if (!file_exists($link)) { $html = "Seems like the .php is non existant. Is it deleted?"; } else { //If deleting something if (preg_match("/[\\.*]/", $main->getvar['page']) == 0) { require $link; $content = new page(); if (isset($main->getvar['sub'])) { ob_start(); $content->content(); $html = ob_get_contents(); # Retrieve the HTML ob_clean(); # Flush the HTML } elseif (isset($content->navlist)) { $html = $content->description(); } else { ob_start(); $content->content(); $html = ob_get_contents(); # Retrieve the HTML ob_clean(); # Flush the HTML } } else { $html = ""; $email->staff("Possible Hacking Attempt", "A user has been logged trying to hack your copy of BNPanel, their IP is: " . $main->removeXSS($_SERVER['REMOTE_ADDR'])); } } } $data = $main->table($header, $html);
function acp() { global $dbh, $postvar, $getvar, $instance; ob_start(); if ($_SESSION['clogged'] || $_SESSION['cuser']) { session_destroy(); main::redirect("?page=home"); } if (!$getvar['page']) { $getvar['page'] = "home"; } $page = $dbh->select("acpnav", array("link", "=", $getvar['page'])); // "Hack" to get the credits and tickets page looking nicer switch ($getvar["page"]) { case "credits": $header = "Credits"; break; default: if ($page['visual'] == "Tickets" && $getvar['mode'] == 'ticketsall') { $header = "All Tickets"; } else { $header = $page['visual']; } break; } $link = "pages/" . $getvar['page'] . ".php"; $staff_data = $dbh->select("staff", array("id", "=", $_SESSION['user'])); $user_perms = $staff_data['perms']; if (substr_count($user_perms, "paid") == '1') { $nopaid = '1'; } if (substr_count($user_perms, "p2h") == '1') { $nop2h = '1'; } if (!file_exists($link)) { $html = "<strong>THT Fatal Error:</strong> That page doesn't exist."; } elseif (!main::checkPerms($page['id']) && !$nopaid && !$nop2h && $user_perms) { $html = "You don't have access to this page."; } elseif ($getvar['page'] == "type" && $getvar['type'] == "paid" && $nopaid) { $html = "You don't have access to this page."; } elseif ($getvar['page'] == "type" && $getvar['type'] == "p2h" && $nop2h) { $html = "You don't have access to this page."; } else { include $link; $content = new page(); // Main Side Bar HTML $nav = "Sidebar Menu"; $sub = $dbh->select("acpnav", 0, array("id", "ASC")); while ($row = $dbh->fetch_array($sub)) { if (main::checkPerms($row['id'])) { $sidebarlink_array['IMGURL'] = $row['icon']; $sidebarlink_array['LINK'] = "?page=" . $row['link']; $sidebarlink_array['VISUAL'] = $row['visual']; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); } } // Types Navbar /* * When Working on the navbar, to make a spacer use this: * $sidebar_array['LINKS'] .= style::replaceVar("tpl/spacer.tpl"); */ foreach ($instance->packtypes as $key => $value) { if ($key == "paid" && $nopaid != "1" || $key == "p2h" && $nop2h != "1" || $key != "paid" && $key != "p2h") { if ($instance->packtypes[$key]->acpNav) { foreach ($instance->packtypes[$key]->acpNav as $key2 => $value) { $sidebarlink_array['IMGURL'] = $value[2]; $sidebarlink_array['LINK'] = "?page=type&type=" . $key . "&sub=" . $value[1]; $sidebarlink_array['VISUAL'] = $value[0]; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); if ($getvar['page'] == "type" && $getvar['type'] == $key && $getvar['sub'] == $value[1]) { define("SUB", $value[3]); $header = $value[3]; $getvar['myheader'] = $value[3]; } } } } } $sidebarlink_array['IMGURL'] = "information.png"; $sidebarlink_array['LINK'] = "?page=credits"; $sidebarlink_array['VISUAL'] = "Credits"; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); $sidebarlink_array['IMGURL'] = "delete.png"; $sidebarlink_array['LINK'] = "?page=logout"; $sidebarlink_array['VISUAL'] = "Logout"; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); $sidebar = style::replaceVar("tpl/sidebar.tpl", $sidebar_array); //Page Sidebar if ($content->navtitle) { $subnav = $content->navtitle; foreach ($content->navlist as $key => $value) { $sub_sidebarlink_array['IMGURL'] = $value[1]; $sub_sidebarlink_array['LINK'] = "?page=" . $getvar['page'] . "&sub=" . $value[2]; $sub_sidebarlink_array['VISUAL'] = $value[0]; $sub_sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sub_sidebarlink_array); } $subsidebar = style::replaceVar("tpl/sidebar.tpl", $sub_sidebar_array); } if ($getvar['sub'] && $getvar['page'] != "type") { foreach ($content->navlist as $key => $value) { if ($value[2] == $getvar['sub']) { if (!$value[0]) { define("SUB", $getvar['page']); $header = $getvar['page']; } else { define("SUB", $value[0]); $header = $value[0]; } } } } if ($getvar['sub'] == "delete" && isset($getvar['do']) && !$_POST && !$getvar['confirm']) { foreach ($postvar as $key => $value) { $warning_array['HIDDEN'] .= '<input name="' . $key . '" type="hidden" value="' . $value . '" />'; } $warning_array['HIDDEN'] .= " "; $html = style::replaceVar("tpl/warning.tpl", $warning_array); } elseif ($getvar['sub'] == "delete" && isset($getvar['do']) && $_POST && !$getvar['confirm']) { if ($postvar['yes']) { foreach ($getvar as $key => $value) { if ($i) { $i = "&"; } else { $i = "?"; } $url .= $i . $key . "=" . $value; } $url .= "&confirm=1"; main::redirect($url); } elseif ($postvar['no']) { main::done(); } } else { if (isset($getvar['sub'])) { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } elseif ($content->navlist) { $html .= $content->description(); // First, we gotta get the page description. $html .= "<br /><br />"; // Break it up // Now we should prepend some stuff here $subsidebar2 .= "<strong>Page Submenu</strong><div class='break'></div>"; $subsidebar2 .= $subsidebar; // Done, now output it in a sub() table $html .= main::sub($subsidebar2, NULL); // Initial implementation, add the SubSidebar(var) into the description, basically append it } else { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } } } $staffuser = $dbh->staff($_SESSION['user']); define("SUB", $header); define("INFO", '<b>Welcome back, ' . strip_tags($staffuser['name']) . '</b><br />' . SUB); echo '<div id="left">'; echo main::table($nav, $sidebar); if ($content->navtitle) { echo "<br />"; echo main::table($subnav, $subsidebar); } echo '</div>'; echo '<div id="right">'; echo main::table($header, $html); echo '</div>'; $html_buff = ob_get_contents(); ob_clean(); return $html_buff; }
function acp() { global $main; global $db; global $style; global $type; global $email; ob_start(); # Stop the output buffer if (!$main->getvar['page']) { $main->getvar['page'] = "home"; } $query = $db->query("SELECT * FROM `<PRE>acpnav` WHERE `link` = '{$main->getvar['page']}'"); $page = $db->fetch_array($query); // "Hack" to get the credits and tickets page looking nicer switch ($main->getvar["page"]) { case "credits": $header = "Credits"; break; case "ticketsall": $header = "All Tickets"; break; default: $header = $page['visual']; break; } $link = "pages/" . $main->getvar['page'] . ".php"; if (!file_exists($link)) { $html = "<strong>THT Fatal Error:</strong> Seems like the .php is non existant. Is it deleted?"; } elseif (!$main->checkPerms($page['id']) && $db->num_rows($query) != 0) { $html = "You don't have access to this page."; } else { //If deleting something if (preg_match("/[\\.*]/", $main->getvar['page']) == 0) { include $link; $content = new page(); // Main Side Bar HTML $nav = "Sidebar Menu"; $sub = $db->query("SELECT * FROM `<PRE>acpnav`"); while ($row = $db->fetch_array($sub)) { if ($main->checkPerms($row['id'])) { $array2['IMGURL'] = $row['icon']; $array2['LINK'] = "?page=" . $row['link']; $array2['VISUAL'] = $row['visual']; $array['LINKS'] .= $style->replaceVar("tpl/sidebarlink.tpl", $array2); } } # Types Navbar /* * When Working on the navbar, to make a spacer use this: * $array['LINKS'] .= $style->replaceVar("tpl/spacer.tpl"); */ $type->createAll(); foreach ($type->classes as $key => $value) { if ($type->classes[$key]->acpNav) { foreach ($type->classes[$key]->acpNav as $key2 => $value) { $array2['IMGURL'] = $value[2]; $array2['LINK'] = "?page=type&type=" . $key . "&sub=" . $value[1]; $array2['VISUAL'] = $value[0]; $array['LINKS'] .= $style->replaceVar("tpl/sidebarlink.tpl", $array2); if ($main->getvar['page'] == "type" && $main->getvar['type'] == $key && $main->getvar['sub'] == $value[1]) { define("SUB", $value[3]); $header = $value[3]; $main->getvar['myheader'] = $value[3]; } } } } $array2['IMGURL'] = "information.png"; $array2['LINK'] = "?page=credits"; $array2['VISUAL'] = "Credits"; $array['LINKS'] .= $style->replaceVar("tpl/sidebarlink.tpl", $array2); $array2['IMGURL'] = "delete.png"; $array2['LINK'] = "?page=logout"; $array2['VISUAL'] = "Logout"; $array['LINKS'] .= $style->replaceVar("tpl/sidebarlink.tpl", $array2); $sidebar = $style->replaceVar("tpl/sidebar.tpl", $array); //Page Sidebar if ($content->navtitle) { $subnav = $content->navtitle; $sub = $db->query("SELECT * FROM `<PRE>acpnav`"); foreach ($content->navlist as $key => $value) { $array2['IMGURL'] = $value[1]; $array2['LINK'] = "?page=" . $main->getvar['page'] . "&sub=" . $value[2]; $array2['VISUAL'] = $value[0]; $array3['LINKS'] .= $style->replaceVar("tpl/sidebarlink.tpl", $array2); } $subsidebar = $style->replaceVar("tpl/sidebar.tpl", $array3); } if ($main->getvar['sub'] && $main->getvar['page'] != "type") { foreach ($content->navlist as $key => $value) { if ($value[2] == $main->getvar['sub']) { if (!$value[0]) { define("SUB", $main->getvar['page']); $header = $main->getvar['page']; } else { define("SUB", $value[0]); $header = $value[0]; } } } } if ($main->getvar['sub'] == "delete" && isset($main->getvar['do']) && !$_POST && !$main->getvar['confirm']) { foreach ($main->postvar as $key => $value) { $array['HIDDEN'] .= '<input name="' . $key . '" type="hidden" value="' . $value . '" />'; } $array['HIDDEN'] .= " "; $html = $style->replaceVar("tpl/warning.tpl", $array); } elseif ($main->getvar['sub'] == "delete" && isset($main->getvar['do']) && $_POST && !$main->getvar['confirm']) { if ($main->postvar['yes']) { foreach ($main->getvar as $key => $value) { if ($i) { $i = "&"; } else { $i = "?"; } $url .= $i . $key . "=" . $value; } $url .= "&confirm=1"; $main->redirect($url); } elseif ($main->postvar['no']) { $main->done(); } } else { if (isset($main->getvar['sub'])) { ob_start(); $content->content(); $html = ob_get_contents(); # Retrieve the HTML ob_clean(); # Flush the HTML } elseif ($content->navlist) { $html .= $content->description(); # First, we gotta get the page description. $html .= "<br /><br />"; # Break it up // Now we should prepend some stuff here $subsidebar2 .= "<strong>Page Submenu</strong><div class='break'></div>"; $subsidebar2 .= $subsidebar; // Done, now output it in a sub() table $html .= $main->sub($subsidebar2, NULL); # Initial implementation, add the SubSidebar(var) into the description, basically append it if (isset($content->defaultNav)) { header("Location: ?page=" . $main->getvar['page'] . "&sub=" . $content->navlist[$content->defaultNav][2]); die; } } else { ob_start(); $content->content(); $html = ob_get_contents(); # Retrieve the HTML ob_clean(); # Flush the HTML } } } else { $html = "No."; } } $staffuser = $db->staff($_SESSION['user']); define("SUB", $header); define("INFO", '<b>Welcome back, ' . strip_tags($staffuser['name']) . '</b><br />' . SUB); echo '<div id="left">'; echo $main->table($nav, $sidebar); if ($content->navtitle) { echo "<br />"; echo $main->table($subnav, $subsidebar); } echo '</div>'; echo '<div id="right">'; echo $main->table($header, $html); echo '</div>'; $data = ob_get_contents(); # Retrieve the HTML ob_clean(); # Flush the HTML return $data; # Return the HTML }
function client() { global $dbh, $postvar, $getvar, $instance; ob_start(); // Stop the output buffer if (!$getvar['page']) { $getvar['page'] = "home"; } $page = $dbh->select("clientnav", array("link", "=", $getvar['page']), array("id", "ASC")); $header = $page['visual']; $link = "pages/" . $getvar['page'] . ".php"; if (!file_exists($link)) { $html = "That page doesn't exist."; } else { if (preg_match("/[\\.*]/", $getvar['page']) == 0) { include $link; $content = new page(); // Main Side Bar HTML $nav = "Sidebar"; if (!$dbh->config("delacc")) { $clientnav_query = $dbh->select("clientnav", array("link", "!=", "delete"), array("id", "ASC"), 0, 1); } else { $clientnav_query = $dbh->select("clientnav", 0, array("id", "ASC"), 0, 1); } while ($clientnav_data = $dbh->fetch_array($clientnav_query)) { $sidebar_link_array['IMGURL'] = $clientnav_data['icon']; $sidebar_link_array['LINK'] = "?page=" . $clientnav_data['link']; $sidebar_link_array['VISUAL'] = $clientnav_data['visual']; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebar_link_array); } // Types Navbar $client = $dbh->client($_SESSION['cuser']); $packtype = $instance->packtypes[type::packagetype($client['pid'])]; if ($packtype->clientNav) { foreach ($packtype->clientNav as $key2 => $value) { $sidebar_link_array['IMGURL'] = $value[2]; $sidebar_link_array['LINK'] = "?page=type&type=" . type::packagetype($client['pid']) . "&sub=" . $value[1]; $sidebar_link_array['VISUAL'] = $value[0]; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebar_link_array); if ($getvar['page'] == "type" && $getvar['type'] == type::packagetype($client['pid']) && $getvar['sub'] == $value[1]) { define("SUB", $value[3]); $header = $value[3]; $getvar['myheader'] = $value[3]; } } } $sidebar_link_array['IMGURL'] = "delete.png"; $sidebar_link_array['LINK'] = "?page=logout"; $sidebar_link_array['VISUAL'] = "Logout"; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebar_link_array); $sidebar = style::replaceVar("tpl/sidebar.tpl", $sidebar_array); //Page Sidebar if ($content->navtitle) { $subnav = $content->navtitle; foreach ($content->navlist as $key => $value) { $sidebar_link_array['IMGURL'] = $value[1]; $sidebar_link_array['LINK'] = "?page=" . $getvar['page'] . "&sub=" . $value[2]; $sidebar_link_array['VISUAL'] = $value[0]; $sub_sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebar_link_array); } $subsidebar = style::replaceVar("tpl/sidebar.tpl", $sub_sidebar_array); } if ($getvar['sub'] == "delete" && isset($getvar['do']) && !$_POST && !$getvar['confirm']) { foreach ($postvar as $key => $value) { $warning_array['HIDDEN'] .= '<input name="' . $key . '" type="hidden" value="' . $value . '" />'; } $warning_array['HIDDEN'] .= " "; $html = style::replaceVar("tpl/warning.tpl", $warning_array); } elseif ($getvar['sub'] == "delete" && isset($getvar['do']) && $_POST && !$getvar['confirm']) { if ($postvar['yes']) { foreach ($getvar as $key => $value) { if ($i) { $i = "&"; } else { $i = "?"; } $url .= $i . $key . "=" . $value; } $url .= "&confirm=1"; main::redirect($url); } elseif ($postvar['no']) { main::done(); } } else { if (isset($getvar['sub'])) { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } elseif ($content->navlist) { if ($content->description()) { $html = $content->description() . "<br><br>"; } $html .= "Select a sub-page from the sidebar."; } else { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } } } } if ($getvar['sub'] && $getvar['page'] != "type") { foreach ($content->navlist as $key => $value) { if ($value[2] == $getvar['sub']) { define("SUB", $value[0]); $header = $value[0]; } } } $staffuser = $dbh->client($_SESSION['cuser']); define("SUB", $header); define("INFO", '<b>Welcome back, ' . $staffuser['user'] . '</b><br />' . SUB); echo '<div id="left">'; echo main::table($nav, $sidebar); if ($content->navtitle) { echo "<br />"; echo main::table($subnav, $subsidebar); } echo '</div>'; echo '<div id="right">'; echo main::table($header, $html); echo '</div>'; $html_buff = ob_get_contents(); ob_clean(); return $html_buff; }