Your IP : 216.73.216.40
<?php
/*
include library of configuration and subroutines
*/
require("config.inc.php");
/*
check session and session variables
if session is created, store role of user
*/
if (isset($HTTP_SESSION_VARS['user'])) {
//check session and session variables
$webid = $HTTP_SESSION_VARS['webid'];
$user = $HTTP_SESSION_VARS['user'];
}
/*
in case wrong webid, redirect to index page
where situation has been delt with
check for login and authenticate signin
*/
if (!$webid || !$user) header("Location: index.php");
/*
check for login and authenticate signin
after successful authentication, store user role
*/
if (isset($_POST['login'])) {
$user = $_POST["txtID"];
$pwd = $_POST["txtPWD"];
$role = authenticate($webid, $user, $pwd);
if ($role != 'guest') {
$_SESSION["user"] = "$user";
/*
store session information in the database
*/
$remoteip = $_SERVER["REMOTE_ADDR"];
$tbl = 'sessions';
mysql_query("insert into $tbl(webid,userid,sessionid,remoteip,action,datesession)
values('$webid','$user','$sessionid','$remoteip','login',now())");
/*
rowid of upload page may vary with implementation
hence call innerconf function by page title
on successfull login redirect user to admin module
*/
$id = innerconf('upload');
header("Location: admin.php?conf=$id");
}
}
/*
parse url and http request for
pageid so that content can be crawled from the database
query database for webpage based on conf metadata
rowid being unique can return at most one record
*/
$tbl = 'webpages';
//update content directly
if ($_POST["submit"] == 'UPDATE') {
mysql_query("update $tbl set pagetitle='".$_POST["pagetitle"]."',pagecontent='".htmlsafe($_POST["pagecontent"])."',dateupdation=now() where rowid=$conf");
}
/*
query database for webpage based on conf metadata
$rs = mysql_query("select * from $tbl where webid='$webid' and rowid=$conf");
above line does not return admin pages which are common to all websites with null webid
*/
$rs = mysql_query("select * from $tbl where rowid=$conf");
//it returns at most one page
if (mysql_num_rows($rs)) { //if this is a restricted page, verify login
if ($o = mysql_fetch_object($rs)) {
$pageaccess = $o->pageaccess;
if ($pageaccess == "admin" && !$user) header("Location: index.php");
//otherwise retrieve the page attributes
$parentid = $o->parentid;
$hypertext = $o->hypertext;
$pagetitle = strtoupper($o->pagetitle);
$pagecontent = trim(htmlunsafe($o->pagecontent));
$pagetype = $o->pagetype;
$keywords = $o->keywords;
$keywordss = explode(",", $o->keywords);
$hits = $o->hits;
$datecreation = $o->datecreation;
$dateupdation = $o->dateupdation;
$dateaccess = $o->dateaccess;
$userid = $o->userid;
$bgcolor = 'red';//$o->bgcolor;
if ($pageaccess != 'admin') {
/*
compose family tree to present navigation path
identify sibling to provide their links
*/
$familytree = familytree($webid, $o->rowid);
$sibling = sibling($webid, $parentid, $o->rowid);
} else {
/*
family tree of admin pages
*/
$familytree = "<a href='/'>Home</a> > Edit >
<a href='$PHP_SELF?conf=$conf'>$hypertext</a>";
/*
sibling of admin pages
*/
$id = innerconf('websites');
$sibling = "<div class='datetime'>See also: <a href='$PHP_SELF?conf=$id'>Website</a>, ";
$id = innerconf('webusers');
$sibling .= "<a href='$PHP_SELF?conf=$id'>Webuser</a>, ";
$id = innerconf('webpages');
$sibling .= "<a href='$PHP_SELF?conf=$id'>Webpage</a>, ";
$id = innerconf('gallery');
$sibling .= "<a href='$PHP_SELF?conf=$id'>Gallery</a>, ";
$id = innerconf('telephone');
$sibling .= "<a href='$PHP_SELF?conf=$id'>Telephone</a></div> ";
}
/*
evaluate the pagetype and do the required hook
if content is html or php stay with the url
otherwise redirect to new url
*/
switch ($pagetype) {
case 'php':
$static = 0; //php script
break;
case 'url':
header("Location: $pagecontent");
break;
case 'file':
header("Location: $webid/documents/$pagecontent");
break;
default:
$static = 1; //html content
break;
}
} else {
$static = 1;
$pagetitle = "<b>Oops!</b>";
$pagecontent = "The page is under construction, Please visit later. Thanks.";
}
} else {
$static = 1;
$pagetitle = "<b>Oops!</b>";
$pagecontent = "The page is under construction, Please visit later. Thanks.";
}
$img = gallery($webid);
/*
start html document here
with charset=ISO-8859-1 and form enctype=multipart/form-data
which is required to enable HTTP upload feature
*/
?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<?php
echo "<head> <title>$title</title>
<!--meta http-equiv='Content-Type' content='text/html; charset=utf-8' /-->
<meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1' />
<meta name='author' content='$author' />
<meta name='keywords' content='$keywords' />
<meta name='description' content='$description' />
";
/*
ajax function facilitates download and rendering of
AJAX pages. This help in reducing the HTTP request to server
*/
echo ajax();
/*
this is a dynamic stylesheet to support custom background color
of web portal. this also help change in background image
*/
echo "<style type='text/css'>";
include "jquerycssmenu.css.inc";
echo "</style>";
/*
other style sheets take care look and feel of web portal
javascripts go here after style sheet incusion
*/
?>
<link rel='stylesheet' type='text/css' href='css/style.css' media='screen' />
<!--link rel='stylesheet' type='text/css' href='css/red/jquerycssmenu.css' /-->
<link rel='stylesheet' type='text/css' href='css/calendar.css' media='screen' />
<link rel='SHORTCUT ICON' href='images/uprtou.ico'>
<!--[if lte IE 7]>
<style type='text/css'>
html .jquerycssmenu{height: 1%;} /*for IE7 and below*/
</style>
<![endif]-->
<script type='text/javascript' src='js/white/jquery.min.js'></script>
<script type='text/javascript' src='js/white/jquerycssmenu.js'></script>
<script language='javascript' src='js/calendar.js'></script>
<script language='javascript' src='js/mm.js'></script>
<script language='javascript' src='js/fontsizer.js'></script>
<?php
//include online editor api
include "classes/editor.php";
?>
</head>
<body id='b'>
<center>
<form name='form' action='admin.php?conf=<?php echo $conf;?>' method='post' enctype='multipart/form-data'>
<?php
echo banner($webid);
echo "<div id='myjquerymenu' class='jquerycssmenu'>";
echo hmenus($webid, $user, 0);
echo "</div>
<div id='ajax' class='ajaxpage'></div>
<table id='t2' class='watermark' width='80%' height='500' border='0'>
<tr valign='top'><td width='100%' class='content'>
<div class='datehit'>
<a href=\"javascript:decreaseFontSize();\"><img src='images/font-dec.gif' border='0'></a>
<a href=\"javascript:increaseFontSize();\"><img src='images/font-inc.gif' border='0'></a>
</div><p>";
//show content
if ($conf && $pagetitle) {
//log this access to database
accessLog($webid, $user, $_SERVER['HTTP_REFERER'], $_SERVER['REQUEST_URI']);
echo "$familytree $sibling<br>";
if ($static == 1)
echo "<b>Page Title</b><br><input type='text' name='pagetitle' size='100' value='$pagetitle'>";
else
echo "<span class='heading'>$pagetitle</span>";
echo "<div class='datetime'>[ $hits times, dated $datecreation, updated $dateupdation, accessed $dateaccess ]</div>";
switch ($static) {
case 0:
if (file_exists($pagecontent)) include($pagecontent);
break;
case 1:
echo "<b>Page Content</b><br><textarea name='pagecontent' style='width: 100%'>$pagecontent</textarea>";
break;
default:
echo "<b>Page Link</b><br><input type='text' name='pagecontent' size='140' value='$pagecontent'>";
break;
}
if ($role == 'admin' && $userid == $user && $static > 0) echo "<br><input type='submit' name='submit' value='UPDATE' style='width: 80px'>";
} else {
echo "<b>Oops!</b><br><dir>The page is under construction, Please visit later. Thanks.</dir>";
}
echo "</p></td></tr><tr><td class='footer'>";
echo footer($webid, $user);
echo "</td></tr></table>";
$tbl = 'webpages';
//increase hit counter for this conf
//mysql_query("update $tbl set hits=hits+1,dateaccess=now() where webid='$webid' and rowid=$conf");
mysql_query("update $tbl set hits=hits+1,dateaccess=now() where rowid=$conf");
//disable expired pages
mysql_query("update $tbl set status='offline' where webid='$webid' and dateexpiry<now()");
?>
</form>
</center>
</body>
</html>