$contE = $mysqli->real_escape_string($_POST['Content']); } $javasc = $mysqli->real_escape_string(strip_tags($_POST['javascript'])); $style = $mysqli->real_escape_string(strip_tags($_POST['css'])); $prE = $_POST['Privacy']; $thumb = $_POST['thumbnail']; $update = "UPDATE {$blogl} SET title = '{$nameE}', message = '{$contE}', javascript = '{$javasc}', css = '{$style}', privacy = {$prE}, cat_id = {$cat}, thumbnail = '{$thumb}', isDraft = 0 WHERE id=" . $aid; $result = $mysqli->query($update); echo "<h2>{$loc_edt_post}</h2>"; echo "{$loc_done}. <a href='{$protocol}://" . $_SERVER['HTTP_HOST'] . "/system.php?mode=admin&man=posts'>{$loc_return}</a>.</div>"; echo "<meta http-equiv='refresh' content='0; {$protocol}://" . $_SERVER['HTTP_HOST'] . "/system.php?mode=admin&man=posts' />"; } else { if ($_POST['Save']) { $nameE = $mysqli->real_escape_string($_POST['Name']); $cat = $_POST['Category']; if (cbx('breakline') == 0) { $contE = $mysqli->real_escape_string(nl2br($_POST['Content'])); } else { $contE = $mysqli->real_escape_string($_POST['Content']); } $javasc = $mysqli->real_escape_string(strip_tags($_POST['javascript'])); $style = $mysqli->real_escape_string(strip_tags($_POST['css'])); $prE = $_POST['Privacy']; $thumb = $_POST['thumbnail']; $date = mktime(); $update = "UPDATE {$blogl} SET title = '{$nameE}', message = '{$contE}', javascript = '{$javasc}', css = '{$style}', privacy = {$prE}, post_date = {$date}, cat_id = {$cat}, thumbnail = '{$thumb}', isDraft = 1 WHERE id=" . $aid; $result = $mysqli->query($update); echo "<h2>{$loc_edt_post}</h2>"; echo "{$loc_done}. <a href='{$protocol}://" . $_SERVER['HTTP_HOST'] . "/system.php?mode=admin&man=posts'>{$loc_return}</a>.</div>"; echo "<meta http-equiv='refresh' content='0; {$protocol}://" . $_SERVER['HTTP_HOST'] . "/system.php?mode=admin&man=posts' />"; } else {
ob_start(); if ($powza <= 0) { echo $loc_no_access; exit; } ob_end_clean(); echo "<h1>{$loc_plugins}</h1>"; $mysqli = new mysqli($hosty, $uname, $paswd, $dbnme); echo "<a href='index.php'>{$loc_return}</a><br /><br />"; if ($_POST['Submit']) { $loadplugs = $mysqli->prepare("SELECT id, name, description, isOn FROM blg_plugins"); $loadplugs->execute(); $loadplugs->bind_result($plugid, $plugname, $plugdesc, $plugon); $loadplugs->store_result(); while ($loadplugs->fetch()) { $ison = cbx($plugid); $result = $mysqli->query("UPDATE blg_plugins SET isOn = {$ison} WHERE id = {$plugid}"); } echo "{$loc_done}. <a href='?mode=plugins'>{$loc_return}</a>."; } else { $loadplugs = $mysqli->prepare("SELECT id, name, description, isOn FROM blg_plugins"); $loadplugs->execute(); $loadplugs->bind_result($plugid, $plugname, $plugdesc, $plugon); $loadplugs->store_result(); echo "<table border=1><form action='?mode=plugins' method='post'>"; while ($loadplugs->fetch()) { echo "<tr>\n\t\t\t\t<td><input type='checkbox' name='{$plugid}' "; if ($plugon == 1) { echo "checked"; } echo "></td>\n\t\t\t\t<td width=20%>{$plugname}</td>\n\t\t\t\t<td width=90%>{$plugdesc}</td>\n\t\t\t</tr>";
die("Please fill in your administrator details."); } if (empty($_POST['sitename']) || empty($_POST['sitedecro']) || empty($_POST['sitetags'])) { die("Please fill in your site information."); } // Edit the Config File. $configFile = fopen("../config.php", "w") or die("Unable to Open File!"); $config = "<?php\n\$hosty = \"" . $_POST['hostname'] . "\";\n\$uname = \"" . $_POST['username2'] . "\";\n\$paswd = \"" . $_POST['password2'] . "\";\n\$dbnme = \"" . $_POST['dbname'] . "\";\n\n\$defaultlang = \"" . $_POST['slang'] . "\";\n\n\$locale = \"\";\n\$blogl = \"blg_blogs_\"; // Blog Posts\n\$blogc = \"blg_comments_\"; // Blog Comments\n\$blogp = \"blg_pages_\"; // Blog Pages\n\$blogt = \"blg_categories_\"; // Blog Categories\n\n\$lc = \$_GET[\"lang\"];\n\n\$dateF = \"d-m-Y\";\n\$timeF = \"G:i T\";\n\n\$captchaSiteKey = \"" . $_POST['captchaSit'] . "\";\n\$captchaSecretKey = \"" . $_POST['captchaSec'] . "\";\n\n\$tz_time = date_default_timezone_set(\"Europe/Amsterdam\");\n\nif (empty(\$lc)) {\n if (empty(\$_COOKIE[\"lang_cookie\"])) {\n \$locale = \$defaultlang;\n }\n\telse {\n \t\$locale = \$_COOKIE[\"lang_cookie\"];\n }\n}\nelse {\n \t\$locale = \$lc;\n}\n\n\$blogl = \$blogl.\$locale;\n\$blogc = \$blogc.\$locale;\n\$blogp = \$blogp.\$locale;\n\$blogt = \$blogt.\$locale;\n?>"; fwrite($configFile, $config); fclose($configFile); echo "Config File successfully made.<br /><br />"; include "../config.php"; include "../module/postfunctions.php"; $mysqli = new mysqli($hosty, $uname, $paswd, $dbnme); $slang = $_POST['slang']; if (cbx('koto') == 1) { $mysqli->query("CREATE TABLE IF NOT EXISTS `blg_blogs_{$slang}` (\n `id` int(10) NOT NULL AUTO_INCREMENT,\n `title` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `slug` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `message` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `javascript` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `css` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `user_id` int(10) NOT NULL,\n `post_date` int(10) NOT NULL,\n `privacy` int(1) NOT NULL,\n `cat_id` int(10) NOT NULL,\n `thumbnail` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n `isDraft` int(1) NOT NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0;"); echo "Table 'blg_blogs_{$slang}' successfully created.<br />"; $mysqli->query("INSERT INTO `blg_blogs_{$slang}` (`id`, `title`, `slug`, `message`, `javascript`, `css`, `user_id`, `post_date`, `privacy`, `cat_id`, `thumbnail`) VALUES\n(1, 'Hello World!', 'hello-world', 'Hello there, welcome to [b]KotoPasta[/b]! :awsum:<br />\r\nAs you can see, installation was a success! Yay!<br />\r\nEnjoy it all you can!', '', '', 1, 0, 0, 1, '');"); echo "Table 'blg_blogs_{$slang}' successfully inserted.<br />"; $mysqli->query("CREATE TABLE IF NOT EXISTS `blg_categories_{$slang}` (\n `id` int(10) NOT NULL AUTO_INCREMENT,\n `title` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0;"); echo "Table 'blg_categories_{$slang}' successfully created.<br />"; $mysqli->query("INSERT INTO `blg_categories_{$slang}` (`id`, `title`) VALUES\n(1, 'Default');"); echo "Table 'blg_categories_{$slang}' successfully inserted.<br />"; $mysqli->query("CREATE TABLE IF NOT EXISTS `blg_comments_{$slang}` (\n `id` int(10) NOT NULL AUTO_INCREMENT,\n `post_id` int(10) NOT NULL,\n `message` text NOT NULL,\n `user_id` int(10) NOT NULL,\n `post_date` int(10) NOT NULL,\n `delete` int(1) NOT NULL DEFAULT '0',\n `last_edit` int(10) NOT NULL,\n `ip_address` varchar(15) NOT NULL DEFAULT '0.0.0.0',\n PRIMARY KEY (`id`)\n) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0;"); echo "Table 'blg_comments_{$slang}' successfully created.<br />"; $mysqli->query("INSERT INTO `blg_comments_{$slang}` (`id`, `post_id`, `message`, `user_id`, `post_date`, `delete`, `last_edit`, `ip_address`) VALUES\n(1, 1, 'Test Comment.', 1, 0, 0, 0, '0.0.0.0');"); echo "Table 'blg_comments_{$slang}' successfully inserted.<br />"; $mysqli->query("CREATE TABLE IF NOT EXISTS `blg_jokes` (\n `id` int(10) NOT NULL AUTO_INCREMENT,\n `joke` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=0;"); echo "Table 'blg_jokes' successfully created.<br />"; $mysqli->query("INSERT INTO `blg_jokes` (`id`, `joke`) VALUES\n(1, 'Jokes need to be added through PHPMyAdmin.');");
exit; } if ($aid == $cookuid) { echo "You can't send PMs to yourself..."; exit; } $top = "SELECT id, username, `group`, gender, display_name, name_colour FROM usr_users WHERE id = " . $aid; $stmt1 = $mysqli->prepare($top); $stmt1->execute(); $stmt1->bind_result($uid, $uusername, $ugroup, $ugender, $udis, $unamecol); $stmt1->store_result(); while ($stmt1->fetch()) { $title = $mysqli->real_escape_string(nl2br($_POST['title'])); $ldate = mktime(); $message = $mysqli->real_escape_string(nl2br($_POST['message'])); $nolayout = cbx('nolayout'); if ($_POST['submit']) { if (empty($_POST['message'])) { echo "<h1>{$loc_reply_stuff_missing}</h1>"; } else { $stmt = $mysqli->prepare("SELECT MAX(id) FROM usr_pms"); $stmt->execute(); $stmt->bind_result($maxid); $mid = 0; while ($stmt->fetch()) { $mid = $maxid; } $stmt->close(); $res = "INSERT INTO usr_pms (id, `title`, `from`, `to`, replies, last_date, last_uid, `lock`) VALUES (NULL, '{$title}', {$cookuid}, {$aid}, 0, {$ldate}, {$cookuid}, 0);"; $res .= "INSERT INTO usr_private_messages (id, mes_id, user_id, post_date, message, lastedit, nolayout, is_start) VALUES (NULL, {$mid}+1, {$cookuid}, {$ldate}, '{$message}', 0, {$nolayout}, 1)"; //echo $res;