Your IP : 216.73.216.40
<?php
//include library functions
require("functions.php");
//connect mysql database
dbConnect();
//check for request parameters
//$HTTP_SERVER_VARS['chk_home']=1;
$conf = $_REQUEST["conf"];
$target = $_REQUEST["target"];
//initialize session variables and session
$user = ""; $role = ""; $use_cookie = 0;
session_start();
//check for sing out signal
if (isset($_REQUEST['logout'])) {
//abondon session
session_unset();
session_destroy();
//reset session variables
$HTTP_SESSION_VARS['user'] = ""; $HTTP_SESSION_VARS['role'] = "";
$user = ""; $role = "";
if ($mode == "forget") setcookie("auto_login", "", time()-3600);
//redirect to home page
header("Location: index.php");
}
//check session and session variables
if (isset($HTTP_SESSION_VARS['user'])) {
$user = $HTTP_SESSION_VARS['user'];
$role = $HTTP_SESSION_VARS['role'];
//check for auto login by cookie
} else if (isset($HTTP_SESSION_VARS['auto_login'])) {
$cred = explode(" ", $HTTP_SESSION_VARS['auto_login']);
$txtID = $cred[0];
$txtPWD = base64_decode($cred[1]);
$use_cookie = 1;
}
//authenticate sign in
if ($use_cookie == 1 || isset($_POST['login'])) {
$user = $_POST["txtID"];
$txtPWD = $_POST["txtPWD"];
$chkRem = $_POST["chkRem"];
$role = authenticate($user, $txtPWD);
if ($role == "admin" || $role == "user") {
session_register("user", "role");
if ($use_cookie == 0) {
if ($chkRem) setcookie("auto_login", $user . " " . base64_encode($txtPWD), time()+31536000);
else setcookie("auto_login", "", time()-3600);
}
if (!$target) $target = 'uploads';
header("Location: inner.php?conf=$target");
//either guest or login failed
} else {
if ($use_cookie == 0) {
header("Location: inner.php?conf=login&target=$target");
} else {// dont give an error to the user for login attempt from a cookie, just delete the cookie.
setcookie("auto_login", "", time()-3600);
}
}
}
//increase counter for this conf
mysql_query("update $tbl set counter=counter+1 where pageid='$conf'");
//query database for webpage based on conf parameter
$tbl = 'webpages';
$rs = mysql_query("select * from $tbl where pageid='$conf'");
//it returns at most one page
if ($rs) {
$o = mysql_fetch_object($rs);
// if this is the restricted page, verify login
if ($o->pageaccess == "admin" && !$user) header("Location: inner.php?conf=login&target=$conf");
//otherwise retrieve the page attributes
$parentid = $o->parentid;
$pagetitle = strtoupper($o->pagetitle);
$pagecontent = trim($o->pagecontent);
$keyword = $o->keyword;
$keywords = explode(",",$o->keyword);
$counter = $o->counter;
$sibling = sibling($parentid);
if ($o->pagetype == 'html') $static = 1; //webpage
else if ($o->pagetype == 'url') header("Location: $pagecontent");
else if ($o->pagetype == 'file') header("Location: documents/$pagecontent");
else $static = 0; //php script
} else {
$static = 1;
$pagetitle = "<b id='title'>Oops !</b><br><br>";
$pagecontent = "The page is under construction, Please visit later on.";
}
//maintain access log
accesslog($user, $_SERVER['HTTP_REFERER'], $_SERVER['REQUEST_URI']);
?>
<!--start html code for dynamic webpage-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html onmousemove="window.status='iiita'" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><?php echo parameter('organization'); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="<?php echo parameter('webmaster'); ?>" />
<meta name="keywords" content="<?php echo parameter('keywords'); ?>" />
<meta name="description" content="<?php echo parameter('description'); ?>" />
<link href="css/dropdown/dropdown.css" media="screen" rel="stylesheet" type="text/css" />
<link href="css/dropdown/themes/default.ultimate.css" media="screen" rel="stylesheet" type="text/css" />
<link href="css/style.css" media="screen" rel="stylesheet" type="text/css" />
<!--[if lt IE 7]>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/jquery.dropdown.js"></script>
<![endif]-->
<?php
echo ajax();
echo flash();
?>
</head>
<body onload="document.f.q.focus();">
<form name="f" action="inner.php?conf=<?php echo $conf; ?>" method="post" enctype="multipart/form-data">
<div class='search'>Search content for
<input type='text' id='q' name='q' size='20' onkeyup="showPage(this.value)">
</div>
<div class='banner'>
<?php echo banner(); ?>
</div>
<div class='menus'>
<?php echo menus($user, $role, 0); ?>
</div>
<span id="search_result" class="search_result"></span>
<?php
if ($conf) {
echo "<div class='content'>
<b id='title'>$pagetitle</b> [ $counter times ] ";
if ($role == 'admin') echo "<a href='inner.php?conf=webpages&pageid=$conf'>Edit</a>";
if ($sibling) echo '<br>' . $sibling;
if ($static == 1) {
//if ($hilite != "") echo hilite($content, $hilite);
//else
echo $pagecontent;
} else if ($static == 0) {
if (file_exists("$pagecontent")) include("$pagecontent");
//call_user_func($pagecontent, $keywords),;
}
echo '</div>';
mysql_query("update $tbl set counter=counter+1 where pageid='$conf'");
}
echo parameter('footer');
?>
</form>
</body>
</html>