require_once "LightNEasy/common.php";
$sqldbdb = opendb();
$result = dbquery('SELECT * FROM ' . $prefix . 'bannedips WHERE ip="' . $_SERVER['REMOTE_ADDR'] . '"');
if ($row = fetch_array($result) !== false) {
die($langmessage[118]);
}
readsetup();
//checks if user is logged in
login();
//redirects to LightNEasy.php if user is logged in and is an admin
if ($_SESSION['adminlevel'] > 3) {
header("Location: " . $set['homepath'] . $set['indexfile']);
}
require_once "./languages/lang_" . $set['language'] . ".php";
//Read menu
readmenu();
switch ($_POST['submit']) {
case "saveprofile":
if ($_SESSION['adminlevel'] >= 2) {
$message = saveprofile();
} else {
$message = $langmessage[98];
}
break;
default:
}
function content($page, $count = 0)
{
global $langmessage, $menu, $message, $prefix, $out;
$out = "";
if ($message != "") {
function treat_posts()
{
global $message, $edit, $editextra, $langmessage, $set, $pagenum, $menu, $prefix, $out, $admintemplate;
if ($_POST['return'] == "Return") {
unset($_GET['do']);
unset($_POST['submit']);
$edit = 0;
$editextra = 0;
}
switch ($_POST['submit']) {
case "adduser":
if ($_SESSION['adminlevel'] < 5) {
$message = $langmessage[28];
break;
}
if ($_POST['handle'] == "") {
$message = $langmessage[2];
break;
}
if ($_POST['password'] == "") {
$message = $langmessage[3];
break;
}
if ($_POST['email'] == "") {
$message = $langmessage[4];
break;
}
if ($_POST['password'] != $_POST['repeatpassword']) {
$message = $langmessage[5];
break;
}
$query = 'INSERT INTO ' . $prefix . 'users (id, handle, password, adminlevel, ip, datejoined, email, firstname, lastname, website, location) VALUES (null, "' . encode($_POST['handle']) . '", "' . sha1($_POST['password']) . '", ' . $_POST['adminlevel'] . ', "", ' . time() . ', "' . $_POST['email'] . '", "' . encode($_POST['firstname']) . '", "' . encode($_POST['lastname']) . '", "' . $_POST['website'] . '", "' . encode($_POST['location']) . '")';
dbquery($query);
$message = $langmessage[27];
unset($_GET['action']);
break;
case "saveuser":
$query = "UPDATE " . $prefix . "users SET ";
if ($_POST['password'] != "") {
if ($_POST['password'] == $_POST['repeatpassword']) {
$query .= "password=\"" . sha1($_POST['password']) . "\", ";
} else {
$message = $langmessage[5];
break;
}
}
$query .= "handle=\"" . encode($_POST['handle']) . "\", email=\"" . $_POST['email'] . "\", firstname=\"" . encode($_POST['firstname']) . "\", lastname=\"" . encode($_POST['lastname']) . "\", website=\"" . $_POST['website'] . "\", location=\"" . encode($_POST['location']) . "\", adminlevel=" . $_POST['adminlevel'] . " WHERE id=" . $_POST['userid'];
dbquery($query);
$message = $langmessage[26];
unset($_GET['action']);
break;
case "deleteuser":
if ($output = dbquery("SELECT * FROM " . $prefix . "users WHERE id=" . $_POST['userid'])) {
$row = fetch_array($output);
if ($_SESSION['adminlevel'] < $row['adminlevel']) {
break;
}
} else {
break;
}
$query = "DELETE FROM " . $prefix . "users WHERE id=" . $_POST['userid'];
dbquery($query);
unset($_GET['action']);
break;
case "Save":
if ($_POST['mycontent'] != "") {
dbquery("UPDATE " . $prefix . "paginas SET content=\"" . htmlentities($_POST['mycontent']) . '", description="' . encode($_POST['description']) . '", template="' . $_POST['template'] . '", restricted=' . $_POST['restricted'] . ', m3=' . $_POST['extra'] . ' WHERE page="' . $_POST['pagenum'] . '"');
$edit = 0;
$message = $langmessage[102];
unset($_GET['do']);
}
break;
case "Save Extra":
$id = $_POST['id'];
$result = dbquery('SELECT content FROM ' . $prefix . 'extras WHERE id=' . $id);
if (num_rows($result)) {
dbquery('UPDATE ' . $prefix . 'extras SET content="' . htmlentities($_POST['mycontent']) . '" WHERE id=' . $id);
} else {
dbquery('insert into ' . $prefix . 'extras (id,content) VALUES (null,"' . htmlentities($_POST['mycontent']) . '")');
}
unset($_GET['do']);
$editextra = 0;
$message = $langmessage[103];
break;
case "Save Setup":
$query = "UPDATE " . $prefix . "settings set ";
if ($_POST['password'] != "") {
$query .= 'password="******", ';
}
if ($_POST['restricted'] != "") {
$query .= 'restricted="' . $_POST['restricted'] . '", ';
}
$query .= 'admin="' . $_POST['admin'] . '", email="' . $_POST['email'] . '", wemail="' . $_POST['wemail'] . '", ';
$query .= 'homepath="' . $_POST['homepath'] . '", template="' . $_POST['template'] . '", title="' . encode($_POST['title']) . '", subtitle="' . encode($_POST['subtitle']) . '", keywords="' . encode($_POST['keywords']) . '", description="' . encode($_POST['description']) . '", author="' . encode($_POST['author']) . '", footer="' . encode($_POST['footer']) . '", gzip=' . $_POST['gzip'] . ', timeoffset=' . $_POST['timeoffset'] . ', dateformat="' . $_POST['dateformat'] . '", extension="' . $_POST['extension'] . '", indexfile="' . $_POST['indexfile'] . '", language="' . $_POST['language'] . '", langeditor="' . $_POST['langeditor'] . '"';
if (!dbquery($query)) {
die($langmessage[22]);
}
unset($_GET['do']);
readsetup();
$message = $langmessage[150];
break;
case "Edit Menu Entry":
$query = 'UPDATE ' . $prefix . 'menu SET m1=' . $_POST['m1'] . ', m2=' . $_POST['m2'] . ', m3=' . $_POST['m3'] . ', page="' . $_POST['m4'] . '", nome="' . encode($_POST['m5']) . '" WHERE page="' . $_POST['oldm4'] . '"';
dbquery($query);
unset($_GET['action']);
readmenu();
break;
case "Delete Menu Entry":
dbquery("DELETE FROM " . $prefix . "menu WHERE page=\"" . $_POST['oldm4'] . "\"");
unset($_GET['action']);
readmenu();
break;
case "Query Database":
dbquery(sanitize(stripslashes($_POST['query'])));
$message = $langmessage[46];
unset($_GET['do']);
break;
case "Delete Page":
$link = sanitize($_POST['link']);
dbquery('DELETE FROM ' . $prefix . 'menu WHERE page="' . $link . '"');
dbquery('DELETE FROM ' . $prefix . 'paginas WHERE page="' . $link . '"');
if (file_exists($link . ".php")) {
unlink($link . ".php");
}
unset($_GET['do']);
$pagenum = "index";
$message = $langmessage[104];
readmenu();
break;
case "Create Page":
if ($_POST['filename'] == "" || $_POST['label'] == "") {
$message = $langmessage[97];
} else {
$count = 0;
while ($menu[$count][3] != "") {
if ($menu[$count][3] == $_POST['count']) {
break;
}
$count++;
}
if (!strval(strstr($_POST['filename'], "*"))) {
$create = 1;
} else {
$create = 0;
}
$label = htmlentities(sanitize(trim($_POST['label'])));
$filename1 = sanitize(trim($_POST['filename']));
$descr = encode(sanitize($_POST['description']));
$templat = sanitize($_POST['template']);
$restricted = $_POST['restricted'];
$extra = sanitize(trim($_POST['extra']));
switch ($_POST['level']) {
case "1":
$bb = strval($menu[$count][0]) + 1;
dbquery("UPDATE " . $prefix . "menu SET m1=m1+1 WHERE m1>=" . $bb);
dbquery("INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES ({$bb},0,0,\"" . $filename1 . "\",\"" . $label . "\")");
if ($create) {
addpage($bb, 0, $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
case "2":
$bb = strval($menu[$count][1]) + 1;
$query = "UPDATE " . $prefix . "menu SET m2=m2+1 WHERE m1=" . $menu[$count][0] . " AND m2>=" . $bb;
dbquery($query);
$query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $bb . ",0,\"" . $filename1 . "\",\"" . $label . "\")";
dbquery($query);
if ($create) {
addpage($menu[$count][0], $bb, $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
case "3":
$bb = strval($menu[$count][2]) + 1;
$query = "UPDATE " . $prefix . "menu SET m3=m3+1 WHERE m1=" . $menu[$count][0] . " AND m2=" . $menu[$count][2] . " AND m3>={$bb}";
dbquery($query);
$query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $menu[$count][1] . "," . $bb . ",\"" . $filename1 . "\",\"" . $label . "\")";
dbquery($query);
if ($create) {
addpage($menu[$count][0], $menu[$count][1], $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
}
$message = $langmessage[87];
$pagenum = "index";
readmenu();
}
break;
default:
}
$admintemplate = false;
if (isset($_GET['do']) && $_GET['do'] != "profile" && $_GET['do'] != "search" && $_GET['do'] != "login" && $_GET['do'] != "sitemap") {
$admintemplate = true;
}
switch ($_GET['do']) {
case "edit":
if ($_SESSION[$set['password']] == "1") {
$edit = 1;
} else {
$edit = 0;
unset($_GET['do']);
}
break;
case "editextra":
if ($_SESSION[$set['password']] == "1") {
$editextra = 1;
} else {
$editextra = 0;
unset($_GET['do']);
}
break;
default:
}
}
