--- /dev/null
+--- PHP-Nuke-7.4/html/admin.php 2004-07-23 14:46:00.000000000 +0000
++++ PHP-Nuke-7.4.new/html/admin.php 2004-11-01 20:50:15.217447320 +0000
+@@ -1,431 +1,440 @@
+-<?php\r
+-\r
+-/************************************************************************/\r
+-/* PHP-NUKE: Advanced Content Management System */\r
+-/* ============================================ */\r
+-/* */\r
+-/* Copyright (c) 2002 by Francisco Burzi */\r
+-/* http://phpnuke.org */\r
+-/* */\r
+-/* This program is free software. You can redistribute it and/or modify */\r
+-/* it under the terms of the GNU General Public License as published by */\r
+-/* the Free Software Foundation; either version 2 of the License. */\r
+-/* */\r
+-/************************************************************************/\r
+-/* Additional security checking code 2003 by chatserv */\r
+-/* http://www.nukefixes.com -- http://www.nukeresources.com */\r
+-/************************************************************************/\r
+-if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {\r
+- die("Illegal Operation");\r
+-}\r
+-$checkurl = $_SERVER['REQUEST_URI']; \r
+-\r
+-if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) { \r
+- echo "die"; \r
+- exit; \r
+-}\r
+-require_once("mainfile.php");\r
+-get_lang(admin);\r
+-\r
+-function create_first($name, $url, $email, $pwd, $user_new) {\r
+- global $prefix, $db, $user_prefix;\r
+- $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));\r
+- if ($first == 0) {\r
+- $pwd = md5($pwd);\r
+- $the_adm = "God";\r
+- $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')");\r
+- if ($user_new == 1) {\r
+- $user_regdate = date("M d, Y");\r
+- $user_avatar = "gallery/blank.gif";\r
+- $commentlimit = 4096;\r
+- if ($url == "http://") { $url = ""; }\r
+- $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");\r
+- }\r
+- login();\r
+- }\r
+-}\r
+-\r
+-$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));\r
+-if ($the_first == 0) {\r
+- if (!$name) {\r
+- include("header.php");\r
+- title("$sitename: "._ADMINISTRATION."");\r
+- OpenTable();\r
+- echo "<center><b>"._NOADMINYET."</b></center><br><br>"\r
+- ."<form action=\"admin.php\" method=\"post\">"\r
+- ."<table border=\"0\">"\r
+- ."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"\r
+- ."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"\r
+- ."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"\r
+- ."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"\r
+- ."<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES." <input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"\r
+- ."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"\r
+- ."<input type=\"submit\" value=\""._SUBMIT."\">"\r
+- ."</td></tr></table></form>";\r
+- CloseTable();\r
+- include("footer.php");\r
+- }\r
+- switch($fop) {\r
+- case "create_first":\r
+- create_first($name, $url, $email, $pwd, $user_new);\r
+- break;\r
+- }\r
+- die();\r
+-}\r
+-\r
+-require("auth.php");\r
+-\r
+-if(!isset($op)) { $op = "adminMain"; }\r
+-$pagetitle = "- "._ADMINMENU."";\r
+-\r
+-/*********************************************************/\r
+-/* Login Function */\r
+-/*********************************************************/\r
+-\r
+-function login() {\r
+- global $gfx_chk;\r
+- include ("header.php");\r
+- mt_srand ((double)microtime()*1000000);\r
+- $maxran = 1000000;\r
+- $random_num = mt_rand(0, $maxran);\r
+- OpenTable();\r
+- echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";\r
+- CloseTable();\r
+- echo "<br>";\r
+- OpenTable();\r
+- echo "<form action=\"admin.php\" method=\"post\">"\r
+- ."<table border=\"0\">"\r
+- ."<tr><td>"._ADMINID."</td>"\r
+- ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"\r
+- ."<tr><td>"._PASSWORD."</td>"\r
+- ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";\r
+- if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {\r
+- echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"\r
+- ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";\r
+- }\r
+- echo "<tr><td>"\r
+- ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"\r
+- ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"\r
+- ."<input type=\"submit\" VALUE=\""._LOGIN."\">"\r
+- ."</td></tr></table>"\r
+- ."</form>";\r
+- CloseTable();\r
+- include ("footer.php");\r
+-}\r
+-\r
+-function gfx($random_num) {\r
+- global $prefix, $db;\r
+- require("config.php");\r
+- $datekey = date("F j");\r
+- $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));\r
+- $code = substr($rcode, 2, 6);\r
+- $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");\r
+- $text_color = ImageColorAllocate($image, 80, 80, 80);\r
+- Header("Content-type: image/jpeg");\r
+- ImageString ($image, 5, 12, 2, $code, $text_color);\r
+- ImageJPEG($image, '', 75);\r
+- ImageDestroy($image);\r
+- die();\r
+-}\r
+-\r
+-function deleteNotice($id) { \r
+- global $prefix, $db; \r
+- $id = intval($id); \r
+- $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); \r
+- Header("Location: admin.php?op=reviews"); \r
+-}\r
+-\r
+-/*********************************************************/\r
+-/* Administration Menu Function */\r
+-/*********************************************************/\r
+-\r
+-function adminmenu($url, $title, $image) {\r
+- global $counter, $admingraphic, $Default_Theme;\r
+- $ThemeSel = get_theme();\r
+- if (file_exists("themes/$ThemeSel/images/admin/$image")) {\r
+- $image = "themes/$ThemeSel/images/admin/$image";\r
+- } else {\r
+- $image = "images/admin/$image";\r
+- }\r
+- if ($admingraphic == 1) {\r
+- $img = "<img src=\"$image\" border=\"0\" alt=\"$title\" title=\"$title\"></a><br>";\r
+- $close = "";\r
+- } else {\r
+- $img = "";\r
+- $close = "</a>";\r
+- }\r
+- echo "<td align=\"center\" valign=\"top\" width=\"16%\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close<br><br></font></td>";\r
+- if ($counter == 5) {\r
+- echo "</tr><tr>";\r
+- $counter = 0;\r
+- } else {\r
+- $counter++;\r
+- }\r
+-}\r
+-\r
+-function GraphicAdmin() {\r
+- global $aid, $admingraphic, $language, $admin, $prefix, $db;\r
+- $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue"));\r
+- $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));\r
+- $radminarticle = intval($row['radminarticle']);\r
+- $radmintopic = intval($row['radmintopic']);\r
+- $radminuser = intval($row['radminuser']);\r
+- $radminsurvey = intval($row['radminsurvey']);\r
+- $radminlink = intval($row['radminlink']);\r
+- $radminfaq = intval($row['radminfaq']);\r
+- $radmindownload = intval($row['radmindownload']);\r
+- $radminreviews = intval($row['radminreviews']);\r
+- $radminnewsletter = intval($row['radminnewsletter']);\r
+- $radminforum = intval($row['radminforum']);\r
+- $radmincontent = intval($row['radmincontent']);\r
+- $radminency = intval($row['radminency']);\r
+- $radminsuper = intval($row['radminsuper']);\r
+- OpenTable();\r
+- echo "<center><a href=\"admin.php\"><font class='title'>"._ADMINMENU."</font></a>";\r
+- echo "<br><br>";\r
+- echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";\r
+- $linksdir = dir("admin/links");\r
+- while($func=$linksdir->read()) {\r
+- if(substr($func, 0, 6) == "links.") {\r
+- $menulist .= "$func ";\r
+- }\r
+- }\r
+- closedir($linksdir->handle);\r
+- $menulist = explode(" ", $menulist);\r
+- sort($menulist);\r
+- for ($i=0; $i < sizeof($menulist); $i++) {\r
+- if($menulist[$i]!="") {\r
+- $counter = 0;\r
+- include($linksdir->path."/$menulist[$i]");\r
+- }\r
+- }\r
+- adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif");\r
+- echo"</tr></table></center>";\r
+- CloseTable();\r
+- echo "<br>";\r
+-}\r
+-\r
+-/*********************************************************/\r
+-/* Administration Main Function */\r
+-/*********************************************************/\r
+-\r
+-function adminMain() {\r
+- global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix;\r
+- include ("header.php");\r
+- $dummy = 0;\r
+- $Today = getdate();\r
+- $month = $Today['month'];\r
+- $mday = $Today['mday'];\r
+- $year = $Today['year'];\r
+- $pmonth = $Today['month'];\r
+- $pmday = $Today['mday'];\r
+- $pmday = $mday-1;\r
+- $pyear = $Today['year'];\r
+- if ($pmonth=="January") { $pmonth=1; } else\r
+- if ($pmonth=="February") { $pmonth=2; } else\r
+- if ($pmonth=="March") { $pmonth=3; } else\r
+- if ($pmonth=="April") { $pmonth=4; } else\r
+- if ($pmonth=="May") { $pmonth=5; } else\r
+- if ($pmonth=="June") { $pmonth=6; } else\r
+- if ($pmonth=="July") { $pmonth=7; } else\r
+- if ($pmonth=="August") { $pmonth=8; } else\r
+- if ($pmonth=="September") { $pmonth=9; } else\r
+- if ($pmonth=="October") { $pmonth=10; } else\r
+- if ($pmonth=="November") { $pmonth=11; } else\r
+- if ($pmonth=="December") { $pmonth=12; };\r
+- $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);\r
+- $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";\r
+- $preday = strftime ("%d",$test);\r
+- $premonth = strftime ("%B",$test);\r
+- $preyear = strftime ("%Y",$test);\r
+- $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";\r
+- GraphicAdmin();\r
+- $aid = substr("$aid", 0,25);\r
+- $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"));\r
+- $radminarticle = intval($row['radminarticle']);\r
+- $radminsuper = intval($row['radminsuper']);\r
+- $admlanguage = $row['admlanguage'];\r
+- if ($admlanguage != "" ) {\r
+- $queryalang = "WHERE alanguage='$admlanguage' ";\r
+- } else {\r
+- $queryalang = "";\r
+- }\r
+- $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));\r
+- $main_module = $row2['main_module'];\r
+- OpenTable();\r
+- echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"\r
+- .""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";\r
+- CloseTable();\r
+- echo "<br>";\r
+- OpenTable();\r
+- $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'"));\r
+- $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'"));\r
+- $who_online_num = $guest_online_num + $member_online_num;\r
+- $who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";\r
+- $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'"));\r
+- $userCount = $row3['userCount'];\r
+- $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'"));\r
+- $userCount2 = $row4['userCount'];\r
+- echo "<center>$who_online<br>"\r
+- .""._BTD.": <b>$userCount</b> - "._BYD.": <b>$userCount2</b></center>";\r
+- CloseTable();\r
+- echo "<br>";\r
+- OpenTable();\r
+- echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";\r
+- $count = 0;\r
+- $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC");\r
+- while ($row5 = $db->sql_fetchrow($result5)) {\r
+- $anid = intval($row5['anid']);\r
+- $aid = $row5['aid'];\r
+- $said = substr("$aid", 0,25);\r
+- $title = $row5['title'];\r
+- $time = $row5['time'];\r
+- $alanguage = $row5['alanguage'];\r
+- if ($alanguage == "") {\r
+- $alanguage = ""._ALL."";\r
+- }\r
+- if ($anid != "") {\r
+- if ($count == 0) {\r
+- echo "<table border=\"1\" width=\"100%\">";\r
+- $count = 1;\r
+- }\r
+- $time = ereg_replace(" ", "@", $time);\r
+- if (($radminarticle==1) OR ($radminsuper==1)) {\r
+- if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {\r
+- echo "<tr><td nowrap> (<a href=\"admin.php?op=autoEdit&anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&anid=$anid\">"._DELETE."</a>) </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */\r
+- } else {\r
+- echo "<tr><td> ("._NOFUNCTIONS.") </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */\r
+- }\r
+- } else {\r
+- echo "<tr><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */\r
+- }\r
+- }\r
+- }\r
+- if (($anid == "") AND ($count == 0)) {\r
+- echo "<center><i>"._NOAUTOARTICLES."</i></center>";\r
+- }\r
+- if ($count == 1) {\r
+- echo "</table>";\r
+- }\r
+- CloseTable();\r
+- echo "<br>";\r
+- OpenTable();\r
+- echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";\r
+- $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20");\r
+- echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";\r
+- while ($row6 = $db->sql_fetchrow($result6)) {\r
+- $sid = intval($row6['sid']);\r
+- $aid = $row6['aid'];\r
+- $said = substr("$aid", 0,25);\r
+- $title = $row6['title'];\r
+- $time = $row6['time'];\r
+- $topic = $row6['topic'];\r
+- $informant = $row6['informant'];\r
+- $alanguage = $row6['alanguage'];\r
+- $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'"));\r
+- $topicname = $row7['topicname'];\r
+- if ($alanguage == "") {\r
+- $alanguage = ""._ALL."";\r
+- }\r
+- formatTimestamp($time);\r
+- echo "<tr><td align=\"right\"><b>$sid</b>"\r
+- ."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a>"\r
+- ."</td><td align=\"center\">$alanguage"\r
+- ."</td><td align=\"right\">$topicname";\r
+- if (($radminarticle==1) OR ($radminsuper==1)) {\r
+- if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {\r
+- echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&sid=$sid\">"._DELETE."</a>)"\r
+- ."</td></tr>";\r
+- } else {\r
+- echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"\r
+- ."</td></tr>";\r
+- }\r
+- } else {\r
+- echo "</td></tr>";\r
+- }\r
+- }\r
+- echo "</table>";\r
+- if (($radminarticle==1) OR ($radminsuper==1)) {\r
+- echo "<center>"\r
+- ."<form action=\"admin.php\" method=\"post\">"\r
+- .""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"\r
+- ."<select name=\"op\">"\r
+- ."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"\r
+- ."<option value=\"RemoveStory\">"._DELETE."</option>"\r
+- ."</select>"\r
+- ."<input type=\"submit\" value=\""._GO."\">"\r
+- ."</form></center>";\r
+- }\r
+- CloseTable();\r
+- $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1"));\r
+- $pollID = intval($row8['pollID']);\r
+- $pollTitle = $row8['pollTitle'];\r
+- echo "<br>";\r
+- OpenTable();\r
+- echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&pollID=$pollID\">"._EDIT."</a> | <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";\r
+- CloseTable();\r
+- include ("footer.php");\r
+-}\r
+-\r
+-if($admintest) {\r
+-\r
+- switch($op) {\r
+-\r
+- case "do_gfx":\r
+- do_gfx();\r
+- break;\r
+-\r
+- case "deleteNotice":\r
+- deleteNotice($id);\r
+- break;\r
+-\r
+- case "GraphicAdmin":\r
+- GraphicAdmin();\r
+- break;\r
+-\r
+- case "adminMain":\r
+- adminMain();\r
+- break;\r
+-\r
+- case "logout":\r
+- setcookie("admin");\r
+- $admin = "";\r
+- include("header.php");\r
+- OpenTable();\r
+- echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";\r
+- CloseTable();\r
+- include("footer.php");\r
+- break;\r
+-\r
+- case "login";\r
+- unset($op);\r
+-\r
+- default:\r
+- $casedir = dir("admin/case");\r
+- while($func=$casedir->read()) {\r
+- if(substr($func, 0, 5) == "case.") {\r
+- include($casedir->path."/$func");\r
+- }\r
+- }\r
+- closedir($casedir->handle);\r
+- break;\r
+-\r
+- }\r
+-\r
+-} else {\r
+-\r
+- switch($op) {\r
+-\r
+- case "gfx":\r
+- gfx($random_num);\r
+- break;\r
+- \r
+- default:\r
+- login();\r
+- break;\r
+-\r
+- }\r
+-\r
+-}\r
+-\r
+-?>
+\ No newline at end of file
++<?php
++
++/************************************************************************/
++/* PHP-NUKE: Advanced Content Management System */
++/* ============================================ */
++/* */
++/* Copyright (c) 2002 by Francisco Burzi */
++/* http://phpnuke.org */
++/* */
++/* This program is free software. You can redistribute it and/or modify */
++/* it under the terms of the GNU General Public License as published by */
++/* the Free Software Foundation; either version 2 of the License. */
++/* */
++/************************************************************************/
++/* Additional security checking code 2003 by chatserv */
++/* http://www.nukefixes.com -- http://www.nukeresources.com */
++/************************************************************************/
++
++if ( !empty($HTTP_GET_VARS['op']) ) {
++$op = $HTTP_GET_VARS['op'];
++}
++
++if ( !empty($HTTP_POST_VARS['op']) ) {
++$op = $HTTP_POST_VARS['op'];
++}
++
++if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
++ die("Illegal Operation");
++}
++$checkurl = $_SERVER['REQUEST_URI'];
++
++if ((preg_match("/\?admin/", "$checkurl")) || (preg_match("/\&admin/", "$checkurl"))) {
++ echo "die";
++ exit;
++}
++require_once("mainfile.php");
++get_lang(admin);
++
++function create_first($name, $url, $email, $pwd, $user_new) {
++ global $prefix, $db, $user_prefix;
++ $first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
++ if ($first == 0) {
++ $pwd = md5($pwd);
++ $the_adm = "God";
++ $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')");
++ if ($user_new == 1) {
++ $user_regdate = date("M d, Y");
++ $user_avatar = "gallery/blank.gif";
++ $commentlimit = 4096;
++ if ($url == "http://") { $url = ""; }
++ $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");
++ }
++ login();
++ }
++}
++
++$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
++if ($the_first == 0) {
++ if (!$name) {
++ include("header.php");
++ title("$sitename: "._ADMINISTRATION."");
++ OpenTable();
++ echo "<center><b>"._NOADMINYET."</b></center><br><br>"
++ ."<form action=\"admin.php\" method=\"post\">"
++ ."<table border=\"0\">"
++ ."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"
++ ."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"
++ ."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"
++ ."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"
++ ."<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES." <input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"
++ ."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"
++ ."<input type=\"submit\" value=\""._SUBMIT."\">"
++ ."</td></tr></table></form>";
++ CloseTable();
++ include("footer.php");
++ }
++ switch($fop) {
++ case "create_first":
++ create_first($name, $url, $email, $pwd, $user_new);
++ break;
++ }
++ die();
++}
++
++require("auth.php");
++
++if(!isset($op)) { $op = "adminMain"; }
++$pagetitle = "- "._ADMINMENU."";
++
++/*********************************************************/
++/* Login Function */
++/*********************************************************/
++
++function login() {
++ global $gfx_chk;
++ include ("header.php");
++ mt_srand ((double)microtime()*1000000);
++ $maxran = 1000000;
++ $random_num = mt_rand(0, $maxran);
++ OpenTable();
++ echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
++ CloseTable();
++ echo "<br>";
++ OpenTable();
++ echo "<form action=\"admin.php\" method=\"post\">"
++ ."<table border=\"0\">"
++ ."<tr><td>"._ADMINID."</td>"
++ ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
++ ."<tr><td>"._PASSWORD."</td>"
++ ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";
++ if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
++ echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
++ ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
++ }
++ echo "<tr><td>"
++ ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
++ ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
++ ."<input type=\"submit\" VALUE=\""._LOGIN."\">"
++ ."</td></tr></table>"
++ ."</form>";
++ CloseTable();
++ include ("footer.php");
++}
++
++function gfx($random_num) {
++ global $prefix, $db;
++ require("config.php");
++ $datekey = date("F j");
++ $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
++ $code = substr($rcode, 2, 6);
++ $image = ImageCreateFromJPEG("images/admin/code_bg.jpg");
++ $text_color = ImageColorAllocate($image, 80, 80, 80);
++ Header("Content-type: image/jpeg");
++ ImageString ($image, 5, 12, 2, $code, $text_color);
++ ImageJPEG($image, '', 75);
++ ImageDestroy($image);
++ die();
++}
++
++function deleteNotice($id) {
++ global $prefix, $db;
++ $id = intval($id);
++ $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'");
++ Header("Location: admin.php?op=reviews");
++}
++
++/*********************************************************/
++/* Administration Menu Function */
++/*********************************************************/
++
++function adminmenu($url, $title, $image) {
++ global $counter, $admingraphic, $Default_Theme;
++ $ThemeSel = get_theme();
++ if (file_exists("themes/$ThemeSel/images/admin/$image")) {
++ $image = "themes/$ThemeSel/images/admin/$image";
++ } else {
++ $image = "images/admin/$image";
++ }
++ if ($admingraphic == 1) {
++ $img = "<img src=\"$image\" border=\"0\" alt=\"$title\" title=\"$title\"></a><br>";
++ $close = "";
++ } else {
++ $img = "";
++ $close = "</a>";
++ }
++ echo "<td align=\"center\" valign=\"top\" width=\"16%\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close<br><br></font></td>";
++ if ($counter == 5) {
++ echo "</tr><tr>";
++ $counter = 0;
++ } else {
++ $counter++;
++ }
++}
++
++function GraphicAdmin() {
++ global $aid, $admingraphic, $language, $admin, $prefix, $db;
++ $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue"));
++ $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
++ $radminarticle = intval($row['radminarticle']);
++ $radmintopic = intval($row['radmintopic']);
++ $radminuser = intval($row['radminuser']);
++ $radminsurvey = intval($row['radminsurvey']);
++ $radminlink = intval($row['radminlink']);
++ $radminfaq = intval($row['radminfaq']);
++ $radmindownload = intval($row['radmindownload']);
++ $radminreviews = intval($row['radminreviews']);
++ $radminnewsletter = intval($row['radminnewsletter']);
++ $radminforum = intval($row['radminforum']);
++ $radmincontent = intval($row['radmincontent']);
++ $radminency = intval($row['radminency']);
++ $radminsuper = intval($row['radminsuper']);
++ OpenTable();
++ echo "<center><a href=\"admin.php\"><font class='title'>"._ADMINMENU."</font></a>";
++ echo "<br><br>";
++ echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";
++ $linksdir = dir("admin/links");
++ while($func=$linksdir->read()) {
++ if(substr($func, 0, 6) == "links.") {
++ $menulist .= "$func ";
++ }
++ }
++ closedir($linksdir->handle);
++ $menulist = explode(" ", $menulist);
++ sort($menulist);
++ for ($i=0; $i < sizeof($menulist); $i++) {
++ if($menulist[$i]!="") {
++ $counter = 0;
++ include($linksdir->path."/$menulist[$i]");
++ }
++ }
++ adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif");
++ echo"</tr></table></center>";
++ CloseTable();
++ echo "<br>";
++}
++
++/*********************************************************/
++/* Administration Main Function */
++/*********************************************************/
++
++function adminMain() {
++ global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix;
++ include ("header.php");
++ $dummy = 0;
++ $Today = getdate();
++ $month = $Today['month'];
++ $mday = $Today['mday'];
++ $year = $Today['year'];
++ $pmonth = $Today['month'];
++ $pmday = $Today['mday'];
++ $pmday = $mday-1;
++ $pyear = $Today['year'];
++ if ($pmonth=="January") { $pmonth=1; } else
++ if ($pmonth=="February") { $pmonth=2; } else
++ if ($pmonth=="March") { $pmonth=3; } else
++ if ($pmonth=="April") { $pmonth=4; } else
++ if ($pmonth=="May") { $pmonth=5; } else
++ if ($pmonth=="June") { $pmonth=6; } else
++ if ($pmonth=="July") { $pmonth=7; } else
++ if ($pmonth=="August") { $pmonth=8; } else
++ if ($pmonth=="September") { $pmonth=9; } else
++ if ($pmonth=="October") { $pmonth=10; } else
++ if ($pmonth=="November") { $pmonth=11; } else
++ if ($pmonth=="December") { $pmonth=12; };
++ $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1);
++ $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%";
++ $preday = strftime ("%d",$test);
++ $premonth = strftime ("%B",$test);
++ $preyear = strftime ("%Y",$test);
++ $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";
++ GraphicAdmin();
++ $aid = substr("$aid", 0,25);
++ $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"));
++ $radminarticle = intval($row['radminarticle']);
++ $radminsuper = intval($row['radminsuper']);
++ $admlanguage = $row['admlanguage'];
++ if ($admlanguage != "" ) {
++ $queryalang = "WHERE alanguage='$admlanguage' ";
++ } else {
++ $queryalang = "";
++ }
++ $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));
++ $main_module = $row2['main_module'];
++ OpenTable();
++ echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"
++ .""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";
++ CloseTable();
++ echo "<br>";
++ OpenTable();
++ $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'"));
++ $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'"));
++ $who_online_num = $guest_online_num + $member_online_num;
++ $who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";
++ $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'"));
++ $userCount = $row3['userCount'];
++ $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'"));
++ $userCount2 = $row4['userCount'];
++ echo "<center>$who_online<br>"
++ .""._BTD.": <b>$userCount</b> - "._BYD.": <b>$userCount2</b></center>";
++ CloseTable();
++ echo "<br>";
++ OpenTable();
++ echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";
++ $count = 0;
++ $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC");
++ while ($row5 = $db->sql_fetchrow($result5)) {
++ $anid = intval($row5['anid']);
++ $aid = $row5['aid'];
++ $said = substr("$aid", 0,25);
++ $title = $row5['title'];
++ $time = $row5['time'];
++ $alanguage = $row5['alanguage'];
++ if ($alanguage == "") {
++ $alanguage = ""._ALL."";
++ }
++ if ($anid != "") {
++ if ($count == 0) {
++ echo "<table border=\"1\" width=\"100%\">";
++ $count = 1;
++ }
++ $time = ereg_replace(" ", "@", $time);
++ if (($radminarticle==1) OR ($radminsuper==1)) {
++ if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {
++ echo "<tr><td nowrap> (<a href=\"admin.php?op=autoEdit&anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&anid=$anid\">"._DELETE."</a>) </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */
++ } else {
++ echo "<tr><td> ("._NOFUNCTIONS.") </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */
++ }
++ } else {
++ echo "<tr><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */
++ }
++ }
++ }
++ if (($anid == "") AND ($count == 0)) {
++ echo "<center><i>"._NOAUTOARTICLES."</i></center>";
++ }
++ if ($count == 1) {
++ echo "</table>";
++ }
++ CloseTable();
++ echo "<br>";
++ OpenTable();
++ echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";
++ $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20");
++ echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";
++ while ($row6 = $db->sql_fetchrow($result6)) {
++ $sid = intval($row6['sid']);
++ $aid = $row6['aid'];
++ $said = substr("$aid", 0,25);
++ $title = $row6['title'];
++ $time = $row6['time'];
++ $topic = $row6['topic'];
++ $informant = $row6['informant'];
++ $alanguage = $row6['alanguage'];
++ $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'"));
++ $topicname = $row7['topicname'];
++ if ($alanguage == "") {
++ $alanguage = ""._ALL."";
++ }
++ formatTimestamp($time);
++ echo "<tr><td align=\"right\"><b>$sid</b>"
++ ."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a>"
++ ."</td><td align=\"center\">$alanguage"
++ ."</td><td align=\"right\">$topicname";
++ if (($radminarticle==1) OR ($radminsuper==1)) {
++ if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {
++ echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&sid=$sid\">"._DELETE."</a>)"
++ ."</td></tr>";
++ } else {
++ echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"
++ ."</td></tr>";
++ }
++ } else {
++ echo "</td></tr>";
++ }
++ }
++ echo "</table>";
++ if (($radminarticle==1) OR ($radminsuper==1)) {
++ echo "<center>"
++ ."<form action=\"admin.php\" method=\"post\">"
++ .""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"
++ ."<select name=\"op\">"
++ ."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"
++ ."<option value=\"RemoveStory\">"._DELETE."</option>"
++ ."</select>"
++ ."<input type=\"submit\" value=\""._GO."\">"
++ ."</form></center>";
++ }
++ CloseTable();
++ $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1"));
++ $pollID = intval($row8['pollID']);
++ $pollTitle = $row8['pollTitle'];
++ echo "<br>";
++ OpenTable();
++ echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&pollID=$pollID\">"._EDIT."</a> | <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";
++ CloseTable();
++ include ("footer.php");
++}
++
++if($admintest) {
++
++ switch($op) {
++
++ case "do_gfx":
++ do_gfx();
++ break;
++
++ case "deleteNotice":
++ deleteNotice($id);
++ break;
++
++ case "GraphicAdmin":
++ GraphicAdmin();
++ break;
++
++ case "adminMain":
++ adminMain();
++ break;
++
++ case "logout":
++ setcookie("admin");
++ $admin = "";
++ include("header.php");
++ OpenTable();
++ echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";
++ CloseTable();
++ include("footer.php");
++ break;
++
++ case "login";
++ unset($op);
++
++ default:
++ $casedir = dir("admin/case");
++ while($func=$casedir->read()) {
++ if(substr($func, 0, 5) == "case.") {
++ include($casedir->path."/$func");
++ }
++ }
++ closedir($casedir->handle);
++ break;
++
++ }
++
++} else {
++
++ switch($op) {
++
++ case "gfx":
++ gfx($random_num);
++ break;
++
++ default:
++ login();
++ break;
++
++ }
++
++}
++
++?>
projects / packages / PHP-nuke.git / commitdiff