From 15158c40dc18797886481871296999fe17cfa755 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C5=82awomir=20Paszkiewicz?= Date: Mon, 1 Nov 2004 20:55:21 +0000 Subject: [PATCH] - unofficial patch to fix: http://securitytracker.com/alerts/2004/Sep/1011161.html Changed files: PHP-nuke-admin.php.patch -> 1.1 --- PHP-nuke-admin.php.patch | 875 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 875 insertions(+) create mode 100644 PHP-nuke-admin.php.patch diff --git a/PHP-nuke-admin.php.patch b/PHP-nuke-admin.php.patch new file mode 100644 index 0000000..cae36e2 --- /dev/null +++ b/PHP-nuke-admin.php.patch @@ -0,0 +1,875 @@ +--- PHP-Nuke-7.4/html/admin.php 2004-07-23 14:46:00.000000000 +0000 ++++ PHP-Nuke-7.4.new/html/admin.php 2004-11-01 20:50:15.217447320 +0000 +@@ -1,431 +1,440 @@ +-sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); +- if ($first == 0) { +- $pwd = md5($pwd); +- $the_adm = "God"; +- $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')"); +- if ($user_new == 1) { +- $user_regdate = date("M d, Y"); +- $user_avatar = "gallery/blank.gif"; +- $commentlimit = 4096; +- if ($url == "http://") { $url = ""; } +- $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')"); +- } +- login(); +- } +-} +- +-$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); +-if ($the_first == 0) { +- if (!$name) { +- include("header.php"); +- title("$sitename: "._ADMINISTRATION.""); +- OpenTable(); +- echo "
"._NOADMINYET."


" +- ."
" +- ."" +- ."" +- ."" +- ."" +- ."" +- ."" +- ."
"._NICKNAME.":
"._HOMEPAGE.":
"._EMAIL.":
"._PASSWORD.":
"._CREATEUSERDATA." "._YES."  "._NO."
" +- ."" +- ."
"; +- CloseTable(); +- include("footer.php"); +- } +- switch($fop) { +- case "create_first": +- create_first($name, $url, $email, $pwd, $user_new); +- break; +- } +- die(); +-} +- +-require("auth.php"); +- +-if(!isset($op)) { $op = "adminMain"; } +-$pagetitle = "- "._ADMINMENU.""; +- +-/*********************************************************/ +-/* Login Function */ +-/*********************************************************/ +- +-function login() { +- global $gfx_chk; +- include ("header.php"); +- mt_srand ((double)microtime()*1000000); +- $maxran = 1000000; +- $random_num = mt_rand(0, $maxran); +- OpenTable(); +- echo "
"._ADMINLOGIN."
"; +- CloseTable(); +- echo "
"; +- OpenTable(); +- echo "
" +- ."" +- ."" +- ."" +- ."" +- .""; +- if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) { +- echo "" +- .""; +- } +- echo "
"._ADMINID."
"._PASSWORD."
"._SECURITYCODE.": "._SECURITYCODE."
"._TYPESECCODE.":
" +- ."" +- ."" +- ."" +- ."
" +- ."
"; +- CloseTable(); +- include ("footer.php"); +-} +- +-function gfx($random_num) { +- global $prefix, $db; +- require("config.php"); +- $datekey = date("F j"); +- $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey)); +- $code = substr($rcode, 2, 6); +- $image = ImageCreateFromJPEG("images/admin/code_bg.jpg"); +- $text_color = ImageColorAllocate($image, 80, 80, 80); +- Header("Content-type: image/jpeg"); +- ImageString ($image, 5, 12, 2, $code, $text_color); +- ImageJPEG($image, '', 75); +- ImageDestroy($image); +- die(); +-} +- +-function deleteNotice($id) { +- global $prefix, $db; +- $id = intval($id); +- $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); +- Header("Location: admin.php?op=reviews"); +-} +- +-/*********************************************************/ +-/* Administration Menu Function */ +-/*********************************************************/ +- +-function adminmenu($url, $title, $image) { +- global $counter, $admingraphic, $Default_Theme; +- $ThemeSel = get_theme(); +- if (file_exists("themes/$ThemeSel/images/admin/$image")) { +- $image = "themes/$ThemeSel/images/admin/$image"; +- } else { +- $image = "images/admin/$image"; +- } +- if ($admingraphic == 1) { +- $img = "\"$title\"
"; +- $close = ""; +- } else { +- $img = ""; +- $close = ""; +- } +- echo "$img$title$close

"; +- if ($counter == 5) { +- echo ""; +- $counter = 0; +- } else { +- $counter++; +- } +-} +- +-function GraphicAdmin() { +- global $aid, $admingraphic, $language, $admin, $prefix, $db; +- $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue")); +- $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'")); +- $radminarticle = intval($row['radminarticle']); +- $radmintopic = intval($row['radmintopic']); +- $radminuser = intval($row['radminuser']); +- $radminsurvey = intval($row['radminsurvey']); +- $radminlink = intval($row['radminlink']); +- $radminfaq = intval($row['radminfaq']); +- $radmindownload = intval($row['radmindownload']); +- $radminreviews = intval($row['radminreviews']); +- $radminnewsletter = intval($row['radminnewsletter']); +- $radminforum = intval($row['radminforum']); +- $radmincontent = intval($row['radmincontent']); +- $radminency = intval($row['radminency']); +- $radminsuper = intval($row['radminsuper']); +- OpenTable(); +- echo "
"._ADMINMENU.""; +- echo "

"; +- echo""; +- $linksdir = dir("admin/links"); +- while($func=$linksdir->read()) { +- if(substr($func, 0, 6) == "links.") { +- $menulist .= "$func "; +- } +- } +- closedir($linksdir->handle); +- $menulist = explode(" ", $menulist); +- sort($menulist); +- for ($i=0; $i < sizeof($menulist); $i++) { +- if($menulist[$i]!="") { +- $counter = 0; +- include($linksdir->path."/$menulist[$i]"); +- } +- } +- adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif"); +- echo"
"; +- CloseTable(); +- echo "
"; +-} +- +-/*********************************************************/ +-/* Administration Main Function */ +-/*********************************************************/ +- +-function adminMain() { +- global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix; +- include ("header.php"); +- $dummy = 0; +- $Today = getdate(); +- $month = $Today['month']; +- $mday = $Today['mday']; +- $year = $Today['year']; +- $pmonth = $Today['month']; +- $pmday = $Today['mday']; +- $pmday = $mday-1; +- $pyear = $Today['year']; +- if ($pmonth=="January") { $pmonth=1; } else +- if ($pmonth=="February") { $pmonth=2; } else +- if ($pmonth=="March") { $pmonth=3; } else +- if ($pmonth=="April") { $pmonth=4; } else +- if ($pmonth=="May") { $pmonth=5; } else +- if ($pmonth=="June") { $pmonth=6; } else +- if ($pmonth=="July") { $pmonth=7; } else +- if ($pmonth=="August") { $pmonth=8; } else +- if ($pmonth=="September") { $pmonth=9; } else +- if ($pmonth=="October") { $pmonth=10; } else +- if ($pmonth=="November") { $pmonth=11; } else +- if ($pmonth=="December") { $pmonth=12; }; +- $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1); +- $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%"; +- $preday = strftime ("%d",$test); +- $premonth = strftime ("%B",$test); +- $preyear = strftime ("%Y",$test); +- $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%"; +- GraphicAdmin(); +- $aid = substr("$aid", 0,25); +- $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'")); +- $radminarticle = intval($row['radminarticle']); +- $radminsuper = intval($row['radminsuper']); +- $admlanguage = $row['admlanguage']; +- if ($admlanguage != "" ) { +- $queryalang = "WHERE alanguage='$admlanguage' "; +- } else { +- $queryalang = ""; +- } +- $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main")); +- $main_module = $row2['main_module']; +- OpenTable(); +- echo "
$sitename: "._DEFHOMEMODULE."

" +- .""._MODULEINHOME." $main_module
[ "._CHANGE." ]
"; +- CloseTable(); +- echo "
"; +- OpenTable(); +- $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'")); +- $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'")); +- $who_online_num = $guest_online_num + $member_online_num; +- $who_online = "
"._WHOSONLINE."

"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."
"; +- $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'")); +- $userCount = $row3['userCount']; +- $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'")); +- $userCount2 = $row4['userCount']; +- echo "
$who_online
" +- .""._BTD.": $userCount - "._BYD.": $userCount2
"; +- CloseTable(); +- echo "
"; +- OpenTable(); +- echo "
"._AUTOMATEDARTICLES."

"; +- $count = 0; +- $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC"); +- while ($row5 = $db->sql_fetchrow($result5)) { +- $anid = intval($row5['anid']); +- $aid = $row5['aid']; +- $said = substr("$aid", 0,25); +- $title = $row5['title']; +- $time = $row5['time']; +- $alanguage = $row5['alanguage']; +- if ($alanguage == "") { +- $alanguage = ""._ALL.""; +- } +- if ($anid != "") { +- if ($count == 0) { +- echo ""; +- $count = 1; +- } +- $time = ereg_replace(" ", "@", $time); +- if (($radminarticle==1) OR ($radminsuper==1)) { +- if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { +- echo ""; /* Multilingual Code : added column to display language */ +- } else { +- echo ""; /* Multilingual Code : added column to display language */ +- } +- } else { +- echo ""; /* Multilingual Code : added column to display language */ +- } +- } +- } +- if (($anid == "") AND ($count == 0)) { +- echo "
"._NOAUTOARTICLES."
"; +- } +- if ($count == 1) { +- echo "
 ("._EDIT."-"._DELETE." $title  $alanguage  $time 
 ("._NOFUNCTIONS.")  $title  $alanguage  $time 
 $title  $alanguage  $time 
"; +- } +- CloseTable(); +- echo "
"; +- OpenTable(); +- echo "
"._LAST." 20 "._ARTICLES."

"; +- $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20"); +- echo "
"; +- while ($row6 = $db->sql_fetchrow($result6)) { +- $sid = intval($row6['sid']); +- $aid = $row6['aid']; +- $said = substr("$aid", 0,25); +- $title = $row6['title']; +- $time = $row6['time']; +- $topic = $row6['topic']; +- $informant = $row6['informant']; +- $alanguage = $row6['alanguage']; +- $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'")); +- $topicname = $row7['topicname']; +- if ($alanguage == "") { +- $alanguage = ""._ALL.""; +- } +- formatTimestamp($time); +- echo ""; +- } else { +- echo ""; +- } +- } else { +- echo ""; +- } +- } +- echo "
$sid" +- ."$title" +- ."$alanguage" +- ."$topicname"; +- if (($radminarticle==1) OR ($radminsuper==1)) { +- if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { +- echo "("._EDIT."-"._DELETE.")" +- ."
("._NOFUNCTIONS.")" +- ."
"; +- if (($radminarticle==1) OR ($radminsuper==1)) { +- echo "
" +- ."
" +- .""._STORYID.": " +- ."" +- ."" +- ."
"; +- } +- CloseTable(); +- $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1")); +- $pollID = intval($row8['pollID']); +- $pollTitle = $row8['pollTitle']; +- echo "
"; +- OpenTable(); +- echo "
"._CURRENTPOLL.": $pollTitle [ "._EDIT." | "._ADD." ]
"; +- CloseTable(); +- include ("footer.php"); +-} +- +-if($admintest) { +- +- switch($op) { +- +- case "do_gfx": +- do_gfx(); +- break; +- +- case "deleteNotice": +- deleteNotice($id); +- break; +- +- case "GraphicAdmin": +- GraphicAdmin(); +- break; +- +- case "adminMain": +- adminMain(); +- break; +- +- case "logout": +- setcookie("admin"); +- $admin = ""; +- include("header.php"); +- OpenTable(); +- echo "
"._YOUARELOGGEDOUT."
"; +- CloseTable(); +- include("footer.php"); +- break; +- +- case "login"; +- unset($op); +- +- default: +- $casedir = dir("admin/case"); +- while($func=$casedir->read()) { +- if(substr($func, 0, 5) == "case.") { +- include($casedir->path."/$func"); +- } +- } +- closedir($casedir->handle); +- break; +- +- } +- +-} else { +- +- switch($op) { +- +- case "gfx": +- gfx($random_num); +- break; +- +- default: +- login(); +- break; +- +- } +- +-} +- +-?> +\ No newline at end of file ++sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); ++ if ($first == 0) { ++ $pwd = md5($pwd); ++ $the_adm = "God"; ++ $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '1', '')"); ++ if ($user_new == 1) { ++ $user_regdate = date("M d, Y"); ++ $user_avatar = "gallery/blank.gif"; ++ $commentlimit = 4096; ++ if ($url == "http://") { $url = ""; } ++ $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')"); ++ } ++ login(); ++ } ++} ++ ++$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); ++if ($the_first == 0) { ++ if (!$name) { ++ include("header.php"); ++ title("$sitename: "._ADMINISTRATION.""); ++ OpenTable(); ++ echo "
"._NOADMINYET."


" ++ ."
" ++ ."" ++ ."" ++ ."" ++ ."" ++ ."" ++ ."" ++ ."
"._NICKNAME.":
"._HOMEPAGE.":
"._EMAIL.":
"._PASSWORD.":
"._CREATEUSERDATA." "._YES."  "._NO."
" ++ ."" ++ ."
"; ++ CloseTable(); ++ include("footer.php"); ++ } ++ switch($fop) { ++ case "create_first": ++ create_first($name, $url, $email, $pwd, $user_new); ++ break; ++ } ++ die(); ++} ++ ++require("auth.php"); ++ ++if(!isset($op)) { $op = "adminMain"; } ++$pagetitle = "- "._ADMINMENU.""; ++ ++/*********************************************************/ ++/* Login Function */ ++/*********************************************************/ ++ ++function login() { ++ global $gfx_chk; ++ include ("header.php"); ++ mt_srand ((double)microtime()*1000000); ++ $maxran = 1000000; ++ $random_num = mt_rand(0, $maxran); ++ OpenTable(); ++ echo "
"._ADMINLOGIN."
"; ++ CloseTable(); ++ echo "
"; ++ OpenTable(); ++ echo "
" ++ ."" ++ ."" ++ ."" ++ ."" ++ .""; ++ if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) { ++ echo "" ++ .""; ++ } ++ echo "
"._ADMINID."
"._PASSWORD."
"._SECURITYCODE.": "._SECURITYCODE."
"._TYPESECCODE.":
" ++ ."" ++ ."" ++ ."" ++ ."
" ++ ."
"; ++ CloseTable(); ++ include ("footer.php"); ++} ++ ++function gfx($random_num) { ++ global $prefix, $db; ++ require("config.php"); ++ $datekey = date("F j"); ++ $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey)); ++ $code = substr($rcode, 2, 6); ++ $image = ImageCreateFromJPEG("images/admin/code_bg.jpg"); ++ $text_color = ImageColorAllocate($image, 80, 80, 80); ++ Header("Content-type: image/jpeg"); ++ ImageString ($image, 5, 12, 2, $code, $text_color); ++ ImageJPEG($image, '', 75); ++ ImageDestroy($image); ++ die(); ++} ++ ++function deleteNotice($id) { ++ global $prefix, $db; ++ $id = intval($id); ++ $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); ++ Header("Location: admin.php?op=reviews"); ++} ++ ++/*********************************************************/ ++/* Administration Menu Function */ ++/*********************************************************/ ++ ++function adminmenu($url, $title, $image) { ++ global $counter, $admingraphic, $Default_Theme; ++ $ThemeSel = get_theme(); ++ if (file_exists("themes/$ThemeSel/images/admin/$image")) { ++ $image = "themes/$ThemeSel/images/admin/$image"; ++ } else { ++ $image = "images/admin/$image"; ++ } ++ if ($admingraphic == 1) { ++ $img = "\"$title\"
"; ++ $close = ""; ++ } else { ++ $img = ""; ++ $close = ""; ++ } ++ echo "$img$title$close

"; ++ if ($counter == 5) { ++ echo ""; ++ $counter = 0; ++ } else { ++ $counter++; ++ } ++} ++ ++function GraphicAdmin() { ++ global $aid, $admingraphic, $language, $admin, $prefix, $db; ++ $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue")); ++ $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle,radmintopic,radminuser,radminsurvey,radminlink,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper FROM ".$prefix."_authors WHERE aid='$aid'")); ++ $radminarticle = intval($row['radminarticle']); ++ $radmintopic = intval($row['radmintopic']); ++ $radminuser = intval($row['radminuser']); ++ $radminsurvey = intval($row['radminsurvey']); ++ $radminlink = intval($row['radminlink']); ++ $radminfaq = intval($row['radminfaq']); ++ $radmindownload = intval($row['radmindownload']); ++ $radminreviews = intval($row['radminreviews']); ++ $radminnewsletter = intval($row['radminnewsletter']); ++ $radminforum = intval($row['radminforum']); ++ $radmincontent = intval($row['radmincontent']); ++ $radminency = intval($row['radminency']); ++ $radminsuper = intval($row['radminsuper']); ++ OpenTable(); ++ echo "
"._ADMINMENU.""; ++ echo "

"; ++ echo""; ++ $linksdir = dir("admin/links"); ++ while($func=$linksdir->read()) { ++ if(substr($func, 0, 6) == "links.") { ++ $menulist .= "$func "; ++ } ++ } ++ closedir($linksdir->handle); ++ $menulist = explode(" ", $menulist); ++ sort($menulist); ++ for ($i=0; $i < sizeof($menulist); $i++) { ++ if($menulist[$i]!="") { ++ $counter = 0; ++ include($linksdir->path."/$menulist[$i]"); ++ } ++ } ++ adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "logout.gif"); ++ echo"
"; ++ CloseTable(); ++ echo "
"; ++} ++ ++/*********************************************************/ ++/* Administration Main Function */ ++/*********************************************************/ ++ ++function adminMain() { ++ global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix; ++ include ("header.php"); ++ $dummy = 0; ++ $Today = getdate(); ++ $month = $Today['month']; ++ $mday = $Today['mday']; ++ $year = $Today['year']; ++ $pmonth = $Today['month']; ++ $pmday = $Today['mday']; ++ $pmday = $mday-1; ++ $pyear = $Today['year']; ++ if ($pmonth=="January") { $pmonth=1; } else ++ if ($pmonth=="February") { $pmonth=2; } else ++ if ($pmonth=="March") { $pmonth=3; } else ++ if ($pmonth=="April") { $pmonth=4; } else ++ if ($pmonth=="May") { $pmonth=5; } else ++ if ($pmonth=="June") { $pmonth=6; } else ++ if ($pmonth=="July") { $pmonth=7; } else ++ if ($pmonth=="August") { $pmonth=8; } else ++ if ($pmonth=="September") { $pmonth=9; } else ++ if ($pmonth=="October") { $pmonth=10; } else ++ if ($pmonth=="November") { $pmonth=11; } else ++ if ($pmonth=="December") { $pmonth=12; }; ++ $test = mktime (0,0,0,$pmonth,$pmday,$pyear,1); ++ $curDate2 = "%".$month[0].$month[1].$month[2]."%".$mday."%".$year."%"; ++ $preday = strftime ("%d",$test); ++ $premonth = strftime ("%B",$test); ++ $preyear = strftime ("%Y",$test); ++ $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%"; ++ GraphicAdmin(); ++ $aid = substr("$aid", 0,25); ++ $row = $db->sql_fetchrow($db->sql_query("SELECT radminarticle, radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'")); ++ $radminarticle = intval($row['radminarticle']); ++ $radminsuper = intval($row['radminsuper']); ++ $admlanguage = $row['admlanguage']; ++ if ($admlanguage != "" ) { ++ $queryalang = "WHERE alanguage='$admlanguage' "; ++ } else { ++ $queryalang = ""; ++ } ++ $row2 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main")); ++ $main_module = $row2['main_module']; ++ OpenTable(); ++ echo "
$sitename: "._DEFHOMEMODULE."

" ++ .""._MODULEINHOME." $main_module
[ "._CHANGE." ]
"; ++ CloseTable(); ++ echo "
"; ++ OpenTable(); ++ $guest_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'")); ++ $member_online_num = $db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'")); ++ $who_online_num = $guest_online_num + $member_online_num; ++ $who_online = "
"._WHOSONLINE."

"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."
"; ++ $row3 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from $user_prefix"._users." WHERE user_regdate LIKE '$curDate2'")); ++ $userCount = $row3['userCount']; ++ $row4 = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM $user_prefix"._users." WHERE user_regdate LIKE '$curDateP'")); ++ $userCount2 = $row4['userCount']; ++ echo "
$who_online
" ++ .""._BTD.": $userCount - "._BYD.": $userCount2
"; ++ CloseTable(); ++ echo "
"; ++ OpenTable(); ++ echo "
"._AUTOMATEDARTICLES."

"; ++ $count = 0; ++ $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC"); ++ while ($row5 = $db->sql_fetchrow($result5)) { ++ $anid = intval($row5['anid']); ++ $aid = $row5['aid']; ++ $said = substr("$aid", 0,25); ++ $title = $row5['title']; ++ $time = $row5['time']; ++ $alanguage = $row5['alanguage']; ++ if ($alanguage == "") { ++ $alanguage = ""._ALL.""; ++ } ++ if ($anid != "") { ++ if ($count == 0) { ++ echo ""; ++ $count = 1; ++ } ++ $time = ereg_replace(" ", "@", $time); ++ if (($radminarticle==1) OR ($radminsuper==1)) { ++ if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { ++ echo ""; /* Multilingual Code : added column to display language */ ++ } else { ++ echo ""; /* Multilingual Code : added column to display language */ ++ } ++ } else { ++ echo ""; /* Multilingual Code : added column to display language */ ++ } ++ } ++ } ++ if (($anid == "") AND ($count == 0)) { ++ echo "
"._NOAUTOARTICLES."
"; ++ } ++ if ($count == 1) { ++ echo "
 ("._EDIT."-"._DELETE." $title  $alanguage  $time 
 ("._NOFUNCTIONS.")  $title  $alanguage  $time 
 $title  $alanguage  $time 
"; ++ } ++ CloseTable(); ++ echo "
"; ++ OpenTable(); ++ echo "
"._LAST." 20 "._ARTICLES."

"; ++ $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20"); ++ echo "
"; ++ while ($row6 = $db->sql_fetchrow($result6)) { ++ $sid = intval($row6['sid']); ++ $aid = $row6['aid']; ++ $said = substr("$aid", 0,25); ++ $title = $row6['title']; ++ $time = $row6['time']; ++ $topic = $row6['topic']; ++ $informant = $row6['informant']; ++ $alanguage = $row6['alanguage']; ++ $row7 = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'")); ++ $topicname = $row7['topicname']; ++ if ($alanguage == "") { ++ $alanguage = ""._ALL.""; ++ } ++ formatTimestamp($time); ++ echo ""; ++ } else { ++ echo ""; ++ } ++ } else { ++ echo ""; ++ } ++ } ++ echo "
$sid" ++ ."$title" ++ ."$alanguage" ++ ."$topicname"; ++ if (($radminarticle==1) OR ($radminsuper==1)) { ++ if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { ++ echo "("._EDIT."-"._DELETE.")" ++ ."
("._NOFUNCTIONS.")" ++ ."
"; ++ if (($radminarticle==1) OR ($radminsuper==1)) { ++ echo "
" ++ ."
" ++ .""._STORYID.": " ++ ."" ++ ."" ++ ."
"; ++ } ++ CloseTable(); ++ $row8 = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1")); ++ $pollID = intval($row8['pollID']); ++ $pollTitle = $row8['pollTitle']; ++ echo "
"; ++ OpenTable(); ++ echo "
"._CURRENTPOLL.": $pollTitle [ "._EDIT." | "._ADD." ]
"; ++ CloseTable(); ++ include ("footer.php"); ++} ++ ++if($admintest) { ++ ++ switch($op) { ++ ++ case "do_gfx": ++ do_gfx(); ++ break; ++ ++ case "deleteNotice": ++ deleteNotice($id); ++ break; ++ ++ case "GraphicAdmin": ++ GraphicAdmin(); ++ break; ++ ++ case "adminMain": ++ adminMain(); ++ break; ++ ++ case "logout": ++ setcookie("admin"); ++ $admin = ""; ++ include("header.php"); ++ OpenTable(); ++ echo "
"._YOUARELOGGEDOUT."
"; ++ CloseTable(); ++ include("footer.php"); ++ break; ++ ++ case "login"; ++ unset($op); ++ ++ default: ++ $casedir = dir("admin/case"); ++ while($func=$casedir->read()) { ++ if(substr($func, 0, 5) == "case.") { ++ include($casedir->path."/$func"); ++ } ++ } ++ closedir($casedir->handle); ++ break; ++ ++ } ++ ++} else { ++ ++ switch($op) { ++ ++ case "gfx": ++ gfx($random_num); ++ break; ++ ++ default: ++ login(); ++ break; ++ ++ } ++ ++} ++ ++?> -- 2.44.0