Location: PHPKode > projects > Chirp: The Microblog > chirp.v.1.1/chirp-admin/index.php
<?php

	session_start();
	header ("Cache-control: private");
	error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
	
	require_once("../includes/config.inc.php");
	require_once("../includes/db.inc.php");
	require_once("../language/language.".$language.".php");
	
	if ((isset($_GET['logout'])) && ($_GET['logout'] == 'true')){
		$_SESSION = array();
		session_destroy();
	}
	
	$act 	= '';
	$title 	= '';
	$errmsg	= '';
	$epage 	= 0;
	
	if (!empty($_POST['user']) && !empty($_POST['pw'])){
		$user = htmlspecialchars($_POST['user'],ENT_QUOTES);
		$pw = htmlspecialchars($_POST['pw'],ENT_QUOTES);
		
		if ($chirpuname == $user){
			if ($chirppw == $pw){
				$_SESSION['GBOOK_ADMIN_LOGIN'] = "ISADMIN";
			}else{
				$errmsg = "Wrong username or password, please verify your entries.<br />";
			}
		}else{
			$errmsg = "Wrong username or password, please verify your entries and try again.<br />";
		}
	}
	if(!isset($_SESSION['GBOOK_ADMIN_LOGIN']) && (@$_SESSION['GBOOK_ADMIN_LOGIN'] != 'ISADMIN')){
		$_SESSION['GBOOK_ADMIN_LOGIN'] = 'NOTADMIN';
	}
	switch($_SESSION['GBOOK_ADMIN_LOGIN']){
		case "ISADMIN":
			$title = "Chirp Admin Area";
			break;
		default:
			$title = "Admin Login";
	}

	if(isset($_GET['act'])){
		$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//Dtd style="padding:5px;" XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/Dtd style="padding:5px;" /xhtml1-transitional.dtd style="padding:5px;" ">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Chirp Admin Area</title>
<style type="text/css">
body {
	background-color:#444444;
	font-family:Georgia, "Times New Roman", Times, serif;
	font-size: 100%;
	margin: 0 auto;
	width:800px !important;
	min-width:800px !important;
	max-width:800px !important;
}
.wrapper {
	text-align:center;
	width:800px !important;
	padding:0px 0px 0px 0px;
	background:url('wrapperbg.jpg') repeat-y top center;
}

.header{
	background-image: url('headerbg.jpg');
	width:800px !important;
	height:147px !important;
}
.bar{
	background-image: url('mainbar.jpg');
	width:800px !important;
	height:65px !important;
	padding-left: 20px;
	text-align:left;
}
.footer{
	background-image: url('footer.jpg');
	width:800px !important;
	height:72px !important;
	text-align:center;
	font-size: .7em;
	color:#CCCCCC;
}
	.footer a{
		color:#CCCCCC;
	}
		.footer a:hover{
			color:#FFCC00;
		}
button, input {
	font-family:Georgia, "Times New Roman", Times, serif;
	font-size: .8em;
	padding: 5px;
}

#users tr {
	background-color: #DDDDDD;
}
	#users tr.normal { 
		background-color: #CCCCCC;
	}
	#users tr.highlight { 
		background-color:#99CCCC;
	}

</style>
</head>

<body>
<div class="wrapper">
<table width="800" border="0" padding="0" cellspacing="0">
	<tr>
		<td align="left" class="header" style="color:#CCCCCC;top:40px;padding-left:20px;font-size:2.5em"><i>Chirp Admin</i></td>
	</tr>
	<tr>
		<td class="bar"><?php echo $title; ?></td>
	</tr>
</table>
<?php
if($_SESSION['GBOOK_ADMIN_LOGIN'] == "ISADMIN"){
?>
<center>
<script type="text/javascript"><!--
google_ad_client = "pub-8588402342452246";
/* GBook */
google_ad_slot = "2195100696";
google_ad_width = 728;
google_ad_height = 15;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>
<?php
}
?>
<br />
<?php
if (isset($_SESSION['GBOOK_ADMIN_LOGIN']) && ($_SESSION['GBOOK_ADMIN_LOGIN'] == 'NOTADMIN')){
	echo $errmsg;
?>
<form method="POST" action="index.php">
<table padding="5" cellspacing="0" border="0" style="margin:auto auto">
	<tr><td style="padding:5px;" >User name:</td><td style="padding:5px;" ><input type="text" name="user" /></td></tr>
	<tr><td style="padding:5px;" >Password:</td><td style="padding:5px;" ><input type="password" name="pw" /></td></tr>
	<tr><td style="padding:5px;" colspan="2"><button type="submit">Admin Login</button></td></tr>
</table>
</form>

<?php
} else {
?>
	<table width="800" cellpadding="2" cellspacing="0" border="0" style="margin:auto auto;">
		<tr>
			<td style="padding:5px;" valign="top" align="right" width="160" style="font-size:1.4em;">
				<a href="index.php?act=conf">Configuration</a><br />
				<a href="index.php?act=users">Users</a><br />
				<a href="index.php?act=add">Add Users</a><br />
				<a href="index.php?act=waiting">Waiting Users</a><br />
				<a href="index.php?act=word">Word Filter</a><br />
				<a href="index.php?act=spam">Spam Filter</a><br />
				<!-- <a href="index.php?act=msg0">view messages</a><br /> -->
				<a href="index.php?logout=true">logout</a><br />
			</td>
			<td style="padding:5px;" valign="top" align="center" style="font-size:.75em;">
<?php
				switch($act){
					case "conf":
						$statmsg = '';
						if ($_SERVER["REQUEST_METHOD"] == 'POST'){
							if(isset($_POST['setset'])){
								$sitename 	= htmlspecialchars($_POST['sitename'],ENT_QUOTES);
								$siteurl 	= htmlspecialchars($_POST['siteurl'],ENT_QUOTES);
								$sitetheme 	= htmlspecialchars($_POST['theme'],ENT_QUOTES);
								$siteemail 	= htmlspecialchars($_POST['email'],ENT_QUOTES);
								$msg_size 	= htmlspecialchars($_POST['max_msg_size'],ENT_QUOTES);
								$lang 		= htmlspecialchars($_POST['language'],ENT_QUOTES);
								$emotes 	= htmlspecialchars($_POST['emotes'],ENT_QUOTES);
								$emotepack 	= htmlspecialchars($_POST['emoticon_pack'],ENT_QUOTES);
								$nummsg 	= htmlspecialchars($_POST['nummsg'],ENT_QUOTES);
								$msg_num_days = htmlspecialchars($_POST['msg_num_days'],ENT_QUOTES);
								$imgsize 	= htmlspecialchars($_POST['imgsize'],ENT_QUOTES);
								$umin 		= htmlspecialchars($_POST['umin'],ENT_QUOTES);
								$umax 		= htmlspecialchars($_POST['umax'],ENT_QUOTES);
								$pmin 		= htmlspecialchars($_POST['pmin'],ENT_QUOTES);
								$allowdm 	= htmlspecialchars($_POST['allowdm'],ENT_QUOTES);
								$spamf 		= htmlspecialchars($_POST['spam'],ENT_QUOTES);
								$badwordf 	= htmlspecialchars($_POST['badword'],ENT_QUOTES);
								$numfriends = htmlspecialchars($_POST['numfriends'],ENT_QUOTES);
								$auname 	= htmlspecialchars($_POST['auname'],ENT_QUOTES);
								$apword 	= htmlspecialchars($_POST['apword'],ENT_QUOTES);
								$encaptcha 	= htmlspecialchars($_POST['enablecaptcha'],ENT_QUOTES);
								$cappub 	= htmlspecialchars($_POST['publickey'],ENT_QUOTES);
								$cappriv 	= htmlspecialchars($_POST['privatekey'],ENT_QUOTES);
								if(FUNCT_SAVE_SETTINGS($sitename,$siteurl,$sitetheme,$siteemail,$lang,$emotes,$emotepack,$nummsg,$msg_size,$imgsize,$umin,$umax,$pmin,$allowdm,$spamf,$badwordf,$numfriends,$auname,$apword,$msg_num_days,$encaptcha,$cappub,$cappriv)){
									$statmsg = "Configuration Saved.";
								}else{
									$statmsg = "There was a problem saving the config file";
								}
							}
						}
						echo $statmsg.FUNCT_CONFIGURATION();
						break;
					case "word":
						echo Word_Filter_Form(@$_POST['badlist'],@$_POST['goodlist'],@$_POST['bad'],@$_POST['good'],@$_GET['mode']);
						break;
					case "add":
						$statmsg = '';
						if($_SERVER['REQUEST_METHOD'] == 'POST'){
							if(isset($_POST['addbtn'])){
								$username	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'],ENT_QUOTES)));
								$firstname	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['firstname'],ENT_QUOTES)));
								$lastname	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['lastname'],ENT_QUOTES)));
								$email		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['email'],ENT_QUOTES)));
								$address	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['address'],ENT_QUOTES)));
								$city		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['city'],ENT_QUOTES)));
								$state		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['state'],ENT_QUOTES)));
								$zipcode	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['zipcode'],ENT_QUOTES)));
								$phone		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['phone'],ENT_QUOTES)));
								$password	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['password'],ENT_QUOTES)));
								$statmsg = FUNCT_ADD_USER($username,$firstname,$lastname,$email,$address,$city,$state,$zipcode,$phone,$password);
							}
						}
							echo $statmsg.FUNCT_USER_ADD_FRM();
						break;
					case "waiting":
						$uname = '';
						$statmsg = '';
						if(isset($_GET['a']) && !empty($_GET['a'])){
							$a = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['a'],ENT_QUOTES)));
							$id =  addslashes(mysql_real_escape_string(htmlspecialchars($_GET['id'],ENT_QUOTES)));
							switch($a){
								case "del":
									mysql_query('DELETE FROM users_waiting WHERE USERID = '.$id);
									if(mysql_errno()){
										echo mysql_errno() . ': ' . mysql_error() . "\n";
										die();
									}
									break;
								case "enable":
									$result = mysql_query('SELECT * FROM users_waiting WHERE USERID = "'.$id.'" LIMIT 1');
									$cnt = mysql_num_rows($result);
		
									if($cnt == 1){
										$row = mysql_fetch_array($result);
										$newpw = r_id();
										$newpw = substr($newpw, 2, 6);
										$sql = 'INSERT INTO users (USERNAME,FIRSTNAME,LASTNAME,EMAIL,STATE,SIGNUPDATE,PASSWORD) VALUES ("'.$row['USERNAME'].'","'.$row['FIRSTNAME'].'","'.$row['LASTNAME'].'","'.$row['EMAIL'].'","'.$row['STATE'].'","'.$row['SIGNDATE'].'","'.md5($newpw).'")';
										mysql_query($sql) or die(mysql_error());
										$sql = 'DELETE FROM users_waiting WHERE USERID = "'.$id.'" LIMIT 1';
										mysql_query($sql) or die(mysql_error());
										if (sendregemail($newpw, $row['EMAIL'])){
											$statmsg = 'Account enabled.';
										}else{
											$statmsg = 'There was a problem sending the registration email.';
										}
									}else{
										$statmsg = 'There is no account to register with that user id.';
									}									
									break;
								case "resend":
									$result = mysql_query('SELECT EMAIL,VERID FROM users_waiting WHERE USERID = '.$id.' LIMIT 1');
									if(mysql_errno()){
										echo mysql_errno() . ': ' . mysql_error() . "\n";
										die();
									}else{
										$cnt = mysql_num_rows($result);
										if($cnt > 0){
											$row = mysql_fetch_array($result); 
											if (regEmail($row['EMAIL'],$row['VERID'])){
												$statmsg = 'The verification email was sent successfully.';
											}else{
												$statmsg = 'There was a problem sending the verification email.';
											}
										}else{
											$statmsg = 'A user with that ID does not exist.';
										}
									}
									break;	
							}
						}
						echo $statmsg.FUNCT_SHOW_WAITING_USERS();
						break;
					case "users":
						$uname = '';
						$statmsg = '';
						if(isset($_GET['a']) && !empty($_GET['a'])){
							$a = addslashes(mysql_real_escape_string(htmlspecialchars($_GET['a'],ENT_QUOTES)));
							$id =  addslashes(mysql_real_escape_string(htmlspecialchars($_GET['id'],ENT_QUOTES)));
							if($a == 'del'){								
								FUNCT_DEL_USER($id);
							}
							if ($a == 'ban'){
								$result = mysql_query('SELECT BANNED FROM users WHERE USERID = '.$id.' LIMIT 1');
								$cnt = mysql_num_rows($result);
								if ($cnt > 0){
									$row = mysql_fetch_array($result);
									if($row['BANNED'] == 'no'){
										mysql_query('UPDATE users SET BANNED = "yes" WHERE USERID = '.$id);
									}elseif($row['BANNED'] == 'yes'){
										mysql_query('UPDATE users SET BANNED = "no" WHERE USERID = '.$id);
									}
								}
							}
						}
						if($_SERVER['REQUEST_METHOD'] == 'POST'){
							if(isset($_POST['edbtn'])){
								$firstname	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['firstname'],ENT_QUOTES)));
								$lastname	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['lastname'],ENT_QUOTES)));
								$email		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['email'],ENT_QUOTES)));
								$address	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['address'],ENT_QUOTES)));
								$city		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['city'],ENT_QUOTES)));
								$state		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['state'],ENT_QUOTES)));
								$zipcode	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['zipcode'],ENT_QUOTES)));
								$phone		= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['phone'],ENT_QUOTES)));
								$password	= addslashes(mysql_real_escape_string(htmlspecialchars($_POST['password'],ENT_QUOTES)));
								$statmsg = FUNCT_UPDATE_USER($id,$firstname,$lastname,$email,$address,$city,$state,$zipcode,$phone,$password);
							}
						}
						if (isset($_POST['username']) && !empty($_POST['username'])){
							$uname = addslashes(mysql_real_escape_string(htmlspecialchars($_POST['username'], ENT_QUOTES)));
						}
						if(isset($_GET['page']) && !empty($_GET['page'])){
							if(is_numeric($_GET['page'])){
								$epage = htmlspecialchars($_GET['page'],ENT_QUOTES);
							}
						}
						if (!empty($a) &&($a == 'edit')){
							if(is_numeric($id)){
								echo $statmsg.FUNCT_USER_EDIT_FRM($id);
							}else{
								echo  FUNCT_SHOW_USERS($uname,$epage);
							}
						}else{
							echo  FUNCT_SHOW_USERS($uname,$epage);
						}
						break;
					case "spam":
						$keywordlist = '';
						
						if (isset($_POST['keywords']) && !empty($_POST['keywords'])){
							$keywordlist = htmlspecialchars($_POST['keywords'],ENT_QUOTES);
						}
						echo Keyword_Function($keywordlist);
					default:
				}
?>
			</td>
		</tr>
	</table>

<?php

}

?>

<br /><br />
<table width="800" border="0" padding="0" cellspacing="0">
	<tr>
		<td style="padding:5px;" class="footer" valign="top">
		Copyright <a href="http://www.groonesworld.com" target="_blank">Groone's World Development</a> 2011<br />
		Chirp, version 3.1<br />
		Licensed Under The GNU General Public License<br /><br />
		</td>
	</tr>
</table></div>
</body>
</html>

<?php

mysql_close($connection);

//############### Function area
function sendregemail($ssid, $rcpt){
	include("../includes/config.inc.php");
	include("../language/language.".$language.".php");
	
	$headers = "From: ".$site_email_address."\n"; // From address
	$headers .= "Reply-To: ".$site_email_address."\n"; // Reply-to address
	$headers .= "Organization: ".stripslashes($sitename)."\n"; // Organisation
	$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; // Type
	$subj = stripslashes($sitename). $conmsg4;
	$letter = file_get_contents('../letters/confirmation_reply.letter.html');
	$regmsg = $conmsg6.'<strong>'.$rcpt.'</strong><br />
	'.$conmsg7.' <strong>'.$ssid.'</strong><br /><br />'.$conmsg8;
	$regmsg = $letter.$regmsg;
	if(mail($rcpt, $subj, $regmsg, $headers)){
		return true;
	}else{
		return false;
	}
}

function regEmail($rcpt,$ssid){
	include("../includes/config.inc.php");
	include("../language/language.".$language.".php");
	
	$headers = "From: ".$site_email_address."\n"; // From address
	$headers .= "Reply-To: ".$site_email_address."\n"; // Reply-to address
	$headers .= "Organization: ".stripslashes($sitename)."\n"; // Organisation
	$headers .= "Content-Type: text/html; charset=iso-8859-1\n"; // Type
	$subj = stripslashes($sitename).$regmsg11;
	$letter = file_get_contents('../letters/registration_reply.letter.html');
	$regmsg = '
	<a href="'.$url.'confirm.php?token='.$ssid.'">'.$url.'confirm.php?token='.$ssid.'</a>'.$regmsg10;
	$regmsg = $letter.$regmsg;
	if(mail($rcpt, $subj, $regmsg, $headers)){
		return true;
	}else{
		return false;
	}
}

function FUNCT_ADD_USER($uname,$fname,$lname,$mail,$addy,$cty,$stte,$zip,$ph,$pw){
	include("../includes/config.inc.php");
	
	if (strlen($pw)< $password_length_min){
		$retval = "The password was too small.  User not added.";
	}else{
		$result = mysql_query('SELECT * FROM users WHERE USERNAME = "'.$uname.'" LIMIT 1');
		$cnt = mysql_num_rows($result);
		if (($cnt > 0) || (strlen($uname) < $username_length_min )){
			$retval = "The username is already in use.  User not added.";
		}else{
			$result = mysql_query('SELECT * FROM users WHERE EMAIL = "'.$mail.'" LIMIT 1');
			$cnt = mysql_num_rows($result);
			if (($cnt > 0) || (strlen($mail) < 6 )){
				$retval = "The email is already in use.  User not added.";
			}else{
				$retval = '';
				mysql_query('INSERT INTO users (USERNAME,FIRSTNAME,LASTNAME,EMAIL,ADDRESS,CITY,STATE,ZIPCODE,PHONE,SIGNUPDATE,PASSWORD) VALUES ("'.$uname.'","'.$fname.'","'.$lname.'","'.$mail.'","'.$addy.'","'.$cty.'","'.$stte.'","'.$zip.'","'.$ph.'",NOW(),"'.md5($pw).'")');
				if(mysql_errno()){
					echo mysql_errno() . ': ' . mysql_error() . "\n";
					die();
				}else{
					$retval = "User Added Successfully!";
				}
			}
		}
	}
	return $retval;
}
function FUNCT_USER_ADD_FRM(){
	$retval = '';
	
	$retval = '<div style="width:100%;text-align:center;">
		<form method="POST" action="index.php?act=add">
	<table width="90%" cellpadding="3" cellspacing="0" border="0" style="margin:auto;">
		<tr>
			<td align="left" width="30%">User Name </td>
			<td align="center"><input type="text" name="username" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">First Name </td>
			<td><input type="text" name="firstname" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Last Name</td>
			<td><input type="text" name="lastname" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Email </td>
			<td><input type="text" name="email" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Street</td>
			<td><input type="text" name="address" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">City</td>
			<td><input type="text" name="city" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">State</td>
			<td><input type="text" name="state" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Zip Code</td>
			<td><input type="text" name="zipcode" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Phone</td>
			<td><input type="text" name="phone" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Password</td>
			<td><input type="PASSWORD" name="password" style="width:100%" /></td>
		</tr>
		<tr>
			<td colspan="2" align="right"><input type="submit" name="addbtn" value="Save User" /></td>
		</tr>
	</table></form></div>';
	
	return $retval;	
}
function FUNCT_UPDATE_USER($uid,$fname,$lname,$mail,$addy,$cty,$stte,$zip,$ph,$pw){
	$retval = '';
	$chpw = '';
	
	if(!empty($pw)){
		$chpw = ',PASSWORD = "'.md5($pw).'"';
	}
	mysql_query('UPDATE users SET FIRSTNAME="'.$fname.'",LASTNAME="'.$lname.'",EMAIL="'.$mail.'",ADDRESS="'.$addy.'",CITY="'.$cty.'",STATE="'.$stte.'",ZIPCODE="'.$zip.'",PHONE="'.$ph.'"'.$chpw.' WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}else{
		$retval = "Updated Successfully!";
	}
	return $retval;
}
function FUNCT_USER_EDIT_FRM($uid){
	$retval = '';
	$result = mysql_query('SELECT * FROM users WHERE USERID = '.$uid.' LIMIT 1');
	if(mysql_errno()){
		
	}else{
		$row = mysql_fetch_array($result);
		
		$retval = '<div style="width:100%;text-align:center;">
		<form method="POST" action="index.php?act=users&a=edit&id='.$uid.'">
	<table width="90%" cellpadding="3" cellspacing="0" border="0" style="margin:auto;">
		<tr>
			<td align="left" width="30%">User Name </td>
			<td align="center"><span style="font-weight:bold;font-size:1.2em;">'.$row['USERNAME'].'</span></td>
		</tr>
		<tr>
			<td align="left" width="30%">First Name </td>
			<td><input type="text" name="firstname" value="'.$row['FIRSTNAME'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Last Name</td>
			<td><input type="text" name="lastname" value="'.$row['LASTNAME'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Email </td>
			<td><input type="text" name="email" value="'.$row['EMAIL'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Street</td>
			<td><input type="text" name="address" value="'.$row['ADDRESS'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">City</td>
			<td><input type="text" name="city" value="'.$row['CITY'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">State</td>
			<td><input type="text" name="state" value="'.$row['STATE'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Zip Code</td>
			<td><input type="text" name="zipcode" value="'.$row['ZIPCODE'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Phone</td>
			<td><input type="text" name="phone" value="'.$row['PHONE'].'" style="width:100%" /></td>
		</tr>
		<tr>
			<td align="left" width="30%">Password</td>
			<td><input type="PASSWORD" name="password" style="width:100%" /></td>
		</tr>
		<tr>
			<td colspan="2" align="right"><input type="submit" name="edbtn" value="Save User" /></td>
		</tr>
	</table></form></div>';
	}
	
	return $retval;	
}

function FUNCT_DEL_USER($uid = -1){
	// Not the best sql delete method but I don't know any other way at this time.
	mysql_query('DELETE FROM users WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}
	mysql_query('DELETE FROM chirpmsg WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}								
	mysql_query('DELETE FROM favorites WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}								
	mysql_query('DELETE FROM friends WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}								
	mysql_query('DELETE FROM public_profile WHERE USERID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}						
	mysql_query('DELETE FROM friends WHERE FRIENDID = '.$uid);
	if(mysql_errno()){
		echo mysql_errno() . ': ' . mysql_error() . "\n";
		die();
	}
}

function FUNCT_SHOW_USERS($uanme = '',$page=0){
	$retval = '';
	$isbanned = '';
	$num_per_page = 45;
	
	$result = mysql_query('SELECT * FROM users WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME DESC');
	$num = mysql_num_rows($result);
	
//=====================Pagenation Sequence ================================
	$pages = intval($num/$num_per_page); 

    if ($num%$num_per_page) {
    	$pages++;
	}

	$current = ($page/$num_per_page) + 1;

	if (($pages < 1) || ($pages == 0)) {
		$total = 1;
	}else{
		$total = $pages;
	}

	$first = $page + 1;

	if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
		$last = $page + $num_per_page;
	}else{
		$last = $num;
	}
//=====================Pagenation Sequence ================================
	$retval = '
	<div style="width:100%;text-align:center;">
		<form method="POST" action="index.php?act=users">
		Username Search:&nbsp;&nbsp;<input type="text" name="username" style="width:275px" />&nbsp;&nbsp;<input type="submit" value="Search" />
		</form><br />
	</div>';
		
	if ($num == 0){
		$retval .= 'Your query returned 0 results.';
    }else{
		$result = mysql_query('SELECT * FROM users WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME ASC LIMIT '.$page.', '.$num_per_page);
		if(mysql_errno()){
			echo mysql_errno() . ': ' . mysql_error() . "\n";
			die();
		}else{
			$num = mysql_num_rows($result);
			$retval .= '
		<div style="width:100%;text-align:center;">
		<table border="0" style="font-size:.85em;width:95%;margin:auto;empty-cells:show;" cellspacing="0" cellpadding="3">
		<th align="center" style="border-bottom:1px solid #000000">Username</th><th align="center" style="border-bottom:1px solid #000000">First Name</th><th align="center" style="border-bottom:1px solid #000000">Last Name</th><th align="center" style="border-bottom:1px solid #000000">Action</th>';
			if ($num >0){
				while($row = mysql_fetch_array($result)){
					if ($row['BANNED'] == 'no'){
						$isbanned = 'ban';
					}elseif($row['BANNED'] == 'yes'){
						$isbanned = 'unban';
					}
					$retval .= '<tr><td align="left" style="border-bottom:1px dotted #000000">'.$row['USERNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['FIRSTNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['LASTNAME'].'</td><td align="center" style="border-bottom:1px dotted #000000"><a href="index.php?act=users&a=del&id='.$row['USERID'].'">delete</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="index.php?act=users&a=edit&id='.$row['USERID'].'">edit</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="index.php?act=users&a=ban&id='.$row['USERID'].'">'.$isbanned.'</a></td></tr>';
				}
				$retval .= '</table></div>';	
			}else{
				$retval = "Your query returned 0 results.";
			}
		}
//====================Pagenation Footer============================
		if ($page != 0) {
			$back_page = $page - $num_per_page;
			$retval .= '<a href="index.php?act=users&page='.$back_page.'">back</a>&nbsp;&nbsp;';
		}

		for ($i=1; $i <= $pages; $i++){
			$ppage = $num_per_page*($i - 1);
			if ($ppage == $page){
				if ($pages > 1){
					$retval .= '<b>'.$i.'</b> ';
				}
			}else{
				$retval .= '<a href="index.php?act=users&page='.$ppage.'">'.$i.'</a>&nbsp;&nbsp;';
			}
		}
		if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
			$next_page = $page + $num_per_page;
			$retval .= '<a href="index.php?act=users&page='.$next_page.'">next</a>';
		}
//====================Pagenation Footer============================
	}
	return $retval;
}

function FUNCT_SHOW_WAITING_USERS($uanme = '',$page=0){
	$retval = '';
	$isbanned = '';
	$num_per_page = 45;
	
	$result = mysql_query('SELECT * FROM users_waiting WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME DESC');
	$num = mysql_num_rows($result);
	
//=====================Pagenation Sequence ================================
	$pages = intval($num/$num_per_page); 

    if ($num%$num_per_page) {
    	$pages++;
	}

	$current = ($page/$num_per_page) + 1;

	if (($pages < 1) || ($pages == 0)) {
		$total = 1;
	}else{
		$total = $pages;
	}

	$first = $page + 1;

	if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
		$last = $page + $num_per_page;
	}else{
		$last = $num;
	}
//=====================Pagenation Sequence ================================
	$retval = '
	<div style="width:100%;text-align:center;">
		<form method="POST" action="index.php?act=waiting">
		Username Search:&nbsp;&nbsp;<input type="text" name="username" style="width:275px" />&nbsp;&nbsp;<input type="submit" value="Search" />
		</form><br />
	</div>';
		
	if ($num == 0){
		$retval .= 'Your query returned 0 results.';
    }else{
		$result = mysql_query('SELECT * FROM users_waiting WHERE USERNAME LIKE "%'.$uanme.'%" ORDER BY USERNAME ASC LIMIT '.$page.', '.$num_per_page);
		if(mysql_errno()){
			echo mysql_errno() . ': ' . mysql_error() . "\n";
			die();
		}else{
			$num = mysql_num_rows($result);
			$retval .= '
		<div style="width:100%;text-align:center;">
		<table border="0" style="font-size:.85em;width:95%;margin:auto;empty-cells:show;" cellspacing="0" cellpadding="3">
		<th align="center" style="border-bottom:1px solid #000000">Username</th><th align="center" style="border-bottom:1px solid #000000">Date</th><th align="center" style="border-bottom:1px solid #000000">Email</th><th align="center" style="border-bottom:1px solid #000000">Action</th>';
			if ($num >0){
				while($row = mysql_fetch_array($result)){
					$mdate = date_create($row['SIGNDATE']);
					$retval .= '<tr><td align="left" style="border-bottom:1px dotted #000000">'.$row['USERNAME'].'</td><td align="left" style="border-bottom:1px dotted #000000">'.date_format($mdate,"M d, Y").'</td><td align="left" style="border-bottom:1px dotted #000000">'.$row['EMAIL'].'</td><td align="center" style="border-bottom:1px dotted #000000"><a href="index.php?act=waiting&a=del&id='.$row['USERID'].'">delete</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="index.php?act=waiting&a=resend&id='.$row['USERID'].'">resend</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="index.php?act=waiting&a=enable&id='.$row['USERID'].'">enable</a></td></tr>';
				}
				$retval .= '</table></div>';	
			}else{
				$retval = "Your query returned 0 results.";
			}
		}
//====================Pagenation Footer============================
		if ($page != 0) {
			$back_page = $page - $num_per_page;
			$retval .= '<a href="index.php?act=waiting&page='.$back_page.'">back</a>&nbsp;&nbsp;';
		}

		for ($i=1; $i <= $pages; $i++){
			$ppage = $num_per_page*($i - 1);
			if ($ppage == $page){
				if ($pages > 1){
					$retval .= '<b>'.$i.'</b> ';
				}
			}else{
				$retval .= '<a href="index.php?act=waiting&page='.$ppage.'">'.$i.'</a>&nbsp;&nbsp;';
			}
		}
		if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
			$next_page = $page + $num_per_page;
			$retval .= '<a href="index.php?act=waiting&page='.$next_page.'">next</a>';
		}
//====================Pagenation Footer============================
	}
	return $retval;
}
function FUNCT_CONFIGURATION(){
	include("../includes/config.inc.php");
	$content = '';
	$emocontent = '';
	$langopt = '';
	
	foreach(glob('../themes/*', GLOB_ONLYDIR) as $dir) {
    	$dir = str_replace('../themes/', '', $dir);
    	$content .= '<option value="'.$dir.'">'.$dir.'</option>';
	}
	
	foreach(glob('../emoticons/*', GLOB_ONLYDIR) as $dir) {
    	$dir = str_replace('../emoticons/', '', $dir);
    	$emocontent .= '<option value="'.$dir.'">'.$dir.'</option>';
	}
	/*	
	$path = "../language/";
	$dir_handle = @opendir($path) or die($path);
	while ($file = readdir($dir_handle)) {
		if((filetype($path.$file) == 'dir') && ($file != ".") && ($file != "..")){
			$langopt .= "<option value=\"".$file."\">".$file."</option>";
		}
	}*/
	
	$path = "../language/";
	$dir_handle = @opendir($path) or die($path);
	while ($file = readdir($dir_handle)) {
		if(($file != ".") && ($file != "..")){
			$langopt .= "<option value=\"".$file."\">".substr($file,9,2)."</option>";
		}
	}
			
	$retval = '<div style="margin:auto;width:90%;text-align:middle">
	<form method="POST" action="index.php?act=conf">
	<table width="100%" cellpadding="0" cellspacing="0">
		<tr>
			<td style="padding:5px;" align="left" width="35%">Site Name:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="sitename" value="'.stripslashes($sitename).'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Site Url:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="siteurl" value="'.$url.'" /></td>
		</tr>
			<tr>
			<td style="padding:5px;" align="left" width="35%">Theme:</td><td style="padding:5px;" align="left"><select name="theme" style="width:100%"><option value="'.$theme.'" SELECTED>'.$theme.'</option>'.$content.'</select></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Email Address:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="email" value="'.$site_email_address.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Message Size</td><td style="padding:5px;" align="left"><span style="font-size:.65em">Remember to update main_txt_box.theme.html in your themes folder.</span><br /><input style="width:100%" type="text" name="max_msg_size" value="'.$max_msg_size.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Message Retention Days</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="msg_num_days" value="'.$msg_num_days.'" /></td>
		</tr>		
		<tr>
			<td style="padding:5px;" align="left" width="35%">Language:</td><td style="padding:5px;" align="left"><select name="language" style="width:100%"><option value="'.$language.'">'.$language.'</option>'.$langopt.'</select></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Enable Emoticons:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="emotes" value="'.$enable_emoticons.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Emoticon Pack:</td><td style="padding:5px;" align="left"><select name="emoticon_pack" style="width:100%"><option value="'.$emoticon_pack.'" SELECTED>'.$emoticon_pack.'</option>'.$emocontent.'</select></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Num Messages:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="nummsg" value="'.$num_msg_to_show.'" /></td>
		</tr>
				<tr>
			<td style="padding:5px;" align="left" width="35%">Profile Image Size in Kb:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="imgsize" value="'.$max_img_size.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Username Min/Max:</td><td style="padding:5px;" align="left"><input type="text" name="umin" value="'.$username_length_min.'" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="umax"value="'.$username_length_max.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Password Min:</td><td style="padding:5px;" align="left"><input type="text" name="pmin" value="'.$password_length_min.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Allow non-Follow Direct Messaging:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="allowdm" value="'.$allow_nonfollow_dm.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Spam Filter:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="spam" value="'.$use_keyword_spam_filter.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Bad Word Filter:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="badword" value="'.$use_bad_word_filer.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Num Friends to Show:</td><td style="padding:5px;" align="left"><input style="width:35%" type="text" name="numfriends" value="'.$num_people_to_show.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Admin Username:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="auname" value="'.$chirpuname.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Admin Password:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="apword" value="'.$chirppw.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Enable Recaptcha</td><td style="padding:5px;" align="left"><span style="font-size:.65em">Learn more about recaptcha <a href="http://www.google.com/recaptcha" target="_blank">http://www.google.com/recaptcha</a></span><br /><input style="width:35%" type="text" name="enablecaptcha" value="'.$enable_recaptcha.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Public Key:</td><td style="padding:5px;" align="left"><input style="width:100%" type="text" name="publickey" value="'.$recaptcha_public_key.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="left" width="35%">Private Key</td><td style="padding:5px;" align="left"><input style="width:100%"  type="text" name="privatekey" value="'.$recaptcha_private_key.'" /></td>
		</tr>
		<tr>
			<td style="padding:5px;" align="right" colspan="2"><input type="submit" name="setset" value="Save Settings" /></td>
		</tr>		
	</table></form></div>';
	return $retval;
}

function FUNCT_SAVE_SETTINGS($site="Chirp: The Microblog",$url ="http://yoursite.com/chirp/",$theme="default",$site_email_address="hide@address.com",$language="en",
$enable_emoticons=1,$emoticon_pack="default",$num_msg_to_show=50,$max_msg_size=151,$max_img_size=450,$username_length_min=4,$username_length_max=15,$password_length_min=6,
$allow_nonfollow_dm=0,$use_keyword_spam_filter=1,$use_bad_word_filer=1,$num_people_to_show=35,$chirpuname="admin",$chirppw="password",$msg_number_days=365,$enable_recaptcha=0,
$recaptcha_public_key="",$recaptcha_private_key=""){
	
	$content =
	"<?php\n\n
	\$sitename = '".$site."';\n\n
	\$url = '".$url."';\n\n
	\$theme = '".$theme."';\n\n
	\$site_email_address = '".$site_email_address."';\n\n
	\$language = '".$language."';\n\n
	\$enable_emoticons = ".$enable_emoticons.";\n\n
	\$emoticon_pack = '".$emoticon_pack."';\n\n
	\$num_msg_to_show = ".$num_msg_to_show.";\n\n
	\$msg_num_days = ".$msg_number_days.";\n\n
	\$max_msg_size= ".$max_msg_size.";\n\n
	\$max_img_size = ".$max_img_size.";\n\n
	\$username_length_min = ".$username_length_min.";\n\n
	\$username_length_max = ".$username_length_max.";\n\n
	\$password_length_min = ".$password_length_min.";\n\n
	\$allow_nonfollow_dm = ".$allow_nonfollow_dm.";\n\n
	\$use_keyword_spam_filter = ".$use_keyword_spam_filter.";\n\n
	\$use_bad_word_filer = ".$use_bad_word_filer.";\n\n
	\$num_people_to_show = ".$num_people_to_show.";\n\n
	\$chirpuname = '".$chirpuname."';\n\n
	\$chirppw = '".$chirppw."';\n\n
	\$enable_recaptcha = ".$enable_recaptcha.";\n\n
	\$recaptcha_public_key = '".$recaptcha_public_key."';\n\n
	\$recaptcha_private_key = '".$recaptcha_private_key."';\n\n
	?>";
	
	$filename = "../includes/config.inc.php";
	$file = fopen($filename, "w") or die("Cannot open ".$file_name);
	fwrite($file, $content );
	fclose($file);
	
	return TRUE;
}

function Word_Filter_Form($badlist='',$goodlist='',$bad='',$good='',$mode=''){

	$filterfrm = '';
	$badoptions = '';
	$goodoptions = '';
	
   if (!empty($mode) && ($mode == "del")){
      $bad = htmlspecialchars($badlist, ENT_QUOTES);
      $good = htmlspecialchars($goodlist, ENT_QUOTES);
      $query = "DELETE FROM wordfilter WHERE GOODWORD = '".$good."'";
      $result = mysql_query($query);
   }
   if (!empty($mode) && ($mode == "add")){
      $bad = htmlspecialchars($bad, ENT_QUOTES);
      $good = htmlspecialchars($good, ENT_QUOTES);
      $query = "INSERT INTO wordfilter (BADWORD, GOODWORD) VALUES ('".$bad."', '".$good."')";
      $result = mysql_query($query);
   }

$filterfrm .= "<script>
                        function selectu() {
                           for(var i=0;i<document.fmain.goodlist.options.length;i++) {
                              if (document.fmain.badlist.options[i].value == document.fmain.goodlist.options[document.fmain.goodlist.selectedIndex].value) {
                                 document.fmain.badlist.selectedIndex=i;
                              }
                           }
                        }
                        function selectd() {
                           for(var i=0;i<document.fmain.badlist.options.length;i++) {
                              if (document.fmain.goodlist.options[i].value == document.fmain.badlist.options[document.fmain.badlist.selectedIndex].value) {
                                 document.fmain.goodlist.selectedIndex=i;
                              }
                           }
                        }
                        </script>";
$filterfrm .= "<div style=\"clear:both;text-align:center;font-size:1.5em\">";
$filterfrm .= '<table width="100%" cellpadding="3" cellspacing="0" border="0" style="clear:both;margin:auto auto">
           <tr>
		      <td valign="top">';
$filterfrm .= "<form action=\"index.php?act=word&mode=add\" method=\"post\"><center><input class=\"border\" type=\"TEXT\" name=\"bad\">&nbsp;&nbsp;<input class=\"border\" type=\"TEXT\" name=\"good\">&nbsp;<input type=\"SUBMIT\" value=\"Add Word\" class=\"border\"></center></form>";
   
$filterfrm .= "<form action=\"index.php?act=word&mode=del\" name=\"fmain\" method=\"post\">";
$filterfrm .= "<table border=\"0\" style=\"clear:both;margin:auto auto\"><tr><td align=\"center\">";
$filterfrm .= "&nbsp;&nbsp;&nbsp;Bad Word's&nbsp;&nbsp;&nbsp;<br>
           <SELECT SIZE=\"9\" name=\"badlist\" onChange=\"selectd();\"> \n";
	$result = mysql_query("SELECT * FROM wordfilter");
   while ($row = mysql_fetch_array($result)){
   		$badoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['BADWORD']."</OPTION> \n";
		$goodoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['GOODWORD']."</OPTION> \n";
   }
            
	$filterfrm .= $badoptions;
		
   $filterfrm .= "</SELECT></td><td align=\"center\">&nbsp;&nbsp;&nbsp;Good Word's&nbsp;&nbsp;&nbsp;<br>";


   $filterfrm .= "<SELECT SIZE=\"9\" name=\"goodlist\" onChange=\"selectu();\">";
   $filterfrm .= $goodoptions;
   $filterfrm .= "</SELECT>
             </td>
         </tr>
         <tr>
            <td></td><td align=\"right\"><input type=\"SUBMIT\" value=\"Remove\" class=\"border\"></td>
         </tr>
    </table>
  </form>";
$filterfrm .= '<td>
   <td width="160" align="right" valign="top">
</td></tr></table></div>';

	return $filterfrm;
}
function r_id(){
	$strtime = md5(microtime());
	return $strtime;
}

function Keyword_Function($data=''){
	include('../includes/keywords.inc.php');
	
	$keywordfrm = '';
	
	if(!empty($data)){
		$keywords = $data;
		$data = "<?php\n\n\n\$keywords='".$data."';\n\n\n\n?>";
		$file = "../includes/keywords.inc.php";
		$handle = fopen($file, 'w');
		fwrite($handle, $data);
		fclose($handle);
	}
	
	$keywordfrm	.= "<div style=\"width:100%\">
	<div style=\"width:90%;margin:auto;\"><p align=\"left\" style=\"font-size: 1.1em;\">
	Spammers tend to use predictable keywords that are not necessarily bad words.  For example, a spammer might write \"buy inexpensive rolex watches\" whereas your friend might say, \"I bought a rolex watch.\"<br /><br />
	Separate each phrase or word with a comma, and no spaces. Spaces can be used in phrases.</p>";
	$keywordfrm .= "<form action=\"index.php?act=spam\" method=\"post\">
	<textarea cols=\"65\" rows=\"10\" name=\"keywords\">".$keywords."</textarea><br />
	<button type=\"submit\" style=\"font-size: 1.5em;\">Save</button></form></div></div>";

	return $keywordfrm;
}
Return current item: Chirp: The Microblog