<?PHP
|
<?PHP
|
|
|
if($member_db[1] == 4 and ($action != 'personal' and $action != 'options')){ msg('error', 'Error!', 'Access Denied for your user-level (commenter)'); }
|
if($member_db[1] == 4 and ($action != 'personal' and $action != 'options')){ msg('error', 'Error!', 'Access Denied for your user-level (commenter)'); }
|
// ********************************************************************************
|
// ********************************************************************************
|
// Options Menu
|
// Options Menu
|
// ********************************************************************************
|
// ********************************************************************************
|
if($action == "options" or $action == '')
|
if($action == "options" or $action == '')
|
{
|
{
|
echoheader("options","Options");
|
echoheader("options","Options");
|
|
|
//----------------------------------
|
//----------------------------------
|
// Predefine Options
|
// Predefine Options
|
//----------------------------------
|
//----------------------------------
|
|
|
// access means the lower level of user allowed; 1:admin, 2:editor+admin, 3:editor+admin+journalist, 4:all
|
// access means the lower level of user allowed; 1:admin, 2:editor+admin, 3:editor+admin+journalist, 4:all
|
$options = array(
|
$options = array(
|
array(
|
array(
|
'name' => "Personal Options",
|
'name' => "Personal Options",
|
'url' => "$PHP_SELF?mod=options&action=personal",
|
'url' => "$PHP_SELF?mod=options&action=personal",
|
'access' => "4",
|
'access' => "4",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Block IP's from posting comments",
|
'name' => "Block IP's from posting comments",
|
'url' => "$PHP_SELF?mod=ipban",
|
'url' => "$PHP_SELF?mod=ipban",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
|
|
array(
|
array(
|
'name' => "System Configurations",
|
'name' => "System Configurations",
|
'url' => "$PHP_SELF?mod=options&action=syscon&rand=".time(),
|
'url' => "$PHP_SELF?mod=options&action=syscon&rand=".time(),
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
|
|
array(
|
array(
|
'name' => "Integration Wizards (News and RSS)",
|
'name' => "Integration Wizards (News and RSS)",
|
'url' => "$PHP_SELF?mod=wizards",
|
'url' => "$PHP_SELF?mod=wizards",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Edit Templates",
|
'name' => "Edit Templates",
|
'url' => "$PHP_SELF?mod=options&action=templates",
|
'url' => "$PHP_SELF?mod=options&action=templates",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Add/Edit Users",
|
'name' => "Add/Edit Users",
|
'url' => "$PHP_SELF?mod=editusers&action=list",
|
'url' => "$PHP_SELF?mod=editusers&action=list",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Archives Manager",
|
'name' => "Archives Manager",
|
'url' => "$PHP_SELF?mod=tools&action=archive",
|
'url' => "$PHP_SELF?mod=tools&action=archive",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Manage Uploaded Images",
|
'name' => "Manage Uploaded Images",
|
'url' => "$PHP_SELF?mod=images",
|
'url' => "$PHP_SELF?mod=images",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Backup Tool",
|
'name' => "Backup Tool",
|
'url' => "$PHP_SELF?mod=tools&action=backup",
|
'url' => "$PHP_SELF?mod=tools&action=backup",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
array(
|
array(
|
'name' => "Edit Categories",
|
'name' => "Edit Categories",
|
'url' => "$PHP_SELF?mod=categories",
|
'url' => "$PHP_SELF?mod=categories",
|
'access' => "1",
|
'access' => "1",
|
),
|
),
|
|
|
|
|
|
|
);
|
);
|
|
|
|
|
//------------------------------------------------
|
//------------------------------------------------
|
// Cut the options for wich we don't have access
|
// Cut the options for wich we don't have access
|
//------------------------------------------------
|
//------------------------------------------------
|
$count_options = count($options);
|
$count_options = count($options);
|
for($i=0; $i<$count_options; $i++){
|
for($i=0; $i<$count_options; $i++){
|
if($member_db[1] > $options[$i]['access']){
|
if($member_db[1] > $options[$i]['access']){
|
unset($options[$i]);
|
unset($options[$i]);
|
}
|
}
|
}
|
}
|
echo'<table border="0" width="100%"><tr>';
|
echo'<table border="0" width="100%"><tr>';
|
$i = 0;
|
$i = 0;
|
foreach($options as $option){
|
foreach($options as $option){
|
if($i%2 == 0){ echo"</tr>\n<tr>\n<td width='47%'> <a href='".$option['url']."'><b>".$option['name']."</b></a></td>\n"; }
|
if($i%2 == 0){ echo"</tr>\n<tr>\n<td width='47%'> <a href='".$option['url']."'><b>".$option['name']."</b></a></td>\n"; }
|
else{ echo"\n<td width='53%'><a href='".$option['url']."'><b>".$option['name']."</b></a></td>\n"; }
|
else{ echo"\n<td width='53%'><a href='".$option['url']."'><b>".$option['name']."</b></a></td>\n"; }
|
$i++;
|
$i++;
|
}
|
}
|
|
|
echo'</tr></table>';
|
echo'</tr></table>';
|
echofooter();
|
echofooter();
|
}
|
}
|
// ********************************************************************************
|
// ********************************************************************************
|
// Show Personal Options
|
// Show Personal Options
|
// ********************************************************************************
|
// ********************************************************************************
|
elseif($action == "personal")
|
elseif($action == "personal")
|
{
|
{
|
echoheader("user","Personal Options");
|
echoheader("user","Personal Options");
|
|
|
$registrationdate = date("D, d F Y",$member_db[0]); //registration date
|
$registrationdate = date("D, d F Y",$member_db[0]); //registration date
|
if($member_db[7] == 1){ $ifchecked = "Checked"; } //if user wants to hide his e-mail
|
if($member_db[7] == 1){ $ifchecked = "Checked"; } //if user wants to hide his e-mail
|
|
|
foreach($member_db as $key=>$value){
|
foreach($member_db as $key=>$value){
|
$member_db[$key] = stripslashes(preg_replace(array("'\"'", "'\''"), array(""", "'"),$member_db[$key]));
|
$member_db[$key] = stripslashes(preg_replace(array("'\"'", "'\''"), array(""", "'"),$member_db[$key]));
|
}
|
}
|
|
|
echo"
|
echo"
|
<table border=0 height=1 width=617 cellspacing=\"0\" cellpadding=\"0\">
|
<table border=0 height=1 width=617 cellspacing=\"0\" cellpadding=\"0\">
|
<form method=POST action=\"$PHP_SELF\" name=personal>
|
<form method=POST action=\"$PHP_SELF\" name=personal>
|
<td height=\"21\" width=\"99\" bgcolor=#F7F6F4 >
|
<td height=\"21\" width=\"99\" bgcolor=#F7F6F4 >
|
Username
|
Username
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
$member_db[2]
|
$member_db[2]
|
<tr>
|
<tr>
|
<td height=\"21\" width=\"200\">
|
<td height=\"21\" width=\"200\">
|
New Password
|
New Password
|
<td height=\"21\" width=\"400\" colspan=2>
|
<td height=\"21\" width=\"400\" colspan=2>
|
<input name=editpassword > Only if you want to change the current
|
<input name=editpassword > Only if you want to change the current
|
</tr>
|
</tr>
|
|
|
<tr>
|
<tr>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
Nickname
|
Nickname
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
<input type=text name=editnickname value=\"$member_db[4]\">
|
<input type=text name=editnickname value=\"$member_db[4]\">
|
</tr>
|
</tr>
|
|
|
<tr>
|
<tr>
|
<td height=\"21\" width=\"200\" >
|
<td height=\"21\" width=\"200\" >
|
Email
|
Email
|
<td height=\"21\" width=\"400\" colspan=2>
|
<td height=\"21\" width=\"400\" colspan=2>
|
<input type=text name=editmail value=\"$member_db[5]\"> <input type=checkbox name=edithidemail $ifchecked> Hide my e-mail from visitors
|
<input type=text name=editmail value=\"$member_db[5]\"> <input type=checkbox name=edithidemail $ifchecked> Hide my e-mail from visitors
|
</tr>";
|
</tr>";
|
|
|
if($member_db[1] != 4){echo"<tr>
|
if($member_db[1] != 4){echo"<tr>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
Default Avatar URL
|
Default Avatar URL
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 >
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 >
|
<input type=text name=change_avatar value=\"$member_db[8]\"> will appear on 'Add News' page
|
<input type=text name=change_avatar value=\"$member_db[8]\"> will appear on 'Add News' page
|
</tr>"; }else{ $bg = "bgcolor=#F7F6F4"; }
|
</tr>"; }else{ $bg = "bgcolor=#F7F6F4"; }
|
|
|
echo"<tr>
|
echo"<tr>
|
<td height=\"21\" width=\"200\" $bg>
|
<td height=\"21\" width=\"200\" $bg>
|
Access Level
|
Access Level
|
<td height=\"21\" width=\"400\" $bg colspan=2>";
|
<td height=\"21\" width=\"400\" $bg colspan=2>";
|
|
|
if ($member_db[1] == 4){ echo "commenter"; }
|
if ($member_db[1] == 4){ echo "commenter"; }
|
elseif ($member_db[1] == 3){ echo "journalist"; }
|
elseif ($member_db[1] == 3){ echo "journalist"; }
|
elseif ($member_db[1] == 2){ echo "editor"; }
|
elseif ($member_db[1] == 2){ echo "editor"; }
|
elseif ($member_db[1] == 1){ echo "administrator"; }
|
elseif ($member_db[1] == 1){ echo "administrator"; }
|
|
|
if($member_db[1] != 4){ echo"</tr>
|
if($member_db[1] != 4){ echo"</tr>
|
<tr>
|
<tr>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
<td height=\"21\" width=\"200\" bgcolor=#F7F6F4>
|
written news
|
written news
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
<td height=\"21\" width=\"400\" bgcolor=#F7F6F4 colspan=2>
|
$member_db[6]
|
$member_db[6]
|
</tr>"; }
|
</tr>"; }
|
|
|
echo"<tr>
|
echo"<tr>
|
<td height=\"21\" width=\"200\" >
|
<td height=\"21\" width=\"200\" >
|
registration date
|
registration date
|
<td height=\"21\" width=\"400\" colspan=2>
|
<td height=\"21\" width=\"400\" colspan=2>
|
$registrationdate
|
$registrationdate
|
</tr>
|
</tr>
|
<tr>
|
<tr>
|
<td height=\"1\" width=\"611\" colspan=\"2\" colspan=3>
|
<td height=\"1\" width=\"611\" colspan=\"2\" colspan=3>
|
<br /><input type=submit value=\"Save Changes\" accesskey=\"s\">
|
<br /><input type=submit value=\"Save Changes\" accesskey=\"s\">
|
</tr>
|
</tr>
|
<input type=hidden name=mod value=options><input type=hidden name=action value=dosavepersonal>
|
<input type=hidden name=mod value=options><input type=hidden name=action value=dosavepersonal>
|
</form>
|
</form>
|
</table>";
|
</table>";
|
|
|
echofooter();
|
echofooter();
|
}
|
}
|
// ********************************************************************************
|
// ********************************************************************************
|
// Save Personal Options
|
// Save Personal Options
|
// ********************************************************************************
|
// ********************************************************************************
|
elseif($action == "dosavepersonal")
|
elseif($action == "dosavepersonal")
|
{
|
{
|
|
|
if($editpassword != "" and ($oldpassword == "" or !$oldpassword)){
|
if($editpassword != "" and ($oldpassword == "" or !$oldpassword)){
|
msg("info", "Old Password Verification", "<form method=POST action=\"$PHP_SELF\"> You have requested to change your password.<br>In order to complete this action you must enter your old password: <input type=text name=oldpassword> <input type=submit value='Submit'><input type=hidden name=mod value=options><input type=hidden name=action value=dosavepersonal><input type=hidden name=editpassword value='$editpassword'><input type=hidden name=editnickname value='$editnickname'><input type=hidden name=editmail value='$editmail'><input type=hidden name=edithidemail value='$edithidemail'><input type=hidden name=change_avatar value='$change_avatar'></form>");
|
msg("info", "Old Password Verification", "<form method=POST action=\"$PHP_SELF\"> You have requested to change your password.<br>In order to complete this action you must enter your old password: <input type=text name=oldpassword> <input type=submit value='Submit'><input type=hidden name=mod value=options><input type=hidden name=action value=dosavepersonal><input type=hidden name=editpassword value='$editpassword'><input type=hidden name=editnickname value='$editnickname'><input type=hidden name=editmail value='$editmail'><input type=hidden name=edithidemail value='$edithidemail'><input type=hidden name=change_avatar value='$change_avatar'></form>");
|
}elseif($editpassword != "" and (md5($oldpassword) != $member_db[3])){
|
}elseif($editpassword != "" and (md5($oldpassword) != $member_db[3])){
|
msg("error","Error!","You did not enter correctly your old password.");
|
msg("error","Error!","You did not enter correctly your old password.");
|
}
|
}
|
|
|
|
|
|
|
|
|
$editnickname = replace_comment("add",$editnickname);
|
$editnickname = replace_comment("add",$editnickname);
|
$editmail = replace_comment("add",$editmail);
|
$editmail = replace_comment("add",$editmail);
|
$edithidemail = replace_comment("add",$edithidemail);
|
$edithidemail = replace_comment("add",$edithidemail);
|
$change_avatar = replace_comment("add",$change_avatar);
|
$change_avatar = replace_comment("add",$change_avatar);
|
|
|
if($editpassword != "" and !preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $editpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }
|
if($editpassword != "" and !preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $editpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }
|
|
|
if($edithidemail){ $edithidemail = 1;}else{ $edithidemail = 0; }
|
if($edithidemail){ $edithidemail = 1;}else{ $edithidemail = 0; }
|
|
|
$avatars = preg_replace(array("'\|'","'\n'","' '"), array("","","_"), $avatars);
|
$avatars = preg_replace(array("'\|'","'\n'","' '"), array("","","_"), $avatars);
|
|
|
$old_user_db = file("./data/users.db.php");
|
$old_user_db = file("./data/users.db.php");
|
$new_user_db = fopen("./data/users.db.php", w);
|
$new_user_db = fopen("./data/users.db.php", w);
|
$personal_success = FALSE;
|
$personal_success = FALSE;
|
foreach($old_user_db as $old_user_db_line){
|
foreach($old_user_db as $old_user_db_line){
|
$old_user_db_arr = explode("|", $old_user_db_line);
|
$old_user_db_arr = explode("|", $old_user_db_line);
|
if(strtolower($username) != strtolower($old_user_db_arr[2])){
|
if(strtolower($username) != strtolower($old_user_db_arr[2])){
|
fwrite($new_user_db,"$old_user_db_line");
|
fwrite($new_user_db,"$old_user_db_line");
|
}
|
}
|
else{
|
else{
|
if($editpassword != ""){
|
if($editpassword != ""){
|
$old_user_db_arr[3] = md5($editpassword);
|
$old_user_db_arr[3] = md5($editpassword);
|
if($config_use_cookies == TRUE){ setcookie("md5_password", $old_user_db_arr[3]); }
|
if($config_use_cookies == TRUE){ setcookie("md5_password", $old_user_db_arr[3]); }
|
$_SESSION['md5_password'] = $old_user_db_arr[3];
|
$_SESSION['md5_password'] = $old_user_db_arr[3];
|
}
|
}
|
fwrite($new_user_db,"$old_user_db_arr[0]|$old_user_db_arr[1]|$old_user_db_arr[2]|$old_user_db_arr[3]|$editnickname|$editmail|$old_user_db_arr[6]|$edithidemail|$change_avatar|$old_user_db_arr[9]||\n");
|
fwrite($new_user_db,"$old_user_db_arr[0]|$old_user_db_arr[1]|$old_user_db_arr[2]|$old_user_db_arr[3]|$editnickname|$editmail|$old_user_db_arr[6]|$edithidemail|$change_avatar|$old_user_db_arr[9]||\n");
|
$personal_success = TRUE;
|
$personal_success = TRUE;
|
}
|
}
|
}
|
}
|
fclose($new_user_db);
|
fclose($new_user_db);
|
if($personal_success){ msg("info", "Changes Saved", "Your personal information was saved.", "$PHP_SELF?mod=options&action=personal"); }
|
if($personal_success){ msg("info", "Changes Saved", "Your personal information was saved.", "$PHP_SELF?mod=options&action=personal"); }
|
else{ msg("error", "Error !!!", "Error while listing users, $username not found", "$PHP_SELF?mod=options&action=personal"); }
|
else{ msg("error", "Error !!!", "Error while listing users, $username not found", "$PHP_SELF?mod=options&action=personal"); }
|
}
|
}
|
// ********************************************************************************
|
// ********************************************************************************
|
// Edit Templates
|
// Edit Templates
|
// ********************************************************************************
|
// ********************************************************************************
|
elseif($action == "templates")
|
elseif($action == "templates")
|
{
|
{
|
if($member_db[1] != 1){ msg("error", "Access Denied", "You don't have permissions for this type of action"); }
|
if($member_db[1] != 1){ msg("error", "Access Denied", "You don't have permissions for this type of action"); }
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
Detect all template packs we have
|
Detect all template packs we have
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
$templates_list = array();
|
$templates_list = array();
|
if(!$handle = opendir("./data")){ die("<center>Can not open directory $cutepath/data "); }
|
if(!$handle = opendir("./data")){ die("<center>Can not open directory $cutepath/data "); }
|
while (false !== ($file = readdir($handle))){
|
while (false !== ($file = readdir($handle))){
|
if(eregi(".tpl", $file)){
|
if(eregi(".tpl", $file)){
|
$file_arr = explode(".", $file);
|
$file_arr = explode(".", $file);
|
$templates_list[]= $file_arr[0];
|
$templates_list[]= $file_arr[0];
|
}
|
}
|
}
|
}
|
closedir($handle);
|
closedir($handle);
|
|
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
If we want to create new template
|
If we want to create new template
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
if($subaction == "new"){
|
if($subaction == "new"){
|
echoheader("options", "New Template");
|
echoheader("options", "New Template");
|
|
|
echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=100% height=100%><tr><td >Create new template based on: <select name=base_template>";
|
echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=100% height=100%><tr><td >Create new template based on: <select name=base_template>";
|
foreach($templates_list as $single_template){
|
foreach($templates_list as $single_template){
|
echo "<option value=\"$single_template\">$single_template</option>";
|
echo "<option value=\"$single_template\">$single_template</option>";
|
}
|
}
|
echo '</select> with name <input type=text name=template_name> <input type=submit value="Create Template">
|
echo '</select> with name <input type=text name=template_name> <input type=submit value="Create Template">
|
<input type=hidden name=mod value=options>
|
<input type=hidden name=mod value=options>
|
<input type=hidden name=action value=templates>
|
<input type=hidden name=action value=templates>
|
<input type=hidden name=subaction value=donew>
|
<input type=hidden name=subaction value=donew>
|
</td></tr></table></form>';
|
</td></tr></table></form>';
|
echofooter();
|
echofooter();
|
exit;
|
exit;
|
}
|
}
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
Do Create the new template
|
Do Create the new template
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
if($subaction == "donew"){
|
if($subaction == "donew"){
|
if(!eregi("^[a-z0-9_-]+$", $template_name)){ msg("error", "Error", "The name of the template must be only with letters and numbers", "$PHP_SELF?mod=options&subaction=new&action=templates"); }
|
if(!eregi("^[a-z0-9_-]+$", $template_name)){ msg("error", "Error", "The name of the template must be only with letters and numbers", "$PHP_SELF?mod=options&subaction=new&action=templates"); }
|
if(file_exists("./data/${template_name}.tpl")){ msg("error", "Error", "Template with this name already exists", "$PHP_SELF?mod=options&subaction=new&action=templates"); }
|
if(file_exists("./data/${template_name}.tpl")){ msg("error", "Error", "Template with this name already exists", "$PHP_SELF?mod=options&subaction=new&action=templates"); }
|
|
|
if($base_template != ""){ $base_file = "./data/${base_template}.tpl"; }
|
if($base_template != ""){ $base_file = "./data/${base_template}.tpl"; }
|
else{ $base_file = "./data/Default.tpl"; }
|
else{ $base_file = "./data/Default.tpl"; }
|
|
|
if (!copy($base_f |