<?php
/*++++++++++++++++++++++++++++++++++++++++++++++++++++
| BlogNEasy
| Copyright 2012 Fernando Baptista
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| index.php main file
| Version 0.9
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
++++++++++++++++++++++++++++++++++++++++++++++++++++++
*/
session_start();
clearstatcache();
error_reporting(E_ERROR | E_WARNING | E_PARSE);
$BNEversion="0.9";
// Redirects to install.php if data files don't exist
if(!file_exists("data/config.php")) header ("Location: install.php");
readsetup();
if($set['language']=="")
$set['language']="en_US";
// Detects the insertion of code in the $_GET array
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) || (eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) || (eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) || (eregi("\"", $check_url)))
die ($langmessage[98]);
}
unset($check_url);
// Global variable containing messages to the user;
$message="";
//Time offset from server
$fuso_s = strval($set['timeoffset']) * 3600;
// Disables $_GET except for login and sitemap
if($_GET['do']!="login" && $_GET['do']!="search" && $_GET['do']!="contact" && $_SESSION[$set['password']] != "1")
unset($_GET['do']);
// Checks if there was a login attempt
if($_POST['submit']=="Login") {
if(sha1(trim($_POST['password']))==$set['password']) {
$_SESSION[$set['password']]="1";
$message=$langmessage[95];
unset($_GET['do']);
} else $message=$langmessage[96];
}
if($_GET['do']=="logout") {
unset($_SESSION[$set['password']]);
session_destroy();
unset($_GET['do']);
$saida="Location: ".$set['homepath'];
header($saida);
}
// edit these 2 following values to your convenience
$max_upload_file_size=2000000;
$max_upload_image_size=250000;
// reads the admin functions if the user is logged in
if($_SESSION[$set['password']] == "1") {
require_once "admin.php";
//call admin functions for treating inputs if logged in
treat_posts();
} else
// Disables $_POST['submit'] except for login, send message and send comment
if($_POST['submit']!="login" && $_POST['submit']!="search" && $_POST['submit']!="Send message" && $_POST['submit']!="sendcomment" && $_SESSION[$set['password']] != "1")
unset($_POST['submit']);
if($_POST['submit']=="sendcomment")
$message=sendcomment();
if($_POST['submit']=="Send message")
$message=sendmessage();
$templatepath="./templates/".$set['template']."/template.php";
if (!file_exists($templatepath)) $templatepath="./templates/default/template.php";
if (!file_exists($templatepath)) die ($templatepath." ".$langmessage[109]);
//Display the template and call the embebbed functions
$page=file_get_contents($templatepath);
$out="";
while($page != "") {
if($pagearray=explode("$#",stripslashes($page),2)) {
$out.=$pagearray[0];
$page=$pagearray[1];
if($pagearray=explode("#$",$page,2)) {
$command=trim($pagearray[0]);
$page=$pagearray[1];
switch($command) {
case "header": $out.= printheader(0); break;
case "title": $out.='<a href="'.$set['homepath'].'">'.$set['title'].'</a>'; break;
case "subtitle": $out.=$set['subtitle']; break;
case "contact": $out.='<a href="'.$set['homepath'].'?do=contact">Contact</a>'; break;
case "feed": $out.="<a href=\"rss.php\">Feed</a>"; break;
case "content": content(); break;
case "recent": recent(); break;
case "search": $out.=searchform(); break;
case "homelink": $out.='<a href="'.$set['homepath'].'">Home</a>'; break;
case "image": $out.="./templates/".$set['template']."/images/"; break;
case "mainmenu": $out.= mainmenu(0); break;
case "mainmenu1": $out.= mainmenu(0,1); break;
case "mainmenu2": $out.= mainmenu(0,2); break;
case "sitemap": $out.= sitemap(0); break;
case "login": $out.= loginout(); break;
case "extra": extra(); break;
case "footer": $out.= $set['footer']; break;
default:
if(strpos($command, "content")!== false) {
//$aa=explode(" ",$command,2);
show_posts();
//showcontent($pagenum, decode("data/".$pagenum."_".$aa[1].".html"));
} elseif(strpos($command, "plugin")!== false) {
$aa=explode(" ",$command,2);
$pluginpath="plugins/".trim($aa[1]);
if(file_exists($pluginpath."/first.mod"))
$out=file_get_contents($pluginpath."/first.mod").$out;
if(file_exists($pluginpath."/header.mod"))
$out=str_replace("</head>",file_get_contents($pluginpath."/header.mod")."\n</head>",$out);
if(file_exists($pluginpath."/onload.mod"))
$out=str_replace("<body","<body onload=\"".file_get_contents($pluginpath."/onload.mod")."\"",$out);
if(file_exists($pluginpath."/include.mod"))
include "plugins/".trim($aa[1])."/include.mod";
if(file_exists($pluginpath."/place.mod"))
$out.=file_get_contents("$pluginpath/place.mod");
} else {
$out .= $command;
}
}
} else break;
} else break;
}
if($page != "") $out.=$page;
// finished page creation, send it to the browser
print $out;
### Execution end ###
function content() {
global $pagenum, $edit, $set, $selected, $message, $menu, $out, $langmessage, $LNEversion, $message, $addons;
if($message!="") $out.="<h2 class=\"LNE_message\">".$message."</h2>\n";
if(function_exists('adminmenu')) $out.=adminmenu();
switch($_GET['do']) {
case "search":
$out.="<h2 class=\"LNE_title\">$langmessage[66]</h2>\n";
$out.=search();
break;
case "contact":
$out.="<h2 class=\"LNE_title\">$langmessage[48]</h2>\n";
$out.=contact();
break;
case "editextra":
print $out;
$out="";
editextra();
break;
case "login":
$out.= loginform();
break;
case "settings":
$out.= settings();
break;
case "setup":
$out.= setup();
break;
case "adminposts":
adminposts();
break;
default:
$expanded=1;
$collapsed=0;
if($_GET['showcomments']!="")
if(!is_intval($_GET['showcomments']))
die ($langmessage[98]);
else
$comenta=intval($_GET['showcomments']);
else
$comenta=1;
if($_GET['categ']!="")
if(!is_intval($_GET['categ']))
die ($langmessage[98]);
else {
$categ=intval($_GET['categ']);
$expanded=0;
$collapsed=99;
}
else
$categ=-1;
if(!isset($_GET['categ']) && !isset($_GET['showcomments']) && !isset($_GET['id']))
$out.=show_posts(1,0,2);
else
$out.=show_posts($expanded,$collapsed,$comenta,$categ);
}
}
function clean($string) {
return trim(str_replace(' ',' ',$string));
}
function compare($x,$y) {
if($x[0] == $y[0]) return 0;
elseif($x[0] < $y[0]) return -1;
else return 1;
}
function contact() {
global $langmessage, $set;
$out="<div id=\"LNE_contact\">\n<form method=\"post\" action=\"\"><fieldset class=\"noborder\" >\n<table>\n";
$out.="<tr><td align=\"right\">$langmessage[38]:</td>\n";
$out.="<td><input type=\"text\" name=\"name\" value=\"\" /></td></tr>\n";
$out.="<tr><td align=\"right\">$langmessage[73]:</td>\n";
$out.="<td><input type=\"text\" name=\"email\" value=\"\" /></td></tr>\n";
$out.="<tr><td align=\"right\" valign=\"top\">$langmessage[63]:</td>\n";
$out.="<td><textarea name=\"text\" rows=\"8\" style=\"width: 250px;\"></textarea></td></tr>\n";
$out.="<tr><td align=\"right\"><b>$langmessage[99]: </b></td>\n";
if($set['catchpa']==0) {
//text catchpa
srand((double) microtime() * 1000000);
$a = rand(0, 9);
$b = rand(0, 9);
$c=$a+$b;
$out.="<td>$a + $b = ";
$_SESSION[session_id()] = $c;
$out.="<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" />";
$our.="</td></tr>\n";
} else {
// image catchpa
$out.="<td>".catchpa()."</td></tr>\n";
}
$out.="<tr><td> </td>\n<td>";
$out.="<input type=\"hidden\" name=\"submit\" value=\"Send message\" />";
$out.="<input type=\"submit\" name=\"aa\" value=\"$langmessage[64]\" />";
$out.="</td></tr>\n</table></fieldset></form></div>\n";
return $out;
}
function credits() {
global $BNEversion;
return "<!-- +++++++++++++++++++++++++++++++++++++++++++++++++
| BlogNEasy version $BNEversion
| Copyright 2012 Fernando Baptista
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->\n";
}
function data_formatada($unix_time) {
global $set;
return strftime($set['dateformat'], $unix_time);
}
function decode($string) {
return utf8_decode(stripslashes($string));
}
function deletedata($array,$file,$pos,$value,$numfields) {
$array1=$array;
unset($array);
$fp=fopen("data/".$file.".dat","w");
$count=0;
$count1=0;
while($array1[$count][0]!="") {
if($array1[$count][$pos]!=$value) {
for($i=0;$i<$numfields;$i++){
if($i==$numfields-1) fwrite($fp,$array1[$count][$i]."||");
else fwrite($fp,$array1[$count][$i]."|");
}
$array[$count1]=$array1[$count];
$count1++;
}
$count++;
}
fclose($fp);
return $array;
}
function editor($out) {
global $set;
include_once($set['editorpath']."fckeditor.php");
$CKeditor = new FCKeditor("texto");
$CKeditor->BasePath = $set['editorpath'];
$CKeditor->Height = 400 ;
// $CKeditor->Config['AutoDetectLanguage'] = true ;
//comment out the next line for using the FCK editor default skin
$CKeditor->Config['SkinPath'] = "skins/silver/";
$CKeditor->Value = $out;
$CKeditor->Create() ;
}
function encode($string) {
return addslashes(utf8_encode($string));
}
function extra() {
global $out;
if(file_exists("data/extra.htm")) $out.=showcontent($pagenum,"extra.htm");
}
function filelist($pattern, $start_dir='.', $dir=0) {
$filenames=array();
if ($handle = opendir($start_dir)) {
while (false !== ($file = readdir($handle))) {
if (strcmp($file, '.')==0 || strcmp($file, '..')==0) continue;
if($dir) {
if(is_dir($start_dir."/".$file))
array_push($filenames, $file);
} else
array_push($filenames, $file);
}
closedir($handle);
}
$order=-1;
$filesort = create_function('$a,$b', "\$a1=\$a$sortby;\$b1=\$b$sortby; if (\$a1==\$b1) return 0; else return (\$a1<\$b1) ? -1 : 1;");
uasort($filenames, $filesort);
return $filenames;
}
function is_intval($value) {
return 1 === preg_match('/^[+-]?[0-9]+$/', $value);
}
function loginform() {
global $langmessage, $BNEversion;
$out='<div align="center"><form method="post" action=""><h2>BlogNEasy '.$BNEversion.' '.$langmessage[120].'</h2>';
$out.='<p>'.$langmessage[6].': <input type="password" name="password" value="" />';
$out.='<input type="hidden" name="submit" value="Login" />';
$out.='<input type="submit" name="aa" value="'.$langmessage[120].'" /></p></form></div>';
return $out;
}
function loginout() {
// displays the login/logout link
global $set, $langmessage;
if($_SESSION[$set['password']]=="1")
$out.='<a href="'.$set['homepath'].$set['indexfile'].'?do=logout" rel="nofollow">'.$langmessage[121].'</a>';
else
$out.='<a href="'.$set['homepath'].$set['indexfile'].'?do=login" rel="nofollow">'.$langmessage[120].'</a>';
return $out;
}
function mainmenu($span=0) {
global $set, $langmessage;
$aa="\n";
$aa.="<li><a href=\"".$set['indexfile']."\" class=\"first\">$langmessage[111]</a></li>\n";
$cat=readdata("categories");
$count=0;
$first=true;
while($cat[$count][0] != "") {
$aa.='<li';
if($first) {
$first=false;
$aa.='';
}
$aa.='>';
if($span==3) $aa.="<span>";
$aa.='<a ';
/* if($menu[$count][0]==$selected['index'])
$aa.='class="selected" '; */
$aa.='href="'.$set['indexfile'].'?categ='.$cat[$count][0].'">';
if($span==2) $aa.="<span>";
$aa.=$cat[$count][1];
if($span==1) $aa.="<span>";
if($span==2 || $span==1) $aa.="</span>";
$aa.="</a>";
if($span==3) $aa.="</span>";
$aa.="</li>\n";
$count++;
}
return $aa;
}
function printheader($generate,$tmpl="-") {
global $set, $langmessage, $cntt, $BNEversion;
$out.= checktitle();
$out.= credits();
$out.="<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\n";
$out.="<meta http-equiv='Content-Language' content='".$set['language']."' />\n";
$out.="<meta http-equiv='Content-Script-Type' content='text/javascript' />\n";
$out.="<meta http-equiv='Content-Style-Type' content='text/css' />\n";
$out.="<meta name='keywords' content='".$set['keywords']."' />\n";
$out.="<meta name='description' content='".$set['description']."' />\n";
$out.="<meta name='author' content='".$set['author']."' />\n";
$out.="<meta name='generator' content='BlogNEasy $BNEversion' />\n";
$out.="<meta name='Robots' content='index, nofollow' />\n";
$out.="<meta http-equiv='imagetoolbar' content='no' /><!-- disable IE's image toolbar -->\n";
$out.="<link rel=\"alternate\" type=\"application/rss+xml\" title=\"".$set['title']." RSS Feed\" href=\"rss.php\" />\n";
$out.="<link rel='stylesheet' type='text/css' href='templates/".$set['template']."/style.css' />\n";
$out.="<link rel='stylesheet' type='text/css' href='css/blogneasy.css' />\n";
//$out.= checkaddons();
return $out;
}
function checktitle() {
global $cntt, $set, $selected, $langmessage, $pagenum;
if($_GET['id']!="") {
if(!is_intval($_GET["id"])) die ($langmessage[98]);
$noticia_numero = $_GET["id"];
}
$aa=explode("||",trim(@file_get_contents("data/posts.dat")));
$count=0;
$lugar=-1;
while($aa[$count] != "") {
$aaa=explode("|",trim($aa[$count]));
$row_db[$count]=$aaa;
if($noticia_numero!="" && $row_db[$count][0]==$noticia_numero) {
$lugar=$count;
break;
}
$count++;
}
$count--;
if($lugar==-1)
$lugar=$count;
$out.="<title>".decode($row_db[$lugar][3])." | ".$set['title']."</title>\n";
return $out;
}
function checkaddons() {
global $pagenum, $addons, $cntt;
$xtra=stripslashes(decode(file_get_contents("data/extra.htm")));
if(strpos($cntt, '%!$plugin')!==false) {
$one=explode('%!$plugin',$cntnt,2);
$two=explode('$!%',$one[1],2);
$pluginame="./plugins/".trim($two[0]);
if(file_exists($pluginame."/header.mod")) {
$three=file_get_contents($pluginame."/header.mod");
$out.= $three."\n";
}
if(file_exists($pluginame."/first.mod") && !$generate) {
include "$pluginame/first.mod";
}
}
/* foreach($addons as $addon)
if((strpos( $cntt,"%!$".$addon[0]) || strpos( $xtra,"%!$".$addon[0])) && strval($addon[5]) && strval($addon[3]))
require_once "addons/".$addon[0]."/header.php"; */
return $out;
}
function readdata($file){
// read a data file, returns an array with the content
$content=@file_get_contents("data/".$file.".dat");
str_replace("||\n", "||", $content);
$aa=array();
$aa = explode("||",trim($content));
$count = 0;
foreach($aa as $aaa) {
$bb[$count] = explode("|",trim($aaa));
$count++;
}
return $bb;
}
function readsetup() {
global $set, $langmessage;
require "data/config.php";
$set['title']=decode($set['title']);
$set['subtitle']=decode($set['subtitle']);
$set['keywords']=decode($set['keywords']);
$set['description']=decode($set['description']);
$set['author']=decode($set['author']);
$set['footer']=decode($set['footer']);
$set['indexfile']=decode($set['indexfile']);
$set['fromname']=decode($set['fromname']);
$set['extension']="php";
if($set['language']=="") $set['language']="en_US";
if($set['catchpa']=="") $set['catchpa']="1";
require "./languages/lang_".$set['language'].".php";
}
function recent($count=5) {
global $out, $set, $langmessage;
$posts=readdata("posts");
$cont=0;
while($posts[$cont][0]!="") {
$cont++;
}
$out.="<h2>$langmessage[40]</h2>\n<ul>\n";
$count1=0;
$pointer=$cont-1;
while($posts[$pointer][0]!="") {
if($pointer<0)
break;
$out.="<li><a href=\"".$set['indexfile']."?id=".$posts[$pointer][0]."\">".$posts[$pointer][3]."</a></li>\n";
$count1++;
if($count1>=$count)
break;
$pointer--;
}
$out.="</ul>\n";
}
function sanitize($text) {
if(strpos($text,null) !== false)
die($langmessage[98]);
// Convert problematic ascii characters to their true values
$search = array("40","41","58","65","66","67","68","69","70",
"71","72","73","74","75","76","77","78","79","80","81",
"82","83","84","85","86","87","88","89","90","97","98",
"99","100","101","102","103","104","105","106","107",
"108","109","110","111","112","113","114","115","116",
"117","118","119","120","121","122"
);
$replace = array("(",")",":","a","b","c","d","e","f","g","h",
"i","j","k","l","m","n","o","p","q","r","s","t","u",
"v","w","x","y","z","a","b","c","d","e","f","g","h",
"i","j","k","l","m","n","o","p","q","r","s","t","u",
"v","w","x","y","z"
);
$entities = count($search);
for ($i=0;$i < $entities;$i++) $text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
// the following is based on code from bitflux (http://blog.bitflux.ch/wiki/)
// Kill hexadecimal characters completely
$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
// remove any attribute starting with "on" or xmlns
$text = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iU', ">", $text);
do {
$oldtext = $text;
preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $text);
// remove javascript: and vbscript: protocol
} while ($oldtext != $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
return $text;
}
function strip_html($text) {
return preg_replace('#<(.|\n)*?>','', $text);
}
function search() {
global $out, $set, $langmessage, $message;
if($_POST['submit']=="search" && $_POST['search']!="" && $_POST['search']!=$langmessage[49]) {
$needle=sanitize($_POST['search']);
$out.="<h3>$langmessage[68]\"$needle\":</h3>\n<ul>\n";
$posts=array();
$posts=readdata("posts");
//check within titles
$cont=0;
while($posts[$cont][0]!="") {
$text=strip_tags(decode($posts[$cont][3]));
if(($pos=stripos($text, $needle))!==false) {
$text=strip_tags($text);
$first=substr($text,0,strval($pos));
$last=substr($text , strval($pos)+strlen($needle));
$out.="<li><a href=\"index.php?id=".$posts[$cont][0]."\">$first<b>$needle</b>$last</a></li>\n";
}
$text=strip_tags(decode($posts[$cont][4]));
if(($pos=stripos($text, $needle))!==false) {
$first=substr($text,0,strval($pos));
if(strlen($first)>=50)
$first="...".substr($first,strlen($first)-50);
$last=substr($text , strval($pos)+strlen($needle));
if(strlen($last)>=50)
$last=substr($last, 0,50)."...";
$out.="<li><a href=\"index.php?id=".$posts[$cont][0]."\">".$posts[$cont][3]."</a><p>$first<b>$needle</b>$last</p></li>\n";
}
$cont++;
}
$out.="</ul>";
}
}
function searchform() {
global $set, $langmessage, $message;
$out.="<div class=\"f_search\">\n<form method=\"post\" action=\"index.php?do=search\">\n";
$out.="<p><input type=\"text\" name=\"search\" value=\"$langmessage[49]\" class=\"search\" onblur=\"if(this.value=='') this.value='$langmessage[49]';\" onfocus=\"if(this.value=='search...') this.value='';\" />\n";
$out.="<input type=\"hidden\" name=\"submit\" value=\"search\" />\n";
$out.="<input type=\"submit\" value=\"$langmessage[65]\" class=\"submit\" /></p>\n";
$out.="</form>\n</div>\n";
return $out;
}
function sendcomment() {
global $editar, $langmessage;
if(!is_intval(trim($_POST['newsid'])) || !is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) die ("Send Comment - aha! Clever!");
$editar=true;
if($_POST['commentname']=="" || $_POST['commentmessage']=="")
return $langmessage[101];
else {
if($_POST['secCode'] != $_SESSION[session_id()])
return $langmessage[139];
else {
$text=sanitize(strip_tags($_POST['commentmessage']));
$order = array("\r\n", "\n", "\r");
$text = str_replace($order, "<br />", $text);
if($_POST['commentemail']=="") $email="-";
else $email = sanitize(strip_tags($_POST['commentemail']));
$name=sanitize(strip_tags($_POST['commentname']));
if(!$fp=fopen("./data/comments.dat","a")) die ($langmessage[142]);
fwrite($fp,$_POST['newsid']."|".encode($name)."|".encode($email)."|".time()."|".encode($text)."||\n");
fclose($fp);
$editar=false;
return $langmessage[141];
}
}
}
function sendmessage() {
global $set, $langmessage, $message;
if(!is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) die ($langmessage[98]);
if($_POST['secCode'] != $_SESSION[session_id()]) {
$message=$langmessage[139];
} else {
if(isset($_POST['text'])) {
$message=$langmessage[56];
if($_POST['text']!="" && $_POST['name']!="") {
//Contribution from user Utaka:
/* if(extension_loaded("mbstring") && function_exists("mb_encode_mimeheader")) {
mb_language("uni");
mb_internal_encoding("UTF-8");
$fromname = '"'. mb_encode_mimeheader($set['fromname']).'" <'.$set['fromemail'].'> ';
} else { */
$fromname = $set['fromemail'];
// }
$email = html_entity_decode(sanitize($_POST['email']));
$text = html_entity_decode(sanitize($_POST['text']));
$name = html_entity_decode(sanitize($_POST['name']));
$additional_header = array();
$additional_header[] = 'MIME-Version: 1.0';
$additional_header[] = 'Content-Type: text/plain; charset=utf-8';
// $additional_header[] = 'Content-Transfer-Encoding: 7bit ';
$additional_header[] = 'From: ' .$fromname;
$to=$set['toemail']."\r\n";
if(function_exists(mb_send_mail))
if(!mb_send_mail($to, $langmessage[57].$set['fromname'], $langmessage[57].$name." at ".$email."\r\n".$text, implode("\r\n", $additional_header) ))
$message=$langmessage[58];
else
if(!mail($to, $langmessage[57].$set['fromname'], $langmessage[57].$name." at ".$email."\r\n".$text, implode("\r\n", $additional_header) ))
$message=$langmessage[58];
} else
$message=$langmessage[59];
} else
$message=$langmessage[59];
}
return $message;
}
function showcontent($pagenum,$file="") {
global $out, $addons;
$open="%!$";
$close="$!%";
if(file_exists("data/".$file))
$page=stripslashes(decode(file_get_contents("data/".$file)));
else
$page="<h2>$langmessage[116]</h2>\n";
while(strpos($page,$open)) {
$pagearray=explode($open,$page,2);
$out.=$pagearray[0];
unset($pagearray1);
$pagearray1=explode($close,$pagearray[1],2);
if(substr($pagearray1[0],0,7)=="include") {
print $out;
$out="";
include(trim(substr($pagearray1[0],7)));
} elseif(substr($pagearray1[0],0,8)=="function") {
$bb=trim(substr($pagearray1[0],8));
$aa=explode(" ",$bb);
if($aa[3]!="") $out.=$aa[0]($aa[1],$aa[2],$aa[3]);
elseif($aa[2]!="") $out.=$aa[0]($aa[1],$aa[2]);
elseif($aa[1]!="") $out.=$aa[0]($aa[1]);
else $out.=$aa[0]();
} elseif(substr($pagearray1[0],0,6)=="plugin") {
$pluginame="./plugins/".clean(substr($pagearray1[0],6));
if(file_exists($pluginame."/header.mod"))
$out=str_replace("</head",file_get_contents($pluginame."/header.mod")."\n</head",$out);
if(file_exists($pluginame."/first.mod"))
include $pluginame."/first.mod";
if(file_exists($pluginame."/onload.mod"))
$out=str_replace("<body","<body onload=\"".file_get_contents($pluginame."/onload.mod")."\"",$out);
if(file_exists("$pluginame/place.mod"))
$out.=file_get_contents("$pluginame/place.mod");
if(file_exists("$pluginame/include.mod")) {
print $out;
include "$pluginame/include.mod";
$out="";
}
} else {
$out .= "\n".$pagearray1[0]."\n";
}
$page = $pagearray1[1];
}
if($page!="") $out .= $page;
}
function show_posts($post_integra=1,$post_cabecalho=9,$comenta=0,$categ=-1) {
global $langmessage, $set, $fuso_s;
if($_GET['id']!="") {
if(!is_intval($_GET["id"])) die ($langmessage[98]);
$noticia_numero = $_GET["id"];
}
$aa=explode("||",trim(@file_get_contents("data/posts.dat")));
$count=0;
$lugar=-1;
$cc=0;
//read all posts or only posts=$categ, if set
while($aa[$cc] != "") {
$aaa=explode("|",trim($aa[$cc]));
if($categ==-1 || (strval($aaa[7]) == strval($categ))) {
$row_db[$count]=$aaa;
if($noticia_numero!="" && $row_db[$count][0]==$noticia_numero)
$lugar=$count;
$count++;
}
$cc++;
}
$count--;
$total=$count;
if($lugar==-1)
$noticia_numero=$row_db[$count][0];
else {
// place the selected posts on top
$n=$row_db[$lugar];
for($i=$lugar; $i<$total; $i++) {
$row_db[$i]=$row_db[$i+1];
}
$row_db[$total]=$n;
$post_integra=1;
}
$row_cmt=readdata("comments");
$first=true;
$firstcomment=true;
// display expanded posts
$out.="<div id=\"LNEnews\">\n";
$ctg=readdata("categories");
while($row_db[$count][0]!="" && $total-$count<$post_integra) {
if(!$first) $out.="<hr /><br />";
$out.=show_one_post($row_db[$count][3],$row_db[$count][5],$row_db[$count][4],$row_db[$count][1],$row_db[$count][2],$row_db[$count][0]);
$c1=0;
while($ctg[$c1][0]!=$row_db[$count][7] && $ctg[$c1][0]!="") {
$c1++;
}
if($ctg[$c1][3]) { // are comments set in the corresponding category?
// read comments
$j=0;
foreach($row_cmt as $aaa) {
if($aaa[0]==$row_db[$count][0]) {
$comments[$j]=$aaa;
$j++;
}
}
if($j) { // there are comments
if($comenta==2) {
$ff=true;
$i=0;
while($comments[$i][0]!="") {
if($ff) {
$out.="<div class=\"LNEnews_comments\">".$langmessage[143].":</div>";
$ff=false;
}
$out.="<div class=\"LNEnews_comment\">\n";
$out.="<span class=\"time\">".$langmessage[112]." ".data_formatada($comments[$i][3] + $fuso_s)."</span>";
$out.="<span class=\"poster\">$langmessage[144]: </span>\n";
$out.="<span class=\"author\">";
$out.=decode($comments[$i][1])."</span>";
$out.="<span class=\"text\">".stripslashes(decode($comments[$i][4]))."</span>";
if($_SESSION[$set['password']]=="1") {
$out.="\n<form method=\"post\" action=\"\">\n";
$out.="<input type=\"hidden\" name=\"newsid\" value=\"".$comments[$i][0]."\" />\n";
$out.="<input type=\"hidden\" name=\"id\" value=\"".$comments[$i][3]."\" />\n";
$out.="<input type=\"hidden\" name=\"submit\" value=\"deletecomment\" />\n";
$out.="<input type=\"image\" name=\"aaa\" src=\"images/editdelete.png\" style=\"width: 16px; height: 16px; border: none; background: transparent;\" value=\"\" title=\"$langmessage[174]\" />\n";
$out.="</form>\n";
}
$out.="</div>\n";
$i++;
// unset($_GET['showcomments']);
}
} else
$out.="<a href=\"".$_SERVER['SCRIPT_NAME']."?id=".$noticia_numero."&showcomments=2\">".$langmessage[143].": ".$j."</a><br />\n";
}
// display comments form
if($firstcomment) {
if(intval($comenta))
$out.="<br />".commentform($noticia_numero);
$firstcomment=false;
}
}
$first=false;
$count--;
}
$first=true;
$GETarray = $_GET;
$total=$count;
while($row_db[$count][0]!="" && $total-$count<$post_cabecalho) {
if($first) {
$first=false;
$out.="<div style=\"text-align: center; font-size: 85%; font-weight: bold; \">$langmessage[113]</div>";
$out.="<table border='0' align='center'><tr><td>$langmessage[12]</td><td>$langmessage[114]</td><td>$langmessage[16]</td></tr>";
}
$GETarray['id'] = $row_db[$count][0];
$call = $_SERVER['SCRIPT_NAME'] . "?" . http_build_query($GETarray,'','&');
$out.="<tr><td><a href=\"".$call."\">".decode($row_db[$count][3])."</a></td><td>".strftime("%d/%m/%y - %I:%M %p", $row_db[$count][5] + $fuso_s)."</td><td>".$row_db[$count][1]."</td></tr>";
$count--;
}
if(!$first) $out.="</table>";
$out.="</div>\n<div class=\"clear\"></div>\n";
return $out;
}
function show_one_post($a,$b,$c,$d,$e,$f) {
global $langmessage, $fuso_s, $set;
if(function_exists('adminmenu')) {
$out.="<a href=\"".$set['homepath'].$set['indexfile']."?do=adminposts&action=edit&id=$f\">\n";
$out.="<img src=\"images/edit.png\" alt=\"edit\" align=\"left\" border=\"0\" /></a>\n";
}
$out.="<h2 class=\"LNEnews_title\" >".decode($a);
$out.="</h2>\n";
$out.="<h3 class=\"LNEnews_date\"><span class=\"LNEnews_author\">$langmessage[16]: ";
$out.=stripslashes(decode($d));
$out.="</span> - ";
$out.=$langmessage[112]." ".data_formatada(strval($b) + $fuso_s)."</h3>\n";
$out.="<div class=\"LNEnews_text\">".stripslashes(decode($c))."</div>\n";
return $out;
}
function commentform($newsid) {
global $langmessage,$editar, $set;
$out="<form action=\"\" method=\"post\"><fieldset class=\"noborder\">\n";
if($_SESSION[$set['password']]=="1") {
$out.="<input type=\"hidden\" name=\"commentname\" value=\"".$set['fromname']."\" />\n";
$out.="<input type=\"hidden\" name=\"commentemail\" value=\"".$set['fromemail']."\" />\n";
} else {
$out.="<b>$langmessage[38]: </b><br />\n";
$out.="<input type=\"text\" name=\"commentname\" style=\"width:250px\" value=\"";
if($editar) $out.=$_POST['commentname'];
$out.="\" /><br/>\n";
$out.="<b>$langmessage[33]: </b><br/>\n";
$out.="<input type=\"text\" name=\"commentemail\" style=\"width:250px\" value=\"";
if($editar) $out.=$_POST['commentemail'];
$out.="\"><br/>\n";
}
$out.="<b>$langmessage[138]: </b><br/>\n";
$out.="<textarea name=\"commentmessage\" style=\"width:100%; height:80px\">";
if($editar) $out.=$_POST['commentmessage'];
$out.="</textarea><br/>\n";
if(function_exists('adminmenu')) {
$_SESSION[session_id()]="1";
$out.="<input type=\"hidden\" name=\"secCode\" value=\"1\" />\n";
} elseif($set['catchpa']=="0") {
$out.="<b>$langmessage[99]:<br/>";
//text catchpa
srand((double) microtime() * 1000000);
$a = rand(0, 9);
$b = rand(0, 9);
$c=$a+$b;
$out.="$a + $b = ";
$_SESSION[session_id()] = $c;
$out.="<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" />\n";
} else {
$out.="<b>$langmessage[99]:<br/>";
// image catchpa
$out.= catchpa();
}
$out.="<input type=\"hidden\" name=\"submit\" value=\"sendcomment\" /><br />";
$out.="<input type=\"hidden\" name=\"newsid\" value=\"$newsid\" /><br/>";
$out.="<input type=\"submit\" value=\"$langmessage[137]\" />\n</td></tr>\n</fieldset></form><br />\n";
return $out;
}
function sv($s) {
if (!isset($_SERVER)) {
global $_SERVER;
$_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
}
if (isset($_SERVER[$s]))return $_SERVER[$s];
else return'';
}
function convertRGB($color) {
$color = eregi_replace('[^0-9a-f]', '', $color);
return array(hexdec(substr($color, 0, 2)), hexdec(substr($color, 2, 2)), hexdec(substr($color, 4, 2)));
}
function createImage($text, $width, $height, $font = 5) {
global $fontColor, $bgColor, $lineColor, $set;
if($img = @ImageCreate($width, $height)) {
list($R, $G, $B) = convertRGB($fontColor);
$fontColor = ImageColorAllocate($img, $R, $G, $B);
list($R, $G, $B) = convertRGB($bgColor);
$bgColor = ImageColorAllocate($img, $R, $G, $B);
list($R, $G, $B) = convertRGB($lineColor);
$lineColor = ImageColorAllocate($img, $R, $G, $B);
imagefilledrectangle($img, 0, 0, imagesx($img), imagesy($img), $bgColor);
for($i = 0; $i <= $width; $i += 5) {
@ImageLine($img, $i, 0, $i, $height, $lineColor);
}
for($i = 0; $i <= $height; $i += 5) {
@ImageLine($img, 0, $i, $width, $i, $lineColor);
}
$hcenter = $width / 2;
$vcenter = $height / 2;
$x = round($hcenter - ImageFontWidth($font) * strlen($text) / 2);
$y = round($vcenter - ImageFontHeight($font) / 2);
ImageString($img, $font, $x, $y, $text, $fontColor);
if(function_exists('ImagePNG')) {
@ImagePNG($img, "data/catchpa.png");
return("png");
} else if(function_exists('ImageGIF')) {
@ImageGIF($img, "data/catchpa.gif");
return("gif");
}
else if(function_exists('ImageJPEG')) {
@ImageJPEG($img, "data/catchpa.jpg");
return("jpg");
}
ImageDestroy($img);
}
}
function catchpa(){
global $fontColor, $bgColor, $lineColor, $set, $out;
$fontSize = 5; // font size (1 - 5)
$fontColor = "000000"; // font color (RGB hexcode)
$bgColor = "FFFFFF"; // background color (RGB hexcode)
$lineColor = "B0B0B0"; // line color (RGB hexcode)
srand((double) microtime() * 1000000);
$secCode = '';
for($i = 0; $i < 6; $i++)
$secCode .= rand(0, 9);
$_SESSION[session_id()] = $secCode;
$ext=createImage($secCode, 71, 21, $fontSize);
return("<input type=\"text\" name=\"secCode\" maxlength=\"6\" style=\"width:50px\" />\n <b>«</b> <img src=\"data/catchpa.$ext\" width=\"71\" height=\"21\" align=\"absmiddle\" />");
}
//replacement for PHP5 function http_build_query() if that function doesn't exist
//taken from the PHP online manual
if(!function_exists('http_build_query')) {
function http_build_query($data,$prefix=null,$sep='',$key='') {
$ret = array();
foreach((array)$data as $k => $v) {
$k = urlencode($k);
if(is_int($k) && $prefix != null) {
$k = $prefix.$k;
};
if(!empty($key)) {
$k = $key."[".$k."]";
};
if(is_array($v) || is_object($v)) {
array_push($ret,http_build_query($v,"",$sep,$k));
}
else {
array_push($ret,$k."=".urlencode($v));
};
};
if(empty($sep)) {
$sep = ini_get("arg_separator.output");
};
return implode($sep, $ret);
};
};
?>