4

/* PHP-NUKE: Advanced Content Management System */

4

* Die Datei admin.php ist der Zugang zum Adminbereich.

5

/* ============================================ */

5

* Über diese Datei loggt man sich als Administrator ein und verwaltet das 2F CMS.

6

/* */

6

* @author Jens Ferner

7

* @copyright Jens Ferner, 2F Promoting & Consulting

8

/* http://phpnuke.org */

8

* @link http://www.2f-cms.com

9

/* */

9

* @package 2F-CMS

10

/* This program is free software. You can redistribute it and/or modify */

10

* @subpackage Kernsystem

11

/* it under the terms of the GNU General Public License as published by */

11

* @category Administration

12

/* the Free Software Foundation; either version 2 of the License. */

12

* @license http://www.2f-cms.com/2flicence.txt 2F CMS Lizenz

13

/************************************************************************/

13

* @version $Id: admin.php,v 1.9 2005/05/21 11:13:18 jens Exp $

14

* Wenn diese Datei geladen wurde, wird $GLOBALS['adminphp'] auf 1 gesetzt

14

15

*/

15

require_once("mainfile.php");

16

get_lang(admin);

16

17

/**

18

function create_first($name, $url, $email, $pwd, $user) {

18

* Einbinden der Mainfile.php um die Kernfunktionen zu laden.

19

global $prefix, $dbi, $user_prefix;

20

$first = sql_num_rows(sql_query("select * from ".$prefix."_authors", $dbi),$dbi);

21

if ($first == 0) {

19

*/

22

$pwd = md5($pwd);

20

include_once('mainfile.php');

23

$the_adm = "God";

21

24

$result = sql_query("insert into ".$prefix."_authors values ('$name', '$the_adm', '$url', '$email', '$pwd', 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1, '')", $dbi);

25

if ($user == 1) {

22

/**

26

$user_regdate = date("M d, Y");

23

* Sicherheitscode-Funktion laden

27

$user_avatar = "blank.gif";

28

$commentlimit = 4096;

29

$result = sql_query("insert into ".$user_prefix."_users values (NULL,'','$name','$email','','$url','$user_avatar','$user_regdate','','','','','','0','','','','','$pwd',10,'','0','0','0','','0','','$Default_Theme','$commentlimit','0','0','0','0','0','1')", $dbi);

30

}

24

*/

31

login();

25

global $cfg_vsc_ADMIN;

32

}

26

if($cfg_vsc_ADMIN==1) include_once("includes/2f/v_sc.php");

33

}

27

34

28

/**

35

$the_first = sql_num_rows(sql_query("select * from ".$prefix."_authors", $dbi), $dbi);

29

* Prüfvariable ob admin.php geladen ist

36

if ($the_first == 0) {

30

* Rechte Blöcke ausschalten

37

if (!$name) {

31

*/

38

include("header.php");

32

$GLOBALS['adminphp']=1;

39

title("$sitename: "._ADMINISTRATION."");

33

$GLOBALS['noright']=1;

40

OpenTable();

34

41

echo "<center><b>"._NOADMINYET."</b></center><br><br>"

42

."<form action=\"admin.php\" method=\"post\">"

43

."<table border=\"0\">"

35

/**

44

."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"

36

* Einlesen der Sprache für den Admin-Bereich

45

."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"

46

."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"

47

."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"

48

."<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user\" value=\"1\" checked>"._YES."  <input type=\"radio\" name=\"user\" value=\"0\">"._NO."</td></tr>"

49

."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"

50

."<input type=\"submit\" value=\""._SUBMIT."\">"

51

."</td></tr></table></form>";

52

CloseTable();

37

*/

53

include("footer.php");

38

get_lang("admin");

54

}

39

55

switch($fop) {

40

/**

56

case "create_first":

41

* Laden der Funktionen für die admin.php

57

create_first($name, $url, $email, $pwd, $user);

58

break;

42

*/

59

}

43

include_once("includes/2f/2fmain-admin.php");

60

die();

44

61

}

45

/**

46

* Wenn kein Admin existiert und "hilfe" per GET-String auf 1 gesetzt ist, erscheint das Formular zum Erzeugen eines Admins

62

47

*/

66

$pagetitle = "- "._ADMINMENU."";

67

50

/**

68

/*********************************************************/

51

* Dies ist die eigentliche Login-Funktion

69

/* Login Function */

52

* Wenn aid/pwd per POST gesetzt sind, werden die Werte mit der DB abgegelichen und ggfs. die Variable $admin gesetzt

70

/*********************************************************/

71

53

*/

54

global $cfg_vsc_ADMIN, $validity_code, $prefix, $dbi;

72

function login() {

55

if(

73

include ("header.php");

56

( $cfg_vsc_ADMIN == 0 && (isset($_POST['aid'])) && (isset($_POST['pwd'])) && ($_REQUEST['op'] == "login"))

74

OpenTable();

57

||

75

echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";

58

( $cfg_vsc_ADMIN == 1 && (isset($_POST['aid'])) && (isset($_POST['pwd'])) && ($_REQUEST['op'] == "login") && (V_getCode_validity($validity_code)))

76

CloseTable();

59

)

77

echo "<br>";

60

{

78

OpenTable();

61

if($_POST['aid']!="" AND $_POST['pwd']!="")

79

echo "<form action=\"admin.php\" method=\"post\">"

62

{

80

."<table border=\"0\">"

63

$pwd = md5($_POST['pwd']);

81

."<tr><td>"._ADMINID."</td>"

64

$aid = vkpval($_POST['aid']);

82

."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"20\"></td></tr>"

65

$abfrage = sql_query("SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='".$aid."'", $dbi);

83

."<tr><td>"._PASSWORD."</td>"

66

list($pass, $admlanguage)=sql_fetch_row($abfrage, $dbi);

84

."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"

67

if($pass == $pwd)

85

."<tr><td>"

68

{

86

."<input type=\"hidden\" NAME=\"op\" value=\"login\">"

69

$admin = base64_encode("$aid:$pwd:$admlanguage");

87

."<input type=\"submit\" VALUE=\""._LOGIN."\">"

70

$_SESSION['admin'] = $admin;

88

."</td></tr></table>"

89

."</form>";

90

CloseTable();

71

unset($op);

91

include ("footer.php");

92

}

72

}

93

73

}

94

function deleteNotice($id, $table, $op_back) {

95

global $dbi;

96

sql_query("delete from $table WHERE id = $id", $dbi);

101

/* Administration Menu Function */

102

/*********************************************************/

103

76

/**

104

function adminmenu($url, $title, $image) {

77

* Dies ist die Admin-Prüfung

105

global $counter, $admingraphic;

78

* Zuerst wird $admintest auf 0 gesetzt. Wenn es sich um einen Admin handelt (is_admin()) wird admintest auf 1 gesetzt, ausserdem werden $aid und $pwd gefüllt

106

if ($admingraphic == 1) {

79

* Zusätzlich werden die Variablen $radmin* bereits jetzt gesetzt und stehen dann im gesamten Adminbereich zur Verfügung. Die Rechte müssen also nicht mehr einzeln ausgelesen werden,

107

$img = "<img src=\"images/admin/$image\" border=\"0\" alt=\"\"></a><br>";

80

* sondern stehen in globalen Variablen zur Verfügung

108

$close = "";

81

*/

109

} else {

82

$admintest=0;

110

$image = "";

83

global $admin;

111

$close = "</a>";

84

if(is_admin($admin))

112

}

85

{

113

echo "<td align=\"center\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close</font></td>";

114

if ($counter == 5) {

115

echo "</tr><tr>";

86

$admintest=1;

116

$counter = 0;

87

$aid=get_aid();

117

} else {

88

global $radminarticle,$radmintopic,$radminuser,$radminsurvey,$radminsection,$radminlink,$radminephem,$radminfaq,$radmindownload,$radminreviews,$radminnewsletter,$radminforum,$radmincontent,$radminency,$radminsuper;

118

$counter++;

89

}

119

}

90

123

global $aid, $admingraphic, $language, $admin, $banners, $prefix, $dbi;

124

$result = sql_query("SELECT qid FROM ".$prefix."_queue", $dbi);

125

$newsubs = sql_num_rows($result, $dbi);

126

$result = sql_query("select radminarticle,radmintopic,radminuser,radminsurvey,radminsection,radminlink,radminephem,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper from ".$prefix."_authors where aid='$aid'", $dbi);

127

list($radminarticle,$radmintopic,$radminuser,$radminsurvey,$radminsection,$radminlink,$radminephem,$radminfaq,$radmindownload,$radminreviews,$radminnewsletter,$radminforum,$radmincontent,$radminency,$radminsuper) = sql_fetch_array($result, $dbi);

128

OpenTable();

93

/**

129

echo "<center><b><a class=\"storycat\" href=\"admin.php\">"._ADMINMENU."</a></b>";

94

* Wie heisst der Adminbereich? Seitentitel definieren.

130

if ($radminsuper==1) {

131

echo"   <b><a class=\"storycat\" href=\"admin.php?op=BannersAdmin\">"._BANNERSADMIN."</a></b>";

132

}

95

*/

133

echo "<br><br>";

96

$pagetitle = ""._ADMINMENU."";

134

echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";

135

$linksdir = dir("admin/links");

136

while($func=$linksdir->read()) {

137

if(substr($func, 0, 6) == "links.") {

138

$menulist .= "$func ";

139

}

97

140

}

98

/**

141

closedir($linksdir->handle);

99

* Sind alle Tabellen vorhanden?

142

$menulist = explode(" ", $menulist);

143

sort($menulist);

100

*/

144

for ($i=0; $i < sizeof($menulist); $i++) {

145

if($menulist[$i]!="") {

101

check_table("admin");

146

$counter = 0;

147

include($linksdir->path."/$menulist[$i]");

148

}

102

149

}

103

/**

150

adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "exit.gif");

104

* Nach dem Einbinden der auth.php ist bei Administratoren $admintest auf TRUE(1) gesetzt

151

echo"</tr></table></center>";

105

* Wenn $admintest gesetzt ist, wird die Auswahlliste abgearbeitet

152

CloseTable();

153

echo "<br>";

106

*/

154

}

107

if($admintest)

155

108

{

156

/*********************************************************/

109

static $search = array("!/\*(.*?)\*/!s",

157

/* Administration Main Function */

110

"![(#|//)].*\n!",

158

/*********************************************************/

111

"/(case)[\s]/i");

112

static $replace = array('',

113

'',

114

'CASE ');

159

115

160

function adminMain() {

116

if(isset($_REQUEST['op'])) $op=$_REQUEST['op'];

161

global $language, $admin, $aid, $prefix, $file, $dbi, $sitename;

117

if(empty($op)) $op="adminMain";

162

include ("header.php");

163

$dummy = 0;

118

164

GraphicAdmin();

119

switch($op)

165

$result2 = sql_query("select radminarticle, radminsuper, admlanguage from ".$prefix."_authors where aid='$aid'", $dbi);

166

list($radminarticle, $radminsuper, $admlanguage) = sql_fetch_row($result2, $dbi);

167

if ($admlanguage != "" ) {

168

$queryalang = "WHERE alanguage='$admlanguage' ";

169

} else {

120

{

170

$queryalang = "";

121

171

}

122

/**

172

$main_m = sql_query("select main_module from ".$prefix."_main", $dbi);

123

* Zeigt die vorhandenen Module und ihre Funktionen

173

list($main_module) = sql_fetch_row($main_m, $dbi);

174

OpenTable();

124

*/

175

echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"

125

case "funktionen":

176

.""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";

177

CloseTable();

126

zeige_funktionen();

178

echo "<br>";

127

break;

179

OpenTable();

128

180

$result = sql_query("SELECT username FROM ".$prefix."_session where guest=1", $dbi);

129

case "logout":

181

$guest_online_num = sql_num_rows($result, $dbi);

130

case "adminlogout":

182

$result = sql_query("SELECT username FROM ".$prefix."_session where guest=0", $dbi);

131

unset($_SESSION['admin']);

183

$member_online_num = sql_num_rows($result, $dbi);

132

unset($_SESSION['a_status']);

184

$who_online_num = $guest_online_num + $member_online_num;

185

$who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";

186

echo "<center>$who_online</center>";

187

CloseTable();

133

unset($admin);

188

echo "<br>";

134

include("header.php");

189

OpenTable();

135

OpenTable();

190

echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";

136

echo "<center><span class=\"title\"><strong>"._YOUARELOGGEDOUT."</strong></span></center>";

191

$count = 0;

137

CloseTable();

192

$result = sql_query("select anid, aid, title, time, alanguage from ".$prefix."_autonews $queryalang order by time ASC", $dbi);

193

while(list($anid, $said, $title, $time, $alanguage) = sql_fetch_row($result, $dbi)) {

194

if ($alanguage == "") {

138

include("footer.php");

195

$alanguage = ""._ALL."";

139

break;

196

}

140

197

if ($anid != "") {

141

case "login":

198

if ($count == 0) {

142

unset($op);

199

echo "<table border=\"1\" width=\"100%\">";

143

header("Location:admin.php");

200

$count = 1;

144

break;

201

}

145

202

$time = ereg_replace(" ", "@", $time);

203

if (($radminarticle==1) OR ($radminsuper==1)) {

204

if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {

205

echo "<tr><td nowrap> (<a href=\"admin.php?op=autoEdit&anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&anid=$anid\">"._DELETE."</a>) </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */

206

} else {

146

default:

207

echo "<tr><td> ("._NOFUNCTIONS.") </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */

208

}

147

209

} else {

148

/**

210

echo "<tr><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */

149

* Einbinden sämtlicher Case-Anweisungen aus /admin/case

211

}

150

*/

212

}

151

if(is_dir("admin/case"))

213

}

152

{

214

if (($anid == "") AND ($count == 0)) {

153

$casefiles = dir("admin/case");

215

echo "<center><i>"._NOAUTOARTICLES."</i></center>";

154

while($datei=$casefiles->read())

216

}

155

{

156

if(substr($datei, 0, 5) == "case.")

157

include($casefiles->path."/$datei");

217

if ($count == 1) {

158

}

221

echo "<br>";

162

/**

163

* Einbinden sämtlicher Case-Anweisungen aus den Modul-Dateien

222

OpenTable();

164

*/

223

echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";

165

foreach($GLOBALS['modulecache'] as $name=>$rest)

224

$result = sql_query("select sid, aid, title, time, topic, informant, alanguage from ".$prefix."_stories $queryalang order by time desc limit 0,20", $dbi);

225

echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";

226

while(list($sid, $said, $title, $time, $topic, $informant, $alanguage) = sql_fetch_row($result, $dbi)) {

227

$ta = sql_query("select topicname from ".$prefix."_topics where topicid=$topic", $dbi);

228

list($topicname) = sql_fetch_row($ta, $dbi);

229

if ($alanguage == "") {

166

{

230

$alanguage = ""._ALL."";

167

if(is_dir("modules/$name/admin"))

231

}

168

{

232

formatTimestamp($time);

169

$casefiles = dir("modules/$name/admin");

233

echo "<tr><td align=\"right\"><b>$sid</b>"

170

while($datei=$casefiles->read())

234

."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a>"

171

{

235

."</td><td align=\"center\">$alanguage"

172

if ((substr($datei, 0, 5) == "case.") && file_exists($casefiles->path."/$datei"))

236

."</td><td align=\"right\">$topicname";

173

{

237

if (($radminarticle==1) OR ($radminsuper==1)) {

174

// Zunächst die Case-Datei laden

238

if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {

175

//

239

echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&sid=$sid\">"._DELETE."</a>)"

176

$file_contents = file_get_contents($casefiles->path."/$datei");

240

."</td></tr>";

177

241

} else {

178

// Switch-Anweisung extrahieren

242

echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"

179

//

243

."</td></tr>";

180

if (preg_match("/switch[\s]*$\\\$op[\s]*$[\s]*([^\}]+)/msi", $file_contents, $case_block))

244

}

181

{

245

} else {

182

// case-Anweisungen säubern

246

echo "</td></tr>";

183

//

184

$case_section = preg_replace($search, $replace, $case_block[1]);

247

}

185

248

}

186

// Match prüfen

249

echo "</table>";

187

//

250

if (($radminarticle==1) OR ($radminsuper==1)) {

188

if (preg_match("/CASE[\s]+\"$op\"[\s]*:/s", $case_section))

251

echo "<center>"

189

get_lang('admin', $name);

252

."<form action=\"admin.php\" method=\"post\">"

190

}

253

.""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"

191

// Datei an sich einbinden

254

."<select name=\"op\">"

192

//

255

."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"

193

include_once( $casefiles->path."/$datei" );

256

."<option value=\"RemoveStory\">"._DELETE."</option>"

194

}

257

."</select>"

195

}

258

."<input type=\"submit\" value=\""._GO."\">"

196

closedir($casefiles->handle);

262

$result = sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC limit 1", $dbi);

263

$object = sql_fetch_object($result, $dbi);

264

$pollID = $object->pollID;

265

$pollTitle = $object->pollTitle;

266

echo "<br>";

267

OpenTable();

268

echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&pollID=$pollID\">"._EDIT."</a> | <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";

269

CloseTable();

270

include ("footer.php");

271

}

199

272

200

/**

273

if($admintest) {

201

* Einbinden sämtlicher Case-Anweisungen aus den Admin-Modul-Dateien

274

202

*/

275

switch($op) {

203

foreach($GLOBALS['adminmodules'] as $name)

276

204

{

277

case "deleteNotice":

205

if(is_dir("modules/$name/admin"))

278

deleteNotice($id, $table, $op_back);

279

break;

280

206

{

281

case "GraphicAdmin":

207

$casefiles = dir("modules/$name/admin");

282

GraphicAdmin();

208

while($datei=$casefiles->read())

283

break;

209

{

210

if ((substr($datei, 0, 5) == "case.") && file_exists($casefiles->path."/$datei"))

284

211

{

285

case "adminMain":

212

// Zunächst die Case-Datei laden

286

adminMain();

213

//

290

setcookie("admin");

217

//

291

include("header.php");

218

if (preg_match("/switch[\s]*$\\\$op[\s]*$[\s]*([^\}]+)/msi", $file_contents, $case_block))

292

OpenTable();

219

{

293

echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";

220

// case-Anweisungen säubern

294

CloseTable();

221

//

295

include("footer.php");

222

$case_section = preg_replace($search, $replace, $case_block[1]);

299

unset($op);

225

//

300

226

if (preg_match("/CASE[\s]+\"$op\"[\s]*:/s", $case_section))

301

default:

227

get_lang('admin', $name);

302

$casedir = dir("admin/case");

228

}

303

while($func=$casedir->read()) {

229

// Datei an sich einbinden

304

if(substr($func, 0, 5) == "case.") {

230

//

305

include($casedir->path."/$func");

231

include($casefiles->path."/$datei");

306

}

232

}

307

}

233

}

308

closedir($casedir->handle);

234

closedir($casefiles->handle);

309

break;

310

235

}

311

}

236

}

312

237

break;

243

* Wenn kein Admin eingeloggt ist, das Loginformular anzeigen

244

*/

1	<?php	=	1	<?php
2			2
3	/************************************************************************/	<>	3	/**
4	/* PHP-NUKE: Advanced Content Management System */		4	* Die Datei admin.php ist der Zugang zum Adminbereich.
5	/* ============================================ */		5	* Über diese Datei loggt man sich als Administrator ein und verwaltet das 2F CMS.
6	/* */		6	* @author Jens Ferner
7	/* Copyright (c) 2002 by Francisco Burzi (fbc@mandrakesoft.com) */		7	* @copyright Jens Ferner, 2F Promoting & Consulting
8	/* http://phpnuke.org */		8	* @link http://www.2f-cms.com
9	/* */		9	* @package 2F-CMS
10	/* This program is free software. You can redistribute it and/or modify */		10	* @subpackage Kernsystem
11	/* it under the terms of the GNU General Public License as published by */		11	* @category Administration
12	/* the Free Software Foundation; either version 2 of the License. */		12	* @license http://www.2f-cms.com/2flicence.txt 2F CMS Lizenz
13	/************************************************************************/		13	* @version $Id: admin.php,v 1.9 2005/05/21 11:13:18 jens Exp $
			14	* Wenn diese Datei geladen wurde, wird $GLOBALS['adminphp'] auf 1 gesetzt
14			15	*/
15	require_once("mainfile.php");
16	get_lang(admin);		16
17			17	/**
18	function create_first($name, $url, $email, $pwd, $user) {		18	* Einbinden der Mainfile.php um die Kernfunktionen zu laden.
19	global $prefix, $dbi, $user_prefix;
20	$first = sql_num_rows(sql_query("select * from ".$prefix."_authors", $dbi),$dbi);
21	if ($first == 0) {		19	*/
22	$pwd = md5($pwd);		20	include_once('mainfile.php');
23	$the_adm = "God";		21
24	$result = sql_query("insert into ".$prefix."_authors values ('$name', '$the_adm', '$url', '$email', '$pwd', 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1, '')", $dbi);
25	if ($user == 1) {		22	/**
26	$user_regdate = date("M d, Y");		23	* Sicherheitscode-Funktion laden
27	$user_avatar = "blank.gif";
28	$commentlimit = 4096;
29	$result = sql_query("insert into ".$user_prefix."_users values (NULL,'','$name','$email','','$url','$user_avatar','$user_regdate','','','','','','0','','','','','$pwd',10,'','0','0','0','','0','','$Default_Theme','$commentlimit','0','0','0','0','0','1')", $dbi);
30	}		24	*/
31	login();		25	global $cfg_vsc_ADMIN;
32	}		26	if($cfg_vsc_ADMIN==1) include_once("includes/2f/v_sc.php");
33	}		27
34			28	/**
35	$the_first = sql_num_rows(sql_query("select * from ".$prefix."_authors", $dbi), $dbi);		29	* Prüfvariable ob admin.php geladen ist
36	if ($the_first == 0) {		30	* Rechte Blöcke ausschalten
37	if (!$name) {		31	*/
38	include("header.php");		32	$GLOBALS['adminphp']=1;
39	title("$sitename: "._ADMINISTRATION."");		33	$GLOBALS['noright']=1;
40	OpenTable();		34
41	echo "<center><b>"._NOADMINYET."</b></center><br><br>"
42	."<form action=\"admin.php\" method=\"post\">"
43	."<table border=\"0\">"		35	/**
44	."<tr><td><b>"._NICKNAME.":</b></td><td><input type=\"text\" name=\"name\" size=\"30\" maxlength=\"25\"></td></tr>"		36	* Einlesen der Sprache für den Admin-Bereich
45	."<tr><td><b>"._HOMEPAGE.":</b></td><td><input type=\"text\" name=\"url\" size=\"30\" maxlength=\"255\" value=\"http://\"></td></tr>"
46	."<tr><td><b>"._EMAIL.":</b></td><td><input type=\"text\" name=\"email\" size=\"30\" maxlength=\"255\"></td></tr>"
47	."<tr><td><b>"._PASSWORD.":</b></td><td><input type=\"password\" name=\"pwd\" size=\"11\" maxlength=\"10\"></td></tr>"
48	."<tr><td colspan=\"2\">"._CREATEUSERDATA." <input type=\"radio\" name=\"user\" value=\"1\" checked>"._YES."  <input type=\"radio\" name=\"user\" value=\"0\">"._NO."</td></tr>"
49	."<tr><td><input type=\"hidden\" name=\"fop\" value=\"create_first\">"
50	."<input type=\"submit\" value=\""._SUBMIT."\">"
51	."</td></tr></table></form>";
52	CloseTable();		37	*/
53	include("footer.php");		38	get_lang("admin");
54	}		39
55	switch($fop) {		40	/**
56	case "create_first":		41	* Laden der Funktionen für die admin.php
57	create_first($name, $url, $email, $pwd, $user);
58	break;		42	*/
59	}		43	include_once("includes/2f/2fmain-admin.php");
60	die();		44
61	}		45	/**
			46	* Wenn kein Admin existiert und "hilfe" per GET-String auf 1 gesetzt ist, erscheint das Formular zum Erzeugen eines Admins
62			47	*/
63	require("auth.php");		48	no_admin_exists();
64		=	49
65	if(!isset($op)) { $op = "adminMain"; }	<>
66	$pagetitle = "- "._ADMINMENU."";
67			50	/**
68	/*********************************************************/		51	* Dies ist die eigentliche Login-Funktion
69	/* Login Function */		52	* Wenn aid/pwd per POST gesetzt sind, werden die Werte mit der DB abgegelichen und ggfs. die Variable $admin gesetzt
70	/*********************************************************/
71			53	*/
			54	global $cfg_vsc_ADMIN, $validity_code, $prefix, $dbi;
72	function login() {		55	if(
73	include ("header.php");		56	( $cfg_vsc_ADMIN == 0 && (isset($_POST['aid'])) && (isset($_POST['pwd'])) && ($_REQUEST['op'] == "login"))
74	OpenTable();		57	\|\|
75	echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";		58	( $cfg_vsc_ADMIN == 1 && (isset($_POST['aid'])) && (isset($_POST['pwd'])) && ($_REQUEST['op'] == "login") && (V_getCode_validity($validity_code)))
76	CloseTable();		59	)
77	echo "<br>";		60	{
78	OpenTable();		61	if($_POST['aid']!="" AND $_POST['pwd']!="")
79	echo "<form action=\"admin.php\" method=\"post\">"		62	{
80	."<table border=\"0\">"		63	$pwd = md5($_POST['pwd']);
81	."<tr><td>"._ADMINID."</td>"		64	$aid = vkpval($_POST['aid']);
82	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"20\"></td></tr>"		65	$abfrage = sql_query("SELECT pwd, admlanguage FROM ".$prefix."_authors WHERE aid='".$aid."'", $dbi);
83	."<tr><td>"._PASSWORD."</td>"		66	list($pass, $admlanguage)=sql_fetch_row($abfrage, $dbi);
84	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"		67	if($pass == $pwd)
85	."<tr><td>"		68	{
86	."<input type=\"hidden\" NAME=\"op\" value=\"login\">"		69	$admin = base64_encode("$aid:$pwd:$admlanguage");
87	."<input type=\"submit\" VALUE=\""._LOGIN."\">"		70	$_SESSION['admin'] = $admin;
88	."</td></tr></table>"
89	."</form>";
90	CloseTable();		71	unset($op);
91	include ("footer.php");
92	}		72	}
93			73	}
94	function deleteNotice($id, $table, $op_back) {
95	global $dbi;
96	sql_query("delete from $table WHERE id = $id", $dbi);
97	Header("Location: admin.php?op=$op_back");
98	}	=	74	}
99			75
100	/*********************************************************/	<>
101	/* Administration Menu Function */
102	/*********************************************************/
103			76	/**
104	function adminmenu($url, $title, $image) {		77	* Dies ist die Admin-Prüfung
105	global $counter, $admingraphic;		78	* Zuerst wird $admintest auf 0 gesetzt. Wenn es sich um einen Admin handelt (is_admin()) wird admintest auf 1 gesetzt, ausserdem werden $aid und $pwd gefüllt
106	if ($admingraphic == 1) {		79	* Zusätzlich werden die Variablen $radmin* bereits jetzt gesetzt und stehen dann im gesamten Adminbereich zur Verfügung. Die Rechte müssen also nicht mehr einzeln ausgelesen werden,
107	$img = "<img src=\"images/admin/$image\" border=\"0\" alt=\"\"></a><br>";		80	* sondern stehen in globalen Variablen zur Verfügung
108	$close = "";		81	*/
109	} else {		82	$admintest=0;
110	$image = "";		83	global $admin;
111	$close = "</a>";		84	if(is_admin($admin))
112	}		85	{
113	echo "<td align=\"center\"><font class=\"content\"><a href=\"$url\">$img<b>$title</b>$close</font></td>";
114	if ($counter == 5) {
115	echo "</tr><tr>";		86	$admintest=1;
116	$counter = 0;		87	$aid=get_aid();
117	} else {		88	global $radminarticle,$radmintopic,$radminuser,$radminsurvey,$radminsection,$radminlink,$radminephem,$radminfaq,$radmindownload,$radminreviews,$radminnewsletter,$radminforum,$radmincontent,$radminency,$radminsuper;
118	$counter++;		89	}
119	}		90
120	}		91
121		=	92
122	function GraphicAdmin() {	<>
123	global $aid, $admingraphic, $language, $admin, $banners, $prefix, $dbi;
124	$result = sql_query("SELECT qid FROM ".$prefix."_queue", $dbi);
125	$newsubs = sql_num_rows($result, $dbi);
126	$result = sql_query("select radminarticle,radmintopic,radminuser,radminsurvey,radminsection,radminlink,radminephem,radminfaq,radmindownload,radminreviews,radminnewsletter,radminforum,radmincontent,radminency,radminsuper from ".$prefix."_authors where aid='$aid'", $dbi);
127	list($radminarticle,$radmintopic,$radminuser,$radminsurvey,$radminsection,$radminlink,$radminephem,$radminfaq,$radmindownload,$radminreviews,$radminnewsletter,$radminforum,$radmincontent,$radminency,$radminsuper) = sql_fetch_array($result, $dbi);
128	OpenTable();		93	/**
129	echo "<center><b><a class=\"storycat\" href=\"admin.php\">"._ADMINMENU."</a></b>";		94	* Wie heisst der Adminbereich? Seitentitel definieren.
130	if ($radminsuper==1) {
131	echo"   <b><a class=\"storycat\" href=\"admin.php?op=BannersAdmin\">"._BANNERSADMIN."</a></b>";
132	}		95	*/
133	echo "<br><br>";		96	$pagetitle = ""._ADMINMENU."";
134	echo"<table border=\"0\" width=\"100%\" cellspacing=\"1\"><tr>";
135	$linksdir = dir("admin/links");
136	while($func=$linksdir->read()) {
137	if(substr($func, 0, 6) == "links.") {
138	$menulist .= "$func ";
139	}		97
140	}		98	/**
141	closedir($linksdir->handle);		99	* Sind alle Tabellen vorhanden?
142	$menulist = explode(" ", $menulist);
143	sort($menulist);		100	*/
144	for ($i=0; $i < sizeof($menulist); $i++) {
145	if($menulist[$i]!="") {		101	check_table("admin");
146	$counter = 0;
147	include($linksdir->path."/$menulist[$i]");
148	}		102
149	}		103	/**
150	adminmenu("admin.php?op=logout", ""._ADMINLOGOUT."", "exit.gif");		104	* Nach dem Einbinden der auth.php ist bei Administratoren $admintest auf TRUE(1) gesetzt
151	echo"</tr></table></center>";		105	* Wenn $admintest gesetzt ist, wird die Auswahlliste abgearbeitet
152	CloseTable();
153	echo "<br>";		106	*/
154	}		107	if($admintest)
155			108	{
156	/*********************************************************/		109	static $search = array("!/\(.?)\*/!s",
157	/* Administration Main Function */		110	"![(#\|//)].*\n!",
158	/*********************************************************/		111	"/(case)[\s]/i");
			112	static $replace = array('',
			113	'',
			114	'CASE ');
159			115
160	function adminMain() {		116	if(isset($_REQUEST['op'])) $op=$_REQUEST['op'];
161	global $language, $admin, $aid, $prefix, $file, $dbi, $sitename;		117	if(empty($op)) $op="adminMain";
162	include ("header.php");
163	$dummy = 0;		118
164	GraphicAdmin();		119	switch($op)
165	$result2 = sql_query("select radminarticle, radminsuper, admlanguage from ".$prefix."_authors where aid='$aid'", $dbi);
166	list($radminarticle, $radminsuper, $admlanguage) = sql_fetch_row($result2, $dbi);
167	if ($admlanguage != "" ) {
168	$queryalang = "WHERE alanguage='$admlanguage' ";
169	} else {		120	{
170	$queryalang = "";		121
171	}		122	/**
172	$main_m = sql_query("select main_module from ".$prefix."_main", $dbi);		123	* Zeigt die vorhandenen Module und ihre Funktionen
173	list($main_module) = sql_fetch_row($main_m, $dbi);
174	OpenTable();		124	*/
175	echo "<center><b>$sitename: "._DEFHOMEMODULE."</b><br><br>"		125	case "funktionen":
176	.""._MODULEINHOME." <b>$main_module</b><br>[ <a href=\"admin.php?op=modules\">"._CHANGE."</a> ]</center>";
177	CloseTable();		126	zeige_funktionen();
178	echo "<br>";		127	break;
179	OpenTable();		128
180	$result = sql_query("SELECT username FROM ".$prefix."_session where guest=1", $dbi);		129	case "logout":
181	$guest_online_num = sql_num_rows($result, $dbi);		130	case "adminlogout":
182	$result = sql_query("SELECT username FROM ".$prefix."_session where guest=0", $dbi);		131	unset($_SESSION['admin']);
183	$member_online_num = sql_num_rows($result, $dbi);		132	unset($_SESSION['a_status']);
184	$who_online_num = $guest_online_num + $member_online_num;
185	$who_online = "<center><font class=\"option\">"._WHOSONLINE."</font><br><br><font class=\"content\">"._CURRENTLY." $guest_online_num "._GUESTS." $member_online_num "._MEMBERS."<br>";
186	echo "<center>$who_online</center>";
187	CloseTable();		133	unset($admin);
188	echo "<br>";		134	include("header.php");
189	OpenTable();		135	OpenTable();
190	echo "<center><b>"._AUTOMATEDARTICLES."</b></center><br>";		136	echo "<center><span class=\"title\"><strong>"._YOUARELOGGEDOUT."</strong></span></center>";
191	$count = 0;		137	CloseTable();
192	$result = sql_query("select anid, aid, title, time, alanguage from ".$prefix."_autonews $queryalang order by time ASC", $dbi);
193	while(list($anid, $said, $title, $time, $alanguage) = sql_fetch_row($result, $dbi)) {
194	if ($alanguage == "") {		138	include("footer.php");
195	$alanguage = ""._ALL."";		139	break;
196	}		140
197	if ($anid != "") {		141	case "login":
198	if ($count == 0) {		142	unset($op);
199	echo "<table border=\"1\" width=\"100%\">";		143	header("Location:admin.php");
200	$count = 1;		144	break;
201	}		145
202	$time = ereg_replace(" ", "@", $time);
203	if (($radminarticle==1) OR ($radminsuper==1)) {
204	if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {
205	echo "<tr><td nowrap> (<a href=\"admin.php?op=autoEdit&anid=$anid\">"._EDIT."</a>-<a href=\"admin.php?op=autoDelete&anid=$anid\">"._DELETE."</a>) </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */
206	} else {		146	default:
207	echo "<tr><td> ("._NOFUNCTIONS.") </td><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */
208	}		147
209	} else {		148	/**
210	echo "<tr><td width=\"100%\"> $title </td><td align=\"center\"> $alanguage </td><td nowrap> $time </td></tr>"; /* Multilingual Code : added column to display language */		149	* Einbinden sämtlicher Case-Anweisungen aus /admin/case
211	}		150	*/
212	}		151	if(is_dir("admin/case"))
213	}		152	{
214	if (($anid == "") AND ($count == 0)) {		153	$casefiles = dir("admin/case");
215	echo "<center><i>"._NOAUTOARTICLES."</i></center>";		154	while($datei=$casefiles->read())
216	}		155	{
			156	if(substr($datei, 0, 5) == "case.")
			157	include($casefiles->path."/$datei");
217	if ($count == 1) {		158	}
218	echo "</table>";		159	closedir($casefiles->handle);
219	}	=	160	}
220	CloseTable();	<>	161
221	echo "<br>";		162	/**
			163	* Einbinden sämtlicher Case-Anweisungen aus den Modul-Dateien
222	OpenTable();		164	*/
223	echo "<center><b>"._LAST." 20 "._ARTICLES."</b></center><br>";		165	foreach($GLOBALS['modulecache'] as $name=>$rest)
224	$result = sql_query("select sid, aid, title, time, topic, informant, alanguage from ".$prefix."_stories $queryalang order by time desc limit 0,20", $dbi);
225	echo "<center><table border=\"1\" width=\"100%\" bgcolor=\"$bgcolor1\">";
226	while(list($sid, $said, $title, $time, $topic, $informant, $alanguage) = sql_fetch_row($result, $dbi)) {
227	$ta = sql_query("select topicname from ".$prefix."_topics where topicid=$topic", $dbi);
228	list($topicname) = sql_fetch_row($ta, $dbi);
229	if ($alanguage == "") {		166	{
230	$alanguage = ""._ALL."";		167	if(is_dir("modules/$name/admin"))
231	}		168	{
232	formatTimestamp($time);		169	$casefiles = dir("modules/$name/admin");
233	echo "<tr><td align=\"right\"><b>$sid</b>"		170	while($datei=$casefiles->read())
234	."</td><td align=\"left\" width=\"100%\"><a href=\"modules.php?name=News&file=article&sid=$sid\">$title</a>"		171	{
235	."</td><td align=\"center\">$alanguage"		172	if ((substr($datei, 0, 5) == "case.") && file_exists($casefiles->path."/$datei"))
236	."</td><td align=\"right\">$topicname";		173	{
237	if (($radminarticle==1) OR ($radminsuper==1)) {		174	// Zunächst die Case-Datei laden
238	if (($radminarticle==1) AND ($aid == $said) OR ($radminsuper==1)) {		175	//
239	echo "</td><td align=\"right\" nowrap>(<a href=\"admin.php?op=EditStory&sid=$sid\">"._EDIT."</a>-<a href=\"admin.php?op=RemoveStory&sid=$sid\">"._DELETE."</a>)"		176	$file_contents = file_get_contents($casefiles->path."/$datei");
240	."</td></tr>";		177
241	} else {		178	// Switch-Anweisung extrahieren
242	echo "</td><td align=\"right\" nowrap><font class=\"content\"><i>("._NOFUNCTIONS.")</i></font>"		179	//
243	."</td></tr>";		180	if (preg_match("/switch[\s]\(\\\$op[\s]\)[\s]*([^\}]+)/msi", $file_contents, $case_block))
244	}		181	{
245	} else {		182	// case-Anweisungen säubern
246	echo "</td></tr>";		183	//
			184	$case_section = preg_replace($search, $replace, $case_block[1]);
247	}		185
248	}		186	// Match prüfen
249	echo "</table>";		187	//
250	if (($radminarticle==1) OR ($radminsuper==1)) {		188	if (preg_match("/CASE[\s]+\"$op\"[\s]*:/s", $case_section))
251	echo "<center>"		189	get_lang('admin', $name);
252	."<form action=\"admin.php\" method=\"post\">"		190	}
253	.""._STORYID.": <input type=\"text\" NAME=\"sid\" SIZE=\"10\">"		191	// Datei an sich einbinden
254	."<select name=\"op\">"		192	//
255	."<option value=\"EditStory\" SELECTED>"._EDIT."</option>"		193	include_once( $casefiles->path."/$datei" );
256	."<option value=\"RemoveStory\">"._DELETE."</option>"		194	}
257	."</select>"		195	}
258	."<input type=\"submit\" value=\""._GO."\">"		196	closedir($casefiles->handle);
259	."</form></center>";		197	}
260	}	=	198	}
261	CloseTable();	<>
262	$result = sql_query("SELECT pollID, pollTitle FROM ".$prefix."_poll_desc WHERE artid='0' ORDER BY pollID DESC limit 1", $dbi);
263	$object = sql_fetch_object($result, $dbi);
264	$pollID = $object->pollID;
265	$pollTitle = $object->pollTitle;
266	echo "<br>";
267	OpenTable();
268	echo "<center><b>"._CURRENTPOLL.":</b> $pollTitle [ <a href=\"admin.php?op=polledit&pollID=$pollID\">"._EDIT."</a> \| <a href=\"admin.php?op=create\">"._ADD."</a> ]</center>";
269	CloseTable();
270	include ("footer.php");
271	}		199
272			200	/**
273	if($admintest) {		201	* Einbinden sämtlicher Case-Anweisungen aus den Admin-Modul-Dateien
274			202	*/
275	switch($op) {		203	foreach($GLOBALS['adminmodules'] as $name)
276			204	{
277	case "deleteNotice":		205	if(is_dir("modules/$name/admin"))
278	deleteNotice($id, $table, $op_back);
279	break;
280			206	{
281	case "GraphicAdmin":		207	$casefiles = dir("modules/$name/admin");
282	GraphicAdmin();		208	while($datei=$casefiles->read())
283	break;		209	{
			210	if ((substr($datei, 0, 5) == "case.") && file_exists($casefiles->path."/$datei"))
284			211	{
285	case "adminMain":		212	// Zunächst die Case-Datei laden
286	adminMain();		213	//
287	break;		214	$file_contents = file_get_contents($casefiles->path."/$datei");
288		=	215
289	case "logout":	<>	216	// Switch-Anweisung extrahieren
290	setcookie("admin");		217	//
291	include("header.php");		218	if (preg_match("/switch[\s]\(\\\$op[\s]\)[\s]*([^\}]+)/msi", $file_contents, $case_block))
292	OpenTable();		219	{
293	echo "<center><font class=\"title\"><b>"._YOUARELOGGEDOUT."</b></font></center>";		220	// case-Anweisungen säubern
294	CloseTable();		221	//
295	include("footer.php");		222	$case_section = preg_replace($search, $replace, $case_block[1]);
296	break;
297		=	223
298	case "login";	<>	224	// Match prüfen
299	unset($op);		225	//
300			226	if (preg_match("/CASE[\s]+\"$op\"[\s]*:/s", $case_section))
301	default:		227	get_lang('admin', $name);
302	$casedir = dir("admin/case");		228	}
303	while($func=$casedir->read()) {		229	// Datei an sich einbinden
304	if(substr($func, 0, 5) == "case.") {		230	//
305	include($casedir->path."/$func");		231	include($casefiles->path."/$datei");
306	}		232	}
307	}		233	}
308	closedir($casedir->handle);		234	closedir($casefiles->handle);
309	break;
310			235	}
311	}		236	}
312			237	break;
313	} else {
314		=	238
315	login();	<>
316			239	}
317	}	=	240	}
318			241
		-+	242	/**
			243	* Wenn kein Admin eingeloggt ist, das Loginformular anzeigen
			244	*/
			245	else login();
		=	246
319	?>		247	?>