<?php
################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- #
## --------------------------------------------------------------------------- #
## ApPHP AdminPanel Pro version 3.5.1 #
## Developed by: ApPHP <hide@address.com> #
## License: GNU LGPL v.3 #
## Site: http://www.apphp.com/php-adminpanel/ #
## Copyright: ApPHP AdminPanel (c) 2006-2011. All rights reserved. #
## #
## Additional modules (embedded): #
## -- ApPHP DataGrid v5.0.7 (datagrid component) http://apphp.com #
## -- ApPHP Easy Installer v2.0.2 (installation module) http://apphp.com #
## -- ApPHP Tabs v2.0.2 (tabs component) http://apphp.com #
## -- ApPHP DataGrid Wizard v2.0.1 http://apphp.com #
## -- ApPHP Calendar v2.0.1 http://apphp.com #
## -- jQuery v1.4.2 (JS Library) http://jquery.com #
## -- Base64 encode/decode class http://www.webtoolkit.info #
## -- Crystal Project Icons (icons set) http://www.everaldo.com #
## -- Drop Down Menu - Head Script ©Stephen Chapman #
## -- PHPMailer v5.2 https://code.google.com/a/apache-extras.org/p/phpmailer/ #
## -- ARCHIVE class 2.1 ©Devin Doucette (hide@address.com) #
## -- SecureSession class http://phpclasses.org/browse/package/2794.html #
## -- Lytebox v3.22 http://www.dolem.com/lytebox/ #
## #
################################################################################
//--------------------------------------------------------------------------
// check if Admin Panel was already installed
if(!file_exists("inc/config.inc.php")){
header("location: install.php");
exit;
}
session_start();
//--------------------------------------------------------------------------
// after this number of seconds, stored data will be seen as 'garbage' and
// cleaned up by the garbage collection process.
// session.gc_maxlifetime = 1440
ini_set("session.gc_maxlifetime","3600");
//--------------------------------------------------------------------------
// *** remote file inclusion, check for strange characters in $_GET keys
// *** all keys with "/" or "\" or ":" are blocked, so it becomes virtually impossible
// *** to inject other pages or websites
foreach($_GET as $get_key => $get_value){
if(is_string($get_value) &&
((preg_match("/\//", $get_value)) || (preg_match("/\[\\\]/", $get_value)) || (preg_match("/:/", $get_value))))
{
eval("unset(\${$get_key});");
die("A hacking attempt has been detected. For security reasons, we're blocking any code execution.");
}
}
// *** set flag that this is a parent file
define("APPHP_EXEC", "access allowed");
require_once("inc/config.inc.php");
require_once("inc/settings.inc.php");
require_once("inc/functions.inc.php");
require_once("inc/languages/".$SETTINGS['site_language'].".php");
//--------------------------------------------------------------------------
// force https protocol if defined
if($SETTINGS['force_https_protocol'] && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off')){
header('location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit;
}
$adm_logged = (isset($_SESSION['adm_logged'])) ? prepare_input($_SESSION['adm_logged']) : false;
$adm_status = (isset($_SESSION['adm_status'])) ? prepare_input($_SESSION['adm_status']) : "";
$log = (isset($_REQUEST['log'])) ? "out" : "";
$msg = (isset($_REQUEST['msg'])) ? $_REQUEST['msg'] : "";
$content_type = (isset($_SESSION['content_type'])) ? prepare_input($_SESSION['content_type']) : "";
$dgpid = (isset($_SESSION['dgpid'])) ? (int)$_SESSION['dgpid'] : "";
$br = set_browser_definitions();
$menu_group_index = 0;
$menu_group_count = 0;
$colspan = ($SETTINGS['menu_style'] == "side") ? "colspan='3'" : "";
$mainColHeight = ($SETTINGS['menu_style'] == "top") ? "90%" : "90%";
$adm_user_id = (isset($_SESSION['adm_user_id'])) ? (int)$_SESSION['adm_user_id'] : "0";
if($adm_logged == true){
$content_page = "system/home.php";
if($SETTINGS['menu_style'] == "top"){
$content_page = (isset($_GET['page'])) ? $_GET['page'] : "system/home.php";
$content_page = str_replace("[=]", "?", $content_page);
}
if($adm_status != "admin" && $adm_status != "main admin"){
$content_page = "system/user_home.php";
}
if($content_type == "static"){
$content_page = "system/static_pages_manager.php";
}else if($content_type == "dynamic"){
$content_page = "system/dynamic_pages_manager.php";
}else if($content_type == "datagrid"){
$content_page = "system/datagrid_wizard.php?dgpid=".(int)$dgpid;
}
}else{
$content_page = "login.php";
}
if($adm_status == "main admin"){
$sql = "SELECT * FROM ".TABLE_MENU."
WHERE
is_menu_group = 1 AND
is_hidden = 0 AND
is_menu_item = 1
ORDER BY order_index ASC";
$res1 = $db->Query($sql);
if($res1) $menu_group_count = $db->RowCount();
}else if($adm_status == "admin"){
$sql = "SELECT ".TABLE_MENU.".*
FROM ".TABLE_MENU."
INNER JOIN ".TABLE_MENU_ACCESS_RIGHTS." ON ".TABLE_MENU.".id = ".TABLE_MENU_ACCESS_RIGHTS.".menu_id
INNER JOIN ".TABLE_ADMINS." ON ".TABLE_MENU_ACCESS_RIGHTS.".admin_id = ".TABLE_ADMINS.".id
WHERE
".TABLE_MENU.".is_menu_group = 1 AND
".TABLE_MENU.".is_hidden = 0 AND
".TABLE_MENU.".is_menu_item = 1 AND
".TABLE_MENU_ACCESS_RIGHTS.".is_accessible = 1 AND
".TABLE_ADMINS.".status = 'admin' AND
".TABLE_ADMINS.".id = ".$adm_user_id."
ORDER BY ".TABLE_MENU.".order_index ASC";
$res1 = $db->Query($sql);
if($res1) $menu_group_count = $db->RowCount();
}else{
$sql = "SELECT ".TABLE_MENU.".*
FROM ".TABLE_MENU_ACCESS_RIGHTS."
INNER JOIN ".TABLE_MENU." ON ".TABLE_MENU_ACCESS_RIGHTS.".menu_id = ".TABLE_MENU.".id
INNER JOIN ".TABLE_USERS." ON ".TABLE_MENU_ACCESS_RIGHTS.".user_id = ".TABLE_USERS.".id
WHERE
".TABLE_MENU_ACCESS_RIGHTS.".user_id = '".$adm_user_id."' AND
".TABLE_MENU.".is_menu_group = 0 AND
".TABLE_MENU.".file_type_id = 1";
$menu_group_count = 1;
$res1 = $db->Query($sql);
if($db->RowCount() > 0) $menu_group_count++;
}
// Prepare menu group variables
$FilterCatIds = array();
for($i = 0; $i < $menu_group_count; $i++){
$FilterCatIds[$i] = (isset($_COOKIE['FilterCatId_'.$i.'_State']) && ($_COOKIE['FilterCatId_'.$i.'_State'] != "")) ? $_COOKIE['FilterCatId_'.$i.'_State'] : "maximized";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title><?php echo $SETTINGS['site_name']; ?> :: <?php echo lang('admin_panel'); ?></title>
<!-- Meta tags -->
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<link rel="SHORTCUT ICON" href="images/apphp.ico"/>
<!-- CSS style files -->
<link href="styles/<?php echo $SETTINGS['css_style'];?>/style.css" type=text/css rel=stylesheet>
<!-- JavaScript files -->
<script type="text/javascript" src="modules/jquery/jquery.js"></script>
<script type="text/javascript" src="js/functions.js"></script>
<?php if($adm_logged == true){ ?>
<script type="text/javascript">
var menu_group_count = <?php echo $menu_group_count;?>;
var left_panel_scrolling = <?php echo ($SETTINGS['left_panel_scrolling']) ? "true" : "false"; ?>;
var default_session_timeout = 60*<?php echo (int)$SETTINGS['session_timeout']; ?>; // in sec
var minimal_timeout_value = default_session_timeout/10; // in sec
var session_timeout = default_session_timeout; // in sec
var delaytime = 30000; // in msec
setTimeout("checkSessionTimeout()", delaytime);
</script>
<?php if($SETTINGS['menu_style'] == "side"){ ?>
<script type="text/javascript" src="js/left_menu.js"></script>
<link href="styles/<?php echo $SETTINGS['css_style'];?>/menu.css" type="text/css" rel="stylesheet">
<link href="styles/left_menu.css" type="text/css" rel="stylesheet">
<?php }else if($SETTINGS['menu_style'] == "top"){ ?>
<script type="text/javascript" src="js/top_menu.js"></script>
<link href="styles/<?php echo $SETTINGS['css_style'];?>/top_menu.css" type="text/css" rel="stylesheet">
<script type="text/javascript">
// Drop Bown Menu - Head Script
// copyright Stephen Chapman, 4th March 2005, 5th February 2006
// you may copy this menu provided that you retain the copyright notice
// var mapLink = 'aaa.html';
// var mapName = 'Page AAA';
var fix = 1; var delay = 2000; var modd = 0;
var bar = new menuBar();
<?php
// draw links for top menu
if($adm_status != "admin" && $adm_status != "main admin"){
echo "bar.addMenu('".lang('general')."'); \n";
echo "bar.addItem('system/user_home.php','".lang('home')."');";
echo "bar.addItem('system/user_edit_account.php','".lang('edit_account')."');";
$sql = "SELECT ".TABLE_MENU.".*
FROM ".TABLE_MENU."
INNER JOIN ".TABLE_MENU_ACCESS_RIGHTS." ON ".TABLE_MENU.".id = ".TABLE_MENU_ACCESS_RIGHTS.".menu_id
INNER JOIN ".TABLE_USERS." ON ".TABLE_MENU_ACCESS_RIGHTS.".user_id = ".TABLE_USERS.".id
WHERE
".TABLE_USERS.".id = ".(int)$_SESSION['adm_user_id']." AND
".TABLE_MENU_ACCESS_RIGHTS.".is_accessible = 1 AND
".TABLE_MENU.".is_menu_group = 0 AND
".TABLE_MENU.".is_hidden = 0 AND
(".TABLE_MENU.".file_type_id = 1 OR ".TABLE_MENU.".file_type_id = 2)
ORDER BY order_index ASC";
$res2 = $db->Query($sql);
if($db->RowCount() > 0) echo "bar.addMenu('".lang("pages")."'); \n";
while($r___ = $res2->fetch()){
if($r___['file_type_id'] == "1"){ // static_page
echo "bar.addItem('system/static_pages.php?page=".$r___['id']."','".$r___['name']."');";
}else if($r___['file_type_id'] == "0"){ // system pages
echo "bar.addItem('system/".$r___['page_name']."','".$r___['name']."');";
}else{
echo "bar.addItem('pages/".$r___['page_name']."','".$r___['name']."');";
}
}
}else{
while($r__ = $res1->fetch()){
echo "bar.addMenu('".$r__['name']."'); \n";
$res2 = $db->Query("SELECT * FROM ".TABLE_MENU." WHERE is_menu_group = 0 AND is_hidden = 0 AND is_menu_item = 1 AND parent_id = ".(int)$r__['id']." ORDER BY order_index ASC");
while($r___ = $res2->fetch()){
if($r___['file_type_id'] == "1"){ // static_page
echo "bar.addItem('system/static_pages.php?page=".$r___['id']."','".$r___['name']."');";
}else if($r___['file_type_id'] == "0"){ // system pages
echo "bar.addItem('system/".$r___['page_name']."','".lang(str_replace(" ", "_", $r___['name']), false)."');";
}else{
echo "bar.addItem('pages/".$r___['page_name']."','".lang(str_replace(" ", "_", $r___['name']), false)."');";
}
}
}
}
?>
bar.addMenu('<?php echo lang('log_out');?>');
bar.addItem('logout.php','<?php echo lang('log_out');?>');
<?php
if($SETTINGS['css_style'] == "blue"){
echo "var blc = '#ffffff'; // background color for tabs \n";
echo "var lc = '#4b6ca6'; // tabs text color \n";
echo "var la = '#ffffff'; // active tab text color \n";
echo "var bla = '#4b6ca6'; // active tab background color for ";
}else if($SETTINGS['css_style'] == "green"){
echo "var blc = '#ffffff'; // background color for tabs \n";
echo "var lc = '#668b4f'; // tabs text color \n";
echo "var la = '#ffffff'; // active tab text color \n";
echo "var bla = '#668b4f'; // active tab background color for ";
}else{
echo "var blc = '#ffffff'; // background color for tabs \n";
echo "var lc = '#444444'; // tabs text color \n";
echo "var la = '#ffffff'; // active tab text color \n";
echo "var bla = '#444444'; // active tab background color for ";
}
?>
// do not change anything below this line
var blh = '#222222'; //
var lh = '#00ff00';
if(fix) window.onscroll=sMenu;window.onload=iMenu;var onm = null;var ponm = null;var podm = null;var ndm = bar.mO.length;
if(fix) {var ag = navigator.userAgent.toLowerCase();var isG = (ag.indexOf('gecko') != -1);var isR=0;if (isG) {t = ag.split("rv:"); isR = parseFloat(t[1]);}if (isR && isR<1) setInterval('sMenu()',50);}
</script>
<?php } ?>
<?php }else{ ?>
<link href="styles/<?php echo $SETTINGS['css_style'];?>/menu.css" type="text/css" rel="stylesheet">
<?php } ?>
</head>
<body style="overflow:hidden;" <?php echo ((($adm_logged == true) && ($SETTINGS['menu_style'] == "side") && $SETTINGS['left_panel_scrolling']) ? "onResize='setPageHeight()' onLoad='setPageHeight()'" : ""); ?>>
<table border="0" cellspacing="1" cellpadding="1" width="100%" height="100%">
<tr>
<td <?php echo $colspan; ?> height="9%">
<?php include_once("system/header.php"); ?>
</td>
</tr>
<?php if($SETTINGS['menu_style'] == "top" && $adm_logged){ ?>
<tr><td <?php echo $colspan; ?> height="20px"><?php include_once("system/top_menu.php"); ?></td></tr>
<?php } ?>
<tr>
<?php if($SETTINGS['language_dir'] == "ltr" && $SETTINGS['menu_style'] == "side" && $adm_logged){ ?>
<td id='colLeft' width="160x" valign="top" style="padding-right:0px">
<?php include_once("system/left_menu.php"); ?>
</td>
<td id='colMiddle' width="12px" valign="top" align="center" style="padding-top:3px;">
<img id="imgArrow" style="cursor:w-resize;" onclick="resizeLeftPanel('<?php echo $SETTINGS['language_dir'];?>')" src="images/collapse_panel.gif" alt="" title="<?php echo lang("click_to_collapse");?>" />
</td>
<?php } ?>
<td id='colMain' valign="top" height="<?php echo $mainColHeight;?>" style="min-width:400px;padding-top:2px;padding-right:4px;">
<iframe id="frameMain" name="frameMain"
src="<?php echo $content_page; ?>"
marginwidth="0" marginheight="0" vspace="0" hspace="0"
frameborder="2" width="100%" height="100%" scrolling="auto">
</iframe>
</td>
<?php if($SETTINGS['language_dir'] == "rtl" && $SETTINGS['menu_style'] == "side" && $adm_logged){ ?>
<td id='colMiddle' width="12px" valign="top" align="center" style="padding-top:3px;">
<img id="imgArrow" style="cursor:w-resize;" onclick="resizeLeftPanel('<?php echo $SETTINGS['language_dir'];?>')" src="images/expand_panel.gif" alt="" title="<?php echo lang("click_to_collapse");?>" />
</td>
<td id='colLeft' width="160x" valign="top" style="padding-right:0px">
<?php include_once("system/left_menu.php"); ?>
</td>
<?php } ?>
</tr>
</table>
<!-- session expired popup -->
<div id="fade" class="black_overlay" onclick="javascript:appCloseExpiredWindow();"></div>
<div id="light">
<div class="white_content">
<br />
<b>Your session will expire soon. Please make sure to save your work often! You may click on</b>
<br /><br />
<ul>
<li>STAY LOGGED to reset session timeout</li>
<li>LOGOUT to finish current session.</li>
</ul>
<br /><br />
<input type='button' value='Stay Logged' onclick="javascript:appCloseExpiredWindow();" />
<input type='button' value='Logout' onclick="javascript:document.location.href='logout.php'" />
</div>
</div>
<object type="application/x-mplayer2" height="0" width="0" id="sound_alert">
<param name="fileName" value="images/alert.wav">
<param name="autostart" value="0">
<param name="playcount" value="2">
</object>
</body>
</html>
<?php
unset($_SESSION['content_type']);
unset($_SESSION['dgpid']);
?>
<!-- This script was generated by PHPAP (ApPHP AdminPanel) v.<?php echo _PHP_AP_VERSION; ?> | http://www.apphp.com/php-adminpanel/index.php -->