function doUpdate($arrayValues, $checkVars)
{
global $con;
global $lang;
global $config;
global $dbTables;
$errorField = '';
$queryMsg = "UPDATE " . $dbTables['config'] . " SET ";
foreach ($arrayValues as $id => $value) {
$optionsCheck['' . $value . ''] = secureVar(trim($_POST['' . $value . '']), 'html');
if ($checkVars) {
if ($optionsCheck['' . $value . ''] == '' || empty($optionsCheck['' . $value . ''])) {
if ($optionsCheck['' . $value . ''] != 0) {
$errorField .= $lang['' . $value . ''] . ' ' . $lang['isEmpty'] . '<br />';
}
}
}
if ($errorField == '') {
$con->connect();
$queryMsg .= "{$value}='" . secureVar($optionsCheck['' . $value . ''], 'sql') . "', ";
$con->close();
}
}
$queryMsg = substr($queryMsg, 0, -2);
if ($errorField == '') {
$con->connect();
$queryMsg .= " where id='" . $config['id'] . "';";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
} else {
echo "<div class=\"msgError\">{$errorField}</div>";
}
}
redirectToUrlIfNecessary();
loadImage($logo, $idSite);
}
/*
* page variables
*/
$a_vars = getRequestVar('a_vars', array(), 'array');
/*
* visitor config, as saved in the database
*/
$userAgent = secureVar(@$_SERVER['HTTP_USER_AGENT']);
$os = getOs($userAgent);
$a_browser = getBrowserInfo($userAgent);
$resolution = getRequestVar('res', 'unknown', 'string');
$colorDepth = getRequestVar('col', 32, 'numeric');
$browserLang = secureVar(@$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$localTime = getRequestVar('h', date("H"), 'numeric') . ':' . getRequestVar('m', date("i"), 'numeric') . ':' . getRequestVar('s', date("s"), 'numeric');
// assign pageCategory default value of the parse_url::path?query
$pageUrlParamsProcessed = processParams($pageUrl, $siteParams);
// fix add site.com because else parse_url bugs with ':' in query string
if (!ereg('^http://', $pageUrlParamsProcessed)) {
$urlParse = parse_url('http://site.com' . $pageUrlParamsProcessed);
} else {
$urlParse = parse_url($pageUrlParamsProcessed);
}
if (isset($urlParse['path'])) {
$pageNameDefault = substr($urlParse['path'], 1);
}
if (isset($urlParse['query'])) {
$pageNameDefault .= '?' . $urlParse['query'];
}
if (empty($bannedIPs) || !in_array($banCheck['ipnumber'], $bannedIPs)) {
// Add IP to ban table
$queryMsg = "INSERT INTO " . $dbTables['ip'] . " (id, ip) VALUES (NULL, '" . secureVar($banCheck['ipnumber'], 'sql') . "');";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
} else {
echo "<div class=\"msgError\">" . $banCheck['ipnumber'] . ' ' . $lang['ipBanned'] . "</div>";
}
$con->close();
} elseif ($banCheck['banType'] == 'remove') {
$con->connect();
$queryMsg = "DELETE FROM " . $dbTables['ip'] . " WHERE ip='" . secureVar($banCheck['ipnumber'], 'sql') . "';";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
}
}
}
echo "\n\t<form method=\"post\" action=\"index.php?a=banIP\">\n\t\t<fieldset>\n\t\t\t<p>" . $lang['ipnumber'] . " : <input type=\"text\" name=\"ipnumber\" />\n\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t<input type=\"hidden\" name=\"banType\" value=\"add\" />\n\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['ban'] . "\" />\n\t\t\t</p>\n\t\t</fieldset>\n\t</form>";
$con->connect();
$queryMsg = "select ip from " . $dbTables['ip'] . ";";
$con->getRows($queryMsg);
if ($con->getNumRows() > 0) {
<?php
if (@$magic != "0xDEADBEEF") {
die("This file cannot be executed directly");
}
require_once '../classes/functions.php';
@($instLang = secureVar($_GET['lang'], 'html'));
if (empty($instLang)) {
$instLang = 'en';
}
switch ($instLang) {
case 'en':
$instLangValue = 'english.php';
break;
case 'fr':
$instLangValue = 'french.php';
break;
case 'ar':
$instLangValue = 'arabic.php';
break;
case 'tr':
$instLangValue = 'turkish.php';
break;
case 'jp':
$instLangValue = 'japanese.php';
break;
case 'fi':
$instLangValue = 'finnish.php';
break;
case 'de':
$instLangValue = 'german.php';
/**
* returns first element of a comma separated list
*
* @param string $ip
*
* @return string first element before ','
*/
function getFirstIpFromList($ip)
{
$p = strpos($ip, ',');
if ($p !== false) {
return secureVar(substr($ip, 0, $p));
} else {
return secureVar($ip);
}
}
function produceSearchMsg($tableName, $searchString, $ua)
{
global $dbTables;
// Explode search data into words (explode by blank space)
$searchData = explode(" ", trim($searchString));
//$queryMsg = "select * from " . $tableName . " where ";
$queryMsg = "select posts.*, reply.id as rid, reply.post_id as post_id, reply.date as rdate, reply.message as rmessage, reply.name as rname from " . $tableName . " posts LEFT JOIN " . $dbTables['reply'] . " reply ON (posts.id = reply.post_id) where";
// Search each word
foreach ($searchData as $searchSingleData) {
// Search is anything + search data + anything
$searchSingleData = "%" . $searchSingleData . "%";
if ($ua) {
$queryMsg .= " posts.useragent LIKE '" . secureVar($searchSingleData, 'sql') . "' ||";
} else {
$queryMsg .= " posts.name LIKE '" . secureVar($searchSingleData, 'sql') . "' || posts.message LIKE '" . secureVar($searchSingleData, 'sql') . "' ||";
}
}
// Remove additional ||
$queryMsg = substr($queryMsg, 0, strLen($queryMsg) - 3);
$queryMsg .= " group by posts.date desc;";
return $queryMsg;
}
if ($passCheck['newPassword'] != $passCheck['confirmNewPassword']) {
$errorField .= $lang['newPassMatch'] . '<br />';
}
if ($errorField != '') {
echo "<div class=\"msgError\">{$errorField}</div>";
} else {
$passCheck['newPassword'] = $passCheck['newPassword'];
$passCheck['oldPassword'] = $passCheck['oldPassword'];
$con->connect();
$con->getRows("Select password, salt from " . $dbTables['admin'] . " where id='" . secureVar(base64_decode($_SESSION['id']), 'sql') . "';");
foreach ($con->queryResult as $res) {
if (hash('sha256', $passCheck['oldPassword'] . base64_decode($res['salt'])) == $res['password']) {
$newSalt = substr(hash('sha1', uniqid(rand(), true)), 0, 5);
$newPassword = hash('sha256', $passCheck['newPassword'] . $newSalt);
$saveSalt = base64_encode($newSalt);
$queryMsg = "update " . $dbTables['admin'] . " set password='******'sql') . "', salt='" . secureVar($saveSalt, 'sql') . "' where id='" . secureVar(base64_decode($_SESSION['id']), 'sql') . "';";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
} else {
echo "<div class=\"msgError\">" . $lang['wrongOldPass'] . "</div>";
}
break;
}
$con->close();
}
}
echo "\n\t<form method=\"post\" action=\"index.php?a=changePass\">\n\t\t<fieldset>\n\t\t\t<table border=\"0\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['oldPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"oldPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['newPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"newPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['confirmNewPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"confirmNewPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<p>\n\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['change'] . "\" />\n\t\t\t</p>\n\t\t</fieldset>\n\t</form>";
$con->close();
} elseif ($submitId == $lang['modify']) {
$censoredCheck['censoredOriginal'] = secureVar(trim($_POST['censoredOriginal']), 'html');
$censoredCheck['censoredReplacement'] = secureVar(trim($_POST['censoredReplacement']), 'html');
$errorField = '';
if ($censoredCheck['censoredOriginal'] == '' || empty($censoredCheck['censoredOriginal'])) {
$errorField .= $lang['censoredOriginal'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($censoredCheck['censoredReplacement'] == '' || empty($censoredCheck['censoredReplacement'])) {
$errorField .= $lang['censoredReplacement'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($errorField != '') {
echo "<div class=\"msgError\">{$errorField}</div>";
} else {
$con->connect();
$queryMsg = "update " . $dbTables['censored'] . " set original='" . secureVar($censoredCheck['censoredOriginal'], 'sql') . "', replacement='" . secureVar($censoredCheck['censoredReplacement'], 'sql') . "' where id='" . secureVar($censoredID, 'sql') . "';";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
}
}
}
}
echo '<span class="titleMsg">' . $lang['addCensored'] . '</span>';
echo "\n\t<form method=\"post\" action=\"index.php?a=censored\">\n\t\t<fieldset>\n\t\t\t<table border=\"0\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['censoredOriginal'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"censoredOriginal\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['censoredReplacement'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"censoredReplacement\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<p>\n\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t<input type=\"hidden\" name=\"censoredType\" value=\"addCensored\" />\n\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['add'] . "\" />\n\t\t\t</p>\n\t\t</fieldset>\n\t</form>";
$queryMsg = "select id, original, replacement from " . $dbTables['censored'] . ";";
$con->connect();
$errorField .= $lang['dbPassword'] . ' ' . $lang['isEmpty'] . '<br />';*/
if ($optionsCheck['dbPrefix'] == '' || empty($optionsCheck['dbPrefix'])) {
$errorField .= $lang['dbPrefix'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($errorField == '') {
$data_file = "<?php\n\nif (__FILE__ == \$_SERVER['SCRIPT_FILENAME'])\n\tdie(\"This file cannot be executed directly\");\n\n\$data['dbHost'] = \"" . base64_encode($optionsCheck['dbHost']) . "\";\n\$data['dbUsername'] = \"" . base64_encode($optionsCheck['dbUsername']) . "\";\n\$data['dbPassword'] = \"" . base64_encode($optionsCheck['dbPassword']) . "\";\n\$data['dbDatabase'] = \"" . base64_encode($optionsCheck['dbDatabase']) . "\";\n\$data['dbPrefix'] = \"" . base64_encode($optionsCheck['dbPrefix']) . "\";\n\n?>";
echo $lang['manualDbFileCreation'] . "<br />\n\t\t\t\t<textarea rows='11' cols='70' onfocus='this.select()'>" . $data_file . "</textarea>";
}
}
if ($errorField != '') {
echo "<div class=\"msgError\">{$errorField}</div>";
}
}
require '../configuration.php';
echo '<table border="0" width="100%"><tr><td>';
$generatePaths = secureVar($_GET['paths'], 'html');
$chPaths['backupFolder'] = $config['backupFolder'];
$chPaths['smiliesFolder'] = $config['smiliesFolder'];
$chPaths['langFolder'] = $config['langFolder'];
$chPaths['themesFolder'] = $config['themesFolder'];
if (!empty($generatePaths) && isset($generatePaths)) {
$chPaths['backupFolder'] = realpath("./backup");
$chPaths['smiliesFolder'] = realpath("../images/custom");
$chPaths['langFolder'] = realpath("../languages");
$chPaths['themesFolder'] = realpath("../themes");
}
echo '
<form method="post" action="index.php?a=advOptions">
<fieldset>
<table>
<tr>
$newEmailNotif = 0;
}
if ($res['auto_censor'] == "true") {
$newCensor = 1;
} else {
$newCensor = 0;
}
$chPaths['backupFolder'] = realpath("../admin/backup");
$chPaths['smiliesFolder'] = realpath("../images/custom");
$chPaths['langFolder'] = realpath("../languages");
$chPaths['themesFolder'] = realpath("../themes");
$themeRetro = 'retro';
if ($lang['dir'] == 'rtl') {
$themeRetro = 'retroRTL';
}
$queryMsg = "Insert into " . $dbTables['config'] . "\n\t\t\t\t\t(id,offline,offlineMessage,guestbookLang,guestbookTheme,mobileTheme,pagesFormat,numPostsPerPage,adminLang,dateFormat,gbTitle,checkEmail,maxCharField,maxCharMsg,floodTime,moderateMsg,checkCaptcha,headTitle,resizeImg,imgWidth,imgHeight,metaKeywords,metaDescription,backupFolder,smiliesFolder,langFolder,themesFolder,receiveEmailNotification,email,autoCensor,debug,timezone,reCaptcha,reCaptchapubk,reCaptchaprvk)\n\t\t\t\t\t values (\n\t\t\t\t\t'" . secureVar($res['id'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($newOffline, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['offline_message'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($instLang, 'sql') . "',\n\t\t\t\t\t'" . secureVar($themeRetro, 'sql') . "',\n\t\t\t\t\t'" . secureVar('mobile', 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['spages'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['pages'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($instLang, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['date_format'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['title'], 'sql') . "',\n\t\t\t\t\t'" . secureVar(0, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['max_char_field'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['max_char_message'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['flood_time'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($newModerate, 'sql') . "',\n\t\t\t\t\t'" . secureVar($newCaptcha, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['head'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($newResize, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['img_width'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['img_height'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['keyword'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['description'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($chPaths['backupFolder'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($chPaths['smiliesFolder'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($chPaths['langFolder'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($chPaths['themesFolder'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($newEmailNotif, 'sql') . "',\n\t\t\t\t\t'" . secureVar($res['email'], 'sql') . "',\n\t\t\t\t\t'" . secureVar($newCensor, 'sql') . "',\n\t\t\t\t\t'" . secureVar(0, 'sql') . "',\n\t\t\t\t\t'',\n\t\t\t\t\t'',\n\t\t\t\t\t'',\n\t\t\t\t\t''\n\t\t\t\t\t);";
if (!$con->modify($queryMsg)) {
$resultConfig = false;
$con->printError();
}
}
echo 'Configuration.....';
if ($resultConfig) {
echo $lang['ok'];
} else {
echo $lang['no'];
}
echo '<br />';
$con->close();
if ($resultCensored && $resultConfig && $resultIP && $resultPosts && $resultReply && $resultSmilies && $resultTrash) {
echo "<div class=\"msgSuccess\">" . $lang['convertionDone'] . "</div>";
$boxContent->assign("CAPTCHA_FIELD", $_SESSION['captchaField']);
$boxContent->assign("LANG_CAPTCHA", $lang['captcha']);
$boxContent->assign("CAPTCHA", $captcha);
$boxContent->parse('sign.signForm.captcha');
}
if ($config['reCaptcha']) {
$boxContent->assign("CAPTCHA", $captcha);
$boxContent->parse('sign.signForm.recaptcha');
}
$publishPage = true;
$con->connect();
$con->getRows("Select ip from " . $dbTables['ip'] . ";");
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
if (preg_match("/^" . $res['ip'] . "/", $_SERVER['REMOTE_ADDR'])) {
$errorFieldBanIP = secureVar($_SERVER['REMOTE_ADDR'], 'html') . ' ' . $lang['bannedIP'] . '<br />';
$publishPage = false;
break;
}
}
}
if (!$publishPage) {
$boxContent->assign("IP_BANNED", $errorFieldBanIP);
$boxContent->parse('sign.bannedIP');
} else {
if (!$signOk) {
$boxContent->parse('sign.signForm');
}
}
$boxContent->parse('sign');
$boxContent = $boxContent->text('sign');
/**
* useless from now on? 2.2RC1
*/
function getNearestLang()
{
$country = getCountry(getHostnameExt(getHost(getIp())), secureVar(@$_SERVER['HTTP_ACCEPT_LANGUAGE']));
foreach ($this->langAvailable as $key => $langInfo) {
if ($langInfo[3] == $country) {
return $key;
}
}
return $this->langAvailable['default_lang'];
}
<?php
if (@$magic != "0xDEADBEEF") {
die("This file cannot be executed directly");
}
$boxContent = new XTemplate('./themes/' . $config['guestbookTheme'] . '/content/stats.tpl');
include_once 'classes/manage/stats.class.php';
$stats = new Stats();
$durationId = secureVar($_GET['d'], 'html');
$lastMonthSeconds = time() - 2629743;
if ($durationId == 'lastmonth') {
$queryMsg = "select useragent from " . $dbTables['posts'] . " where publish='1' and date>=" . $lastMonthSeconds . ";";
$lastMonthURL = $lang['lastMonth'];
$allTimeURL = '<a href="index.php?a=stats&d=alltime">' . $lang['allTime'] . '</a>';
} else {
$queryMsg = "select useragent from " . $dbTables['posts'] . " where publish='1';";
$lastMonthURL = '<a href="index.php?a=stats&d=lastmonth">' . $lang['lastMonth'] . '</a>';
$allTimeURL = $lang['allTime'];
}
$con->connect();
$con->getRows($queryMsg);
$totalNumber = 0;
$totalFlags = $con->getNumRows();
if ($totalFlags > 0) {
if ($con->getNumRows() > 0) {
foreach ($con->queryResult as $res) {
$stats->calculateStats($res['useragent']);
$totalNumber++;
}
}
$con->close();
<?php
if (@$magic != "0xDEADBEEF") {
die("This file cannot be executed directly");
}
echo '<div class="mainTitle">' . $lang['optimize'] . ' ' . $lang['database'] . '</div>';
echo '<div class="helpPopup ' . $alignHelp . '"><a href="#" onclick="openHelp(\'optimize\');">' . $lang['help'] . '</a></div>';
$submitId = secureVar($_POST['submit'], 'html');
$optimizeResults = array();
if (!empty($submitId) && isset($submitId)) {
$queryMsg = "OPTIMIZE TABLE " . $dbTables['config'] . ", " . $dbTables['admin'] . ", " . $dbTables['censored'] . ", " . $dbTables['ip'] . ", " . $dbTables['smilies'] . ", " . $dbTables['posts'] . ", " . $dbTables['reply'] . ", " . $dbTables['trash'] . ", " . $dbTables['backupLog'] . ";";
$con->connect();
if ($con->getRows($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['optimizationSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
}
$queryMsg = "ANALYZE TABLE " . $dbTables['config'] . ", " . $dbTables['admin'] . ", " . $dbTables['censored'] . ", " . $dbTables['ip'] . ", " . $dbTables['smilies'] . ", " . $dbTables['posts'] . ", " . $dbTables['reply'] . ", " . $dbTables['trash'] . ", " . $dbTables['backupLog'] . ";";
$con->connect();
if ($con->getRows($queryMsg)) {
foreach ($con->queryResult as $res) {
$optimizeResults[] = $res['Msg_text'];
}
}
$con->close();
$optimizeNeeded = false;
foreach ($optimizeResults as $key => $value) {
if (strripos($value, 'up to date') == false) {
/**
* returns the $varName value from the array in the cookie
*
* @param string $varName
*
* @return string|false
*/
function getVar($varName)
{
if (is_array($this->a_content) && isset($this->a_content[$varName])) {
return secureVar($this->a_content[$varName]);
} else {
return false;
}
}
echo "<a href='#' onclick=\"window.open ('includes/content/doBackup.php', 'Backup', config='height=200, width=200, toolbar=no, menubar=no, scrollbars=no, resizable=no, location=no, directories=no, status=no');\">" . $lang['backupDatabase'] . "</a>";
echo '</div>';
if (base64_decode($_SESSION['privilege']) == 1) {
echo '<span class="titleMsg">' . $lang['restoreDatabase'] . '</span>';
echo "<form method=\"post\" action=\"index.php?a=backup\" enctype='multipart/form-data'>\n\t\t\t<fieldset>\n\t\t\t\t<div class='startBox'> " . $lang['sqlFile'] . " : \n\t\t\t\t\t<input type=\"file\" name=\"uploadField\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"backupType\" value=\"restore\" />\n\t\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['restore'] . "\" />\n\t\t\t\t</div>\n\t\t\t</fieldset>\n\t\t</form>";
}
$con->connect();
$queryMsg = "select date, operation from " . $dbTables['backupLog'] . " order by date desc;";
$con->getRows($queryMsg);
if ($con->getNumRows() > 0) {
echo '<span class="titleMsg">' . $lang['bLog'] . '</span>';
echo '<table border="0">
<tr class="topInfosActions">
<td>' . $lang['bDate'] . '</td>
<td>' . $lang['bOperation'] . '</td>
</tr>';
foreach ($con->queryResult as $res) {
echo "<tr class=\"topInfos\">\n\t\t\t\t<td>" . date($config['dateFormat'], secureVar($res['date'], 'html')) . "</td>\n\t\t\t\t<td>";
if ($res['operation'] == "b") {
echo $lang['backupDatabase'];
} elseif ($res['operation'] == "r") {
echo $lang['restoreDatabase'];
} else {
echo $lang['unkownOperation'];
}
echo "</td></tr>";
}
echo '<tr><td colspan="2" align="right"><a href="index.php?a=backup&action=clear">' . $lang['bClear'] . '</a></td></tr>
</table>';
}
$con->close();
/**
* get a variable from the $_REQUEST superglobal
*
* it tests the var type and exit if the variable doesn't have default value and
* if the type doesn't match
*
* @param string $varName name of the variable
* @param string $varDefault default value. If '', and if the type doesn't match, exit() !
* @param string $varType variable type
*/
function getRequestVar($varName, $varDefault = null, $varType = "string")
{
$varDefault = secureVar(stripslashesPmv($varDefault));
if (!isset($_REQUEST[$varName]) || empty($_REQUEST[$varName])) {
if ($varDefault === null) {
trigger_error("Error : \$varName '{$varName}' doesn't have value in \$_REQUEST and doesn't have a" . " \$varDefault value", E_USER_ERROR);
exit;
return;
} else {
if ($varType == "numeric") {
$varType = "string";
}
settype($varDefault, $varType);
return $varDefault;
}
} else {
$content = secureVar(stripslashesPmv($_REQUEST[$varName]));
if ($varType == 'string') {
if (is_string($content)) {
$ok = true;
}
} elseif ($varType == 'numeric' || $varType == 'int' || $varType == 'float') {
if (is_numeric($content)) {
$ok = true;
}
} elseif ($varType == 'array') {
if (is_array($content)) {
$ok = true;
}
} else {
$ok = true;
}
if (!isset($ok)) {
if ($varDefault === null) {
trigger_error("Error : \$varName '{$varName}' doesn't have a correct type in \$_REQUEST and doesn't " . "have a \$varDefault value", E_USER_ERROR);
exit;
return;
} else {
if ($varType == "numeric") {
$varType = "string";
}
settype($varDefault, $varType);
return $varDefault;
}
} else {
return $content;
}
}
}
echo "\n\t\t\t\t<body onload=\"document.getElementById('unhashedPassword').focus()\">\n\t\t\t\t<script type=\"text/javascript\" src=\"../javascript/webtoolkit.sha256.js\"></script>\n\t\t\t\t<br /><br />\n\t\t\t\t<div class=\"logo\">\n\t\t\t\t\t<img src=\"../images/logo/angora_medium.png\" alt=\"Angora logo\" />\n\t\t\t\t</div>\n\t\t\t\t<div class=\"login\">\n\t\t\t\t\t<form method=\"post\" action=\"index.php?a=login\">\n\t\t\t\t\t\t<fieldset>\n\t\t\t\t\t\t\t<table border=\"0\">\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . $lang['password'] . "</td>\n\t\t\t\t\t\t\t\t\t<td><input type=\"password\" name=\"unhashedPassword\" id=\"unhashedPassword\" autocomplete=\"off\" onkeyup=\"this.form.password.value = SHA256(SHA256(this.form.unhashedPassword.value + '" . base64_decode($_SESSION['salt']) . "') + '" . $_SESSION['challenge'] . "')\" /></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"password\" value=\"\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"step\" value=\"pass\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"ip\" value=\"" . $_SERVER['REMOTE_ADDR'] . "\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"useragent\" value=\"" . $_SERVER['HTTP_USER_AGENT'] . "\" />\n\t\t\t\t\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['login'] . "\" />\n\t\t\t\t\t\t\t</p>\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>\n\t\t\t\t</div>\n\t\t\t\t\n\t\t\t\t<div class=\"forgotPass\"><a href=\"index.php?a=forgotPass\">" . $lang['forgotPass'] . "</a></div>";
}
}
break;
case 'pass':
$loginCheck['password'] = secureVar(trim($_POST['password']), 'html');
$errorField = '';
if ($loginCheck['password'] == '' || empty($loginCheck['password'])) {
$errorField .= $lang['password'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($errorField != '') {
echo "<div class=\"msgError\">{$errorField}</div>";
printLogin();
} else {
$con->connect();
$con->getRows("Select * from " . $dbTables['admin'] . " where username='******'username'], 'sql') . "';");
if ($con->getNumRows() <= 0) {
echo '<div class="msgError">' . $loginCheck['username'] . ' ' . $lang['doesntExist'] . '</div>';
printLogin();
exit;
}
foreach ($con->queryResult as $res) {
$salt = base64_decode($res['salt']);
$admin['password'] = hash('sha256', $res['password'] . $_SESSION['challenge']);
if ($admin['password'] == $loginCheck['password']) {
$_SESSION['id'] = base64_encode($res['id']);
$_SESSION['privilege'] = base64_encode($res['privilege']);
$_SESSION['username'] = $res['username'];
$_SESSION['iden'] = TRUE;
$_SESSION['HTTP_USER_AGENT'] = hash('sha1', $_SERVER['HTTP_USER_AGENT']);
$loginCheck['iden'] = true;
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['adminConfigurationDone'] . "</div>";
$savedEmail = base64_encode($installCheck['adminEmail']);
$chPaths['backupFolder'] = realpath("../admin/backup");
$chPaths['smiliesFolder'] = realpath("../images/custom");
$chPaths['langFolder'] = realpath("../languages");
$chPaths['themesFolder'] = realpath("../themes");
$checkCaptcha = 0;
if (extension_loaded('gd')) {
$checkCaptcha = 1;
}
$themeRetro = 'retro';
if ($lang['dir'] == 'rtl') {
$themeRetro = 'retroRTL';
}
$queryMsg = "INSERT INTO " . $dbTables['config'] . " (id,offline,offlineMessage,guestbookLang,guestbookTheme,mobileTheme,pagesFormat,numPostsPerPage,adminLang,dateFormat,gbTitle,checkEmail,maxCharField,maxCharMsg,floodTime,moderateMsg,checkCaptcha,headTitle,resizeImg,imgWidth,imgHeight,metaKeywords,metaDescription,backupFolder,smiliesFolder,langFolder,themesFolder,receiveEmailNotification,email,autoCensor,debug) VALUES \n\t\t\t\t(0, '0', 'The guestbook is offline!', '" . secureVar($instLang, 'sql') . "', '" . secureVar($themeRetro, 'sql') . "', 'mobile', 'several', '5', '" . secureVar($instLang, 'sql') . "', 'd-m-Y H:i:s', 'My guestbook', '0', '35', '500', '30', '0', '" . secureVar($checkCaptcha, 'sql') . "', 'Angora 1.0', '0', '100', '100', '', '', '" . secureVar($chPaths['backupFolder'], 'sql') . "', '" . secureVar($chPaths['smiliesFolder'], 'sql') . "', '" . secureVar($chPaths['langFolder'], 'sql') . "', '" . secureVar($chPaths['themesFolder'], 'sql') . "', '0', '" . secureVar($savedEmail, 'sql') . "', '0', '0')";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['generalConfigurationDone'] . "</div>";
// Creation of data.php file
echo "<div class=\"title\">" . $lang['fileCreation'] . "</div>";
$data_file = "<?php\n\nif (@\$magic != \"0xDEADBEEF\")\n\tdie(\"This file cannot be executed directly\");\n\n\$data['dbHost'] = \"" . base64_encode($installCheck['host']) . "\";\n\$data['dbUsername'] = \"" . base64_encode($installCheck['username']) . "\";\n\$data['dbPassword'] = \"" . base64_encode($installCheck['password']) . "\";\n\$data['dbDatabase'] = \"" . base64_encode($installCheck['database']) . "\";\n\$data['dbPrefix'] = \"" . base64_encode($installCheck['prefix']) . "\";\n\n?>";
echo $lang['manualDbFileCreation'] . "<br />\n\t\t\t\t\t\t<textarea rows='11' cols='70' onfocus='this.select()'>" . $data_file . "</textarea>";
// Remember to delete setup folder !!
echo "<div class=\"title\">" . $lang['finishing'] . "</div>";
echo '<div>' . $lang['deleteSetup'] . '<br />' . $lang['yesYouCan'] . ' : <br />
<a href="../index.php">' . $lang['newGuestbook'] . '</a>
<br />
<a href="../admin/">' . $lang['adminCenter'] . '</a>';
} else {
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
echo '<div id="previous"><a href="index.php?a=config&lang=' . $instLang . '">' . $lang['previous'] . '</a></div>';
$boxContent->assign("POST_ID", secureVar($res['id'], 'html'));
$boxContent->assign("COUNTRY", $countryName->getCountry($res['country']));
$boxContent->assign("COUNTRY_ICON", "images/countries/" . secureVar($res['country'], 'html') . ".png");
$boxContent->assign("NAME", secureVar($res['name'], 'html'));
$boxContent->assign("LOCATION", secureVar($res['location'], 'html'));
$boxContent->assign("MESSAGE", $messageValue);
$boxContent->assign("USER_AGENT", secureVar($res['useragent'], 'html'));
$boxContent->assign("RATING", secureVar($res['rating'], 'html'));
$boxContent->assign("RATING_ICON", "images/stars/" . secureVar($res['rating'], 'html') . ".gif");
$boxContent->assign("PAGE_ADDR", "index.php?id=" . secureVar($res['id'], 'html'));
$boxContent->assign("COUNTRY_ADDR", "index.php?cc=" . secureVar($res['country'], 'html'));
$boxContent->assign("BROWSER_ICON", "images/browsers/icon_" . $userAgent->getBrowser() . ".png");
$boxContent->assign("OS_ICON", "images/os/icon_" . $userAgent->getOS() . ".png");
// Admin reply
if ($res['rid'] != NULL) {
$messageValue = Message::formatMessage(secureVar($res['rmessage'], 'html'), $censoredList, $censoredLists);
$messageValue = Message::formatSmilies($messageValue, null, $smiliesReplacement);
$boxContent->assign("AD_NAME", secureVar(base64_decode($res['rname']), 'html'));
$boxContent->assign("AD_DATE", date($config['dateFormat'], secureVar($res['rdate'], 'html')));
$boxContent->assign("AD_MESSAGE", $messageValue);
$boxContent->parse('posts.fetch_posts.fetch_adminReply');
}
$boxContent->parse('posts.fetch_posts');
}
} else {
$boxContent->assign("NO_MESSAGES", $lang['noPostsToYourQuery']);
$boxContent->parse('posts.no_posts');
}
$con->close();
$boxContent->parse('posts');
$boxContent = $boxContent->text('posts');
session_regenerate_id();
$magic = "0xDEADBEEF";
$lang = array();
include_once '../classes/error/error.class.php';
include_once 'includes/checks.php';
require_once '../configuration.php';
include_once '../classes/functions.php';
date_default_timezone_set($config['timezone']);
startCompression();
// Debug informations
if ($config['debug']) {
$startTime = getTime();
}
include_once "../languages/" . $config['adminLang'] . "/admin.php";
echo "<!DOCTYPE html \n PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"" . $lang['lang'] . "\" lang=\"" . $lang['lang'] . "\" dir=\"" . $lang['dir'] . "\">\n\n<head>\n<link rel=\"stylesheet\" href=\"includes/style/layout.css\" type=\"text/css\" />\n<link rel=\"stylesheet\" href=\"includes/style/style.css\" type=\"text/css\" />\n<meta http-equiv=\"Content-Type\" lang=\"" . $lang['lang'] . "\" content=\"text/html; charset=" . $lang['charset'] . "\" />\n<title>" . $config['headTitle'] . "</title>";
$pageName = secureVar($_GET['a'], 'html');
if (empty($pageName) || $pageName == '' || $pageName == 'login') {
echo "<script type=\"text/javascript\" src=\"../javascript/webtoolkit.sha256.js\"></script>\n\t</head><body>";
require_once 'includes/content/login.php';
} elseif ($pageName == 'logout') {
echo "</head><body>";
require_once 'includes/content/logout.php';
} elseif ($pageName == 'forgotPass') {
echo "</head><body>";
require_once 'includes/content/forgotPass.php';
} else {
$float = 'floatLeft';
$alignHelp = 'alignRight';
if ($lang['dir'] == 'rtl') {
$float = 'floatRight';
$alignHelp = 'alignLeft';
$errorField .= $lang['newPassword'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($adminCheck['confirmNewPassword'] == '' || empty($adminCheck['confirmNewPassword'])) {
$errorField .= $lang['confirmNewPassword'] . ' ' . $lang['isEmpty'] . '<br />';
}
if ($adminCheck['newPassword'] != $adminCheck['confirmNewPassword']) {
$errorField .= $lang['newPassMatch'] . '<br />';
}
if ($errorField != '') {
echo "<div class=\"msgError\">{$errorField}</div>";
} else {
$newSalt = substr(hash('sha1', uniqid(rand(), true)), 0, 5);
$newPassword = hash('sha256', $adminCheck['newPassword'] . $newSalt);
$saveSalt = base64_encode($newSalt);
$con->connect();
$queryMsg = "update " . $dbTables['admin'] . " set password='******'sql') . "', salt='" . secureVar($saveSalt, 'sql') . "' where id='" . secureVar($adminID, 'sql') . "';";
if ($con->modify($queryMsg)) {
echo "<div class=\"msgSuccess\">" . $lang['changeSuccess'] . "</div>";
} else {
$con->printError();
echo "<div class=\"msgError\">" . $lang['dataError'] . "</div>";
}
$con->close();
}
}
}
}
}
echo '<span class="titleMsg">' . $lang['addAdmin'] . '</span>';
echo "\n\t<form method=\"post\" action=\"index.php?a=admin\">\n\t\t<fieldset>\n\t\t\t<table border=\"0\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['adminName'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"adminName\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['newPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"newPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['confirmNewPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"confirmNewPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['superAdminPassword'] . "</td>\n\t\t\t\t\t<td><input type=\"password\" name=\"superAdminPassword\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<p>\n\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t<input type=\"hidden\" name=\"adminType\" value=\"addNewAdmin\" />\n\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['add'] . "\" />\n\t\t\t</p>\n\t\t</fieldset>\n\t</form>";
echo '<span class="titleMsg">' . $lang['modifyAdmins'] . '</span>';
}
$con->close();
}
}
}
}
echo '<span class="titleMsg">' . $lang['addSmiley'] . '</span>';
echo "\n\t<form method=\"post\" action=\"index.php?a=smilies\">\n\t\t<fieldset>\n\t\t\t<table border=\"0\">\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['smileyName'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"smileyName\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['smileyCode'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"smileyCode\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>" . $lang['smileyPath'] . "</td>\n\t\t\t\t\t<td><input type=\"text\" name=\"smileyPath\" size=\"40\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<p>\n\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t<input type=\"hidden\" name=\"smiliesType\" value=\"addaSmiley\" />\n\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['add'] . "\" />\n\t\t\t</p>\n\t\t</fieldset>\n\t</form>";
echo "<script type=\"text/javascript\">\n\t\t\tfunction toggle(obj) {\n\t\t\t\tvar el = document.getElementById('i' + obj);\n\t\t\t\tvar el1 = document.getElementById('m' + obj);\n\t\t\t\tif ( el.style.display != 'none' ) {\n\t\t\t\t\tel.style.display = 'none';\n\t\t\t\t\tel1.src = '../images/posts/toggle.gif';\n\t\t\t\t}\n\t\t\t\telse {\n\t\t\t\t\tel.style.display = '';\n\t\t\t\t\tel1.src = '../images/posts/toggle1.gif';\n\t\t\t\t}\n\t\t\t}\n\t\t</script>";
echo '<a href="javascript:toggle(1)"><img src="../images/posts/toggle.gif" alt="Toogle" id="m1" /> ' . $lang['uploadSmilies'] . '</a>';
echo '<div id="i1" style="display : none;">';
if ($handle = opendir($config['smiliesFolder'])) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
echo '
<a href="../images/custom/' . secureVar($file, 'html') . '" onclick="window.open(this.href);return false;">' . secureVar($file, 'html') . '</a><br />';
}
}
closedir($handle);
}
echo '</div><br /><br />';
$queryMsg = "select id, name, code, path from " . $dbTables['smilies'] . ";";
$con->connect();
$con->getRows($queryMsg);
if ($con->getNumRows() > 0) {
echo '<span class="titleMsg">' . $lang['modifySmilies'] . '</span>';
echo '<br />';
foreach ($con->queryResult as $res) {
echo "\n\t\t\t<form method=\"post\" action=\"index.php?a=smilies\">\n\t\t\t\t<fieldset>\n\t\t\t\t\t<table class='borderTable'>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>" . $lang['smileyName'] . "</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"smileyName\" value=\"" . $res['name'] . "\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>" . $lang['smileyCode'] . "</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"smileyCode\" value=\"" . $res['code'] . "\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>" . $lang['smileyPath'] . "</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"smileyPath\" size=\"40\" value=\"" . $res['path'] . "\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"hiddenField\" value=\"\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"smiliesType\" value=\"modifySmilies\" />\n\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"smileyID\" value=\"" . base64_encode($res['id']) . "\" />\n\t\t\t\t\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['modify'] . "\" />\n\t\t\t\t\t\t\t\t<input type=\"submit\" name=\"submit\" value=\"" . $lang['remove'] . "\" />\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t\t</form>";
}
}
$error = new Error("Data file doesn't exist. Have you installed your guestbook yet?");
die($error->showError());
}
require_once '../iden.php';
if (@$magicBackup != "0xNOWALLEALLOWED") {
die("This file cannot be executed directly");
}
unset($magicBackup);
include_once '../../../classes/database/mysql_dump.inc.php';
$mysql_dump = new MYSQL_DUMP(base64_decode($data['dbHost']), base64_decode($data['dbUsername']), base64_decode($data['dbPassword']));
$data['dbDatabaseDecoded'] = base64_decode($data['dbDatabase']);
$sql1 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['config'], HAR_ALL_OPTIONS);
$sql2 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['admin'], HAR_ALL_OPTIONS);
$sql3 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['posts'], HAR_ALL_OPTIONS);
$sql4 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['ip'], HAR_ALL_OPTIONS);
$sql5 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['censored'], HAR_ALL_OPTIONS);
$sql6 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['smilies'], HAR_ALL_OPTIONS);
$sql7 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['trash'], HAR_ALL_OPTIONS);
$sql8 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['reply'], HAR_ALL_OPTIONS);
$sql9 = $mysql_dump->dumpDB($data['dbDatabaseDecoded'], $dbTables['backupLog'], HAR_ALL_OPTIONS);
unset($data['dbDatabaseDecoded']);
$sql = $sql1 . $sql2 . $sql3 . $sql4 . $sql5 . $sql6 . $sql7 . $sql8 . $sql9;
$sql_file = "angora_" . time() . ".sql";
$mysql_dump->download_sql($sql, $sql_file);
include_once '../../../classes/functions.php';
$queryMsg = "insert into " . $dbTables['backupLog'] . " (id, date, operation) values (NULL, '" . secureVar(time(), 'sql') . "', '" . secureVar('b', 'sql') . "');";
$con->modify($queryMsg);
$magic = "";
unset($magic);
exit;
echo "<script language=\"javascript\">window.close();</script>";
