function do_admin_body()
{
runTweak('do-admin-body');
if ($_GET['action'] == 'addpage') {
addpage();
} elseif ($_GET['action'] == 'delete') {
doDelete();
} elseif ($_GET['action'] == 'edit') {
performEdit();
} elseif ($_GET['action'] == 'showpages') {
showpageslist();
} elseif ($_GET['action'] == 'editarea') {
doAreaEdit();
} elseif ($_GET['action'] == 'showareas') {
nanoadmin_showareas();
} elseif ($_GET['action'] == 'settings') {
nanoadmin_showsettings();
} elseif ($_GET['action'] == 'tweakers') {
showTweakers();
} elseif (isset($_GET[tweak])) {
showTweaksInterface();
} elseif (!isset($_GET['action'])) {
$introPage = NANO_ADMIND_DESIGN_BASE . "intro.php";
runTweak('intro-page', array(&$introPage));
require_once $introPage;
}
}
/**
* function create( $back_url )
* @param string $back_url contains the back url
* @return nothing
* attach the id of the created object at the end of back_url with the name, in attach the result in create_result
*
* static
**/
function create($back_url)
{
$this->back_url = $back_url;
unset($_SESSION['last_error']);
require_once $GLOBALS['where_lms'] . '/modules/htmlpage/htmlpage.php';
addpage($this);
}
function urlHandler_bapidefaultpages()
{
header('Access-Control-Allow-Origin: *');
$url = get_relative($_SERVER['REQUEST_URI']);
//echo $_SERVER['REQUEST_URI']; exit();
if (strtolower($url) != "/bapi.init") {
return;
}
header("Cache-Control: no-cache, must-revalidate");
$menuname = "Main Navigation Menu";
$menu_id = initmenu($menuname);
$change_logs = array();
foreach (get_default_pages_def() as $pagedef) {
$change_logs[] = addpage($pagedef, $menu_id);
}
$qs = $_SERVER['QUERY_STRING'];
if (strtolower($qs) == 'mode=initial-setup') {
if (defined('KIGO_SELF_HOSTED') && !KIGO_SELF_HOSTED) {
switch_theme(WP_DEFAULT_THEME);
} else {
switch_theme('instatheme01');
$toptions = get_option('instaparent_theme_options');
$toptions['presetStyle'] = 'style01';
update_option('instaparent_theme_options', $toptions);
setSlideshowImages();
}
bapi_wp_site_options();
$blog_url = get_site_url();
update_option('bapi_first_look', 0);
header("HTTP/1.1 307 Temporary Redirect");
header("Location: {$blog_url}");
exit;
}
foreach ($change_logs as $log) {
if (is_array($log['add_to_nav'])) {
echo "PageID=" . $log['add_to_nav']['page_id'] . ", Parent=" . $log['add_to_nav']['parent'] . ", navParentID=" . $log['add_to_nav']['nav_parent_id'] . "<br/>";
}
echo '<div>' . $log['action'] . ' menu item <b>' . $log['post_title'] . '</b> post_id=' . $log['post_id'] . ', miid=' . $log['miid'] . ', menu_id=' . $log['menu_id'] . '</div>';
}
exit;
}
function restore_default_content_callback()
{
if (!isset($_POST['post_name']) || !strlen($_POST['post_name'])) {
kigo_ajax_json_response(false, __FUNCTION__ . '_1');
}
if (!is_int($menu_id = initmenu("Main Navigation Menu")) || !is_array($page_def = get_default_pages_def($_POST['post_name'])) || !is_array($add_page = addpage($page_def, $menu_id))) {
kigo_ajax_json_response(false, __FUNCTION__ . '_2', array('post_name' => $_POST['post_name'], 'menu_id' => $menu_id, 'page_def' => $page_def, 'add_page' => $add_page));
}
kigo_ajax_json_response(true, '', $add_page);
}
function treat_posts()
{
global $message, $edit, $editextra, $langmessage, $set, $pagenum, $menu, $prefix, $out, $admintemplate;
if ($_POST['return'] == "Return") {
unset($_GET['do']);
unset($_POST['submit']);
$edit = 0;
$editextra = 0;
}
switch ($_POST['submit']) {
case "adduser":
if ($_SESSION['adminlevel'] < 5) {
$message = $langmessage[28];
break;
}
if ($_POST['handle'] == "") {
$message = $langmessage[2];
break;
}
if ($_POST['password'] == "") {
$message = $langmessage[3];
break;
}
if ($_POST['email'] == "") {
$message = $langmessage[4];
break;
}
if ($_POST['password'] != $_POST['repeatpassword']) {
$message = $langmessage[5];
break;
}
$query = 'INSERT INTO ' . $prefix . 'users (id, handle, password, adminlevel, ip, datejoined, email, firstname, lastname, website, location) VALUES (null, "' . encode($_POST['handle']) . '", "' . sha1($_POST['password']) . '", ' . $_POST['adminlevel'] . ', "", ' . time() . ', "' . $_POST['email'] . '", "' . encode($_POST['firstname']) . '", "' . encode($_POST['lastname']) . '", "' . $_POST['website'] . '", "' . encode($_POST['location']) . '")';
dbquery($query);
$message = $langmessage[27];
unset($_GET['action']);
break;
case "saveuser":
$query = "UPDATE " . $prefix . "users SET ";
if ($_POST['password'] != "") {
if ($_POST['password'] == $_POST['repeatpassword']) {
$query .= "password=\"" . sha1($_POST['password']) . "\", ";
} else {
$message = $langmessage[5];
break;
}
}
$query .= "handle=\"" . encode($_POST['handle']) . "\", email=\"" . $_POST['email'] . "\", firstname=\"" . encode($_POST['firstname']) . "\", lastname=\"" . encode($_POST['lastname']) . "\", website=\"" . $_POST['website'] . "\", location=\"" . encode($_POST['location']) . "\", adminlevel=" . $_POST['adminlevel'] . " WHERE id=" . $_POST['userid'];
dbquery($query);
$message = $langmessage[26];
unset($_GET['action']);
break;
case "deleteuser":
if ($output = dbquery("SELECT * FROM " . $prefix . "users WHERE id=" . $_POST['userid'])) {
$row = fetch_array($output);
if ($_SESSION['adminlevel'] < $row['adminlevel']) {
break;
}
} else {
break;
}
$query = "DELETE FROM " . $prefix . "users WHERE id=" . $_POST['userid'];
dbquery($query);
unset($_GET['action']);
break;
case "Save":
if ($_POST['mycontent'] != "") {
dbquery("UPDATE " . $prefix . "paginas SET content=\"" . htmlentities($_POST['mycontent']) . '", description="' . encode($_POST['description']) . '", template="' . $_POST['template'] . '", restricted=' . $_POST['restricted'] . ', m3=' . $_POST['extra'] . ' WHERE page="' . $_POST['pagenum'] . '"');
$edit = 0;
$message = $langmessage[102];
unset($_GET['do']);
}
break;
case "Save Extra":
$id = $_POST['id'];
$result = dbquery('SELECT content FROM ' . $prefix . 'extras WHERE id=' . $id);
if (num_rows($result)) {
dbquery('UPDATE ' . $prefix . 'extras SET content="' . htmlentities($_POST['mycontent']) . '" WHERE id=' . $id);
} else {
dbquery('insert into ' . $prefix . 'extras (id,content) VALUES (null,"' . htmlentities($_POST['mycontent']) . '")');
}
unset($_GET['do']);
$editextra = 0;
$message = $langmessage[103];
break;
case "Save Setup":
$query = "UPDATE " . $prefix . "settings set ";
if ($_POST['password'] != "") {
$query .= 'password="******", ';
}
if ($_POST['restricted'] != "") {
$query .= 'restricted="' . $_POST['restricted'] . '", ';
}
$query .= 'admin="' . $_POST['admin'] . '", email="' . $_POST['email'] . '", wemail="' . $_POST['wemail'] . '", ';
$query .= 'homepath="' . $_POST['homepath'] . '", template="' . $_POST['template'] . '", title="' . encode($_POST['title']) . '", subtitle="' . encode($_POST['subtitle']) . '", keywords="' . encode($_POST['keywords']) . '", description="' . encode($_POST['description']) . '", author="' . encode($_POST['author']) . '", footer="' . encode($_POST['footer']) . '", gzip=' . $_POST['gzip'] . ', timeoffset=' . $_POST['timeoffset'] . ', dateformat="' . $_POST['dateformat'] . '", extension="' . $_POST['extension'] . '", indexfile="' . $_POST['indexfile'] . '", language="' . $_POST['language'] . '", langeditor="' . $_POST['langeditor'] . '"';
if (!dbquery($query)) {
die($langmessage[22]);
}
unset($_GET['do']);
readsetup();
$message = $langmessage[150];
break;
case "Edit Menu Entry":
$query = 'UPDATE ' . $prefix . 'menu SET m1=' . $_POST['m1'] . ', m2=' . $_POST['m2'] . ', m3=' . $_POST['m3'] . ', page="' . $_POST['m4'] . '", nome="' . encode($_POST['m5']) . '" WHERE page="' . $_POST['oldm4'] . '"';
dbquery($query);
unset($_GET['action']);
readmenu();
break;
case "Delete Menu Entry":
dbquery("DELETE FROM " . $prefix . "menu WHERE page=\"" . $_POST['oldm4'] . "\"");
unset($_GET['action']);
readmenu();
break;
case "Query Database":
dbquery(sanitize(stripslashes($_POST['query'])));
$message = $langmessage[46];
unset($_GET['do']);
break;
case "Delete Page":
$link = sanitize($_POST['link']);
dbquery('DELETE FROM ' . $prefix . 'menu WHERE page="' . $link . '"');
dbquery('DELETE FROM ' . $prefix . 'paginas WHERE page="' . $link . '"');
if (file_exists($link . ".php")) {
unlink($link . ".php");
}
unset($_GET['do']);
$pagenum = "index";
$message = $langmessage[104];
readmenu();
break;
case "Create Page":
if ($_POST['filename'] == "" || $_POST['label'] == "") {
$message = $langmessage[97];
} else {
$count = 0;
while ($menu[$count][3] != "") {
if ($menu[$count][3] == $_POST['count']) {
break;
}
$count++;
}
if (!strval(strstr($_POST['filename'], "*"))) {
$create = 1;
} else {
$create = 0;
}
$label = htmlentities(sanitize(trim($_POST['label'])));
$filename1 = sanitize(trim($_POST['filename']));
$descr = encode(sanitize($_POST['description']));
$templat = sanitize($_POST['template']);
$restricted = $_POST['restricted'];
$extra = sanitize(trim($_POST['extra']));
switch ($_POST['level']) {
case "1":
$bb = strval($menu[$count][0]) + 1;
dbquery("UPDATE " . $prefix . "menu SET m1=m1+1 WHERE m1>=" . $bb);
dbquery("INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES ({$bb},0,0,\"" . $filename1 . "\",\"" . $label . "\")");
if ($create) {
addpage($bb, 0, $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
case "2":
$bb = strval($menu[$count][1]) + 1;
$query = "UPDATE " . $prefix . "menu SET m2=m2+1 WHERE m1=" . $menu[$count][0] . " AND m2>=" . $bb;
dbquery($query);
$query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $bb . ",0,\"" . $filename1 . "\",\"" . $label . "\")";
dbquery($query);
if ($create) {
addpage($menu[$count][0], $bb, $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
case "3":
$bb = strval($menu[$count][2]) + 1;
$query = "UPDATE " . $prefix . "menu SET m3=m3+1 WHERE m1=" . $menu[$count][0] . " AND m2=" . $menu[$count][2] . " AND m3>={$bb}";
dbquery($query);
$query = "INSERT INTO " . $prefix . "menu (m1,m2,m3, page, nome) VALUES (" . $menu[$count][0] . "," . $menu[$count][1] . "," . $bb . ",\"" . $filename1 . "\",\"" . $label . "\")";
dbquery($query);
if ($create) {
addpage($menu[$count][0], $menu[$count][1], $extra, $filename1, $label, $descr, $templat, $restricted);
}
break;
}
$message = $langmessage[87];
$pagenum = "index";
readmenu();
}
break;
default:
}
$admintemplate = false;
if (isset($_GET['do']) && $_GET['do'] != "profile" && $_GET['do'] != "search" && $_GET['do'] != "login" && $_GET['do'] != "sitemap") {
$admintemplate = true;
}
switch ($_GET['do']) {
case "edit":
if ($_SESSION[$set['password']] == "1") {
$edit = 1;
} else {
$edit = 0;
unset($_GET['do']);
}
break;
case "editextra":
if ($_SESSION[$set['password']] == "1") {
$editextra = 1;
} else {
$editextra = 0;
unset($_GET['do']);
}
break;
default:
}
}
function showadd()
{
if (isset($_GET[action]) and $_GET[action] == 'addpage') {
addpage();
}
}
<?php
if (isset($_POST['verif']) && $_POST['verif'] == 1) {
//verif si il y a une image.
if (tp('photoid') != '') {
$img = tp('photoid');
} else {
$img = '';
}
$nextid = getnextidtable('page');
model::load('page', 'addpage');
if (!addpage(tp('titrfr'), tp('titren'), tp('titrar'), tp('contfr'), tp('conten'), tp('contar'), tp('parent'), $img, $nextid, tp('titrimgfr'), tp('titrimgar'), tp('ximg'), tp('yimg'))) {
exit("0");
} else {
exit("1");
}
} else {
view::load('page', 'addpage');
}
<li><a href="?action=tweakers">View All tweaks</a></li>
<?php
listoutInterfaces();
?>
</ul>
</li>
</ul>
</div>
<div id="main">
<div id="body">
<?php
if ($_GET[action] == 'addpage') {
addpage();
} elseif ($_GET[action] == 'delete') {
doDelete();
} elseif ($_GET[action] == 'edit') {
performEdit();
} elseif ($_GET[action] == 'showpages') {
showpageslist();
} elseif ($_GET[action] == 'editarea') {
doAreaEdit();
} elseif ($_GET[action] == 'showareas') {
showareas();
} elseif ($_GET[action] == 'tweakers') {
showTweakers();
} elseif (isset($_GET[tweak])) {
showTweaksInterface();
} elseif (!isset($_GET[action])) {