}
$ids = $_GET['id'];
if (isset($_SESSION['uid']) && $_SESSION['ulevel'] == 'admin') {
if (isset($ids)) {
include '../inc/simplepie/idn/idna_convert.class.php';
include '../inc/simplepie/simplepie.inc';
include '../config.php';
include '../planetoid.php';
if ($ajax) {
include 'feeds-functions.php';
}
$ids = explode(',', $ids);
for ($n = 0; $n < count($ids); $n++) {
$id = sql_escape($ids[$n]);
sql_query("UPDATE feeds SET approved=1 WHERE id='" . sql_escape($id) . "';");
$curr_feed_d = sql_action("SELECT * FROM feeds WHERE id='" . sql_escape($id) . "';");
$mail = $curr_feed_d['email'];
$admin_mail = sql_query("SELECT email FROM users WHERE role_level='admin';");
$admin_mail = $admin_mail['email'];
if ($mail != $admin_mail) {
$mail_cont = nl2br("Your feed on <a href=\"" . get_home_link() . "\">" . get_title() . "</a> has been approved.\n\t\t\t\t\t---\n\t\t\t\t\tPowered by <a href=\"http://project-planetoid.org\">Planetoid</a> " . PLANETOID_VERSION . " - Generated on " . date('r'));
mail($mail, "Planetoid administration", $mail_cont, "From: Planetoid <*****@*****.**> \r\n" . "Content-Type: text/html; charset=UTF-8\r\n" . "X-Mailer: PHP/" . phpversion());
}
if ($ajax) {
$manage = generate_manage_links($id, 1);
$manage = $manage['manage'];
echo "\$('#table-row-{$id} td:first img').remove();";
echo "\$('#table-row-{$id} td:last').html('{$manage}').parent().Highlight(1000,'#64b31b');";
}
}
if (!$ajax) {
function is_plugin_active($name)
{
$q = sql_action("SELECT value FROM settings WHERE name='plugin_{$name}:active';");
if ($q['value'] == 'true') {
return true;
} else {
return false;
}
}
if ($_GET['done'] == 'true') {
?>
<div id="updated">
Feed has been updated.
</div>
<?php
}
?>
<form action="update-feed.php" method="POST">
<input type="submit" value="Save changes »" class="settings-submit" />
<h2><img src="inc/images/loading.gif" id="loading" alt="loading" style="display: none;" />Edit feed</h2>
<hr style="display:none;"/>
<a name="details"></a>
<h3>Feed details</h3>
<?php
$feed = sql_action("SELECT * FROM feeds WHERE id='" . sql_escape($_GET['id']) . "';");
?>
<img src="../<?php
echo $feed['avatar'];
?>
" id="feed-avatar" alt="Hackergotchi" />
<p class="settings" style="padding-left: 70px;">
<input type="hidden" name="id" value="<?php
echo $feed['id'];
?>
" />
<input type="hidden" name="r_to" value="<?php
echo $curr_page . '?id=' . $feed['id'];
?>
" />
// ignore_user_abort(true);
if ($_GET['ajax'] == 'true') {
$ajax = true;
}
$ids = $_GET['id'];
if (isset($_SESSION['uid']) && $_SESSION['ulevel'] == 'admin') {
if (isset($ids)) {
include '../inc/simplepie/idn/idna_convert.class.php';
include '../inc/simplepie/simplepie.inc';
include '../config.php';
include '../planetoid.php';
$ids = explode(',', $ids);
header("Connection: Close");
for ($n = 0; $n < count($ids); $n++) {
$id = sql_escape($ids[$n]);
$user = sql_action("SELECT avatar, email FROM feeds WHERE id='{$id}';");
$avatar = $user['avatar'];
if ($avatar != 'inc/images/no-avatar.png') {
if (file_exists('../' . $avatar)) {
unlink('../' . $avatar);
}
}
/* sql_query("DELETE FROM users WHERE email='{$user['email']}';"); */
sql_query("DELETE FROM feeds WHERE id='{$id}';");
if ($ajax) {
echo "\$('#table-row-{$id}').css({'color': '#fff', 'background': '#e72300'}).fadeOut(500);";
}
}
if (!$ajax) {
header("Location: {$_GET['r_to']}");
}
$ajax = true;
}
if (isset($_SESSION['uid']) && $_SESSION['ulevel'] == 'admin') {
$ids = $_GET['id'];
if (isset($ids)) {
include '../inc/simplepie/idn/idna_convert.class.php';
include '../inc/simplepie/simplepie.inc';
include '../config.php';
include '../planetoid.php';
if ($ajax) {
include 'feeds-functions.php';
}
$ids = explode(',', $ids);
for ($n = 0; $n < count($ids); $n++) {
$id = sql_escape($ids[$n]);
$current = sql_action("SELECT * FROM feeds WHERE id={$id};");
$curr_status = $current['approved'];
$class_act = '';
if ($_GET['to_n'] == 'a') {
if ($curr_status == 2) {
$to_n = 1;
} else {
if ($curr_status < 2) {
$to_n = 2;
}
}
} else {
$to_n = intval($_GET['to_n']);
}
if ($to_n == 1) {
$class_act = 'remove';
$current_pass = sql_action("SELECT pass FROM users WHERE email='" . sql_escape($_POST['email']) . "';");
if ($current_pass) {
$new_pass = hash('md5', $current_pass['pass']);
$new_pass = substr($new_pass, 0, 6);
// echo $new_pass;
$new_pass = hash('md5', $new_pass);
sql_action("UPDATE users SET pass='******' WHERE email='" . sql_escape($_POST['email']) . "'");
$mail_cont = "Your password has been reset, the new password is: '{$new_pass}'." . "<br/>You can login here: " . "<a href=\"" . get_home_link() . "\">" . get_home_link() . "</a>" . "<br/>---</br/>Powered by <a href=\"http://planetoid-project.org\">Planetoid</a>";
mail($_POST['email'], "Planetoid adminstration", $mail_cont, "From: Planetoid <*****@*****.**> \r\n" . "Content-Type: text/html; charset=UTF-8\r\n" . "X-Mailer: PHP/" . phpversion());
$error = "New password has been sent to your email.";
} else {
$error = 'There is no user with this email, try again.';
}
}
if (isset($_POST['email']) && isset($_POST['pass']) && strlen($_POST['email']) + strlen($_POST['email']) != 0 && $_POST['action'] == 'login') {
$user_props = sql_action("SELECT * FROM users WHERE email='" . sql_escape($_POST['email']) . "' AND pass='******'pass'])) . "';");
if (isset($user_props['id'])) {
/* Just a check if SQL query did retrun any result */
$_SESSION['uid'] = $user_props['id'];
$_SESSION['ulevel'] = $user_props['role_level'];
header('Location: admin/');
} else {
$error = 'Wrong email or password.';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8" />
<title><?php
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'description', '" . sql_escape($_POST['desc']) . "');");
sleep(1);
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'base_url', '" . sql_escape($_POST['dir']) . "');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'base_link', '" . sql_escape($_POST['link']) . "');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'show_reg_button', 'on');");
sleep(1);
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'reg_notify', 'on');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'theme_dir_name', 'default');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'posts_num', '0');");
sleep(1);
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'date_format', 'j\\<\\s\\u\\p\\>S\\<\\/\\s\\u\\p\\> M Y');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'title_regexp', '');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'content_regexp', '');");
sleep(1);
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'install_time', '" . time() . "');");
sql_action("INSERT INTO settings VALUES (" . sql_autoid('settings') . ", 'installed', 'true');");
sql_close();
?>
<strong>Congratulations! Planetoid has been successfully installed!</strong>
<hr/>
Proceed to:
<ul>
<li><a href="cron.php?to=./&force_rdr=true"><?php
echo $_POST['title'];
?>
homepage</a></li>
<li><a href="admin/">Admin pages</a></li>
</ul>
<hr/>
<div class="info">
}
} else {
$avatar = 'inc/images/no-avatar.png';
}
$insert = sql_query("INSERT INTO feeds VALUES (" . sql_autoid('feeds') . ", '" . sql_escape($_POST['url']) . "', '" . sql_escape($_POST['email']) . "', '{$avatar}', " . sql_escape($_POST['approved']) . ", '" . date('Y-m-d') . "');");
if (!$insert) {
if ($ajax) {
echo "alert('An error occured.');";
} else {
header("Location: {$_POST['r_to']}?e=true");
}
exit(1);
}
if ($ajax) {
sleep(1);
$id = sql_action("SELECT id FROM feeds WHERE url='" . sql_escape($_POST['url']) . "';");
$id = $id['id'];
$links = generate_manage_links($id, $feed['approved']);
$manage = $links['manage'];
$new_note = $links['new_note'];
$hidden = $links['hidden'];
$table_row = "<tr{$hidden} id=\"table-row-{$id}\"><td class=\"num\">{$id} {$new_note}</td><td><a href=\"{$feed['url']}\" target=\"_blank\">{$feed['url']}</a></td><td>{$manage}</td></tr>\n";
echo "\$('#feeds-table tbody').append('{$table_row}');\$('#feeds-table tbody tr:last').Highlight(1000, '#ffe');";
} else {
header("Location: {$_POST['r_to']}");
}
sql_close();
refresh_cache();
} else {
if ($ajax) {
echo 'alert("You have to fill all fields execept avatar\'s URL.");';
