<?php

/*****
Administration Notepad 1.2

(C) 2008 NZ's Finest
www.nzsfinest.com

HOW TO USE -
1. Change the configuration below to suit your database.
2. Run the following SQL in phpMyAdmin:
CREATE TABLE IF NOT EXISTS `notepad` ( `notes` text NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
INSERT INTO `notepad` (`notes`) VALUES ('');
3. Upload to your server.

NOTE -
You may not remove or change the default copyright.   
*****/

// Configuration (you can change these)
$dbhost = "localhost";	// Database host (usually localhost)
$dbuser = "";			// Database username
$dbpass = "";			// Database password
$dbname = "";			// Database name
$password = "changeme";	// Password to access the notepad (please change this)
$salt = "salt";			// A random word to help with encryption (please change this to something long)

/*****
ATTENTION -
Do not edit below this line unless you know what you are doing.
*****/

ob_start();

$css = <<<CSS
p
{
	margin-bottom: 0px;
}

.box
{
	width: 500px;
	padding: 5px;
	border-style: solid;
	border-color: #000000;
	border-width: 1px;
}
CSS;

$htmlform = <<<HTML
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<title>Administration Notepad</title>
<style type="text/css">
{css}
</style>
</head>
<body>
<form method="post" action="">
<center>
<div class="box">
	Please enter your password:
	<br />
	<input type="password" name="pass" />
	<p />
	<input type="submit" name="login" value="Login" />
</div>
HTML;

$html = <<<HTML
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<title>Administration Notepad</title>
<style type="text/css">
{css}
</style>
</head>
<body>
<form method="post" action="">
<center>
<div class="box">
	Administration Notepad:
	<p />
	<textarea name="notes" rows="6" cols="50">{notepad}</textarea>
	<p />
	<input type="submit" name="submit" value="Update" />
</div>
HTML;

// Connect to the database
$db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("Couldn't connect: " . mysql_error());
$link = @mysql_select_db($dbname) or die("Couldn't select: " . mysql_error());

// Set up CSS in the HTML
$html = str_replace("{css}", $css, $html);
$htmlform = str_replace("{css}", $css, $htmlform);

if (isset($_POST['login']))
{
	// We're trying to log in
	if (md5($salt . $_POST['pass'])  == md5($salt . $password))
	{
		// We've entered the right password
		setcookie("notepad", md5($salt . $password), time()+31536000); // Set cookie for a year
		header("Location: " . $_SERVER['PHP_SELF']);
		die();
	}
	else
	{
		header("Location: " . $_SERVER['PHP_SELF']);
		die();
	}
}

// We're trying to update the notepad
if (isset($_POST['submit']))
{
	// Make sure we're logged in
	if ($_COOKIE['notepad'] == md5($salt . $password))
	{
		// We are logged in :)
		$upd = $_POST['notes'];
		$sql = "UPDATE notepad SET notes = '$upd'";
		$result = mysql_query($sql);
		
		header("Location: " . $_SERVER['PHP_SELF']);
		die();
	}
	else
	{
		header("Location: " . $_SERVER['PHP_SELF']);
		die();
	}
}

if ($_COOKIE['notepad'] == md5($salt . $password))
{
	// We have logged in
	// Grab what's currently in the notepad
	$sql = "SELECT * FROM notepad";
	$result = mysql_query($sql);
	$row = @mysql_fetch_array($result);
	if (!is_array($row))
	{
		die("Error fetching notepad table.<p />Make sure the script is configured properly and the SQL queries have been run.");
	}
	$notes = $row['notes'];
	
	// Set up notepad
	// Required for operation
	$_F=__FILE__;$_X='Pz48P3BocA0KDQokaHRtbCAuPSA8PDxIVE1MDQo8cCAvPg0KPGQ0diBzdHlsNT0iZjJudC1zNHo1OiA2NnB4OyI+DQoJU2NyNHB0ICZjMnB5OyA8MSBocjVmPSJodHRwOi8vd3d3Lm56c2Y0bjVzdC5jMm0iIHQxcmc1dD0iX2JsMW5rIj5OWidzIEY0bjVzdDwvMT4NCjwvZDR2Pg0KPC9jNW50NXI+DQo8L2Yycm0+DQo8L2IyZHk+DQo8L2h0bWw+DQpIVE1MOw0KJGMycHlyNGdodCA9IDY7DQoNCj8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));
	// Format HTML to be output
	$html = str_replace("{notepad}", $notes, $html);
	// Required for operation
	$_F=__FILE__;$_X='Pz48P3BocA0KDQo0ZiAoJGMycHlyNGdodCA9PSA2KQ0Kew0KCTVjaDIgJGh0bWw7DQp9DQo1bHM1DQp7DQoJZDQ1KCJFcnIycjogSDUxZDVyIGMyZDUgNmEuIik7DQp9DQoNCj8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));
}
else
{
	// Required for operation
	$_F=__FILE__;$_X='Pz48P3BocA0KDQokaHRtbGYycm0gLj0gPDw8SFRNTA0KPHAgLz4NCjxkNHYgc3R5bDU9ImYybnQtczR6NTogNjZweDsiPg0KCVNjcjRwdCAmYzJweTsgPDEgaHI1Zj0iaHR0cDovL3d3dy5uenNmNG41c3QuYzJtIiB0MXJnNXQ9Il9ibDFuayI+TloncyBGNG41c3Q8LzE+DQo8L2Q0dj4NCjwvYzVudDVyPg0KPC9mMnJtPg0KPC9iMmR5Pg0KPC9odG1sPg0KSFRNTDsNCiRjMnB5cjRnaHQgPSA2Ow0KDQo/Pg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));
	// Display login form
	// Required for operation
	$_F=__FILE__;$_X='Pz48P3BocA0KDQo0ZiAoJGMycHlyNGdodCA9PSA2KQ0Kew0KCTVjaDIgJGh0bWxmMnJtOw0KfQ0KNWxzNQ0Kew0KCWQ0NSgiRXJyMnI6IEg1MWQ1ciBjMmQ1IDZhLiIpOw0KfQ0KDQo/Pg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));}

?>