Your IP : 216.73.216.40
<?php
//include library functions
require("config.inc.php");
require("functions.inc.php");
//check for sing out signal
if (isset($_REQUEST['logout'])) {
//clear session information
$tbl = 'webusers';
mysql_query("update $tbl set sessionid='',sessionip='' where webid='$webid' and userid='$user'");
//abondon session
session_unset();
session_destroy();
//reset session variables
$HTTP_SESSION_VARS['user'] = ""; $HTTP_SESSION_VARS['role'] = "";
$user = ""; $role = "";
if ($mode == "forget") setcookie("auto_login", "", time()-3600);
//redirect to home page
header("Location: index.php");
}
//check session and session variables
if (isset($HTTP_SESSION_VARS['user'])) {
$webid = $HTTP_SESSION_VARS['webid'];
$user = $HTTP_SESSION_VARS['user'];
$role = $HTTP_SESSION_VARS['role'];
//check for auto login by cookie
} else if (isset($HTTP_SESSION_VARS['auto_login'])) {
$cred = explode(" ", $HTTP_SESSION_VARS['auto_login']);
$txtID = $cred[0];
$txtPWD = base64_decode($cred[1]);
$use_cookie = 1;
}
$tbl = 'webpages';
//authenticate sign in
if ($use_cookie == 1 || isset($_POST['login'])) {
$user = $_POST["txtID"];
$pwd = $_POST["txtPWD"];
$chkRem = $_POST["chkRem"];
$role = authenticate($webid, $user, $pwd);
if ($role == 'admin' || $role == 'user') { //session_register("user", "role");
$_SESSION["user"] = "$user";
$_SESSION["role"] = "$role";
if ($use_cookie == 0) {
if ($chkRem) setcookie("auto_login", $user . " " . base64_encode($pwd), time()+31536000);
else setcookie("auto_login", "", time()-3600);
}
$id = innerconf('upload');
header("Location: $PHP_SELF?conf=$id");
//either guest or login failed
} else if ($use_cookie == 0) {
$id = innerconf('login');
header("Location: $PHP_SELF?conf=$id");
} else // dont give an error to the user for login attempt from a cookie, just delete the cookie.
setcookie("auto_login", "", time()-3600);
}
//update content directly
if ($_POST["submit"] == 'UPDATE') {
mysql_query("update $tbl set pagetitle='".$_POST["pagetitle"]."',pagecontent='".$_POST["pagecontent"]."',dateupdation=now() where rowid=$conf");
}
//query database for webpage based on conf metadata
//$rs = mysql_query("select * from $tbl where webid='$webid' and rowid=$conf");
//above line does not return admin pages which are common to all websites with null webid
$rs = mysql_query("select * from $tbl where rowid=$conf");
//it returns at most one page
if (mysql_num_rows($rs)) {
//if this is a restricted page, verify login
if ($o = mysql_fetch_object($rs)) {
if ($o->pageaccess == "admin" && !$user) {
$id = innerconf('login');
header("Location: $PHP_SELF?conf=$id");
}
//otherwise retrieve the page attributes
$parentid = $o->parentid;
$pagetitle = strtoupper($o->pagetitle);
$pagecontent = trim($o->pagecontent);
$keywords = $o->keywords;
$keywordss = explode(",", $o->keywords);
$hits = $o->hits;
$datecreation = $o->datecreation;
$dateupdation = $o->dateupdation;
$dateaccess = $o->dateaccess;
$familytree = familytree($webid, $o->rowid);
$sibling = sibling($webid, $parentid, $o->rowid);
if ($o->pagetype == 'html') $static = 1; //webpage
else if ($o->pagetype == 'url') header("Location: $pagecontent");
else if ($o->pagetype == 'file') header("Location: documents/$webid/$pagecontent");
else $static = 0; //php script
} else {
$static = 1;
$pagetitle = "<b>Oops!</b>";
$pagecontent = "The page is under construction, Please visit later. Thanks.";
}
} else {
$static = 1;
$pagetitle = "<b>Oops!</b>";
$pagecontent = "The page is under construction, Please visit later. Thanks.";
}
echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head> <title>$title</title>
<!--meta http-equiv='Content-Type' content='text/html; charset=utf-8' /-->
<meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1' />
<meta name='author' content='$author' />
<meta name='keywords' content='$keywords' />
<meta name='description' content='$description' />
<link rel='stylesheet' type='text/css' href='css/style.css' media='screen' />
<link rel='stylesheet' type='text/css' href='css/white/jquerycssmenu.css' />
<link rel='stylesheet' type='text/css' href='css/calendar.css' media='screen' />
<!--[if lte IE 7]>
<style type='text/css'>
html .jquerycssmenu{height: 1%;} /*for IE7 and below*/
</style>
<![endif]-->
<script type='text/javascript' src='js/white/jquery.min.js'></script>
<script type='text/javascript' src='js/white/jquerycssmenu.js'></script>
<script language='javascript' src='js/calendar.js'></script>";
//ajax code
echo ajax() . flash($webid, $title);
//include online editor api
include "classes/editor.php";
echo "</head>
<body onload='document.form.query.focus();'>";
//show logo
echo "<div class='logo'><img src='/images/$webid/logo.jpg' height='80' width='80'></div>";
//show advertisement
echo "<div class='advertisement'>";
echo advertisements($webid);
echo "</div>";
//show form
echo "<form name='form' action='admin.php?conf=$conf' method='post' enctype='multipart/form-data'>
<div class='search'>Search
<input type='text' id='query' name='query' size='20' onkeyup=\"showPage('search',this.value,'$webid')\">
<a href='#' onclick=\"showPage('sitemap','sitemap','$webid')\">Sitemap</a>
</div>";
//show banner
echo "<div class='banner'>
<div class='datetime'>". date("h:i:s A, l, jS \of F Y") . "</div>
<img src='text2image.php?title=$title' onMouseOver=\"show('flash')\" onMouseOut=\"hide('flash')\" />
<div class='datetime'>[ $counter times ]</div>
</div>";
//show content
if ($conf && $pagetitle) {
//log this access to database
accessLog($webid, $user, $_SERVER['HTTP_REFERER'], $_SERVER['REQUEST_URI']);
echo "<div class='familytree'>$familytree $sibling</div>";
echo "<div class='content'>";
if ($static == 1)
echo "<b>Page Title</b><br><input type='text' name='pagetitle' size='100' value='$pagetitle'>";
else
echo "<b>$pagetitle</b>";
echo "<div class='datetime'>[ $hits times, dated $datecreation, updated $dateupdation, accessed $dateaccess ]</div>";
if ($static == 1)
echo "<b>Page Content</b><br><textarea name='pagecontent' style='width: 100%'>$pagecontent</textarea>";
else if ($static == 0)
if (file_exists("$pagecontent")) include("$pagecontent");
else
echo "Page Link<br><input type='text' name='pagecontent' size='140' value='$pagecontent'>";
if ($role == 'admin' && $static > 0) echo "<br><input type='submit' name='submit' value='UPDATE' style='width: 80px'>";
echo "</div>";
} else {
echo "<div class='content'>
<b>Oops!</b><br>
<dir>The page is under construction, Please visit later. Thanks.</dir>
</div>";
//$id = innerconf('webpages');
//echo "<div class='datetime'><a href='$PHP_SELF?conf=$id&rowid=$conf'>Edit Content</a></div>";
//echo "<div class='datetime'><a href='$PHP_SELF?conf=$conf'>Edit Content</a></div>";
}
//show menu
echo "<div id='myjquerymenu' class='jquerycssmenu'>";
echo hmenus($webid, $user, $role, 0);
echo "<br style='clear: left' /> </div>";
//show footer
echo "<div class='footer'>$footer</div>";
//show result
echo "<div id='ajax' class='result'></div>";
$tbl = 'webpages';
//increase hit counter for this conf
//mysql_query("update $tbl set hits=hits+1,dateaccess=now() where webid='$webid' and rowid=$conf");
mysql_query("update $tbl set hits=hits+1,dateaccess=now() where rowid=$conf");
//disable expired pages
mysql_query("update $tbl set status='offline' where webid='$webid' and dateexpiry<now()");
?>
</form>
</body>
</html>