Ticket #127: admin.php

File admin.php, 23.2 kB (added by anonymous, 10 months ago)

Line
1	<?php
2
3	/************************************************************************/
4	/* PHP-NUKE: Web Portal System */
5	/* =========================== */
6	/* */
7	/* Copyright (c) 2007 by Francisco Burzi */
8	/* http://phpnuke.org */
9	/* */
10	/* This program is free software. You can redistribute it and/or modify */
11	/* it under the terms of the GNU General Public License as published by */
12	/* the Free Software Foundation; either version 2 of the License. */
13	/************************************************************************/
14
15	define('ADMIN_FILE', true);
16
17	if(isset($aid)) {
18	if(!empty($aid) AND (!isset($admin) OR empty($admin)) AND $op!='login') {
19	unset($aid);
20	unset($admin);
21	die("Access Denied");
22	}
23	}
24
25	require_once("mainfile.php");
26
27	//Uncomment the following lines after setting the site url in the Administration
28	//global $nukeurl;
29	//if (!stripos_clone($_SERVER['HTTP_HOST'], $nukeurl)) {
30	// die("Access denied");
31	//}
32
33	$checkurl = $_SERVER['REQUEST_URI'];
34	if((stripos_clone($checkurl,'AddAuthor')) OR (stripos_clone($checkurl,'VXBkYXRlQXV0aG9y')) OR (stripos_clone($checkurl,'QWRkQXV0aG9y')) OR (stripos_clone($checkurl,'UpdateAuthor')) OR (stripos_clone($checkurl, "?admin")) OR (stripos_clone($checkurl, "&admin"))) {
35	die("Illegal Operation");
36	}
37
38	get_lang("admin");
39
40	function create_first($name, $url, $email, $pwd, $user_new) {
41	global $prefix, $db, $user_prefix, $Default_Theme;
42	$first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
43	if ($first == 0) {
44	$pwd = htmlentities($pwd);
45	$pwd = md5($pwd);
46	$the_adm = "God";
47	$email = validate_mail($email);
48	$db->sql_query("INSERT INTO ".$prefix."_authors VALUES ('".addslashes($name)."', '$the_adm', '".addslashes($url)."', '".addslashes($email)."', '$pwd', '0', '1', '')");
49	if ($user_new == 1) {
50	$user_regdate = date("M d, Y");
51	$user_avatar = "gallery/blank.gif";
52	$commentlimit = 4096;
53	if ($url == "http://") { $url = ""; }
54	$db->sql_query("INSERT INTO ".$user_prefix."_users (user_id, username, user_email, user_website, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat) VALUES (NULL,'".addslashes($name)."','".addslashes($email)."','".addslashes($url)."','$user_avatar','$user_regdate','$pwd','$Default_Theme','$commentlimit', '2', 'english','D M d, Y g:i a')");
55	}
56	login();
57	}
58	}
59
60	global $admin_file;
61	$the_first = $db->sql_numrows($db->sql_query("SELECT * FROM ".$prefix."_authors"));
62	if ($the_first == 0) {
63	if (!$name) {
64	include("header.php");
65	title("$sitename: "._ADMINISTRATION."");
66	OpenTable();
67	echo "<center><b>"._NOADMINYET."</b></center><br><br>"
68	."<form action=\"".$admin_file.".php\" method=\"post\">"
69	."<table border=\"0\">"
70	."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"
71	."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"
72	."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"
73	."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"40\"></td></tr>"
74	."<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user_new\" value=\"1\" checked>"._YES."  <input type=\"radio\" name=\"user_new\" value=\"0\">"._NO."</td></tr>"
75	."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"
76	."<input type=\"submit\" value=\""._SUBMIT."\">"
77	."</td></tr></table></form>";
78	CloseTable();
79	include("footer.php");
80	}
81	switch($fop) {
82	case "create_first":
83	create_first($name, $url, $email, $pwd, $user_new);
84	break;
85	}
86	die();
87	}
88
89	if (isset($aid) && (ereg("[^a-zA-Z0-9_-]",trim($aid)))) {
90	die("Begone");
91	}
92	if (isset($aid)) { $aid = substr($aid, 0,25);}
93	if (isset($pwd)) { $pwd = substr($pwd, 0,40);}
94	if ((isset($aid)) && (isset($pwd)) && (isset($op)) && ($op == "login")) {
95	$datekey = date("F j");
96	$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $_POST['random_num'] . $datekey));
97	$code = substr($rcode, 2, 6);
98	if (extension_loaded("gd") AND $code != $_POST['gfx_check'] AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
99	Header("Location: ".$admin_file.".php");
100	die();
101	}
102	if(!empty($aid) AND !empty($pwd)) {
103	$pwd = md5($pwd);
104	$result = $db->sql_query("SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'");
105	list($rpwd, $admlanguage) = $db->sql_fetchrow($result);
106	$admlanguage = addslashes($admlanguage);
107	if($rpwd == $pwd) {
108	$admin = base64_encode("$aid:$pwd:$admlanguage");
109	setcookie("admin",$admin,time()+2592000);
110	unset($op);
111	}
112	}
113	}
114
115	$admintest = 0;
116
117	if(isset($admin) && !empty($admin)) {
118	$admin = addslashes(base64_decode($admin));
119	$admin = explode(":", $admin);
120	$aid = addslashes($admin[0]);
121	$pwd = $admin[1];
122	$admlanguage = $admin[2];
123	if (empty($aid) OR empty($pwd)) {
124	$admintest=0;
125	$alert = "<html>\n";
126	$alert .= "<title>INTRUDER ALERT!!!</title>\n";
127	$alert .= "<body bgcolor=\"#FFFFFF\" text=\"#000000\">\n\n<br><br><br>\n\n";
128	$alert .= "<center><img src=\"images/eyes.gif\" border=\"0\"><br><br>\n";
129	$alert .= "<font face=\"Verdana\" size=\"+4\"><b>Get Out!</b></font></center>\n";
130	$alert .= "</body>\n";
131	$alert .= "</html>\n";
132	die($alert);
133	}
134	$aid = substr($aid, 0,25);
135	$result2 = $db->sql_query("SELECT name, pwd FROM ".$prefix."_authors WHERE aid='$aid'");
136	if (!$result2) {
137	die("Selection from database failed!");
138	} else {
139	list($rname, $rpwd) = $db->sql_fetchrow($result2);
140	if($rpwd == $pwd && !empty($rpwd)) {
141	$admintest = 1;
142	}
143	}
144	}
145
146	if(!isset($op)) {
147	$op = "adminMain";
148	} elseif(($op=="mod_authors" OR $op=="modifyadmin" OR $op=="UpdateAuthor" OR $op=="AddAuthor" OR $op=="deladmin2" OR $op=="deladmin" OR $op=="assignstories" OR $op=="deladminconf") AND ($rname != "God")) {
149	die("Illegal Operation");
150	}
151	$pagetitle = "- "._ADMINMENU."";
152
153	/*********************************************************/
154	/* Login Function */
155	/*********************************************************/
156
157	function login() {
158	global $gfx_chk, $admin_file;
159	include("header.php");
160	mt_srand ((double)microtime()*1000000);
161	$maxran = 1000000;
162	$random_num = mt_rand(0, $maxran);
163	OpenTable();
164	echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
165	CloseTable();
166	echo "<br>";
167	OpenTable();
168	echo "<form action=\"".$admin_file.".php\" method=\"post\">"
169	."<table border=\"0\">"
170	."<tr><td>"._ADMINID."</td>"
171	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
172	."<tr><td>"._PASSWORD."</td>"
173	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"40\"></td></tr>";
174	if (extension_loaded("gd") AND ($gfx_chk == 1 OR $gfx_chk == 5 OR $gfx_chk == 6 OR $gfx_chk == 7)) {
175	echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='?gfx=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
176	."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
177	}
178	echo "<tr><td>"
179	."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
180	."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
181	."<input type=\"submit\" VALUE=\""._LOGIN."\">"
182	."</td></tr></table>"
183	."</form>";
184	CloseTable();
185	include("footer.php");
186	}
187
188	function deleteNotice($id) {
189	global $prefix, $db, $admin_file;
190	$id = intval($id);
191	$db->sql_query("DELETE FROM ".$prefix."_reviews_add WHERE id = '$id'");
192	Header("Location: ".$admin_file.".php?op=reviews");
193	}
194
195	/*********************************************************/
196	/* Administration Menu Function */
197	/*********************************************************/
198
199	function adminmenu($url, $title, $image) {
200	global $counter, $admingraphic, $Default_Theme;
201	$ThemeSel = get_theme();
202	if (file_exists("themes/$ThemeSel/images/admin/$image")) {
203	$image = "themes/$ThemeSel/images/admin/$image";
204	} else {
205	$image = "images/admin/$image";
206	}
207	if ($admingraphic == 1) {
208	$img = "<img src=\"$image\" border=\"0\" alt=\"$title\" title=\"$title\"></a><br>";
209	$close = "";
210	} else {
211	$img = "";
212	$close = "</a>";
213	}
214	echo "<td align=\"center\" valign=\"top\" width=\"16%\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close<br><br></font></td>";
215	if ($counter == 5) {
216	echo "</tr><tr>";
217	$counter = 0;
218	} else {
219	$counter++;
220	}
221	}
222
223	function GraphicAdmin() {
224	global $aid, $admingraphic, $language, $admin, $prefix, $db, $counter, $admin_file;
225	$newsubs = $db->sql_numrows($db->sql_query("SELECT qid FROM ".$prefix."_queue"));
226	$row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
227	$radminsuper = intval($row['radminsuper']);
228	if ($radminsuper == 1) {
229	OpenTable();
230	echo "<center><a href=\"".$admin_file.".php\"><font class='title'>"._ADMINMENU."</font></a>";
231	echo "<br><br>";
232	echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";
233	$linksdir = dir("admin/links");
234	$menulist = "";
235	while($func=$linksdir->read()) {
236	if(substr($func, 0, 6) == "links.") {
237	$menulist .= "$func ";
238	}
239	}
240	closedir($linksdir->handle);
241	$menulist = explode(" ", $menulist);
242	sort($menulist);
243	for ($i=0; $i < sizeof($menulist); $i++) {
244	if(!empty($menulist[$i])) {
245	$sucounter = 0;
246	include($linksdir->path."/$menulist[$i]");
247	}
248	}
249	adminmenu("".$admin_file.".php?op=logout", ""._ADMINLOGOUT."", "logout.gif");
250	echo"</tr></table></center>";
251	$counter = "";
252	CloseTable();
253	echo "<br>";
254	}
255	OpenTable();
256	echo "<center><a href=\"".$admin_file.".php\"><font class='title'>"._MODULESADMIN."</font></a>";
257	echo "<br><br>";
258	echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";
259	$handle=opendir('modules');
260	$modlist = "";
261	while ($file = readdir($handle)) {
262	if ( (!ereg("[.]",$file)) ) {
263	$modlist .= "$file ";
264	}
265	}
266	closedir($handle);
267	$modlist = explode(" ", $modlist);
268	sort($modlist);
269	for ($i=0; $i < sizeof($modlist); $i++) {
270	if(!empty($modlist[$i])) {
271	$row = $db->sql_fetchrow($db->sql_query("SELECT mid from " . $prefix . "_modules where title='$modlist[$i]'"));
272	$mid = intval($row['mid']);
273	if (empty($mid)) {
274	$db->sql_query("insert into " . $prefix . "_modules values (NULL, '$modlist[$i]', '$modlist[$i]', '0', '0', '1', '0', '')");
275	}
276	}
277	}
278	$result = $db->sql_query("SELECT title, admins FROM ".$prefix."_modules ORDER BY title ASC");
279	$row2 = $db->sql_fetchrow($db->sql_query("SELECT name FROM ".$prefix."_authors WHERE aid='$aid'"));
280	while ($row = $db->sql_fetchrow($result)) {
281	$admins = explode(",", $row['admins']);
282	$auth_user = 0;
283	for ($i=0; $i < sizeof($admins); $i++) {
284	if ($row2['name'] == $admins[$i]) {
285	$auth_user = 1;
286	}
287	}
288	if ($radminsuper == 1 OR $auth_user == 1) {
289	if (file_exists("modules/".$row['title']."/admin/index.php") AND file_exists("modules/".$row['title']."/admin/links.php") AND file_exists("modules/".$row['title']."/admin/case.php")) {
290	include("modules/".$row['title']."/admin/links.php");
291	}
292	}
293	}
294	adminmenu("".$admin_file.".php?op=logout", ""._ADMINLOGOUT."", "logout.gif");
295	echo"</tr></table></center>";
296	CloseTable();
297	echo "<br>";
298	}
299
300	/*********************************************************/
301	/* Administration Main Function */
302	/*********************************************************/
303
304	function adminMain() {
305	global $language, $admin, $aid, $prefix, $file, $db, $sitename, $user_prefix, $admin_file, $bgcolor1, $locale;
306	include("header.php");
307	$dummy = 0;
308	$month = date('M');
309	$curDate2 = "%".$month[0].$month[1].$month[2]."%".date('d')."%".date('Y')."%";
310	$ty = time() - 86400;
311	$preday = strftime('%d', $ty);
312	$premonth = strftime('%B', $ty);
313	$preyear = strftime('%Y', $ty);
314	$curDateP = "%".$premonth[0].$premonth[1].$premonth[2]."%".$preday."%".$preyear."%";
315	GraphicAdmin();
316	$aid = substr($aid, 0,25);
317	$row = $db->sql_fetchrow($db->sql_query("SELECT radminsuper, admlanguage FROM ".$prefix."_authors WHERE aid='$aid'"));
318	$radminsuper = intval($row['radminsuper']);
319	$admlanguage = addslashes($row['admlanguage']);
320	$result = $db->sql_query("SELECT admins FROM ".$prefix."_modules WHERE title='News'");
321	$result2 = $db->sql_query("SELECT name FROM ".$prefix."_authors WHERE aid='$aid'");
322	list($aidname) = $db->sql_fetchrow($result2);
323	$radminarticle = 0;
324	while (list($admins) = $db->sql_fetchrow($result)) {
325	$admins = explode(",", $admins);
326	$auth_user = 0;
327	for ($i=0; $i < sizeof($admins); $i++) {
328	if ($aidname == $admins[$i]) {
329	$auth_user = 1;
330	}
331	}
332	if ($auth_user == 1) {
333	$radminarticle = 1;
334	}
335	}
336	if (!empty($admlanguage)) {
337	$queryalang = "WHERE alanguage='$admlanguage' ";
338	} else {
339	$queryalang = "";
340	}
341	$row3 = $db->sql_fetchrow($db->sql_query("SELECT main_module from ".$prefix."_main"));
342	$main_module = $row3['main_module'];
343	OpenTable();
344	echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"
345	.""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"".$admin_file.".php?op=modules\">"._CHANGE."</a> ]</center>";
346	CloseTable();
347	echo "<br>";
348	OpenTable();
349	$guest_online_num = intval($db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='1'")));
350	$member_online_num = intval($db->sql_numrows($db->sql_query("SELECT uname FROM ".$prefix."_session WHERE guest='0'")));
351	$who_online_num = $guest_online_num + $member_online_num;
352	$who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";
353	list($userCount) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount from ".$user_prefix."_users WHERE user_regdate LIKE '$curDate2'"));
354	list($userCount2) = $db->sql_fetchrow($db->sql_query("SELECT COUNT(user_id) AS userCount FROM ".$user_prefix."_users WHERE user_regdate LIKE '$curDateP'"));
355	echo "<center>$who_online<br>"
356	.""._BTD.": <b>$userCount</b> - "._BYD.": <b>$userCount2</b></center>";
357	CloseTable();
358	if (is_active("News")) {
359	echo "<br>";
360	OpenTable();
361	echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>"