sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); if ($first == 0) { $pwd = md5($pwd); $the_adm = "God"; $email = validate_mail($email); /*****************************************************/ /* Security - Protector System v.1.15b3 START */ /*****************************************************/ // $db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '1', '')"); $db->sql_query("INSERT INTO ".$prefix."_authors (aid, name, url, email, pwd, counter, radminsuper, admlanguage, radminblocker) VALUES ('$name', '$the_adm', '$url', '$email', '$pwd', '0', '1', '', '')"); /*****************************************************/ /* Security - Protector System v.1.15b3 END */ /*****************************************************/ if ($user_new == 1) { $user_regdate = date("M d, Y"); $user_avatar = "gallery/blank.gif"; $commentlimit = 4096; if ($url == "http://") { $url = ""; } $db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'$name','$email','$url','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')"); } login(); } } global $admin_file; $the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors")); if ($the_first == 0) { if (!$name) { include("header.php"); title("$sitename: "._ADMINISTRATION.""); OpenTable(); echo "
"._NOADMINYET."


" ."
" ."" ."" ."" ."" ."" ."" ."
"._NICKNAME.":
"._HOMEPAGE.":
"._EMAIL.":
"._PASSWORD.":
"._CREATEUSERDATA." "._YES."  "._NO."
" ."" ."
"; CloseTable(); include("footer.php"); } switch($fop) { case "create_first": create_first($name, $url, $email, $pwd, $user_new); break; } die(); } if (isset($aid) && (ereg("[^a-zA-Z0-9_-]",trim($aid)))) { die("Begone"); } if (isset($aid)) { $aid = substr($aid, 0,25);} if (isset($pwd)) { $pwd = substr($pwd, 0,40);} if ((isset($aid)) && (isset($pwd)) && (isset($op)) && ($op == "login")) { $datekey = date("F j"); $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $_POST['random_num'] . $datekey)); $code = substr($rcode, 2, 6); if (extension_loaded("gd") AND $code != $_POST['gfx_check'] AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) { Header("Location: ".$admin_file.".php"); die(); } if(!empty($aid) AND !empty($pwd)) { $pwd = md5($pwd); $result = $db->sql_query("SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"); $row = $db->sql_fetchrow($result); $admlanguage = addslashes($row['admlanguage']); $rpwd = $row['pwd']; if($rpwd == $pwd) { $admin = base64_encode("$aid:$pwd:$admlanguage"); setcookie("admin",$admin,time()+2592000); unset($op); } } } $admintest = 0; if(isset($admin) && !empty($admin)) { $admin = addslashes(base64_decode($admin)); $admin = explode(":", $admin); $aid = addslashes($admin[0]); $pwd = $admin[1]; $admlanguage = $admin[2]; if (empty($aid) OR empty($pwd)) { $admintest=0; echo "\n"; echo "INTRUDER ALERT!!!\n"; echo "\n\n


\n\n"; echo "


\n"; echo "Get Out!
\n"; echo "\n"; echo "\n"; exit; } $aid = substr("$aid", 0,25); $result2 = $db->sql_query("SELECT name, pwd FROM ".$prefix."_authors WHERE aid='$aid'"); if (!$result2) { echo "Selection from database failed!"; exit; } else { $row2 = $db->sql_fetchrow($result2); $rpwd = $row2['pwd']; if($rpwd == $pwd && !empty($rpwd)) { $admintest = 1; } } } /*****************************************************/ /* Security - Protector System v.1.15b3 START */ /*****************************************************/ require_once("includes/blocker.php"); /*****************************************************/ /* Security - Protector System v.1.15b3 END */ /*****************************************************/ if(!isset($op)) { $op = "adminMain"; } if(isset($op) AND($op=="mod_authors" OR $op=="modifyadmin" OR $op=="UpdateAuthor" OR $op=="AddAuthor" OR $op=="deladmin2" OR $op=="deladmin" OR $op=="assignstories" OR $op=="deladminconf") AND ($row2['name'] != "God")) { die("Illegal Operation"); } $pagetitle = "- "._ADMINMENU.""; /*********************************************************/ /* Login Function */ /*********************************************************/ function login() { global $gfx_chk, $admin_file; include ("header.php"); mt_srand ((double)microtime()*1000000); $maxran = 1000000; $random_num = mt_rand(0, $maxran); OpenTable(); echo "
"._ADMINLOGIN."
"; CloseTable(); echo "
"; OpenTable(); echo "
" ."" ."" ."" ."" .""; if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) { echo "" .""; } echo "
"._ADMINID."
"._PASSWORD."
"._SECURITYCODE.": "._SECURITYCODE."
"._TYPESECCODE.":
" ."" ."" ."" ."
" ."
"; CloseTable(); include ("footer.php"); } function deleteNotice($id) { global $prefix, $db, $admin_file; $id = intval($id); $db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'"); Header("Location: ".$admin_file.".php?op=reviews"); } /*********************************************************/ /* Administration Menu Function */ /*********************************************************/ function adminmenu($url, $title, $image) { global $counter, $admingraphic, $Default_Theme; $ThemeSel = get_theme(); if (file_exists("themes/$ThemeSel/images/admin/$image")) { $image = "themes/$ThemeSel/images/admin/$image"; } else { $image = "images/admin/$image"; } if ($admingraphic == 1) { $img = "\"$title\"
"; $close = ""; } else { $img = ""; $close = ""; } echo "$img$title$close

"; if ($counter == 5) { echo ""; $counter = 0; } else { $counter++; } } function GraphicAdmin() { global $aid, $admingraphic, $language, $admin, $prefix, $db, $counter, $admin_file; $newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue")); /*****************************************************/ /* Security - Protector System v.1.15b3 START */ /*****************************************************/ $row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper,radminblocker FROM ".$prefix."_authors WHERE aid='$aid'")); $radminsuper = intval($row['radminsuper']); $radminblocker = intval($row['radminblocker']); if ($radminsuper == 1 or $radminblocker == 1) { /*****************************************************/ /* Security - Protector System v.1.15b3 END */ /*****************************************************/ OpenTable(); echo "
"._ADMINMENU.""; echo "

"; echo""; $linksdir = dir("admin/links"); $menulist = ""; while($func=$linksdir->read()) { if(substr($func, 0, 6) == "links.") { $menulist .= "$func "; } } closedir($linksdir->handle); $menulist = explode(" ", $menulist); sort($menulist); for ($i=0; $i < sizeof($menulist); $i++) { if(!empty($menulist[$i])) { $sucounter = 0; include($linksdir->path."/$menulist[$i]"); } } adminmenu("".$admin_file.".php?op=logout", ""._ADMINLOGOUT."", "logout.gif"); echo"
"; $counter = ""; CloseTable(); echo "
"; } OpenTable(); echo "
"._MODULESADMIN.""; echo "

"; echo""; $handle=opendir('modules'); $modlist = ""; while ($file = readdir($handle)) { if ( (!ereg("[.]",$file)) ) { $modlist .= "$file "; } } closedir($handle); $modlist = explode(" ", $modlist); sort($modlist); for ($i=0; $i < sizeof($modlist); $i++) { if(!empty($modlist[$i])) { $row = $db->sql_fetchrow($db->sql_query("SELECT mid from " . $prefix . "_modules where title='$modlist[$i]'")); $mid = intval($row['mid']); if (empty($mid)) { $db->sql_query("insert into " . $prefix . "_modules values (NULL, '$modlist[$i]', '$modlist[$i]', '0', '0', '1', '0', '')"); } } } $result = $db->sql_query("SELECT title, admins FROM ".$prefix."_modules ORDER BY title ASC"); $row2 = $db->sql_fetchrow($db->sql_query("SELECT name FROM ".$prefix."_authors WHERE aid='$aid'")); while ($row = $db->sql_fetchrow($result)) { $admins = explode(",", $row['admins']); $auth_user = 0; for ($i=0; $i < sizeof($admins); $i++) { if ($row2['name'] == $admins[$i]) { $auth_user = 1; } } if ($radminsuper == 1 OR $auth_user == 1) { if (file_exists("modules/".$row['title']."/admin/index.php") AND file_exists("modules/".$row['title']."/admin/links.php") AND file_exists("modules/".$row['title']."/admin/case.php")) { include("modules/".$row['title']."/admin/links.php"); } } } adminmenu("".$admin_file.".php?op=logout", ""._ADMINLOGOUT."", "logout.gif"); echo"
"; CloseTable(); echo "
"; } /*********************************************************/ /* Administration Main Function */ /*********************************************************/ function adminMain() { global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix, $admin_file, $bgcolor1; include("header.php"); $dummy = 0; $month = date('M'); $curDate2 = "%".$month[0].$month[1].$month[2]."%".date('d')."%".date('Y')."%"; $ty = time() - 86400; $preday = strftime('%d', $ty); $premonth = strftime('%B', $ty); $preyear = strftime('%Y', $ty); $curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%"; GraphicAdmin(); $aid = substr("$aid", 0,25); $row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'")); $radminsuper = intval($row['radminsuper']); $admlanguage = addslashes($row['admlanguage']); $result = $db->sql_query("SELECT admins FROM ".$prefix."_modules WHERE title='News'"); $result2 = $db->sql_query("SELECT name FROM ".$prefix."_authors WHERE aid='$aid'"); list($aidname) = $db->sql_fetchrow($result2); $radminarticle = 0; while (list($admins) = $db->sql_fetchrow($result)) { $admins = explode(",", $admins); $auth_user = 0; for ($i=0; $i < sizeof($admins); $i++) { if ($aidname == $admins[$i]) { $auth_user = 1; } } if ($auth_user == 1) { $radminarticle = 1; } } if (!empty($admlanguage) ) { $queryalang = "WHERE alanguage='$admlanguage' "; } else { $queryalang = ""; } OpenTable(); $v_check = platinum_technology(); echo "
"._VCHECKHEADER."

" ."
$v_check

" ."
[ $sitename ]
"; CloseTable(); echo "
"; list($main_module) = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main")); OpenTable(); echo "
$sitename: "._DEFHOMEMODULE."

" .""._MODULEINHOME." $main_module
[ "._CHANGE." ]
"; CloseTable(); echo "
"; OpenTable(); $guest_online_num = intval($db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'"))); $member_online_num = intval($db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'"))); $who_online_num = $guest_online_num + $member_online_num; $who_online = "
"._WHOSONLINE."

"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."
"; list($userCount) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from ".$user_prefix."_users WHERE user_regdate LIKE '$curDate2'")); list($userCount2) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM ".$user_prefix."_users WHERE user_regdate LIKE '$curDateP'")); echo "
$who_online
" .""._BTD.": $userCount - "._BYD.": $userCount2
"; CloseTable(); if (is_active("News")) { echo "
"; OpenTable(); echo "
"._AUTOMATEDARTICLES."

"; $count = 0; $result5 = $db->sql_query("SELECT anid, aid, title, time, alanguage FROM ".$prefix."_autonews $queryalang ORDER BY time ASC"); while (list($anid, $aid, $listtitle, $time, $alanguage) = $db->sql_fetchrow($result5)) { $anid = intval($anid); $said = substr($aid, 0,25); $title = $listtitle; if (empty($alanguage)) { $alanguage = ""._ALL.""; } if (!empty($anid)) { if ($count == 0) { echo ""; $count = 1; } $time = str_replace(" ", "@", $time); if (($radminarticle==1) OR ($radminsuper==1)) { if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { echo ""; /* Multilingual Code : added column to display language */ } else { echo ""; /* Multilingual Code : added column to display language */ } } else { echo ""; /* Multilingual Code : added column to display language */ } } } if ((empty($anid)) AND ($count == 0)) { echo "
"._NOAUTOARTICLES."
"; } if ($count == 1) { echo "
 ("._EDIT."-"._DELETE." $title  $alanguage  $time 
 ("._NOFUNCTIONS.")  $title  $alanguage  $time 
 $title  $alanguage  $time 
"; } CloseTable(); echo "
"; OpenTable(); echo "
"._LAST." 20 "._ARTICLES."

"; $result6 = $db->sql_query("SELECT sid, aid, title, time, topic, informant, alanguage FROM ".$prefix."_stories $queryalang ORDER BY time DESC LIMIT 0,20"); echo "
"; while (list($sid, $aid, $title, $time, $topic, $informant, $alanguage) = $db->sql_fetchrow($result6)) { $sid = intval($sid); $said = substr($aid, 0,25); list($topicname) = $db->sql_fetchrow($db->sql_query("SELECT topicname FROM ".$prefix."_topics WHERE topicid='$topic'")); if (empty($alanguage)) { $alanguage = ""._ALL.""; } formatTimestamp($time); echo ""; } else { echo ""; } } else { echo ""; } } echo "
$sid" ."$title" ."$alanguage" ."$topicname"; if ($radminarticle == 1 OR $radminsuper == 1) { if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) { echo "("._EDIT."-"._DELETE.")" ."
("._NOFUNCTIONS.")" ."
"; if (($radminarticle==1) OR ($radminsuper==1)) { echo "
" ."
" .""._STORYID.": " ."" ."" ."
"; } CloseTable(); } if (is_active("Surveys")) { list($pollID, $pollTitle) = $db->sql_fetchrow($db->sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC LIMIT 1")); $pollID = intval($pollID); echo "
"; OpenTable(); echo "
"._CURRENTPOLL.": $pollTitle [ "._EDIT." | "._ADD." ]
"; CloseTable(); } unset($title); include ("footer.php"); } function not_deleted($text) { include ("header.php"); OpenTable(); echo "
".$text."
"; CloseTable(); include ("footer.php"); die(); } if($admintest) { switch($op) { case "do_gfx": do_gfx(); break; case "deleteNotice": deleteNotice($id); break; case "GraphicAdmin": GraphicAdmin(); break; case "adminMain": adminMain(); break; case "logout": setcookie("admin", false); $admin = ""; include("header.php"); OpenTable(); echo "
"._YOUARELOGGEDOUT."
"; CloseTable(); Header("Refresh: 3; url=".$admin_file.".php"); include("footer.php"); break; case "login"; unset($op); default: if (!is_admin($admin)) { login(); } $casedir = dir("admin/case"); while($func=$casedir->read()) { if(substr($func, 0, 5) == "case.") { include($casedir->path."/$func"); } } closedir($casedir->handle); $result = $db->sql_query("SELECT title FROM ".$prefix."_modules ORDER BY title ASC"); while (list($mod_title) = $db->sql_fetchrow($result)) { if (file_exists("modules/$mod_title/admin/index.php") AND file_exists("modules/$mod_title/admin/links.php") AND file_exists("modules/$mod_title/admin/case.php")) { include("modules/$mod_title/admin/case.php"); } } break; } } else { switch($op) { default: login(); break; } } ?>