require_once "LightNEasy/common.php"; $sqldbdb = opendb(); $result = dbquery('SELECT * FROM ' . $prefix . 'bannedips WHERE ip="' . $_SERVER['REMOTE_ADDR'] . '"'); if ($row = fetch_array($result) !== false) { die($langmessage[118]); } readsetup(); //checks if user is logged in login(); //redirects to LightNEasy.php if user is logged in and is an admin if ($_SESSION['adminlevel'] > 3) { header("Location: " . $set['homepath'] . $set['indexfile']); } require_once "./languages/lang_" . $set['language'] . ".php"; //Read menu readmenu(); switch ($_POST['submit']) { case "saveprofile": if ($_SESSION['adminlevel'] >= 2) { $message = saveprofile(); } else { $message = $langmessage[98]; } break; default: } function content($page, $count = 0) { global $langmessage, $menu, $message, $prefix, $out; $out = ""; if ($message != "") {
function treat_posts() { global $message, $edit, $editextra, $langmessage, $set, $pagenum, $menu, $prefix, $out, $admintemplate; if ($_POST['return'] == "Return") { unset($_GET['do']); unset($_POST['submit']); $edit = 0; $editextra = 0; } switch ($_POST['submit']) { case "adduser": if ($_SESSION['adminlevel'] < 5) { $message = $langmessage[28]; break; } if ($_POST['handle'] == "") { $message = $langmessage[2]; break; } if ($_POST['password'] == "") { $message = $langmessage[3]; break; } if ($_POST['email'] == "") { $message = $langmessage[4]; break; } if ($_POST['password'] != $_POST['repeatpassword']) { $message = $langmessage[5]; break; } $query = 'INSERT INTO ' . $prefix . 'users (id, handle, password, adminlevel, ip, datejoined, email, firstname, lastname, website, location) VALUES (null, "' . encode($_POST['handle']) . '", "' . sha1($_POST['password']) . '", ' . $_POST['adminlevel'] . ', "", ' . time() . ', "' . $_POST['email'] . '", "' . encode($_POST['firstname']) . '", "' . encode($_POST['lastname']) . '", "' . $_POST['website'] . '", "' . encode($_POST['location']) . '")'; dbquery($query); $message = $langmessage[27]; unset($_GET['action']); break; case "saveuser": $query = "UPDATE " . $prefix . "users SET "; if ($_POST['password'] != "") { if ($_POST['password'] == $_POST['repeatpassword']) { $query .= "password=\"" . sha1($_POST['password']) . "\", "; } else { $message = $langmessage[5]; break; } } $query .= "handle=\"" . encode($_POST['handle']) . "\", email=\"" . $_POST['email'] . "\", firstname=\"" . encode($_POST['firstname']) . "\", lastname=\"" . encode($_POST['lastname']) . "\", website=\"" . $_POST['website'] . "\", location=\"" . encode($_POST['location']) . "\", adminlevel=" . $_POST['adminlevel'] . " WHERE id=" . $_POST['userid']; dbquery($query); $message = $langmessage[26]; unset($_GET['action']); break; case "deleteuser": if ($output = dbquery("SELECT * FROM " . $prefix . "users WHERE id=" . $_POST['userid'])) { $row = fetch_array($output); if ($_SESSION['adminlevel'] < $row['adminlevel']) { break; } } else { break; } $query = "DELETE FROM " . $prefix . "users WHERE id=" . $_POST['userid']; dbquery($query); unset($_GET['action']); break; case "Save": if ($_POST['mycontent'] != "") { dbquery("UPDATE " . $prefix . "paginas SET content=\"" . htmlentities($_POST['mycontent']) . '", description="' . encode($_POST['description']) . '", template="' . $_POST['template'] . '", restricted=' . $_POST['restricted'] . ', m3=' . $_POST['extra'] . ' WHERE page="' . $_POST['pagenum'] . '"'); $edit = 0; $message = $langmessage[102]; unset($_GET['do']); } break; case "Save Extra": $id = $_POST['id']; $result = dbquery('SELECT content FROM ' . $prefix . 'extras WHERE id=' . $id); if (num_rows($result)) { dbquery('UPDATE ' . $prefix . 'extras SET content="' . htmlentities($_POST['mycontent']) . '" WHERE id=' . $id); } else { dbquery('insert into ' . $prefix . 'extras (id,content) VALUES (null,"' . htmlentities($_POST['mycontent']) . '")'); } unset($_GET['do']); $editextra = 0; $message = $langmessage[103]; break; case "Save Setup": $query = "UPDATE " . $prefix . "settings set "; if ($_POST['password'] != "") { $query .= 'password="******", '; } if ($_POST['restricted'] != "") { $query .= 'restricted="' . $_POST['restricted'] . '", '; } $query .= 'admin="' . $_POST['admin'] . '", email="' . $_POST['email'] . '", wemail="' . $_POST['wemail'] . '", '; $query .= 'homepath="' . $_POST['homepath'] . '", template="' . $_POST['template'] . '", title="' . encode($_POST['title']) . '", subtitle="' . encode($_POST['subtitle']) . '", keywords="' . encode($_POST['keywords']) . '", description="' . encode($_POST['description']) . '", author="' . encode($_POST['author']) . '", footer="' . encode($_POST['footer']) . '", gzip=' . $_POST['gzip'] . ', timeoffset=' . $_POST['timeoffset'] . ', dateformat="' . $_POST['dateformat'] . '", extension="' . $_POST['extension'] . '", indexfile="' . $_POST['indexfile'] . '", language="' . $_POST['language'] . '", langeditor="' . $_POST['langeditor'] . '"'; if (!dbquery($query)) { die($langmessage[22]); } unset($_GET['do']); readsetup(); $message = $langmessage[150]; break; case "Edit Menu Entry": $query = 'UPDATE ' . $prefix . 'menu SET m1=' . $_POST['m1'] . ', m2=' . $_POST['m2'] . ', m3=' . $_POST['m3'] . ', page="' . $_POST['m4'] . '", nome="' . encode($_POST['m5']) . '" WHERE page="' . $_POST['oldm4'] . '"'; dbquery($query); unset($_GET['action']); readmenu(); break; case "Delete Menu Entry": dbquery("DELETE FROM " . $prefix . "menu WHERE page=\"" . $_POST['oldm4'] . "\""); unset($_GET['action']); readmenu(); break; case "Query Database": dbquery(sanitize(stripslashes($_POST['query']))); $message = $langmessage[46]; unset($_GET['do']); break; case "Delete Page": $link = sanitize($_POST['link']); dbquery('DELETE FROM ' . $prefix . 'menu WHERE page="' . $link . '"'); dbquery('DELETE FROM ' . $prefix . 'paginas WHERE page="' . $link . '"'); if (file_exists($link . ".php")) { unlink($link . ".php"); } unset($_GET['do']); $pagenum = "index"; $message = $langmessage[104]; readmenu(); break; case "Create Page": if ($_POST['filename'] == "" || $_POST['label'] == "") { $message = $langmessage[97]; } else { $count = 0; while ($menu[$count][3] != "") { if ($menu[$count][3] == $_POST['count']) { break; } $count++; } if (!strval(strstr($_POST['filename'], "*"))) { $create = 1; } else { $create = 0; } $label = htmlentities(sanitize(trim($_POST['label']))); $filename1 = sanitize(trim($_POST['filename'])); $descr = encode(sanitize($_POST['description'])); $templat = sanitize($_POST['template']); $restricted = $_POST['restricted']; $extra = sanitize(trim($_POST['extra'])); switch ($_POST['level']) { case "1": $bb = strval($menu[$count][0]) + 1; dbquery("UPDATE " . $prefix . "menu SET m1=m1+1 WHERE m1>=" . $bb); dbquery("INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES ({$bb},0,0,\"" . $filename1 . "\",\"" . $label . "\")"); if ($create) { addpage($bb, 0, $extra, $filename1, $label, $descr, $templat, $restricted); } break; case "2": $bb = strval($menu[$count][1]) + 1; $query = "UPDATE " . $prefix . "menu SET m2=m2+1 WHERE m1=" . $menu[$count][0] . " AND m2>=" . $bb; dbquery($query); $query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $bb . ",0,\"" . $filename1 . "\",\"" . $label . "\")"; dbquery($query); if ($create) { addpage($menu[$count][0], $bb, $extra, $filename1, $label, $descr, $templat, $restricted); } break; case "3": $bb = strval($menu[$count][2]) + 1; $query = "UPDATE " . $prefix . "menu SET m3=m3+1 WHERE m1=" . $menu[$count][0] . " AND m2=" . $menu[$count][2] . " AND m3>={$bb}"; dbquery($query); $query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $menu[$count][1] . "," . $bb . ",\"" . $filename1 . "\",\"" . $label . "\")"; dbquery($query); if ($create) { addpage($menu[$count][0], $menu[$count][1], $extra, $filename1, $label, $descr, $templat, $restricted); } break; } $message = $langmessage[87]; $pagenum = "index"; readmenu(); } break; default: } $admintemplate = false; if (isset($_GET['do']) && $_GET['do'] != "profile" && $_GET['do'] != "search" && $_GET['do'] != "login" && $_GET['do'] != "sitemap") { $admintemplate = true; } switch ($_GET['do']) { case "edit": if ($_SESSION[$set['password']] == "1") { $edit = 1; } else { $edit = 0; unset($_GET['do']); } break; case "editextra": if ($_SESSION[$set['password']] == "1") { $editextra = 1; } else { $editextra = 0; unset($_GET['do']); } break; default: } }