5['alanguage'];
+       if ($alanguage == "") {
+           $alanguage = ""._ALL."";
+       }
+       if ($anid != "") {
+           if ($count == 0) {
+               echo "<table border=\"1\" width=\"100%\">";
+               $count = 1;
+           }
+           $time = ereg_replace(" ", "@", $time);
+           if (($radminarticle==1) OR ($radminsuper==1)) {
+               if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {
+                   echo "<tr><td nowrap>&nbsp;(<a href=\"admin.php?op=autoEdit&amp;anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&amp;anid=$anid\">"._DELETE."</a>)&nbsp;</td><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */
+               } else {
+                   echo "<tr><td>&nbsp;("._NOFUNCTIONS.")&nbsp;</td><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */
+               }
+           } else {
+               echo "<tr><td width=\"100%\">&nbsp;$title&nbsp;</td><td align=\"center\">&nbsp;$alanguage&nbsp;</td><td nowrap>&nbsp;$time&nbsp;</td></tr>"; /* Multilingual Code : added column to display language */
+           }
+       }
+    }
+    if (($anid == "") AND ($count == 0)) {
+       echo "<center><i>"._NOAUTOARTICLES."</i></center>";
+    }
+    if ($count == 1) {
+        echo "</table>";
+    }
+    CloseTable();
+    echo "<br>";
+    OpenTable();
+    echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";
+    $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20");
+    echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";
+    while ($row6 = $db->sql_fetchrow($result6)) {
+       $sid = intval($row6['sid']);
+       $aid = $row6['aid'];
+       $said = substr("$aid", 0,25);
+       $title = $row6['title'];
+       $time = $row6['time'];
+       $topic = $row6['topic'];
+       $informant = $row6['informant'];
+       $alanguage = $row6['alanguage'];
+       $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'"));
+       $topicname = $row7['topicname'];
+       if ($alanguage == "") {
+           $alanguage = ""._ALL."";
+       }
+       formatTimestamp($time);
+       echo "<tr><td align=\"right\"><b>$sid</b>"
+           ."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&amp;file=article&amp;sid=$sid\">$title</a>"
+           ."</td><td align=\"center\">$alanguage"
+           ."</td><td align=\"right\">$topicname";
+       if (($radminarticle==1) OR ($radminsuper==1)) {
+           if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {
+               echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&amp;sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&amp;sid=$sid\">"._DELETE."</a>)"
+                   ."</td></tr>";
+           } else {
+               echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"
+                   ."</td></tr>";
+           }
+       } else {
+           echo "</td></tr>";
+       }
+    }
+    echo "</table>";
+    if (($radminarticle==1) OR ($radminsuper==1)) {
+       echo "<center>"
+           ."<form action=\"admin.php\" method=\"post\">"
+           .""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"
+           ."<select name=\"op\">"
+           ."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"
+           ."<option value=\"RemoveStory\">"._DELETE."</option>"
+           ."</select>"
+           ."<input type=\"submit\" value=\""._GO."\">"
+           ."</form></center>";
+    }
+    CloseTable();
+    $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1"));
+    $pollID = intval($row8['pollID']);
+    $pollTitle = $row8['pollTitle'];
+    echo "<br>";
+    OpenTable();
+    echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&amp;pollID=$pollID\">"._EDIT."</a> | <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";
+    CloseTable();
+    include ("footer.php");
+}
+
+if($admintest) {
+
+    switch($op) {
+
+       case "do_gfx":
+       do_gfx();
+       break;
+
+       case "deleteNotice":
+       deleteNotice($id);
+       break;
+
+       case "GraphicAdmin":
+        GraphicAdmin();
+        break;
+
+       case "adminMain":
+       adminMain();
+       break;
+
+       case "logout":
+       setcookie("admin");
+       $admin = "";
+       include("header.php");
+       OpenTable();
+       echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";
+       CloseTable();
+       include("footer.php");
+       break;
+
+       case "login";
+       unset($op);
+
+       default:
+       $casedir = dir("admin/case");
+       while($func=$casedir->read()) {
+           if(substr($func, 0, 5) == "case.") {
+               include($casedir->path."/$func");
+           }
+       }
+       closedir($casedir->handle);
+       break;
+
+       }
+
+} else {
+
+    switch($op) {
+
+       case "gfx":
+       gfx($random_num);
+       break;
+       
+       default:
+       login();
+       break;
+
+    }
+
+}
+
+?>