Location: PHPKode > projects > eBlog > admin/index.php
<?php

/**************************************************************************
 *                                                                        *
 *                                                                        *
 *         Solution: eBlog                                                *
 *          Release: 1.7                                                  *
 *             File: admin/index.php                                      *
 *               By: Emuci inc.                                           *
 *          Website: http://www.emuci.com                                 *
 *        Copyright: (C) 2010 Emcui inc.                                  *
 *                                                                        *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *                                                                        *
 *   This script is NOT freeware and is subjected to Emuci terms of use   *
 *   located in the docs folder.                                          *
 *                                                                        *
 *                                                                        *
 *************************************************************************/



include 'global.php';


$pagename    = $lang_admin_title;
$cuurentPage = $lang_admin_home;
$action      = $_GET['action'];
$permission  = 0;
$allowed     = $_SESSION['permission'];

if (empty ($action))
{
	$action = "form";
	if($allowed == 1){
		$action = "home";
	}
}

$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);



// Check for blacklisted visitors
mysql_select_db($dbname,$conn);
$result = mysql_query("SELECT * FROM eblog_blacklist", $conn);
$num_rows = mysql_num_rows($result);
if($num_rows > 0)
{
	$currentDay = date("dmy"); 
	$query  = "SELECT id, ip, date FROM eblog_blacklist";
	$result = mysql_query($query);		
	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
	{
		$dbID = $row['id'];
		$dbIP = $row['ip'];
		$dbDate = $row['date'];
		
		if($dbIP==$ip){
			if($dbDate == $currentDay){
				$action = "suspended";
			}
			else{
				mysql_query("DELETE FROM eblog_blacklist WHERE id='$dbID'");
			}
		}
		
	}
}




// 1: Login Form
if($action=="form")
{	
	$static_value = array ($blog_dir, $blog_windows_encoding, $lang_admin_adminPanel, $lang_admin_adminPanel, $lang_admin_username, $lang_admin_password, $lang_admin_login, $lang_erorr_code404, $lang_erorr_code505);
	$static_name = array ("{blog_dir}","{blog_windows_encoding}", "{lang_admin_adminPanel}", "{lang_admin_adminPanel}", "{lang_admin_username}", "{lang_admin_password}", "{lang_admin_login}", "{lang_erorr_code404}", "{lang_erorr_code505}");
	$file = $new_template->load_template ("../templates/$defaultTemplate/admin/login.html");
	$template = $new_template->replace_static($static_name, $static_value, $file);	
	echo $template;
}	




// 2: Process
if($action=="login")
{
	$username = $_POST["T1"];
	$password = md5($_POST["T2"]);	
	$countErorr = 0;
		
	if((strcmp($username,$DBusername) == 0)&&(strcmp($password,$DBpassword) == 0)){
		$_SESSION['username']   = $DBusername;
		$_SESSION['password']   = $DBpassword;
		$_SESSION['permission'] = 1;
		echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php?action=home\">";
	}
	else{
			
		if(isset($_SESSION['loginAttempts'])){
			$_SESSION['loginAttempts'] = $_SESSION['loginAttempts'] + 1;
		}
		else{
			$_SESSION['loginAttempts'] = 1;
		}
		$attempts = $_SESSION['loginAttempts']; 
		
		$erorrMessageToShow = $lang_erorr_usernameAndPassword . '<br>'. $lang_erorr_attempt1 . ' ' . $attempts . 
		' ' . $lang_erorr_attempt2 . ' ' . $limit . '<br><br>' . $lang_erorr_attempt3 . '<br>';	
		
		if($attempts == $limit)
		{
			$erorrMessageToShow = $lang_erorr_attempt1 . ' ' . $attempts . 
			' ' . $lang_erorr_attempt2 . ' ' . $limit . '<br>' . $lang_erorr_attempt4 . '<br><br>';
			$date = date("dmy"); 
			$newID = 0;
			$query  = "SELECT id FROM eblog_blacklist ORDER BY id ASC";
			$result = mysql_query($query);
			$rowDate = date("d-m-Y");
			while($row = mysql_fetch_array($result, MYSQL_ASSOC))
			{
				$newID = $row['id'];
			}
			$newID++;			
			
			mysql_query("INSERT INTO eblog_blacklist  VALUES ('$newID', '$ip', '$date')");
		}
					
		if($attempts > $limit)
		{
			$erorrMessageToShow = $lang_erorr_attempt5 . '<br><br>';
		}
	
		$static_value = array ($blog_dir, $blog_windows_encoding, $lang_admin_adminPanel, $lang_blog_systemMessage, $erorrMessageToShow, $lang_admin_tryAgain);
		$static_name = array ("{blog_dir}","{blog_windows_encoding}", "{lang_admin_adminPanel}", "{lang_blog_systemMessage}", "{erorrMessageToShow}", "{lang_admin_tryAgain}");
		$file = $new_template->load_template ("../templates/$defaultTemplate/admin/error.html");		
		$template = $new_template->replace_static($static_name, $static_value, $file);	
		echo $template;
		
	}
}



// 3: Home
if($action =="home")
{

	if($_SESSION['permission'] == 1){

		// Quick Links
		$quicklinks = "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\">

		 <tr><td valign =\"top\" width=\"22\"><img src=\"../images/icons/icon_bullet.gif\"></td>
		 <td><a href=\"todo.php\" title=\"$lang_admin_toDoMenu\" rel=\"gb_page_center[640, 130]\"><font style=\"font-size: 0.7em;\" face=\"Tahoma\">$lang_admin_toDoMenu</font></a></td>
		 </tr>		

		 <tr><td valign =\"top\" width=\"22\"><img src=\"../images/icons/icon_bullet.gif\"></td>
		 <td><a href=\"topics.php?action=add\"   title=\"$lang_admin_addTopic\" rel=\"gb_page_center[640, 500]\"><font style=\"font-size: 0.7em;\" face=\"Tahoma\">$lang_admin_addTopic</font></a></td>
		 </tr>
		 		 
		 <tr><td valign =\"top\" width=\"22\"><img src=\"../images/icons/icon_bullet.gif\"></td>
		 <td><a href=\"sections.php#add\"><font style=\"font-size: 0.7em;\" face=\"Tahoma\">$lang_admin_addSection</font></a></td>
		 </tr>
		 		 
		 
		 <tr><td valign =\"top\" width=\"22\"><img src=\"../images/icons/icon_bullet.gif\"></td>
		 <td><a href=\"topics.php#list\"><font style=\"font-size: 0.7em;\" face=\"Tahoma\">$lang_admin_showTopic</font></a></td>
		 </tr>
		 		 
		 
		 <tr><td valign =\"top\" width=\"22\"><img src=\"../images/icons/icon_bullet.gif\"></td>
		 <td><a href=\"settings.php\"><font style=\"font-size: 0.7em;\" face=\"Tahoma\">$lang_admin_editSettings</font></a></td>
		 </tr>					 					 					 
		 
		 
		 </table>
		";	
		
		
	// To Do List
	$whatToDo = "
	<div><table bordercolor=\"#727272\" style=\"border-collapse: collapse\" width=\"100%\" cellSpacing=\"0\" cellPadding=\"3\"  border=\"1\">
	";
	
	$counter = 0;
	$query  = "SELECT id, level, content FROM eblog_todo ORDER BY id DESC";
	$result = mysql_query($query);		
	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
	{
		$reminder = $counter%2;
		if($reminder==0)
		$bgColor = "#f2f2f2";
		else
		$bgColor = "#dadada";
		
		$rowID = $row['id'];
		$rowLevel = $row['level'];
		$rowContent = $row['content'];
		$whatToDo = $whatToDo . "<tr><td bgcolor=\"$bgColor\"><table width=\"100%\"><tr><td width=\"19\"><img src=\"../images/icons/icon_$rowLevel.gif\"></td><td width=\"100%\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$rowContent</font></td><td><a href=\"todo.php?action=remove&id=$rowID\"><img src=\"../images/icons/icon_close.gif\" title=\"$lang_admin_closeToDo\" border=\"0\"></a></td></tr></table></td></tr>";
		$counter++;
	} 
	if($counter == 0){
	$whatToDo = "<font style=\"font-size: 0.8em;\" face=\"Tahoma\">".$lang_admin_noToDo."</font>";
	}
	else{
	$whatToDo = $whatToDo . "</table></div>";	
	}
	
	// Mini Stat
	$result = mysql_query("SELECT * FROM eblog_sections", $conn);
	$totalSections = mysql_num_rows($result);
	
	$result = mysql_query("SELECT * FROM eblog_topics", $conn);
	$totalTopics = mysql_num_rows($result);
	
	$result = mysql_query("SELECT * FROM eblog_comments", $conn);
	$totalComments = mysql_num_rows($result);
	
	$result = mysql_query("SELECT * FROM eblog_gb", $conn);
	$totalSigns = mysql_num_rows($result);
	
	$totalVisitors = $visitors;
	
	$result = mysql_query("SELECT * FROM eblog_contacts", $conn);
	$totalContacts = mysql_num_rows($result);	
	
	$miniStat = "
	<div><table bordercolor=\"#727272\" style=\"border-collapse: collapse\" width=\"100%\" cellSpacing=\"0\" cellPadding=\"3\"  border=\"1\">
	
	<tr bgcolor=\"f2f2f2\">
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalSections:&nbsp;$totalSections</font></td>
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalTopics:&nbsp;$totalTopics</font></td>
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalComments:&nbsp;$totalComments</font></td>
	</tr>
	
	<tr bgcolor=\"dadada\">
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalSigns:&nbsp;$totalSigns</font></td>
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalVisitors:&nbsp;$totalVisitors</font></td>
	<td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$lang_admin_totalContacts:&nbsp;$totalContacts</font></td>
	</tr>
	
	</table>
	</div>
	";						
			
			
	// Get who's online
	$query  = "SELECT id, ip, name, page FROM eblog_online ORDER BY id DESC";
	$result = mysql_query($query);	
	$counter3 = 0;
	$onlineTable  = "
	
	<div><table bordercolor=\"#727272\" style=\"border-collapse: collapse\" width=\"100%\" cellSpacing=\"0\" cellPadding=\"3\"  border=\"1\">			
	<tr background=\"../images/icons/disc_bar.gif\">
	<td background=\"../images/icons/disc_bar.gif\" align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_id</font></td>
	<td background=\"../images/icons/disc_bar.gif\" align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_ip</font></td>
	<td background=\"../images/icons/disc_bar.gif\" align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_currentPage</font></td>
	</tr>
	";	
	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
	{	
		$counter3++;
		
		$reminder = $counter3%2;
		if($reminder==0)
		$bgColor = "#f2f2f2";
		else
		$bgColor = "#dadada";
		
		$rowIP = $row['ip'];
		$rowPage = $row['page'];
		
		if($counter3 < 21){
		$onlineTable = $onlineTable . "<tr bgcolor=\"$bgColor\"><td align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">".$counter3 . "</font></td><td align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">". $rowIP . "</font></td><td align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">" . $rowPage ."</font></td></tr>";
		}
		
		
	}
	$onlineTable = $onlineTable . "</table></div>";
	if($counter3 > 20)
	{
		$onlineTable = $onlineTable . "<table width=\"100%\" border=\"0\"><tr><td><a href=\"online.php\" title=\"$lang_admin_fullOnlineList\" rel=\"gb_page_center[640, 500]\"><font face=\"tahoma\" size=\"2\">$lang_admin_displayFullList</font></a></td></tr></table>";
	}
	
	$totalWhosOnline = $counter3;

	// Last Comments
	$query  = "SELECT id FROM eblog_comments ORDER BY id ASC";
	$result = mysql_query($query);	
	$lastID = 0;	
	$max = 0;
	while($row = mysql_fetch_array($result, MYSQL_ASSOC))
	{
		$lastID = $row['id'];
		$max++;
	}
	
	
	$lastComments = "
	<div><table bordercolor=\"#727272\" style=\"border-collapse: collapse\" width=\"100%\" cellSpacing=\"0\" cellPadding=\"3\"  border=\"1\">
	<tr background=\"../images/icons/disc_bar.gif\">
	<td align=\"center\" background=\"../images/icons/disc_bar.gif\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_status</font></td>
	<td align=\"center\" background=\"../images/icons/disc_bar.gif\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_topic</font></td>
	<td align=\"center\" background=\"../images/icons/disc_bar.gif\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_author</font></td>
	<td align=\"center\" background=\"../images/icons/disc_bar.gif\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_date</font></td>
	<td align=\"center\" background=\"../images/icons/disc_bar.gif\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\" color=\"#ffffff\">$lang_admin_actions</font></td>
	</tr>
	";
	$counter = 0;
	while(($counter < 10)&&($lastID > 0)&&($counter < $max)){
	
		$reminder = $counter%2;
		if($reminder==0)
		$bgColor = "#f2f2f2";
		else
		$bgColor = "#dadada";
		
		$result = mysql_query("SELECT id, author, date, contents, statusID, topicID FROM eblog_comments WHERE id = '$lastID'");	
		$row = mysql_fetch_row($result);
		
		$rowID = $row[0];
		$rowAuthor = $row[1];
		$rowDate = $row[2];
		$chunks = explode("-",$rowDate);
		$toGet = $chunks[1];$rowDate = $chunks[0] . " " . $MonthsArray[$toGet] . " " . $chunks[2];
		$rowContents = $row[3];
		$rowStatusID = $row[4];
		$rowTopicID = $row[5];
		
	
		if($rowStatusID == "1")
		{
						$rowStat = "approve";
						$rowToChange = "inactive";
						$statName = $lang_admin_approved;
						$toChangeName = $lang_admin_suspend;
						$toAct = "Suspend";	
		}	
		else
		{
			$rowStat = "onhold";
			$rowToChange = "approve";
			$statName = $lang_admin_onhold;
			$toChangeName = $lang_admin_approve;
			$toAct = "Approve";		
		}	
		
		
		$result = mysql_query("SELECT title FROM eblog_topics WHERE id = '$rowTopicID'");	
		$row = mysql_fetch_row($result);
		$rowTopicName = $row[0];
		
		
		if(strlen($rowAuthor) > 20)
		$rowAuthor = substr($rowAuthor, 0, 17).'...';	
		
		
		if(strlen($rowTopicName) > 40)
		$rowTopicName = substr($rowTopicName, 0, 37).'...';		
		
		$lastComments = $lastComments . "<tr bgcolor=\"$bgColor\"><td width=\"50\" align=\"center\"><img src=\"../images/icons/icon_$rowStat.gif\" title=\"$statName\"></td><td><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$rowTopicName</font></td><td width=\"120\" align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$rowAuthor</font></td><td width=\"120\" align=\"center\"><font style=\"font-size: 0.8em;\" face=\"Tahoma\">$rowDate</font></td><td width=\"60\" align=\"center\"><a href=\"topics.php?action=EditComment&id=$rowID&GTP=index.php\" title=\"$lang_admin_edit\" rel=\"gb_page_center[640, 300]\"><img src=\"../images/icons/icon_fix.gif\" border=\"0\"></a>&nbsp;<a href=\"topics.php?action=$toAct&id=$rowID&GTP=index.php\"><img src=\"../images/icons/icon_changer.gif\" border=\"0\" title=\"$toChangeName\"></a>&nbsp;<a href=\"topics.php?action=DeleteComment&id=$rowID&GTP=index.php\"><img src=\"../images/icons/icon_remove.gif\" border=\"0\" title=\"$lang_admin_removeComment\"></a>". "</td></tr>";
		
		
		
		$lastID--;
		$counter++;
	}
	if($counter == 0){
	$lastComments = "<font style=\"font-size: 0.8em;\" face=\"Tahoma\">".$lang_admin_noComments."</font>";
	}
	else{
	$lastComments = $lastComments . "</table></div>";	
	}	
				
	
		$static_value = array ($blog_dir, $blog_windows_encoding, $lang_admin_adminPanel, $JAVA_ALERTS, $blog_slogan, $lang_admin_showHomePage, $lang_admin_link_1, $lang_admin_link_2, $lang_admin_link_3, $lang_admin_link_4, $lang_admin_link_5, $lang_admin_link_6, $lang_admin_link_7, $lang_admin_sync, $lang_admin_search,
		
		$lang_admin_quickLinks,$quicklinks,$lang_admin_readDocumentation,
		$lang_admin_notifications, $notifications, $lang_admin_resolve,
		$lang_admin_kc, $kc, $lang_admin_ReadTheAgreement,
		
		
		$lang_admin_footer1,$lang_admin_footer1_1,$lang_admin_footer1_2,$lang_admin_footer1_3,
		$lang_admin_footer2,$lang_admin_footer2_1,$lang_admin_footer2_2,$lang_admin_footer2_3,$lang_admin_footer2_4,
		$lang_admin_footer3,$lang_admin_footer3_1,$lang_admin_footer3_2,
		$lang_admin_footerRights,
		 
		$lang_admin_home, $thisPageNav,
		
		$lang_admin_whatToDo,$whatToDo,
		$lang_admin_miniStat, $miniStat,
		$lang_admin_whosOnline, $totalWhosOnline, $onlineTable,
		$lang_admin_lastComments, $lastComments
		
		);
		$static_name = array ("{blog_dir}","{blog_windows_encoding}", "{title_name}", "{JAVA_ALERTS}", "{blog_slogan}", "{lang_admin_showHomePage}", "{lang_admin_link_1}", "{lang_admin_link_2}", "{lang_admin_link_3}", "{lang_admin_link_4}", "{lang_admin_link_5}", "{lang_admin_link_6}", "{lang_admin_link_7}", "{lang_admin_sync}", "{lang_admin_search}",
		
		"{lang_admin_quickLinks}","{quicklinks}","{lang_admin_readDocumentation}",
		"{lang_admin_notifications}", "{notifications}", "{lang_admin_resolve}",
		"{lang_admin_kc}", "{kc}", "{lang_admin_ReadTheAgreement}",
		
		
		"{lang_admin_footer1}","{lang_admin_footer1_1}","{lang_admin_footer1_2}","{lang_admin_footer1_3}",
		"{lang_admin_footer2}","{lang_admin_footer2_1}","{lang_admin_footer2_2}","{lang_admin_footer2_3}","{lang_admin_footer2_4}",
		"{lang_admin_footer3}","{lang_admin_footer3_1}","{lang_admin_footer3_2}",
		"{blog_rights}",
		 
		"{lang_admin_home}", "{thisPageNav}",
		
		"{lang_admin_whatToDo}","{whatToDo}",
		"{lang_admin_miniStat}", "{miniStat}",
		"{lang_admin_whosOnline}", "{totalWhosOnline}", "{onlineTable}",
		"{lang_admin_lastComments}", "{lastComments}"		
		
		);
		$header = $new_template->load_template ("../templates/$defaultTemplate/admin/header.html");
		$home = $new_template->load_template ("../templates/$defaultTemplate/admin/home.html");
		$footer = $new_template->load_template ("../templates/$defaultTemplate/admin/footer.html");		
		$template = $new_template->replace_static($static_name, $static_value, $header.$home.$footer);	
		echo $template;
	}
	else
	echo "<meta http-equiv=\"refresh\" content=\"0;url=index.php&action=form\">";
}



// 4: suspended users
if($action=="suspended")
{
	$erorrMessageToShow = $lang_erorr_attempt5 . '<br><br>';
	$static_value = array ($blog_dir, $blog_windows_encoding, $lang_admin_adminPanel, $lang_blog_systemMessage, $erorrMessageToShow, $lang_admin_tryAgain);
	$static_name = array ("{blog_dir}","{blog_windows_encoding}", "{lang_admin_adminPanel}", "{lang_blog_systemMessage}", "{erorrMessageToShow}", "{lang_admin_tryAgain}");
	$file = $new_template->load_template ("../templates/$defaultTemplate/admin/error.html");		
	$template = $new_template->replace_static($static_name, $static_value, $file);	
	echo $template;
}




?>
Return current item: eBlog