$name\n"; } if(!$copt){ if($command == "slwm"){ print "\n"; dbexit(); } else{ $copt = "\n"; } } else{ ($cid == 'all')?($sel='selected'):($sel=''); } $cgiurl = $GLOBALS["cgiurl"]; $rurl = $cgiurl; $rurl = preg_replace('/http:\/\/.*?\//i','/',$rurl); $jcode = ""; $ssicode = ""; $phpcode = ""; if($command == "slwm"){ include($GLOBALS["basepath"]."/t_linkswizardmod.htm"); } else{ include($GLOBALS["basepath"]."/t_linkswizard.htm"); } dbexit(); } function View(){ global $HTTP_GET_VARS; SelectDB(); (isset($HTTP_GET_VARS["cid"]))?($cid = $HTTP_GET_VARS["cid"]):($cid=''); (!$cid)&&(PError("Error. No group specified")); (isset($HTTP_GET_VARS["j"]))?($j = $HTTP_GET_VARS["j"]):($j=''); $sql_statement = "select * from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $displaytype=$f["displaytype"]; $rdays=$f["rdays"]; $sdays=$f["sdays"]; $ts=$f["ts"]; $trigger=0; if($displaytype == 1){ $did=0; $sql_statement = "select did from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $did = $f["did"]; if($rdays > 0){ $sql_statement = "select id from dynamic_groups where (to_days(now()) > (to_days(ts)+$rdays)) and id='$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); if($f["id"]){ $trigger=1; } } else{ $trigger=1; } if(!$did){ $trigger=1; } if($trigger){ $sql_statement = "SELECT * FROM dynamic_content where cid='$cid' ORDER BY RAND() LIMIT 1"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $did = $f["id"]; $content = $f["content"]; $sql_statement = "update dynamic_groups set ts=now(),did='$did' where id = '$cid'"; $result = DoSQL($sql_statement); } else{ $sql_statement = "select * from dynamic_content where id = '$did'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; } } elseif($displaytype == 2){ $did=0; $fid=0; $fc=''; $sql_statement = "select did from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $did = $f["did"]; if($sdays > 0){ $sql_statement = "select id from dynamic_groups where (to_days(now()) > (to_days(ts)+$sdays)) and id='$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); if($f["id"]){ $trigger=1; } } else{ $trigger=1; } $sql_statement = "select * from dynamic_content where cid = '$cid' order by id"; $result = DoSQL($sql_statement); while($f = mysql_fetch_array($result)){ (!$fid)&&($fid = $f["id"]); (!$fc)&&($fc = $f["content"]); if(!$did){ $did = $f["id"]; $trigger=1; break; } if((!$trigger)&&($did == $f["id"])){ $did = $f["id"]; break; } if(($trigger)&&($did == $f["id"])){ $f = mysql_fetch_array($result); $did = $f["id"]; if(!$f["id"]){ $did = $fid; $f["content"] = $fc; } break; } } if($trigger){ $sql_statement = "update dynamic_groups set ts = now(), did='$did' where id = '$cid'"; $result = DoSQL($sql_statement); } $content = $f["content"]; } elseif($displaytype == 3){ $sql_statement = "select * from dynamic_content where dmonth = MONTH(now()) and cid='$cid' order by dmonth desc,id"; $result = DoSQL($sql_statement); $found=0; while($f = mysql_fetch_array($result)){ $found=1; $content .= $f["content"]; } if(!$found){ $sql_statement = "select * from dynamic_content where dmonth <= MONTH(now()) and cid='$cid' order by dmonth desc"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; } } elseif($displaytype == 4){ $s = getdate(); $day = $s['wday'] +1; $sql_statement = "select * from dynamic_content where dweekday = '$day' and cid='$cid' order by dweekday desc,id"; $result = DoSQL($sql_statement); $found=0; while($f = mysql_fetch_array($result)){ $found=1; $content .= $f["content"]; } if(!$found){ $sql_statement = "select * from dynamic_content where dweekday <= '$day' and cid='$cid' order by dweekday desc"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; } } elseif($displaytype == 5){ $sql_statement = "select * from dynamic_content where DAYOFMONTH(now()) = dday and cid='$cid' order by dday desc,id"; $result = DoSQL($sql_statement); $found=0; while($f = mysql_fetch_array($result)){ $found=1; $content .= $f["content"]; } if(!$found){ $sql_statement = "select * from dynamic_content where DAYOFMONTH(now()) >= dday and cid='$cid' order by dday desc,id"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; } } else{ $sql_statement = "select * from dynamic_content where now() = ddate and cid='$cid' order by ddate desc,id"; $result = DoSQL($sql_statement); $found=0; while($f = mysql_fetch_array($result)){ $found=1; $content .= $f["content"]; } if(!$found){ $sql_statement = "select * from dynamic_content where now() >= ddate and cid='$cid' order by ddate desc"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; } } ViewOut($content,$j); dbexit(); } function ViewOut($content,$j){ if(!preg_match("/<.*>/",$content)){ #assume text content $content = preg_replace("/\n/","
\n",$content); } if($j != 1){ print $content; } else{ $buffer = preg_replace("/\r/",'',$content); $lines = split("\n",$buffer); while(list($k,$v) = each($lines)){ $v = preg_replace('/\"/','\\"',$v); $v = preg_replace('/\\n/','\\\\n',$v); $v = preg_replace('/(scr)(ipt)/i','$1"+"$2',$v); print "document.write(\"$v\\n\");\n"; } } dbexit(); } function SaveChangesC(){ global $HTTP_POST_VARS; SelectDB(); $id = $HTTP_POST_VARS["id"]; (isset($HTTP_POST_VARS["name"]))?($name = $HTTP_POST_VARS["name"]):($name=''); (!$name)&&(PError("Error. Please enter a name for the category")); (isset($HTTP_POST_VARS["rdays"]))?($rdays = $HTTP_POST_VARS["rdays"]):($rdays = ''); (isset($HTTP_POST_VARS["sdays"]))?($sdays = $HTTP_POST_VARS["sdays"]):($sdays = ''); (isset($HTTP_POST_VARS["display"]))?($display = $HTTP_POST_VARS["display"]):($display = ''); $name = reverseHTML($name); $rdays = reverseHTML($rdays); $sdays = reverseHTML($sdays); global $admin; global $uname; $where=''; if(!$admin){ $where = "and uname = '$uname'"; } $sql_statement = "update dynamic_groups set name='$name', rdays='$rdays', sdays='$sdays', displaytype='$display' where id = '$id' $where"; $result = DoSQL($sql_statement); Redirect($GLOBALS{'cgiurl'}."?command=manage&cid=$id","Changes Saved"); dbexit(); } function SaveChanges(){ global $HTTP_POST_FILES; global $HTTP_POST_VARS; (isset($HTTP_POST_VARS["id"]))?($id = $HTTP_POST_VARS["id"]):($id=''); (!$id)&&(PError("No record selected to edit")); (isset($HTTP_POST_VARS["cid"]))?($cid = $HTTP_POST_VARS["cid"]):($cid=''); (isset($HTTP_POST_VARS["title"]))?($title = $HTTP_POST_VARS["title"]):($title=''); (isset($HTTP_POST_VARS["content"]))?($content = $HTTP_POST_VARS["content"]):($content=''); (isset($HTTP_POST_VARS["dmonth"]))?($dmonth = $HTTP_POST_VARS["dmonth"]):($dmonth=''); (isset($HTTP_POST_VARS["dweekday"]))?($dweekday = $HTTP_POST_VARS["dweekday"]):($dweekday=''); (isset($HTTP_POST_VARS["dday"]))?($dday = $HTTP_POST_VARS["dday"]):($dday=''); (isset($HTTP_POST_VARS["month"]))?($month = $HTTP_POST_VARS["month"]):($month=''); (isset($HTTP_POST_VARS["year"]))?($year = $HTTP_POST_VARS["year"]):($year=''); (isset($HTTP_POST_VARS["day"]))?($day = $HTTP_POST_VARS["day"]):($day=''); (isset($HTTP_POST_VARS["command"]))?($command = $HTTP_POST_VARS["command"]):($command=''); $date= "$year-$month-$day"; SelectDB(); $sql_statement="select * from dynamic_groups where id='$cid' and uname = '$uname'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $displaytype = $f["displaytype"]; if($displaytype == 3){ (!$dmonth)&&(PError("Please select a month")); } if($displaytype == 4){ (!$dweekday)&&(PError("Please select a weekday")); } if($displaytype == 5){ (!$dday)&&(PError("Please select a day")); } if($displaytype == 6){ (!$month)&&(PError("Please select a month")); (!$day)&&(PError("Please select a day")); (!$year)&&(PError("Please select a year")); } $title = reverseHTML($title); $content = reverseHTML($content); $dmonth = reverseHTML($dmonth); $dweekday = reverseHTML($dweekday); $dday = reverseHTML($dday); $date = reverseHTML($date); global $admin; global $uname; $where=''; if(!$admin){ $where = "and uname = '$uname'"; } $date = "$year-$month-$day"; $sql_statement = "update dynamic_content set title='$title', content='$content', dmonth='$dmonth', dweekday='$dweekday', dday='$dday', ddate='$date' where id = '$id' $where"; $result = DoSQL($sql_statement); Redirect($GLOBALS{'cgiurl'}."?command=manage&cid=$cid","Changes Saved"); dbexit(); } function Preview(){ global $HTTP_GET_VARS; (isset($HTTP_GET_VARS["id"]))?($id = $HTTP_GET_VARS["id"]):($id=''); (!$id)&&(PError("Error. No ID specified")); SelectDB(); $sql_statement = "select * from dynamic_content where id = '$id'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $content = $f["content"]; if(!preg_match("/<.*>/",$content)){ #assume text content $content = preg_replace("/\n/","
\n",$content); } print $content; dbexit(); } function ShowEdit(){ $command = 'savechanges'; SelectDB(); global $HTTP_GET_VARS; global $Month; global $WDay; $id = $HTTP_GET_VARS["id"]; $cid = $HTTP_GET_VARS["cid"]; $sql_statement = "select * from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $displaytype=$f["displaytype"]; global $admin; global $uname; $where=''; if(!$admin){ $where = "and uname = '$uname'"; } $sql_statement = "select * from dynamic_content where id = '$id' $where"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $title= $f["title"]; $content= $f["content"]; if($displaytype == 1){ $cfields = ''; } elseif($displaytype == 2){ $cfields = ''; } elseif($displaytype == 3){ $dmonth = $f['dmonth']; $tmonth = $Month[$dmonth]; $cfields = " Month to Display
This Content:
"; } elseif($displaytype == 4){ $dweekday = $f["dweekday"]; $tweekday = $WDay[$dweekday]; $cfields = " Weekday to Display
This Content:
"; } elseif($displaytype == 5){ $dday = $f["dday"]; $cfields = " Day of the Month
to Display
This Content:
"; } else{ $date = $f["ddate"]; $dv = split('-',$date); $year = $dv[0]; $month = $dv[1]; $day = $dv[2]; $cfields = " Date to Display
This Content:
"; } $title= htmlspecialchars($title); $content= htmlspecialchars($content); include($GLOBALS["basepath"]."/t_add.htm"); dbexit(); } function ShowEditC(){ $command = 'savechangesc'; global $HTTP_GET_VARS; SelectDB(); $id = $HTTP_GET_VARS["id"]; global $admin; global $uname; $where=''; if(!$admin){ $where = "and uname = '$uname'"; } $sql_statement = "select * from dynamic_groups where id = '$id' $where"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $id = $f["id"]; $name = $f["name"]; $displaytype = $f["displaytype"]; $rdays = $f["rdays"]; $sdays = $f["sdays"]; $id = htmlspecialchars($id); $name = htmlspecialchars($name); $rdays = htmlspecialchars($rdays); $sdays = htmlspecialchars($sdays); $display1=$display2=$display3=$display4=$display5=$display6=''; ($displaytype==1)&&($display1='checked'); ($displaytype==2)&&($display2='checked'); ($displaytype==3)&&($display3='checked'); ($displaytype==4)&&($display4='checked'); ($displaytype==5)&&($display5='checked'); ($displaytype==6)&&($display6='checked'); include($GLOBALS["basepath"]."/t_configure.htm"); dbexit(); } function Delete(){ global $HTTP_GET_VARS; SelectDB(); $id = $HTTP_GET_VARS["id"]; $cid = $HTTP_GET_VARS["cid"]; global $admin; global $uname; $where=''; if(!$admin){ $sql_statement = "select * from dynamic_content where id = '$id' and uname = '$uname'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); if(!$f['id']){ PError("Error. Permission denied"); } } $sql_statement = "delete from dynamic_content where id = '$id'"; $result = DoSQL($sql_statement); Redirect($GLOBALS{'cgiurl'}."?command=manage&cid=$cid","Content Deleted"); dbexit(); } function DeleteC(){ global $HTTP_POST_VARS; SelectDB(); $cid = $HTTP_POST_VARS["cid"]; (!$cid)&&(PError("Error. No Group selected")); global $admin; global $uname; $where=''; if(!$admin){ $sql_statement = "select * from dynamic_groups where id = '$cid' and uname = '$uname'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); if(!$f['id']){ PError("Error. Permission denied"); } } $sql_statement = "delete from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $sql_statement = "delete from dynamic_content where cid = '$cid'"; $result = DoSQL($sql_statement); Redirect($GLOBALS{'cgiurl'}."?command=manage","Group Deleted"); dbexit(); } function Add(){ global $HTTP_POST_VARS; global $admin; global $uname; (isset($HTTP_POST_VARS["cid"]))?($cid = $HTTP_POST_VARS["cid"]):($cid=''); (isset($HTTP_POST_VARS["title"]))?($title = $HTTP_POST_VARS["title"]):($title=''); (isset($HTTP_POST_VARS["content"]))?($content = $HTTP_POST_VARS["content"]):($content=''); (isset($HTTP_POST_VARS["dmonth"]))?($dmonth = $HTTP_POST_VARS["dmonth"]):($dmonth=''); (isset($HTTP_POST_VARS["dweekday"]))?($dweekday = $HTTP_POST_VARS["dweekday"]):($dweekday=''); (isset($HTTP_POST_VARS["dday"]))?($dday = $HTTP_POST_VARS["dday"]):($dday=''); (isset($HTTP_POST_VARS["month"]))?($month = $HTTP_POST_VARS["month"]):($month=''); (isset($HTTP_POST_VARS["year"]))?($year = $HTTP_POST_VARS["year"]):($year=''); (isset($HTTP_POST_VARS["day"]))?($day = $HTTP_POST_VARS["day"]):($day=''); (isset($HTTP_POST_VARS["command"]))?($command = $HTTP_POST_VARS["command"]):($command=''); SelectDB(); $ddate = "$year-$month-$day"; if(($command != 'padd')&&(!$admin)){ $sql_statement="select * from dynamic_groups where id='$cid' and uname = '$uname'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); if(!$f["id"]){ PError("Error. Permission denied"); } } $sql_statement="select * from dynamic_groups where id='$cid' and uname = '$uname'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $displaytype = $f["displaytype"]; if($displaytype == 3){ (!$dmonth)&&(PError("Please select a month")); } if($displaytype == 4){ (!$dweekday)&&(PError("Please select a weekday")); } if($displaytype == 5){ (!$dday)&&(PError("Please select a day")); } if($displaytype == 6){ (!$month)&&(PError("Please select a month")); (!$day)&&(PError("Please select a day")); (!$year)&&(PError("Please select a year")); } $sql_statement = "insert into dynamic_content( cid,title,content,dmonth,dweekday,dday,ddate,ts,uname) values( '$cid','$title','$content','$dmonth','$dweekday','$dday','$ddate',now(),'$uname' )"; $result = DoSQL($sql_statement); Redirect($GLOBALS{'cgiurl'}."?command=manage&cid=$cid","Content Added"); dbexit(); } function AddC(){ SelectDB(); global $HTTP_POST_VARS; global $uname; (isset($HTTP_POST_VARS["name"]))?($name = $HTTP_POST_VARS["name"]):($name=''); (!$name)&&(PError("Error. Please enter a name for this group.")); (isset($HTTP_POST_VARS["rdays"]))?($rdays = $HTTP_POST_VARS["rdays"]):($rdays = ''); (isset($HTTP_POST_VARS["sdays"]))?($sdays = $HTTP_POST_VARS["sdays"]):($sdays = ''); (isset($HTTP_POST_VARS["display"]))?($display = $HTTP_POST_VARS["display"]):($display = ''); $sql_statement = "insert into dynamic_groups( name,rdays,sdays,displaytype,uname) values( '$name','$rdays','$sdays','$display','$uname') "; $result = DoSQL($sql_statement); $cid = mysql_insert_id(); Redirect($GLOBALS{'cgiurl'}."?command=manage&cid=$cid","Group Added"); dbexit(); } function ShowAdd(){ SelectDB(); global $HTTP_GET_VARS; global $Month; global $WDay; $cid = $HTTP_GET_VARS["cid"]; (!$cid)&&(PError("Error. Please select a category")); $command = $HTTP_GET_VARS["command"]; if($command == 'spa'){ $command = 'padd'; } else{ $command = 'add'; } $id=''; $title=''; $content=''; $sql_statement = "select * from dynamic_groups where id = '$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $displaytype = $f["displaytype"]; if($displaytype == 1){ $cfields = ''; } elseif($displaytype == 2){ $cfields = ''; } elseif($displaytype == 3){ $cfields = " Month To Display
This Content:
"; } elseif($displaytype == 4){ $cfields = " Weekday To Display
This Content:
"; } elseif($displaytype == 5){ $cfields = " Day of the Month
To Display
This Content:
"; } else{ $cfields = " Date To Display
This Content:
"; } include($GLOBALS["basepath"]."/t_add.htm"); dbexit(); } function ShowAddC(){ $command = 'addc'; $id=''; $name=''; $rdays=''; $sdays=''; $display1='checked'; $display2=''; $display3=''; $display4=''; $display5=''; $display6=''; include($GLOBALS["basepath"]."/t_configure.htm"); exit(); } function Manage(){ global $HTTP_GET_VARS; global $HTTP_POST_VARS; global $HTTP_COOKIE_VARS; global $admin; global $uname; global $Month; global $WDay; if(isset($HTTP_GET_VARS["cid"])){ $cid = $HTTP_GET_VARS["cid"]; } elseif(isset($HTTP_POST_VARS["cid"])){ $cid = $HTTP_POST_VARS["cid"]; } else{ $cid=''; } $line = ""; $result = ""; $where=''; if(!$admin){ $where = " where uname = '$uname'"; } $sql_statement = "select * from dynamic_groups $where order by name"; SelectDB(); $result = DoSQL($sql_statement); $copt = ''; $CatName=''; $displaytype=''; while($f = mysql_fetch_array($result)){ $catid = $f["id"]; $name = $f["name"]; (!$cid)&&($cid=$catid); ($cid == $catid)?($sel='selected'):($sel=''); if($cid == $catid){ $CatName = $name; $displaytype = $f["displaytype"]; } $copt .= "\n"; } (!$copt)&&($copt = "\n"); $CatName = htmlspecialchars($CatName); if(!$admin){ $where = " and uname = '$uname'"; } $order='id'; $hid=0; if(($displaytype == 1)||($displaytype == 2)){ $sql_statement = "select did from dynamic_groups where id='$cid'"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $hid = $f["did"]; } if($displaytype == 3){ $sql_statement = "select * from dynamic_content where dmonth <= MONTH(now()) and cid='$cid' order by dmonth desc LIMIT 1"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $hid = $f["id"]; $order = 'dmonth'; } if($displaytype == 4){ $s = getdate(); $day = $s['wday'] +1; $sql_statement = "select * from dynamic_content where dweekday <= '$day' and cid='$cid' order by dweekday desc LIMIT 1"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $hid = $f["id"]; $order = 'dweekday'; } if($displaytype == 5){ $sql_statement = "select * from dynamic_content where DAYOFMONTH(now()) >= dday and cid='$cid' order by dday desc LIMIT 1"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $hid = $f["id"]; $order = 'dday'; } if($displaytype == 6){ $sql_statement = "select * from dynamic_content where now() >= ddate and cid='$cid' order by ddate desc LIMIT 1"; $result = DoSQL($sql_statement); $f = mysql_fetch_array($result); $hid = $f["id"]; $order = 'ddate'; } $sql_statement = "select * from dynamic_content where cid = '$cid' $where order by $order"; $result = DoSQL($sql_statement); while($f = mysql_fetch_array($result)){ $id = $f["id"]; $title= $f["title"]; $mcode=''; if($displaytype == 1){ $when = 'Random'; } elseif($displaytype == 2){ $when = "Sequential [ Set Current ]"; $mcode = " | Move Up | Move Down"; } elseif($displaytype == 3){ $when = $Month[$f["dmonth"]]; } elseif($displaytype == 4){ $when = $WDay[$f["dweekday"]]; } elseif($displaytype == 5){ $when = "Day ".$f['dday']." of the Month"; } else{ $when = $f["ddate"]; } if($hid == $f["id"]){ $hcolor="bgcolor='#00FF00'"; } else{ $hcolor=""; } $line .= "Edit | Delete | View$mcode$title$when"; } (!$line)&&($line = 'No content defined'); $cp=''; if($admin){ $cp = "| [ Change Password ]"; } include($GLOBALS["basepath"]."/t_manage.htm"); dbexit(); } function GetLogin(){ global $HTTP_COOKIE_VARS; global $HTTP_SERVER_VARS; global $HTTP_GET_VARS; global $admin; global $uname; (isset($HTTP_COOKIE_VARS["UserName"]))?($cusername = $HTTP_COOKIE_VARS["UserName"]):($cusername=""); (isset($HTTP_COOKIE_VARS["PassWord"]))?($cpassword = $HTTP_COOKIE_VARS["PassWord"]):($cpassword=""); if($cusername==""){ (isset($HTTP_GET_VARS["command"]))?($command = $HTTP_GET_VARS["command"]):($command="manage"); (isset($HTTP_GET_VARS["cid"]))?($cid = $HTTP_GET_VARS["cid"]):($cid=""); include($GLOBALS["basepath"]."/t_login.htm"); exit; } (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(!preg_match("/win/i",$os)){ $cpassword = crypt($cpassword,'CS'); } if(($cusername == $GLOBALS["username"])&&($cpassword == $GLOBALS["password"])){ $uname = $cusername; $admin=1; return 1; } global $cgiurl; Redirect("$cgiurl?command=login","Error. Invalid Username or password"); exit(); } function PError($msg){ ?> "); } if(!mysql_connect($host,$user,$pass)){ print ("1".mysql_error()); dbexit(); } if($debug){ print("mysql_select_db($database)
"); } if(!mysql_select_db($database)){ $error = mysql_error(); print ("2: ".$error); dbexit(); } } function CreateDatabases($sql){ $sql_statement = " CREATE TABLE dynamic_groups ( id int(11) NOT NULL auto_increment, name varchar(75) NOT NULL default '', uname varchar(50) NOT NULL default '', displaytype int(11) NOT NULL default '1', rdays int(11) NOT NULL default '1', sdays int(11) NOT NULL default '1', ts datetime NOT NULL default '0000-00-00 00:00:00', did int(11), PRIMARY KEY (id) ) TYPE=MyISAM "; mysql_query($sql_statement); if($err = mysql_error()){ print "$err
"; exit(); } $sql_statement = " CREATE TABLE dynamic_content ( id int(11) NOT NULL auto_increment, cid int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', content text NOT NULL, ddate date, dmonth int, dweekday int, dday int, ts datetime NOT NULL default '0000-00-00 00:00:00', status int(11) NOT NULL default '0', uname varchar(50) NOT NULL default '', PRIMARY KEY (id) ) TYPE=MyISAM "; mysql_query($sql_statement); if($err = mysql_error()){ print "$err
"; dbexit(); } $result = mysql_query($sql); if($err = mysql_error()){ print "$err
"; dbexit(); } return $result; } function DoSQL($sql){ global $debug; if($debug){ print "S: $sql
"; } $result = mysql_query($sql); if($err = mysql_error()){ if(strstr($err,"doesn't exist")){ $nr = CreateDatabases($sql); return $nr; } else{ print "3: $err
"; dbexit(); } } return $result; } function dbexit(){ mysql_close(); exit(); } function Redirect($url,$alert){ print("\n"); } function reverseHTML($text){ $text=ereg_replace('>', '>', $text); $text=ereg_replace('<', '<', $text); $text=ereg_replace('"', "\"", $text); $text=ereg_replace('&', '&', $text); return $text; } function CheckVars(){ global $HTTP_POST_VARS; $description = $HTTP_POST_VARS['description']; $url = $HTTP_POST_VARS['url']; (!$description)&&(PError("Error. Pleas enter a description")); (!$url)&&(PError("Error. Pleas enter a url")); ($url == 'http://')&&(PError("Error. Pleas enter a url")); if(!preg_match("/^http:\/\//i",$url)){ PError("Error. Invalid URL. Format: http://www.yourdomain.com"); } return; } function DoSetup(){ global $HTTP_SERVER_VARS; global $basepath; (isset($HTTP_SERVER_VARS['PATH_TRANSLATED']))?($pathtranslated=$HTTP_SERVER_VARS['PATH_TRANSLATED']):($pathtranslated=""); (isset($HTTP_SERVER_VARS['DOCUMENT_ROOT']))?($documentroot=$HTTP_SERVER_VARS['DOCUMENT_ROOT']):($documentroot=""); (isset($HTTP_SERVER_VARS['PATH_INFO']))?($pathinfo=$HTTP_SERVER_VARS['PATH_INFO']):($pathinfo=""); (isset($HTTP_SERVER_VARS['HTTP_HOST']))?($httphost=$HTTP_SERVER_VARS['HTTP_HOST']):($httphost=""); (isset($HTTP_SERVER_VARS['SCRIPT_NAME']))?($scriptname=$HTTP_SERVER_VARS['SCRIPT_NAME']):($scriptname=""); $mcgiurl = "$httphost/$scriptname"; $mcgiurl = preg_replace("/\/\//","/",$mcgiurl); $mcgiurl = "http://".$mcgiurl; $mcgiurl = preg_replace("/\/psDynamic\.php/i","",$mcgiurl); $musername = "admin"; $mpassword = "password"; $mhost='localhost'; $mdatabase=''; $muser=''; $mpass=''; (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(!preg_match("/win/i",$os)){ $msendmail = '/usr/sbin/sendmail'; } else{ $msendmail = ''; } include("$basepath/t_setup.htm"); exit; } function SaveSetup(){ global $HTTP_POST_VARS; global $HTTP_SERVER_VARS; global $basepath; (file_exists("$basepath/setup.php"))&&(PError("Error. Access Denied")); (isset($HTTP_POST_VARS["mcgiurl"]))?($mcgiurl = $HTTP_POST_VARS["mcgiurl"]):($mcgiurl=''); (isset($HTTP_POST_VARS["musername"]))?($musername = $HTTP_POST_VARS["musername"]):($musername=''); (isset($HTTP_POST_VARS["mpassword"]))?($mpassword = $HTTP_POST_VARS["mpassword"]):($mpassword=''); (isset($HTTP_POST_VARS["mdatabase"]))?($mdatabase = $HTTP_POST_VARS["mdatabase"]):($mdatabase=''); (isset($HTTP_POST_VARS["mhost"]))?($mhost = $HTTP_POST_VARS["mhost"]):($mhost=''); (isset($HTTP_POST_VARS["muser"]))?($muser = $HTTP_POST_VARS["muser"]):($muser=''); (isset($HTTP_POST_VARS["mpass"]))?($mpass = $HTTP_POST_VARS["mpass"]):($mpass=''); if(preg_match("/[\'\%\$]/",$mcgiurl)){ PError("Error. Invalid character in cgiurl"); } if(preg_match("/[\'\%\$]/",$mdatabase)){ PError("Error. Invalid character in database"); } if(preg_match("/[\'\%\$]/",$mhost)){ PError("Error. Invalid character in database host"); } if(preg_match("/[\'\%\$]/",$muser)){ PError("Error. Invalid character in database username"); } if(preg_match("/[\'\%\$]/",$mpass)){ PError("Error. Invalid character in database password"); } if(preg_match("/[\'\%\$]/",$musername)){ PError("Error. Invalid character in username"); } if(preg_match("/[\'\%\$]/",$mpassword)){ PError("Error. Invalid character in password"); } (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(!preg_match("/win/i",$os)){ $mpassword = crypt($mpassword,'CS'); } (!$mcgiurl)&&(PError("Error. Please enter a cgiurl variable")); (!$mdatabase)&&(PError("Error. Please enter a database variable")); (!$mhost)&&(PError("Error. Please enter a host variable")); (!$muser)&&(PError("Error. Please enter a database user variable")); (!$mpass)&&(PError("Error. Please enter a database password variable")); (!$musername)&&(PError("Error. Please enter username")); (!$mpassword)&&(PError("Error. Please enter password")); $fd = @fopen("$basepath/setup.php","w"); if(!$fd){ PError("Error. Cannot write setup.php file in $basepath. Please check the path and permissions"); exit(); } fwrite($fd,""); fclose($fd); Redirect("psDynamic.php?command=login","setup.php reconfigured"); exit(); } function ChangePass(){ global $HTTP_POST_VARS; global $HTTP_SERVER_VARS; global $cgiurl; global $basepath; global $admin; if(!$admin){ PError("Error. Permission denied"); } if(!file_exists("$basepath/setup.php")){ PError("Error. Access Denied"); } (isset($HTTP_POST_VARS["musername"]))?($musername = $HTTP_POST_VARS["musername"]):($musername=''); (isset($HTTP_POST_VARS["mpassword"]))?($mpassword = $HTTP_POST_VARS["mpassword"]):($mpassword=''); (isset($HTTP_POST_VARS["mpassword2"]))?($mpassword2 = $HTTP_POST_VARS["mpassword2"]):($mpassword2=''); $ucpass = $mpassword; (!$musername)&&(PError("Error. Please enter username")); (!$mpassword)&&(PError("Error. Please enter password")); ($mpassword != $mpassword2)&&(PError("Error. Please retype passwords")); if(preg_match("/[\'\%\$]/",$musername)){ PError("Error. Invalid character in username"); } if(preg_match("/[\'\%\$]/",$mpassword)){ PError("Error. Invalid character in password"); } (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(!preg_match("/win/i",$os)){ $mpassword = crypt($mpassword,'CS'); } $mbasepath=$GLOBALS['basepath']; $mcgiurl=$GLOBALS['cgiurl']; $mimagepath=$GLOBALS['imagepath']; $mimageurl=$GLOBALS['imageurl']; $mhost=$GLOBALS['host']; $mdatabase=$GLOBALS['database']; $muser=$GLOBALS['user']; $mpass=$GLOBALS['pass']; $mcgiurl = preg_replace("/\/psDynamic\.php/i","",$mcgiurl); $fd = fopen("$basepath/setup.php","w"); fwrite($fd,""); fclose($fd); print("\n"); exit(); } function ShowCP(){ global $basepath; global $admin; if(!$admin){ PError("Permission denied"); } $musername = $GLOBALS["username"]; include("$basepath/t_cp.htm"); exit; } function GetLoginMod(){ global $HTTP_COOKIE_VARS; global $HTTP_SERVER_VARS; (isset($HTTP_COOKIE_VARS["UserName"]))?($cusername = $HTTP_COOKIE_VARS["UserName"]):($cusername=""); (isset($HTTP_COOKIE_VARS["PassWord"]))?($cpassword = $HTTP_COOKIE_VARS["PassWord"]):($cpassword=""); if($cusername==""){ PError("Login Denied"); exit; } (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(!preg_match("/win/i",$os)){ $cpassword = crypt($cpassword,'CS'); } # otherwise check to see if username and password are correct if(($cusername == $GLOBALS["username"])&&($cpassword == $GLOBALS["password"])){ $GLOBALS["admin"]=1; return 1; } if(CheckUserLogin()){ return(1); } PError("Error. Invalid username or password"); exit(); } function CheckUserLogin(){ global $HTTP_COOKIE_VARS; global $HTTP_SERVER_VARS; global $basepath; (isset($HTTP_COOKIE_VARS["UserName"]))?($cusername = $HTTP_COOKIE_VARS["UserName"]):($cusername=""); (isset($HTTP_COOKIE_VARS["PassWord"]))?($cpassword = $HTTP_COOKIE_VARS["PassWord"]):($cpassword=""); $windows=0; (isset($HTTP_SERVER_VARS['OS']))?($os=$HTTP_SERVER_VARS['OS']):($os=""); if(preg_match("/win/i",$os)){ $windows=1; } else{ $windows=0; } $fd = fopen("$basepath/../../data/users.cgi","r"); while(!feof($fd)){ $l = fgets($fd,4096); chop($l); $fields = split("\t",$l); if($fields[0] == $cusername){ break; } } fclose($fd); if($windows){ if(($cusername == $fields[0])&&($cpassword == $fields[1])){ $admin=0; return(1); } } else{ if(($cusername == $fields[0])&&(crypt($cpassword,'CS') == $fields[1])){ $admin=0; return(1); } } return(0); } ?>