1
Feedback & Suggestions / Re: [FIX] - admin/backup.php file
« on: January 23, 2008, 03:16:07 PM »
4images 1.7.4
PHP Version 4.3.10
PHP Version 4.3.10
4images is now on facebook. Click here and become a fan!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
foreach ($auth as $key => $val) {
$sql = "DELETE FROM ".GROUP_ACCESS_TABLE."
WHERE cat_id = $key AND group_id = $group_id";
$site_db->query($sql);
$sql = "DELETE FROM ".GROUP_ACCESS_TABLE."
WHERE group_id = $group_id";
$site_db->query($sql);
foreach ($auth as $key => $val) {
echo "<td class=\"tableseparator\" width=\"".$col_width."%\" align=\"center\"><input name=\"allbox[".$val."]\" type=\"checkbox\" onClick=\"CheckAllCats(this, '".$val."');\" />".$lang[$val]."</td>\n";
echo "<td class=\"tableseparator\" width=\"".$col_width."%\" align=\"center\">".($permission_select_type == "checkbox" ? "<input name=\"allbox[".$val."]\" type=\"checkbox\" onClick=\"CheckAllCats(this, '".$val."');\" />":"").$lang[$val]."</td>\n";
if ($action == "updatecat") {
$error = array();
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : intval($HTTP_GET_VARS['cat_id']);
$cat_parent_id = intval($HTTP_POST_VARS['cat_parent_id']);
$cat_name = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_name']));
$cat_description = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_description']));
$cat_hits = intval(trim($HTTP_POST_VARS['cat_hits']));
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
$subcats = (isset($HTTP_POST_VARS['subcats']) && $HTTP_POST_VARS['subcats']) ? 1 : 0;
$subcat_ids = array();
get_subcategories_id($cat_id);
if ($cat_parent_id == $cat_id || in_array($cat_parent_id, $subcat_ids)) {
$msg .= sprintf("<span class=\"marktext\">%s</span><br />", $lang['parent_cat_error']);
$error['cat_parent_id'] = 1;
}
if ($cat_name == "") {
$error['cat_name'] = 1;
}
if (empty($error)) {
$sql = "UPDATE ".CATEGORIES_TABLE."
SET cat_name = '$cat_name', cat_description = '$cat_description', cat_parent_id = $cat_parent_id, cat_hits = $cat_hits, auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id = $cat_id";
$result = $site_db->query($sql);
if ($subcats) {
function get_subcategories_id($cat_id = 0)
{
global $subcat_ids, $cat_parent_cache;
if (!isset($cat_parent_cache[$cat_id]))
{
return false;
}
foreach ($cat_parent_cache[$cat_id] as $key => $val)
{
$subcat_ids[] = $val;
get_subcategories_id($val);
}
return $subcat_ids;
}
$subcat_ids = array();
$subcat_ids = get_subcategories_id($cat_id);
if (!empty($subcat_ids))
{
$sql = "UPDATE ".CATEGORIES_TABLE."
SET auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id IN (".implode($subcat_ids, ",").")";
$result = $site_db->query($sql);
}
}
$msg = ($result) ? $lang['cat_edit_success'] : $lang['cat_edit_error'];
$action = "modifycats";
}
else {
$msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "editcat";
}
}
if ($action == "updatecat") {
$error = array();
$cat_id = (isset($HTTP_POST_VARS['cat_id'])) ? intval($HTTP_POST_VARS['cat_id']) : intval($HTTP_GET_VARS['cat_id']);
$cat_parent_id = intval($HTTP_POST_VARS['cat_parent_id']);
$cat_name = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_name']));
$cat_description = un_htmlspecialchars(trim($HTTP_POST_VARS['cat_description']));
$cat_hits = intval(trim($HTTP_POST_VARS['cat_hits']));
$cat_order = (isset($HTTP_POST_VARS['cat_order'])) ? intval($HTTP_POST_VARS['cat_order']) : 0;
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
$subcats = (isset($HTTP_POST_VARS['subcats']) && $HTTP_POST_VARS['subcats']) ? 1 : 0;
$subcat_ids = array();
get_subcategories_id($cat_id);
if ($cat_parent_id == $cat_id || in_array($cat_parent_id, $subcat_ids)) {
$msg .= sprintf("<span class=\"marktext\">%s</span><br />", $lang['parent_cat_error']);
$error['cat_parent_id'] = 1;
}
if ($cat_name == "") {
$error['cat_name'] = 1;
}
if (empty($error)) {
if (!$cat_order) {
$sql = "SELECT cat_order
FROM ".CATEGORIES_TABLE."
WHERE cat_parent_id = $cat_parent_id
ORDER BY cat_order DESC
LIMIT 1";
$catorder = $site_db->query_firstrow($sql);
$cat_order = $catorder['cat_order'] + 10;
$do_updat_cat_order = 0;
}
else {
$do_updat_cat_order = 1;
}
$sql = "UPDATE ".CATEGORIES_TABLE."
SET cat_name = '$cat_name', cat_order = '$cat_order', cat_description = '$cat_description', cat_parent_id = $cat_parent_id, cat_hits = $cat_hits, auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id = $cat_id";
$result = $site_db->query($sql);
if ($do_updat_cat_order) {
update_cat_order($cat_parent_id);
}
if ($subcats) {
function get_subcategories_id($cat_id = 0)
{
global $subcat_ids, $cat_parent_cache;
if (!isset($cat_parent_cache[$cat_id]))
{
return false;
}
foreach ($cat_parent_cache[$cat_id] as $key => $val)
{
$subcat_ids[] = $val;
get_subcategories_id($val);
}
return $subcat_ids;
}
$subcat_ids = array();
$subcat_ids = get_subcategories_id($cat_id);
if (!empty($subcat_ids))
{
$sql = "UPDATE ".CATEGORIES_TABLE."
SET auth_viewcat = $auth_viewcat, auth_viewimage = $auth_viewimage, auth_download = $auth_download, auth_upload = $auth_upload, auth_directupload = $auth_directupload, auth_vote = $auth_vote, auth_sendpostcard = $auth_sendpostcard, auth_readcomment = $auth_readcomment, auth_postcomment = $auth_postcomment
WHERE cat_id IN (".implode($subcat_ids, ",").")";
$result = $site_db->query($sql);
}
}
$msg = ($result) ? $lang['cat_edit_success'] : $lang['cat_edit_error'];
$action = "modifycats";
}
else {
$msg .= sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']);
$action = "editcat";
}
}
static $trans;
if (!isset($trans)) {
$trans = get_html_translation_table(HTML_ENTITIES);
unset($trans["'"]);
unset($trans['"']);
unset($trans['<']);
unset($trans['>']);
}
$text = strtr($text, $trans);
don't display cyrillic properly
if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: email.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) fьr weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
class Email {
var $auth_type = "LOGIN"; // Default: "LOGIN". Set to "PLAIN" if required.
var $no_error = 0;
var $use_smtp;
var $to;
var $subject;
var $body;
var $bcc = array();
var $from = "";
var $from_email = "";
var $word_wrap = 76;
var $template_extension = "html";
var $start = "{";
var $end = "}";
var $key_cache = array();
var $val_cache = array();
var $crlf = "\r\n";
function Email() {
global $config;
$this->use_smtp = ($config['use_smtp'] == 1) ? 1 : 0;
$this->smtp_auth = (!empty($config['smtp_username']) && !empty($config['smtp_password'])) ? 1 : 0;
$this->crlf = ($this->use_smtp) ? "\r\n" : "\n";
}
function set_from($email, $name = "") {
$this->from_email = $email;
$this->from = sprintf("Return-Path: %s".$this->crlf, $email);
$this->from .= ($name != "") ? sprintf("From: %s <%s>".$this->crlf, "=?windows-1251?B?".base64_encode($name)."?=", $email) : sprintf("From: %s".$this->crlf, $email);
}
function set_to($to) {
$this->to = $to;
}
function set_subject($subject) {
$this->subject = "=?windows-1251?B?".base64_encode($subject)."?=";
}
function register_vars($var_name, $value = "") {
if (!is_array($var_name)) {
if (!empty($var_name)) {
$this->key_cache[$var_name] = "/".$this->add_identifiers($var_name)."/";
$this->val_cache[$var_name] = $value;
}
}
else {
foreach ($var_name as $key => $val) {
if (!empty($key)) {
$this->key_cache[$key] = "/".$this->add_identifiers($key)."/";
$this->val_cache[$key] = $val;
}
}
}
}
function add_identifiers($var_name) {
return preg_quote($this->start.$var_name.$this->end);
}
function get_template($template, $lang) {
$path = ROOT_PATH."lang/".$lang."/email/".$template.".".$this->template_extension;
$line = @implode("", @file($path));
if (empty($line)) {
$this->error("Couldn't open Template ".$path);
}
return $line;
}
function prepare_text($message) {
$message = preg_replace("/\r\n/si", "\n", $message);
if ($this->word_wrap) {
$lines = explode("\n", $message);
$message = "";
for ($i = 0 ;$i < sizeof($lines); $i++) {
$line_part = explode(" ", trim($lines[$i]));
$buf = "";
for ($j = 0; $j < count($line_part); $j++) {
$buf_o = $buf;
$buf .= (($j == 0) ? "" : " ").$line_part[$j];
if (strlen($buf) > $this->word_wrap && $buf_o != "") {
$message .= $buf_o.$this->crlf;
$buf = $line_part[$j];
}
}
$message .= $buf.$this->crlf;
}
}
return $message;
}
function set_body($template_name = "", $lang = "english") {
$template_name = trim($template_name);
$body = "";
if ($template_name != "") {
$template = $this->get_template($template_name, $lang);
$body = preg_replace($this->key_cache, $this->val_cache, $template);
}
$this->body = ((!empty($this->body)) ? $this->body : "").$this->prepare_text($body);
}
function set_simple_body($body = "") {
$this->body = ((!empty($this->body)) ? $this->body : "").$this->prepare_text($body);
}
function set_bcc($bcc) {
foreach ($bcc as $val) {
$val = trim($val);
if (preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $val)) {
$this->bcc[] = $val;
}
}
}
function create_header() {
global $config;
$header = "";
if (empty($this->from)) {
$header .= sprintf("Return-Path: %s\r\n", $config['site_email']);
$header .= sprintf("From: %s\r\n", $config['site_email']);
}
else {
$header .= $this->from;
}
//$header .= sprintf("Reply-to: %s\r\n", $config['site_email']);
//$header .= sprintf("To: %s\r\n", $this->to);
if (!empty($this->bcc) && !$this->use_smtp) {
$bcc_list = "";
foreach ($this->bcc as $key => $val) {
$bcc_list .= (($bcc_list != "") ? ", " : "").$val;
}
$header .= sprintf("Bcc: %s\r\n", $bcc_list);
}
$header .= sprintf("Subject: %s\r\n", $this->subject);
$header .= sprintf("Subject: %s\r\n", $this->subject);
$header .= "MIME-Version: 1.0\n";
$header .= "Content-Type: text/plain; charset=\"windows-1251\"\n";
$header .= "Content-Transfer-Encoding: 8bit\n";
return $header;
}
function send_email() {
if ($this->use_smtp) {
return ($this->smtp_mail($this->to, $this->subject, $this->body, $this->create_header())) ? 1 : 0;
}
else {
return (mail($this->to, $this->subject, $this->body, $this->create_header())) ? 1 : 0;
}
}
function smtp_mail($mail_to, $subject, $body, $headers = "") {
global $config;
$ok = 1;
if (empty($config['smtp_host'])) {
$config['smtp_host'] = "localhost";
}
// open socket.
$fp = fsockopen($config['smtp_host'], 25);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 220) {
$ok = 0;
$this->error("Invalid mail server response (service not ready?): $result", 1);
}
// send helo
if ($this->smtp_auth) {
fputs($fp, "EHLO ".$config['smtp_host'].$this->crlf);
/**
* Patch by forum user blueshift. Thanks!
*/
// not ok until first valid server response
$ok = 0;
// fetch response line after line
while (!feof($fp)) {
$result = fgets($fp, 1024);
if (strlen($result)!=0) {
if (substr($result, 0, 3) == 250) {
$ok = 1;
// lower timeout after first valid response
if (function_exists('stream_set_timeout')) {
stream_set_timeout($fp, 1);
}
}
else {
// reset ok on error
$ok = 0;
break;
}
}
else {
// EOF
break;
}
}
if ($ok == 0) {
$this->error("EHLO invalid mail server response: $result", 1);
}
if (function_exists('stream_set_timeout')) {
// reset timeout for subsequent ops
stream_set_timeout($fp, 30);
}
if (strtoupper($this->auth_type) == "PLAIN") {
fputs($fp, "AUTH PLAIN ".base64_encode($config['smtp_username'].chr(0).$config['smtp_password']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 235) {
$ok = 0;
$this->error("AUTH PLAIN invalid mail server response: $result<br /> Maybe your SMTP Server does'nt support authentification. Try to leave Username and Password blank in your settings.", 1);
}
}
else {
fputs($fp, "AUTH LOGIN".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 334) {
$ok = 0;
$this->error("AUTH LOGIN invalid mail server response: $result<br /> Maybe your SMTP Server does'nt support authentification. Try to leave Username and Password blank in your settings.", 1);
}
fputs($fp, base64_encode($config['smtp_username']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 334) {
$ok = 0;
$this->error("USERNAME invalid mail server response: $result", 1);
}
fputs($fp, base64_encode($config['smtp_password']).$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 235) {
$ok = 0;
$this->error("PASSWORD invalid mail server response: $result", 1);
}
}
}
else {
fputs($fp, "HELO ".$config['smtp_host'].$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("HELO invalid mail server response: $result", 1);
}
}
// MAIL FROM
if (empty($this->from_email)) {
$this->from_email = $config['site_email'];
}
fputs($fp, "MAIL FROM: ".$this->from_email.$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("MAIL FROM invalid mail server response: $result", 1);
}
// RCPT TO
$mail_to_array = explode(",", $mail_to);
$to_header = "To: ";
foreach ($mail_to_array as $key => $val) {
$val = trim($val);
fputs($fp, "RCPT TO: <$val>".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("RCPT TO invalid mail server response: $result", 1);
}
$to_header .= "<$val>, ";
}
$to_header = ereg_replace(", $", "", $to_header);
if (!empty($this->bcc)) {
foreach ($this->bcc as $key => $val) {
fputs($fp, "RCPT TO: <$val>".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("RCPT TO invalid mail server response: $result", 1);
}
//$to_header .= "<$val>, ";
}
//$to_header = ereg_replace(", $", "", $to_header);
}
// DATA
fputs($fp, "DATA".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 354) {
$ok = 0;
$this->error("DATA invalid mail server response: $result", 1);
}
// Send subject
fputs($fp, "Subject: $subject".$this->crlf);
// Send headers
fputs($fp, $to_header.$this->crlf);
$headers = preg_replace("/([^\r]{1})\n/", "\\1\r\n", $headers);
fputs($fp, $headers.$this->crlf.$this->crlf);
// Send body
$body = preg_replace("/([^\r]{1})\n/", "\\1\r\n", $body);
$body = preg_replace("/\n\n/", "\n\r\n", $body);
$body = preg_replace("/\n\./", "\n..", $body);
fputs($fp, $body.$this->crlf);
// End of DATA: CRLF.CRLF
fputs($fp, $this->crlf.".".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 250) {
$ok = 0;
$this->error("DATA(end): invalid mail server response: $result", 1);
}
// QUIT
fputs($fp, "QUIT".$this->crlf);
$result = fgets($fp, 1024);
if (substr($result, 0, 3) != 221) {
$ok = 0;
$this->error("QUIT: invalid mail server response: $result", 1);
}
// Close connection
fclose($fp);
return $ok;
}
function reset($reset_template_vars = 0) {
$this->to = "";
$this->subject = "";
$this->body = "";
$this->bcc = array();
$this->from = "";
$this->from_email = "";
if ($reset_template_vars) {
$this->key_cache = array();
$this->val_cache = array();
}
}
function error($errmsg, $halt = 0) {
if (!$this->no_error) {
echo "<br /><font color='#FF0000'><b>Email Error</b></font>: ".$errmsg."<br />";
if ($halt) {
exit;
}
}
}
} // end of class
?>
<?php // PLUGIN_TITLE: Shoutbox Admin
/*************************************\
** **
** Shoutbox Mod for 4images **
** Version: v1.0(Beta) **
** By: f1do **
** Email: f1do.987@gmail.com **
** Web: http://f1do.uni.cc **
** **
\*************************************/
$nozip = 1;
define('IN_CP', 1);
$root_path = (!eregi("\/plugins\/", $HTTP_SERVER_VARS['PHP_SELF'])) ? "./../" : "./../../";
define('ROOT_PATH', $root_path);
require(ROOT_PATH.'admin/admin_global.php');
define('SHOUTBOX_TABLE', $table_prefix.'shoutbox');
function get_num_words ($text) {
$text_words = explode (" ", $text);
$text_words = sizeof ($text_words);
return $text_words;
}
show_admin_header();
if ($action == "") {
$action = "main";
}
//---------------------------------------------------
//--- Instalation -----------------------------------
//---------------------------------------------------
if ($action == "installshoutbox") {
$active = un_htmlspecialchars(trim($HTTP_POST_VARS['active']));
$allowguests = un_htmlspecialchars(trim($HTTP_POST_VARS['allowguests']));
$usr_lgth = un_htmlspecialchars($HTTP_POST_VARS['usr_lgth']);
$msg_lgth = un_htmlspecialchars($HTTP_POST_VARS['msg_lgth']);
$sh_wordwrap = un_htmlspecialchars(trim($HTTP_POST_VARS['sh_wordwrap']));
$bbcode = trim($HTTP_POST_VARS['bbcode']);
$bbimg = trim($HTTP_POST_VARS['bbimg']);
$html = htmlspecialchars(trim($HTTP_POST_VARS['html']));
$shouts = un_htmlspecialchars(trim($HTTP_POST_VARS['shouts']));
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$active.",'sh_active')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$allowguests.",'sh_allow_guests')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$usr_lgth.",'sh_usr_lgth')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$msg_lgth.",'sh_msg_lgth')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$sh_wordwrap.",'sh_wordwrap')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$bbcode.",'sh_bbcode')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$bbimg.",'sh_bbimg')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$html.",'sh_html')";
$result = $site_db->query($sql);
$sql = "INSERT INTO ".SETTINGS_TABLE."(setting_value,setting_name) VALUES(".$shouts.",'sh_msg_display')";
$result = $site_db->query($sql);
$sql = 'CREATE TABLE `4images_shoutbox` ('
. ' `id` INT NOT NULL AUTO_INCREMENT, '
. ' `name` VARCHAR(50) NOT NULL, '
. ' `message` TEXT NOT NULL, '
. ' `date` VARCHAR(15) NOT NULL,'
. ' `ip` VARCHAR(15) NOT NULL,'
. ' `usrid` INT(11) NOT NULL,'
. ' PRIMARY KEY (`id`)'
. ' )'
. ' TYPE = myisam';
$result = $site_db->query($sql);
if ($result) {
echo $lang['sh_installed'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
else {
echo $lang['sh_not_installed'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
}
unset ($active);
unset ($allowguests);
unset ($usr_lgth);
unset ($msg_lgth);
unset ($sh_wordwrap);
unset ($bbcode);
unset ($bbimg);
unset ($html);
unset ($shouts);
if (!isset($config['sh_active']) && $action != "installshoutbox") {
$action = "cfginstallshoutbox";
}
if ($action == "cfginstallshoutbox") {
show_form_header('shoutbox_admin.php','installshoutbox');
show_table_header($lang['sh_cfg']);
show_radio_row($lang['sh_activate'], "active");
show_radio_row($lang['sh_allow_guests'], "allowguests");
show_input_row($lang['sh_usr_lgth'],"usr_lgth","15");
show_input_row($lang['sh_msg_lgth'],"msg_lgth","50");
show_input_row($lang['sh_wordwrap'],"sh_wordwrap","30");
show_radio_row($lang['sh_bbcode'], "bbcode");
show_radio_row($lang['sh_bbimg'], "bbimg", 0);
show_radio_row($lang['sh_html'], "html");
show_input_row($lang['sh_msg_display'],"shouts","20");
show_table_footer();
show_form_footer($lang['sh_install'], "", 2);
}
//---------------------------------------------
//-------- Admin ------------------------------
//---------------------------------------------
if ($action == "main") {
$sql = "SELECT * FROM ".SHOUTBOX_TABLE." ORDER BY id DESC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$shouts[] = $row;
}
$num_shouts = sizeof ($shouts);
if ($num_shouts > 20) {
$num_shouts = 20;
}
if ($num_shouts > 0) {
show_form_header('shoutbox_admin.php','deleteshout');
echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">\n<tr>\n<td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n";
echo "<tr class=\"tableseparator\">\n<td class=\"tableseparator\" width=\"40\"><input name=\"allbox\" type=\"checkbox\" onClick=\"CheckAll()\" /></td>\n";
echo "<td class=\"tableseparator\" width=\"40\">".$lang['sh_number']."</td>\n";
echo "<td class=\"tableseparator\" width=\"70\">".$lang['sh_name']."</td>\n";
echo "<td class=\"tableseparator\">".$lang['sh_message']."</td>\n";
echo "<td class=\"tableseparator\" width=\"100\">".$lang['sh_date']."</td>\n";
echo "<td class=\"tableseparator\" width=\"80\">".$lang['sh_options']."</td></tr>\n";
for ($i = 0; $i < $num_shouts; $i++) {
echo "<tr class=\"".get_row_bg()."\">\n";
echo "<td><input type=\"checkbox\" name=\"shout_delete[]\" value=\"".$shouts[$i]['id']."\"></td>\n";
echo "<td>".$shouts[$i]['id']."</td>\n";
echo "<td>".$shouts[$i]['name']."</td>\n";
echo "<td>".$shouts[$i]['message']."</td>\n";
echo "<td>".date('d.m.Y H:i:s', $shouts[$i]['date'])."</td>\n";
echo "<td><a href=\"".ROOT_PATH."shout_editor.php?action=edit&shout_id=".$shouts[$i]['id']."\" target=\"_blank\" onClick=\"return popup(this,'edit_shout')\">".$lang['edit']."</a> <a href=\"".ROOT_PATH."shout_editor.php?action=delete&shout_id=".$shouts[$i]['id']."\" target=\"_blank\" onClick=\"return popup(this,'delete_shout')\">".$lang['delete']."</a></td>\n";
}
show_form_footer($lang['sh_delete'], "", 6);
}
show_form_header('shoutbox_admin.php','editconfig');
show_table_header($lang['sh_cfg']);
show_radio_row($lang['sh_activate'], "active",$config['sh_active']);
show_radio_row($lang['sh_allow_guests'], "allowguests",$config['sh_allow_guests']);
show_input_row($lang['sh_usr_lgth'],"usr_lgth",$config['sh_usr_lgth']);
show_input_row($lang['sh_msg_lgth'],"msg_lgth",$config['sh_msg_lgth']);
show_input_row($lang['sh_wordwrap'],"sh_wordwrap",$config['sh_wordwrap']);
show_radio_row($lang['sh_bbcode'], "bbcode",$config['sh_bbcode']);
show_radio_row($lang['sh_bbimg'], "bbimg",$config['sh_bbimg']);
show_radio_row($lang['sh_html'], "html",$config['sh_html']);
show_input_row($lang['sh_msg_display'],"shouts",$config['sh_msg_display']);
show_table_footer();
show_form_footer($lang['sh_update'], "", 2);
}
if ($action == "deleteshout") {
if (isset($HTTP_POST_VARS['shout_delete'])){
$shout_delete = $HTTP_POST_VARS['shout_delete'];
$num_shout_delete = sizeof ($shout_delete);
for ($i = 0; $i <= $num_shout_delete; $i++) {
$sql = "DELETE FROM ".SHOUTBOX_TABLE." WHERE id='".$shout_delete[$i]."'";
$result = $site_db->query($sql);
}
echo $lang['sh_deleted'];
}
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
if ($action == "editconfig") {
$active = un_htmlspecialchars(trim($HTTP_POST_VARS['active']));
$allowguests = un_htmlspecialchars(trim($HTTP_POST_VARS['allowguests']));
$usr_lgth = un_htmlspecialchars($HTTP_POST_VARS['usr_lgth']);
$msg_lgth = un_htmlspecialchars($HTTP_POST_VARS['msg_lgth']);
$sh_wordwrap = un_htmlspecialchars(trim($HTTP_POST_VARS['sh_wordwrap']));
$bbcode = trim($HTTP_POST_VARS['bbcode']);
$bbimg = trim($HTTP_POST_VARS['bbimg']);
$html = trim($HTTP_POST_VARS['html']);
$shouts = un_htmlspecialchars(trim($HTTP_POST_VARS['shouts']));
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$active." WHERE setting_name = 'sh_active'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$allowguests." WHERE setting_name = 'sh_allow_guests'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$usr_lgth." WHERE setting_name = 'sh_usr_lgth'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$msg_lgth." WHERE setting_name = 'sh_msg_lgth'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$sh_wordwrap." WHERE setting_name = 'sh_wordwrap'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$bbcode." WHERE setting_name = 'sh_bbcode'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$bbimg." WHERE setting_name = 'sh_bbimg'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$html." WHERE setting_name = 'sh_html'";
$result = $site_db->query($sql);
$sql = "UPDATE ".SETTINGS_TABLE." SET setting_value = ".$shouts." WHERE setting_name = 'sh_msg_display'";
$result = $site_db->query($sql);
if ($result) {
echo $lang['sh_updated'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
} else {
echo $lang['sh_not_updated'];
show_text_link($lang['sh_back'], "shoutbox_admin.php?action=main");
}
unset ($active);
unset ($allowguests);
unset ($usr_lgth);
unset ($msg_lgth);
unset ($sh_wordwrap);
unset ($bbcode);
unset ($bbimg);
unset ($html);
unset ($shouts);
}
show_admin_footer();
?>