1
Feedback & Suggestions / Re: [FIX] - admin/backup.php file
« on: January 23, 2008, 03:16:07 PM »
4images 1.7.4
PHP Version 4.3.10
PHP Version 4.3.10
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
foreach ($auth as $key => $val) {
$sql = "DELETE FROM ".GROUP_ACCESS_TABLE."
WHERE cat_id = $key AND group_id = $group_id";
$site_db->query($sql);
$sql = "DELETE FROM ".GROUP_ACCESS_TABLE."
WHERE group_id = $group_id";
$site_db->query($sql);
foreach ($auth as $key => $val) {
echo "<td class=\"tableseparator\" width=\"".$col_width."%\" align=\"center\"><input name=\"allbox[".$val."]\" type=\"checkbox\" onClick=\"CheckAllCats(this, '".$val."');\" />".$lang[$val]."</td>\n";
echo "<td class=\"tableseparator\" width=\"".$col_width."%\" align=\"center\">".($permission_select_type == "checkbox" ? "<input name=\"allbox[".$val."]\" type=\"checkbox\" onClick=\"CheckAllCats(this, '".$val."');\" />":"").$lang[$val]."</td>\n";
if ($action == "updatecat") {
$error = array();
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : intval($HTTP_GET_VARS['cat_id']);
$cat_parent_id = intval($HTTP_POST_VARS['cat_parent_id']);
$cat_name = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_name']));
$cat_description = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_description']));
$cat_hits = intval(trim($HTTP_POST_VARS['cat_hits']));
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
$subcats = (isset($HTTP_POST_VARS['subcats']) && $HTTP_POST_VARS['subcats']) ? 1 : 0;
$subcat_ids = array();
get_subcategories_id($cat_id);
if ($cat_parent_id == $cat_id || in_array($cat_parent_id, $subcat_ids)) {
$msg .= sprintf("<span class=\"marktext\">%s</span><br />", $lang['parent_cat_error']);
$error['cat_parent_id'] = 1;
}
if ($cat_name == "") {
$error['cat_name'] = 1;
}
if (empty($error)) {
$sql = "UPDATE ".CATEGORIES_TABLE."
SET cat_name = '$cat_name', cat_description = '$cat_description', cat_parent_id = $cat_parent_id, cat_hits = $cat_hits, auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id = $cat_id";
$result = $site_db->query($sql);
if ($subcats) {
function get_subcategories_id($cat_id = 0)
{
global $subcat_ids, $cat_parent_cache;
if (!isset($cat_parent_cache[$cat_id]))
{
return false;
}
foreach ($cat_parent_cache[$cat_id] as $key => $val)
{
$subcat_ids[] = $val;
get_subcategories_id($val);
}
return $subcat_ids;
}
$subcat_ids = array();
$subcat_ids = get_subcategories_id($cat_id);
if (!empty($subcat_ids))
{
$sql = "UPDATE ".CATEGORIES_TABLE."
SET auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id IN (".implode($subcat_ids, ",").")";
$result = $site_db->query($sql);
}
}
$msg = ($result) ? $lang['cat_edit_success'] : $lang['cat_edit_error'];
$action = "modifycats";
}
else {
$msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "editcat";
}
}
if ($action == "updatecat") {
$error = array();
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : intval($HTTP_GET_VARS['cat_id']);
$cat_parent_id = intval($HTTP_POST_VARS['cat_parent_id']);
$cat_name = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_name']));
$cat_description = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_description']));
$cat_hits = intval(trim($HTTP_POST_VARS['cat_hits']));
$cat_order = (isset($HTTP_POST_VARS['cat_order'])) ? intval($HTTP_POST_VARS['cat_order']) : 0;
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
$subcats = (isset($HTTP_POST_VARS['subcats']) && $HTTP_POST_VARS['subcats']) ? 1 : 0;
$subcat_ids = array();
get_subcategories_id($cat_id);
if ($cat_parent_id == $cat_id || in_array($cat_parent_id, $subcat_ids)) {
$msg .= sprintf("<span class=\"marktext\">%s</span><br />", $lang['parent_cat_error']);
$error['cat_parent_id'] = 1;
}
if ($cat_name == "") {
$error['cat_name'] = 1;
}
if (empty($error)) {
if (!$cat_order) {
$sql = "SELECT cat_order
FROM ".CATEGORIES_TABLE."
WHERE cat_parent_id = $cat_parent_id
ORDER BY cat_order DESC
LIMIT 1";
$catorder = $site_db->query_firstrow($sql);
$cat_order = $catorder['cat_order'] + 10;
$do_updat_cat_order = 0;
}
else {
$do_updat_cat_order = 1;
}
$sql = "UPDATE ".CATEGORIES_TABLE."
SET cat_name = '$cat_name', cat_order = '$cat_order', cat_description = '$cat_description', cat_parent_id = $cat_parent_id, cat_hits = $cat_hits, auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id = $cat_id";
$result = $site_db->query($sql);
if ($do_updat_cat_order) {
update_cat_order($cat_parent_id);
}
if ($subcats) {
function get_subcategories_id($cat_id = 0)
{
global $subcat_ids, $cat_parent_cache;
if (!isset($cat_parent_cache[$cat_id]))
{
return false;
}
foreach ($cat_parent_cache[$cat_id] as $key => $val)
{
$subcat_ids[] = $val;
get_subcategories_id($val);
}
return $subcat_ids;
}
$subcat_ids = array();
$subcat_ids = get_subcategories_id($cat_id);
if (!empty($subcat_ids))
{
$sql = "UPDATE ".CATEGORIES_TABLE."
SET auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id IN (".implode($subcat_ids, ",").")";
$result = $site_db->query($sql);
}
}
$msg = ($result) ? $lang['cat_edit_success'] : $lang['cat_edit_error'];
$action = "modifycats";
}
else {
$msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "editcat";
}
}
static $trans;
if (!isset($trans)) {
$trans = get_html_translation_table(HTML_ENTITIES);
unset($trans["'"]);
unset($trans['"']);
unset($trans['<']);
unset($trans['>']);
}
$text = strtr($text, $trans);
don't display cyrillic properly
if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: email.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) fьr weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
class Email {
var $auth_type = "LOGIN"; // Default: "LOGIN". Set to "PLAIN" if required.
var $no_error = 0;
var $use_smtp;
var $to;
var $subject;
var $body;
var $bcc = array();
var $from = "";
var $from_email = "";
var $word_wrap = 76;
var $template_extension = "html";
var $start = "{";
var $end = "}";
var $key_cache = array();
var $val_cache = array();
var $crlf = "\r\n";
function Email() {
global $config;
$this->use_smtp = ($config['use_smtp'] == 1) ? 1 : 0;
$this->smtp_auth = (!empty($config['smtp_username']) && !empty($config['smtp_password'])) ? 1 : 0;
$this->crlf = ($this->use_smtp) ? "\r\n" : "\n";
}
function set_from($email, $name = "") {
$this->from_email = $email;
$this->from = sprintf("Return-Path: %s".$this->crlf, $email);
$this->from .= ($name != "") ? sprintf("From: %s <%s>".$this->crlf, "=?windows-1251?B?".base64_encode($name)."?=", $email) : sprintf("From: %s".$this->crlf, $email);
}
function set_to($to) {
$this->to = $to;
}
function set_subject($subject) {
$this->subject = "=?windows-1251?B?".base64_encode($subject)."?=";
}
function register_vars($var_name, $value = "") {
if (!is_array($var_name)) {
if (!empty($var_name)) {
$this->key_cache[$var_name] = "/".$this->add_identifiers($var_name)."/";
$this->val_cache[$var_name] = $value;
}
}
else {
foreach ($var_name as $key => $val) {
if (!empty($key)) {
$this->key_cache[$key] = "/".$this->add_identifiers($key)."/";
$this->val_cache[$key] = $val;
}
}
}
}
function add_identifiers($var_name) {
return preg_quote($this->start.$var_name.$this->end);
}
function get_template($template, $lang) {
$path = ROOT_PATH."lang/".$lang."/email/".$template.".".$this->template_extension;
$line = @implode("", @file($path));
if (empty($line)) {
$this->error("Couldn't open Template ".$path);
}
return $line;
}
function prepare_text($message) {
$message = preg_replace("/\r\n/si", "\n", $message);
if ($this->word_wrap) {
$lines = explode("\n", $message);
$message = "";
for ($i = 0 ;$i < sizeof($lines); $i++) {
$line_part = explode(" ", trim($lines[$i]));
$buf = "";
for ($j = 0; $j < count($line_part); $j++) {
$buf_o = $buf;
$buf .= (($j == 0) ? "" : " ").$line_part[$j];
if (strlen($buf) > $this->word_wrap && $buf_o != "") {
$message .= $buf_o.$this->crlf;
$buf = $line_part[$j];
}
}
$message .= $buf.$this->crlf;
}
}
return $message;
}
function set_body($template_name = "", $lang = "english") {
$template_name = trim($template_name);
$body = "";
if ($template_name != "") {
$template = $this->get_template($template_name, $lang);
$body = preg_replace($this->key_cache, $this->val_cache, $template);
}
$this->body = ((!empty($this->body)) ? $this->body : "").$this->prepare_text($body);
}
function set_simple_body($body = "") {
$this->body = ((!empty($this->body)) ? $this->body : "").$this->prepare_text($body);
}
function set_bcc($bcc) {
foreach ($bcc as $val) {
$val = trim($val);
if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $val)) {
$this->bcc[] = $val;
}
}
}
function create_header() {
global $config;
$header = "";
if (empty($this->from)) {
$header .= sprintf("Return-Path: %s\r\n", $config['site_email']);
$header .= sprintf("From: %s\r\n", $config['site_email']);
}
else {
$header .= $this->from;
}
//$header .= sprintf("Reply-to: %s\r\n", $config['site_email']);
//$header .= sprintf("To: %s\r\n", $this->to);
if (!empty($this->bcc) && !$this->use_smtp) {
$bcc_list = "";
foreach ($this->bcc as $key => $val) {
$bcc_list .= (($bcc_list != "") ? ", " : "").$val;
}
$header .= sprintf("Bcc: %s\r\n", $bcc_list);
}
$header .= sprintf("Subject: %s\r\n", $this->subject);
$header .= sprintf("Subject: %s\r\n", $this->subject);
$header .= "MIME-Version: 1.0\n";
$header .= "Content-Type: text/plain; charset=\"windows-1251\"\n";
$header .= "Content-Transfer-Encoding: 8bit\n";
return $header;
}
function send_email() {
if ($this->use_smtp) {
return ($this->smtp_mail($this->to, $this->subject, $this->body, $this->create_header())) ? 1 : 0;
}
else {
return (mail($this->to, $this->subject, $this->body, $this->create_header())) ? 1 : 0;
}
}
function smtp_mail($mail_to, $subject, $body, $headers = "") {
global $config;
$ok = 1;
if (empty($config['smtp_host'])) {
$config['smtp_host'] = "localhost";
}
// open socket.
$fp = fsockopen($config['smtp_host'], 25);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 220) {
$ok = 0;
$this->error("Invalid mail server response (service not ready?): $result", 1);
}
// send helo
if ($this->smtp_auth) {
fputs($fp, "EHLO ".$config['smtp_host'].$this->crlf);
/**
* Patch by forum user blueshift. Thanks!
*/
// not ok until first valid server response
$ok = 0;
// fetch response line after line
while (!feof($fp)) {
$result = fgets($fp, 1024);
if (strlen($result)!=0) {
if (substr($result, 0, 3) == 250) {
$ok = 1;
// lower timeout after first valid response
if (function_exists('stream_set_timeout')) {
stream_set_timeout($fp, 1);
}
}
else {
// reset ok on error
$ok = 0;
break;
}
}
else {
// EOF
break;
}
}
if ($ok == 0) {
$this->error("EHLO invalid mail server response: $result", 1);
}
if (function_exists('stream_set_timeout')) {
// reset timeout for subsequent ops
stream_set_timeout($fp, 30);
}
if (strtoupper($this->auth_type) == "PLAIN") {
fputs($fp, "AUTH PLAIN ".base64_encode($config['smtp_username'].chr(0).$config['smtp_password']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 235) {
$ok = 0;
$this->error("AUTH PLAIN invalid mail server response: $result<br /> Maybe your SMTP Server does'nt support authentification. Try to leave Username and Password blank in your settings.", 1);
}
}
else {
fputs($fp, "AUTH LOGIN".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 334) {
$ok = 0;
$this->error("AUTH LOGIN invalid mail server response: $result<br /> Maybe your SMTP Server does'nt support authentification. Try to leave Username and Password blank in your settings.", 1);
}
fputs($fp, base64_encode($config['smtp_username']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 334) {
$ok = 0;
$this->error("USERNAME invalid mail server response: $result", 1);
}
fputs($fp, base64_encode($config['smtp_password']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 235) {
$ok = 0;
$this->error("PASSWORD invalid mail server response: $result", 1);
}
}
}
else {
fputs($fp, "HELO ".$config['smtp_host'].$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("HELO invalid mail server response: $result", 1);
}
}
// MAIL FROM
if (empty($this->from_email)) {
$this->from_email = $config['site_email'];
}
fputs($fp, "MAIL FROM: ".$this->from_email.$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("MAIL FROM invalid mail server response: $result", 1);
}
// RCPT TO
$mail_to_array = explode(",", $mail_to);
$to_header = "To: ";
foreach ($mail_to_array as $key => $val) {
$val = trim($val);
fputs($fp, "RCPT TO: <$val>".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("RCPT TO invalid mail server response: $result", 1);
}
$to_header .= "<$val>, ";
}
$to_header = ereg_replace(", $", "", $to_header);
if (!empty($this->bcc)) {
foreach ($this->bcc as $key => $val) {
fputs($fp, "RCPT TO: <$val>".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("RCPT TO invalid mail server response: $result", 1);
}
//$to_header .= "<$val>, ";
}
//$to_header = ereg_replace(", $", "", $to_header);
}
// DATA
fputs($fp, "DATA".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 354) {
$ok = 0;
$this->error("DATA invalid mail server response: $result", 1);
}
// Send subject
fputs($fp, "Subject: $subject".$this->crlf);
// Send headers
fputs($fp, $to_header.$this->crlf);
$headers = preg_replace("/([^\r]{1})\n/", "\\1\r\n", $headers);
fputs($fp, $headers.$this->crlf.$this->crlf);
// Send body
$body = preg_replace("/([^\r]{1})\n/", "\\1\r\n", $body);
$body = preg_replace("/\n\n/", "\n\r\n", $body);
$body = preg_replace("/\n\./", "\n..", $body);
fputs($fp, $body.$this->crlf);
// End of DATA: CRLF.CRLF
fputs($fp, $this->crlf.".".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("DATA(end): invalid mail server response: $result", 1);
}
// QUIT
fputs($fp, "QUIT".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 221) {
$ok = 0;
$this->error("QUIT: invalid mail server response: $result", 1);
}
// Close connection
fclose($fp);
return $ok;
}
function reset($reset_template_vars = 0) {
$this->to = "";
$this->subject = "";
$this->body = "";
$this->bcc = array();
$this->from = "";
$this->from_email = "";
if ($reset_template_vars) {
$this->key_cache = array();
$this->val_cache = array();
}
}
function error($errmsg, $halt = 0) {
if (!$this->no_error) {
echo "<br /><font color='#FF0000'><b>Email Error</b></font>: ".$errmsg."<br />";
if ($halt) {
exit;
}
}
}
} // end of class
?>
<?php // PLUGIN_TITLE: Shoutbox Admin
/*************************************\
** **
** Shoutbox Mod for 4images **
** Version: v1.0(Beta) **
** By: f1do **
** Email: f1do.987@gmail.com **
** Web: http://f1do.uni.cc **
** **
\*************************************/
$nozip = 1;
define('IN_CP', 1);
$root_path = (!eregi("\/plugins\/", $HTTP_SERVER_VARS['PHP_SELF'])) ? "./../" : "./../../";
define('ROOT_PATH', $root_path);
require(ROOT_PATH.'admin/admin_global.php');
define('SHOUTBOX_TABLE', $table_prefix.'shoutbox');
function get_num_words ($text) {
$text_words = explode (" ", $text);
$text_words = sizeof ($text_words);
return $text_words;
}
show_admin_header();
if ($action == "") {
$action = "main";
}
//---------------------------------------------------
//--- Instalation -----------------------------------
//---------------------------------------------------
if ($action == "installshoutbox") {
$active = un_htmlspecialchars(trim($HTTP_POST_VARS['active']));
$allowguests = un_htmlspecialchars(trim($HTTP_POST_VARS['allowguests']));
$usr_lgth = un_htmlspecialchars($HTTP_POST_VARS['usr_lgth']);
$msg_lgth = un_htmlspecialchars($HTTP_POST_VARS['msg_lgth']);
$sh_wordwrap = un_htmlspecialchars(trim($HTTP_POST_VARS['sh_wordwrap']));
$bbcode = trim($HTTP_POST_VARS['bbcode']);
$bbimg = trim($HTTP_POST_VARS['bbimg']);
$html = htmlspecialchars(trim($HTTP_POST_VARS['html']));
$shouts = un_htmlspecialchars(trim($HTTP_POST_VARS['shouts']));
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$active.",'sh_active')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$allowguests.",'sh_allow_guests')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$usr_lgth.",'sh_usr_lgth')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$msg_lgth.",'sh_msg_lgth')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$sh_wordwrap.",'sh_wordwrap')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$bbcode.",'sh_bbcode')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$bbimg.",'sh_bbimg')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$html.",'sh_html')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$shouts.",'sh_msg_display')";
$result = $site_db->query($sql);
$sql = 'CREATE TABLE `4images_shoutbox` ('
. ' `id` INT NOT NULL AUTO_INCREMENT, '
. ' `name` VARCHAR(50) NOT NULL, '
. ' `message` TEXT NOT NULL, '
. ' `date` VARCHAR(15) NOT NULL,'
. ' `ip` VARCHAR(15) NOT NULL,'
. ' `usrid` INT(11) NOT NULL,'
. ' PRIMARY KEY (`id`)'
. ' )'
. ' TYPE = myisam';
$result = $site_db->query($sql);
if ($result) {
echo $lang['sh_installed'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
else {
echo $lang['sh_not_installed'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
}
unset ($active);
unset ($allowguests);
unset ($usr_lgth);
unset ($msg_lgth);
unset ($sh_wordwrap);
unset ($bbcode);
unset ($bbimg);
unset ($html);
unset ($shouts);
if (!isset($config['sh_active']) && $action != "installshoutbox") {
$action = "cfginstallshoutbox";
}
if ($action == "cfginstallshoutbox") {
show_form_header('shoutbox_admin.php','installshoutbox');
show_table_header($lang['sh_cfg']);
show_radio_row($lang['sh_activate'], "active");
show_radio_row($lang['sh_allow_guests'], "allowguests");
show_input_row($lang['sh_usr_lgth'],"usr_lgth","15");
show_input_row($lang['sh_msg_lgth'],"msg_lgth","50");
show_input_row($lang['sh_wordwrap'],"sh_wordwrap","30");
show_radio_row($lang['sh_bbcode'], "bbcode");
show_radio_row($lang['sh_bbimg'], "bbimg", 0);
show_radio_row($lang['sh_html'], "html");
show_input_row($lang['sh_msg_display'],"shouts","20");
show_table_footer();
show_form_footer($lang['sh_install'], "", 2);
}
//---------------------------------------------
//-------- Admin ------------------------------
//---------------------------------------------
if ($action == "main") {
$sql = "SELECT * FROM ".SHOUTBOX_TABLE." ORDER BY id DESC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$shouts[] = $row;
}
$num_shouts = sizeof ($shouts);
if ($num_shouts > 20) {
$num_shouts = 20;
}
if ($num_shouts > 0) {
show_form_header('shoutbox_admin.php','deleteshout');
echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n<tr>\n<td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
echo "<tr class=\"tableseparator\">\n<td class=\"tableseparator\" width=\"40\"><input name=\"allbox\" type=\"checkbox\" onClick=\"CheckAll()\" /></td>\n";
echo "<td class=\"tableseparator\" width=\"40\">".$lang['sh_number']."</td>\n";
echo "<td class=\"tableseparator\" width=\"70\">".$lang['sh_name']."</td>\n";
echo "<td class=\"tableseparator\">".$lang['sh_message']."</td>\n";
echo "<td class=\"tableseparator\" width=\"100\">".$lang['sh_date']."</td>\n";
echo "<td class=\"tableseparator\" width=\"80\">".$lang['sh_options']."</td></tr>\n";
for ($i = 0; $i < $num_shouts; $i++) {
echo "<tr class=\"".get_row_bg()."\">\n";
echo "<td><input type=\"checkbox\" name=\"shout_delete[]\" value=\"".$shouts[$i]['id']."\"></td>\n";
echo "<td>".$shouts[$i]['id']."</td>\n";
echo "<td>".$shouts[$i]['name']."</td>\n";
echo "<td>".$shouts[$i]['message']."</td>\n";
echo "<td>".date('d.m.Y H:i:s', $shouts[$i]['date'])."</td>\n";
echo "<td><a href=\"".ROOT_PATH."shout_editor.php?action=edit&shout_id=".$shouts[$i]['id']."\" target=\"_blank\" onClick=\"return popup(this,'edit_shout')\">".$lang['edit']."</a> <a href=\"".ROOT_PATH."shout_editor.php?action=delete&shout_id=".$shouts[$i]['id']."\" target=\"_blank\" onClick=\"return popup(this,'delete_shout')\">".$lang['delete']."</a></td>\n";
}
show_form_footer($lang['sh_delete'], "", 6);
}
show_form_header('shoutbox_admin.php','editconfig');
show_table_header($lang['sh_cfg']);
show_radio_row($lang['sh_activate'], "active",$config['sh_active']);
show_radio_row($lang['sh_allow_guests'], "allowguests",$config['sh_allow_guests']);
show_input_row($lang['sh_usr_lgth'],"usr_lgth",$config['sh_usr_lgth']);
show_input_row($lang['sh_msg_lgth'],"msg_lgth",$config['sh_msg_lgth']);
show_input_row($lang['sh_wordwrap'],"sh_wordwrap",$config['sh_wordwrap']);
show_radio_row($lang['sh_bbcode'], "bbcode",$config['sh_bbcode']);
show_radio_row($lang['sh_bbimg'], "bbimg",$config['sh_bbimg']);
show_radio_row($lang['sh_html'], "html",$config['sh_html']);
show_input_row($lang['sh_msg_display'],"shouts",$config['sh_msg_display']);
show_table_footer();
show_form_footer($lang['sh_update'], "", 2);
}
if ($action == "deleteshout") {
if (isset($HTTP_POST_VARS['shout_delete'])){
$shout_delete = $HTTP_POST_VARS['shout_delete'];
$num_shout_delete = sizeof ($shout_delete);
for ($i = 0; $i <= $num_shout_delete; $i++) {
$sql = "DELETE FROM ".SHOUTBOX_TABLE." WHERE id='".$shout_delete[$i]."'";
$result = $site_db->query($sql);
}
echo $lang['sh_deleted'];
}
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
if ($action == "editconfig") {
$active = un_htmlspecialchars(trim($HTTP_POST_VARS['active']));
$allowguests = un_htmlspecialchars(trim($HTTP_POST_VARS['allowguests']));
$usr_lgth = un_htmlspecialchars($HTTP_POST_VARS['usr_lgth']);
$msg_lgth = un_htmlspecialchars($HTTP_POST_VARS['msg_lgth']);
$sh_wordwrap = un_htmlspecialchars(trim($HTTP_POST_VARS['sh_wordwrap']));
$bbcode = trim($HTTP_POST_VARS['bbcode']);
$bbimg = trim($HTTP_POST_VARS['bbimg']);
$html = trim($HTTP_POST_VARS['html']);
$shouts = un_htmlspecialchars(trim($HTTP_POST_VARS['shouts']));
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$active." WHERE setting_name = 'sh_active'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$allowguests." WHERE setting_name = 'sh_allow_guests'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$usr_lgth." WHERE setting_name = 'sh_usr_lgth'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$msg_lgth." WHERE setting_name = 'sh_msg_lgth'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$sh_wordwrap." WHERE setting_name = 'sh_wordwrap'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$bbcode." WHERE setting_name = 'sh_bbcode'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$bbimg." WHERE setting_name = 'sh_bbimg'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$html." WHERE setting_name = 'sh_html'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$shouts." WHERE setting_name = 'sh_msg_display'";
$result = $site_db->query($sql);
if ($result) {
echo $lang['sh_updated'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
} else {
echo $lang['sh_not_updated'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
unset ($active);
unset ($allowguests);
unset ($usr_lgth);
unset ($msg_lgth);
unset ($sh_wordwrap);
unset ($bbcode);
unset ($bbimg);
unset ($html);
unset ($shouts);
}
show_admin_footer();
?>