function cleanmygets()
{
//some white lists
$list_bool = array("1", "0");
$list_date = array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", "-");
//id must be an integer
if (isset($_GET['id'])) {
$_GET['id'] = (int) $_GET['id'];
}
//page must be an integer
if (isset($_GET['page'])) {
$_GET['page'] = (int) $_GET['page'];
}
//com must be either 1 or 0
if (isset($_GET['com']) && !in_array($_GET['com'], $list_bool)) {
$_GET['com'] = "0";
}
//date must contain only numbers and hyphens
if (isset($_GET['date'])) {
if (!whitelist_okay($_GET['date'], $list_date)) {
$_GET['date'] = "2000-01-01";
}
}
//cat must not contain evil characters
if (isset($_GET['cat'])) {
$_GET['cat'] = killevilcharacters($_GET['cat']);
}
//tag must not contain evil characters
if (isset($_GET['tag'])) {
$_GET['tag'] = killevilcharacters($_GET['tag']);
}
}
function loop_postings($content)
{
//returns a certain number of postings
global $currentid;
global $postings;
global $nextpage;
global $howmanypages;
global $settings;
$att = getattributes($content);
$content = stripcontainer($content);
//preview postings from the admin pages
if (isset($_GET['preview']) and $_GET['preview'] == "1" and $settings['previews'] == "1") {
$preview = "true";
} else {
$preview = "false";
}
//possible attributes and default-values
if (isset($att['sort'])) {
$sort = killevilcharacters($att['sort']);
} else {
$sort = "posted";
}
if (isset($att['number'])) {
$loops = $att['number'];
} else {
$loops = 5;
}
if (isset($att['order'])) {
$order = strtoupper($att['order']);
} else {
$order = "DESC";
}
if (isset($att['forceloop'])) {
$forceloop = $att['forceloop'];
} else {
$forceloop = "false";
}
if (isset($att['paging'])) {
$paging = $att['paging'];
} else {
$paging = "true";
}
if (isset($att['static'])) {
$static = $att['static'];
} else {
$static = "false";
}
if (isset($att['stickies'])) {
$stickies = $att['stickies'];
} else {
$stickies = "true";
}
$return = "";
$howmanypages = "1";
//offset / splitting into pages
if (isset($_GET['page']) and $paging == "true") {
$start = $loops * ($_GET['page'] - 1);
} else {
$start = 0;
}
//no request from url? show us a loop of postings!
if (!isset($_GET['id']) or $forceloop == "true" or $static == "true") {
//getting data from postings-table
$trunk = " FROM " . $GLOBALS['prefix'] . "lb_postings WHERE ";
//showing postings from certain date
if (isset($_GET['date']) and $static == "false") {
//analyzing the length of the date-string
switch (strlen($_GET['date'])) {
case 4:
//show us a year!
$from = $_GET['date'] . "-01-01 00:00:00";
$to = $_GET['date'] . "-12-31 23:59:59";
$trunk .= "posted >= '" . $from . "' AND ";
$trunk .= "posted <= '" . $to . "' AND ";
break;
case 7:
//show us a month!
$from = $_GET['date'] . "-01 00:00:00";
$to = $_GET['date'] . "-31 23:59:59";
$trunk .= "posted >= '" . $from . "' AND ";
$trunk .= "posted <= '" . $to . "' AND ";
break;
case 10:
//show us a day!
$from = $_GET['date'] . " 00:00:00";
$to = $_GET['date'] . " 23:59:59";
$trunk .= "posted >= '" . $from . "' AND ";
$trunk .= "posted <= '" . $to . "' AND ";
}
}
//posting must be "live" to be displayed
$trunk .= "status = '3' ";
//posting must not be published in the future
if ($static == "false") {
$trunk .= "AND posted < '" . date("Y-m-d H:i:s") . "' ";
}
//if tag is set, filter postings which doesn't fit
// we switched to tags instead of categories in 0.7.0 and provided both in 0.8.0
if (isset($_GET['tag']) and $static == "false") {
$tagsToShow = explode('+', $_GET['tag']);
$tagSQL = array();
foreach ($tagsToShow as $tagToShow) {
$tagSQL[] = ' tags LIKE \'%' . $tagToShow . '%\'';
}
$trunk .= ' AND (' . join(' OR ', $tagSQL) . ') ';
}
//if category is set, filter postings which doesn't fit
if (isset($_GET['cat']) and $static == "false") {
//which category-id do we request via url?
$tempcatid = getcategoryidshort($_GET['cat']);
if ($tempcatid != "") {
$trunk .= "AND (category1_id = " . $tempcatid . " ";
$trunk .= "OR category2_id = " . $tempcatid . " ";
$trunk .= "OR category3_id = " . $tempcatid . " ";
$trunk .= "OR category4_id = " . $tempcatid . ") ";
}
}
$trunk .= $stickies == 'false' ? "ORDER BY {$sort} {$order}" : "ORDER BY sticky DESC, {$sort} {$order}";
//count total number of posts and calculate the number of pages
//the global variable $howmanypages can be used to construct a paging plugin
$countingquery = "SELECT COUNT(*)" . $trunk;
$count = $GLOBALS['lbdata']->GetArray($countingquery);
$total = $count[0]['COUNT(*)'];
$howmanypages = round($total / $loops);
if ($howmanypages < $total / $loops) {
$howmanypages += 1;
}
//now we execute the main query
$dosql = "SELECT * " . $trunk;
$tempp = $GLOBALS['lbdata']->SelectLimit($dosql, $loops + 1, $start);
$allrows = $tempp->GetArray();
$i = 0;
//use all results!
foreach ($allrows as $temp) {
$i += 1;
if ($i <= $loops) {
$currentid = $temp['id'];
$postings[$currentid] = $temp;
$return .= fullparse($content);
//if there is one more posting than requested, we can show a "next page"-button.
} else {
if ($paging == "true") {
$nextpage = true;
}
}
}
} else {
//ah, we want to show a single posting with a given id? no problem!
//getting data from postings-table
$dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_postings\n WHERE id='" . $_GET['id'] . "'";
//are previews allowed?
if ($preview == "false") {
$dosql .= "AND posted < '" . date("Y-m-d H:i:s") . "' AND status='3'";
}
$temp = $GLOBALS['lbdata']->GetArray($dosql);
$currentid = $temp[0]['id'];
$postings[$currentid] = $temp[0];
$return .= fullparse($content);
}
return trim($return);
}
<link rel="stylesheet" type="text/css" href="backend/ie.css" />
<![endif]-->
<script src="backend/jquery.js" type="text/javascript"></script>
<script src="backend/functions.js" type="text/javascript"></script>
<script src="backend/autocomplete.js" type="text/javascript"></script>
<!-- <script src="backend/compressed.js" type="text/javascript"></script> -->
</head>
<body id="<?php
if (!$access) {
echo "login\" onLoad=\"document.loginform.nickname.focus();";
} else {
if (isset($_GET['page'])) {
echo killevilcharacters($_GET['page']);
} else {
echo "postings";
}
}
?>
">
<div id="wrapper">
session_register('ipnumber');
session_register('authorid');
$_SESSION['nickname'] = $_POST['nickname'];
$_SESSION['authorid'] = getuserid($_POST['nickname']);
// $_SESSION['password'] = md5($_POST['password']);
$_SESSION['password'] = $_POST['password'];
$_SESSION['ipnumber'] = $_SERVER['REMOTE_ADDR'];
}
if (isset($_POST['remember_me']) and $_POST['remember_me'] == 1) {
$cookie_string = md5($_POST['nickname'] . ':' . $_POST['password']);
setcookie('lbauth', $cookie_string, time() + 60 * 60 * 24 * 30);
}
if (isset($_COOKIE['lbauth'])) {
$cookie_string = $_COOKIE['lbauth'];
setcookie('lbauth', $cookie_string, time() + 60 * 60 * 24 * 30);
}
#var_dump($_POST['password']) ;echo ":"; var_dump($_SESSION['password']);
include "inc/head.php";
//no url request? show postings as default
if (!isset($_GET['page'])) {
$loadme = "inc/backend_postings.php";
} else {
$requested_page = killevilcharacters(strip_tags($_GET['page']));
$loadme = "inc/backend_" . $requested_page . ".php";
}
//we don't want our users to run update scripts manually, do we?
include "inc/autoupdate.php";
//yee-hah! finally we do show real content on our page!
include $loadme;
}
include "inc/footer.php";
<?php
//change the language if required by POST
if (isset($_POST['language'])) {
$mylanguage = killevilcharacters(strip_tags($_POST['language']));
include_once "lang/" . $mylanguage . ".php";
}
echo "<h1>" . bla("hl_settings") . "</h1>\n";
include 'inc/navigation.php';
//check the rights
if (!allowed(3, "")) {
die("<p class=\"msg\">" . bla("msg_adminonly") . "</p>");
}
//put the posted data into the databse
if (isset($_GET['do']) and $_GET['do'] == "save") {
//take care of picture 1
if (isset($_FILES['itunes_image']) && $_FILES['itunes_image']['size'] != "0") {
$newfilename = $GLOBALS['audiopath'] . "itunescover.jpg";
move_uploaded_file($_FILES['itunes_image']['tmp_name'], $newfilename) or die("<p class=\"msg\">" . bla("msg_uploadbroken") . "</p>");
chmod($newfilename, 0777);
}
//take care of picture 2
if (isset($_FILES['feedimage']) and $_FILES['feedimage']['size'] != "0") {
$newfilename = $GLOBALS['audiopath'] . "rssimage.jpg";
move_uploaded_file($_FILES['feedimage']['tmp_name'], $newfilename) or die("<p class=\"msg\">" . bla("msg_uploadbroken") . "</p>");
chmod($newfilename, 0777);
}
//forms with a checkbox will not be posted if not checked :-(
if (!isset($_POST['countweb'])) {
$_POST['countweb'] = "0";
}
$GLOBALS['templatepath'] = $lb_path . "/loudblog/custom/templates/";
//getting basic data
$settings = getsettings();
dumpdata();
//get the language translation table
global $lang;
$lang = array();
@(include_once $GLOBALS['path'] . "/loudblog/lang/" . $settings['language'] . ".php");
// here comes bad behavior...
if ($settings['badbehavior'] == "1") {
require_once $lb_path . '/loudblog/inc/bad_behavior.php';
}
//Ready to rock'n'roll? Let's start building the website!
//template required by URL? Override template-setting
if (isset($_GET['template'])) {
$requested_template = killevilcharacters(strip_tags($_GET['template']));
$settings['template'] = $requested_template;
}
//building the right path to required template
$templpath = $GLOBALS['templatepath'] . $settings['template'] . "/index.html";
//copies template into variable
$connect = @fopen($templpath, "rb") or die("Unfortunately I could not find a valid template! {$templpath}");
$template = fread($connect, 262144);
fclose($connect);
//includes official loudblog-tags
include "loudblog/inc/loudblogtags.php";
//includes plugins from plugins-folder
$folder = opendir('loudblog/custom/plugins');
while ($file = readdir($folder)) {
if (substr($file, -4, 4) == ".php") {
include_once "loudblog/custom/plugins/" . $file;
