Location: PHPKode > projects > GBoook > gbook_v.3.3/admin/index.php
<?php

	session_start();
	
	define('GBOOK', TRUE);
	
	if ((isset($_GET['logout'])) && ($_GET['logout'] == 'true')){
		$_SESSION = array();
		session_destroy();
	}
	
	require_once("../inc/settings.inc.php");
	
	if (!empty($_POST['user']) && !empty($_POST['pw'])){
		$user = htmlspecialchars($_POST['user'],ENT_QUOTES);
		$pw = htmlspecialchars($_POST['pw'],ENT_QUOTES);
		
		if ($gbookuname == $user){
			if ($gbookpw == $pw){
				$_SESSION['GBOOK_ADMIN_LOGIN'] = "ISADMIN";
			}else{
				$errmsg = "Wrong username or password, please verify your entries.<br />";
			}
		}else{
			$errmsg = "Wrong username or password, please verify your entries and try again.<br />";
		}
	}
	
	switch($_SESSION['GBOOK_ADMIN_LOGIN']){
		case "ISADMIN":
			$title = "GBook Admin Area";
			break;
		default:
			$title = "Admin Login";
	}

	$act = htmlspecialchars($_GET['act'],ENT_QUOTES);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>GBook Admin Area</title>
<style type="text/css">
body {
	background-color:#444444;
	font-family:Georgia, "Times New Roman", Times, serif;
	font-size: 100%;
	margin: 0 auto;
	width:800px !important;
	min-width:800px !important;
	max-width:800px !important;
}
.wrapper {
	text-align:center;
	width:800px !important;
	padding:0px 0px 0px 0px;
	background:url('wrapperbg.jpg') repeat-y top center;
}

.header{
	background-image: url('headerbg.jpg');
	width:800px !important;
	height:147px !important;
}
.bar{
	background-image: url('mainbar.jpg');
	width:800px !important;
	height:65px !important;
	padding-left: 20px;
	text-align:left;
}
.footer{
	background-image: url('footer.jpg');
	width:800px !important;
	height:72px !important;
	text-align:center;
	font-size: .7em;
	color:#CCCCCC;
}
	.footer a{
		color:#CCCCCC;
	}
		.footer a:hover{
			color:#FFCC00;
		}
button, input {
	font-family:Georgia, "Times New Roman", Times, serif;
	font-size: .8em;
	padding: 5px;
}

#users tr {
	background-color: #DDDDDD;
}
	#users tr.normal { 
		background-color: #CCCCCC;
	}
	#users tr.highlight { 
		background-color:#99CCCC;
	}

</style>
</head>

<body>
<div class="wrapper">
<table width="800" border="0" padding="0" cellspacing="0">
	<tr>
		<td align="left" class="header" style="color:#CCCCCC;top:40px;padding-left:20px;font-size:2.5em"><i>GBook Admin</i></td>
	</tr>
	<tr>
		<td class="bar"><?php echo $title; ?></td>
	</tr>
</table>
<?php
if($_SESSION['GBOOK_ADMIN_LOGIN'] == "ISADMIN"){
?>
<center>
<script type="text/javascript"><!--
google_ad_client = "pub-8588402342452246";
/* GBook */
google_ad_slot = "2195100696";
google_ad_width = 728;
google_ad_height = 15;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>
<?php
}
?>
<br />
<?php
if (!isset($_SESSION['GBOOK_ADMIN_LOGIN']) && empty($_SESSION['GBOOK_ADMIN_LOGIN'])){
	echo $errmsg;
?>
<form method="POST" action="index.php">
<table padding="5" cellspacing="0" border="0" style="margin:auto auto">
	<tr><td>User name:</td><td><input type="text" name="user" /></td></tr>
	<tr><td>Password:</td><td><input type="password" name="pw" /></td></tr>
	<tr><td colspan="2"><button type="submit">Admin Login</button></td></tr>
</table>
</form>

<?php
} else {
?>
	<table width="800" cellpadding="2" cellspacing="0" border="0" style="margin:auto auto;">
		<tr>
			<td valign="top" align="right" width="160" style="font-size:1.4em;">
				<a href="index.php?act=mod">moderated</a><br />
				<a href="index.php?act=key">keywords</a><br />
				<a href="index.php?act=filter">word filter</a><br />
				<a href="index.php?act=settings">settings</a><br />
				<a href="index.php?act=msg0">view messages</a><br />
				<a href="index.php?logout=true">logout</a><br />
			</td>
			<td valign="top" align="center" style="font-size:.75em;">
<?php
				switch($act){
					case "msg0":
						if($_GET['mode'] == 'del'){
							mysql_query("DELETE FROM groones_guestbook WHERE ID = ".$_GET['msg']." LIMIT 1");
							if (mysql_errno()){
     							die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
							}
						}
						FUNCT_SHOW_MESSAGES($_GET['page'], $_GET['num_per_page']);
						break;
					case "mod":
						if($_GET['mode'] == 'del'){
							mysql_query("DELETE FROM groones_guestbook_mod WHERE ID = ".$_GET['msg']." LIMIT 1");
							if (mysql_errno()){
     							die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
							}
						}elseif($_GET['mode'] == 'approve'){
							mysql_query("INSERT INTO groones_guestbook (user_name, email_address, website, my_date, message) SELECT user_name, email_address, website, my_date, message FROM groones_guestbook_mod WHERE ID = ". $_GET['msg'] ." LIMIT 1");		
							if (mysql_errno()){
     							die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
							}else{
								mysql_query("DELETE FROM groones_guestbook_mod WHERE ID = ". $_GET['msg'] ." LIMIT 1");
							}
						}
						Moderated_Messages($_GET['page'], $_GET['num_per_page']);
						break;
					case "key":
						if (isset($_POST['keywords'])){
							$keyfilter = $_POST['keywords'];
						}
						echo Keyword_Function($keyfilter);			
						break;
					case "filter":
						echo Word_Filter_Form($_POST['badlist'],$_POST['goodlist'], $_POST['bad'],$_POST['good'],$_GET['mode']);			
						break;
					case "settings":
						if($_GET['mode'] == 'upd'){
							$result = mysql_query("UPDATE groones_settings SET NOTIFY = ".$_POST['notify'].",EMAILADDR = '".$_POST['emailaddr']."',SUBJECT = '".$_POST['subject']."',NUMENTRY = ".$_POST['numentry'].",SHOWEMAIL = ".$_POST['showemail'].",CAPTCHA = ".$_POST['captcha']." WHERE ID = 7");
							if (mysql_errno()){
     							die("<br />" .mysql_errno().": ".mysql_error()."<BR>");
							}
						}
						echo GBook_Settings();
						break;
					default:
				}
?>
			</td>
		</tr>
	</table>

<?php

}

?>

<br /><br />
<table width="800" border="0" padding="0" cellspacing="0">
	<tr>
		<td class="footer" valign="top">
		Copyright <a href="http://www.groonesworld.com" target="_blank">Groone's World Development</a> 2008<br />
		GBOOK, version 3.1<br />
		Licensed Under The GNU General Public License<br /><br />
		</td>
	</tr>
</table></div>
</body>
</html>

<?php

//############### Function area
function GBook_Settings(){

	$result = mysql_query("SELECT * FROM groones_settings LIMIT 0,1");
	$row = mysql_fetch_array($result);
	
	$settings_frm .= "<form action=\"index.php?act=settings&mode=upd\" method=\"post\">
	Turn on notifcation for Moderated messages: <input style=\"font-size:1em;\" type=\"text\" size=\"15\" name=\"notify\" value=\"".$row['NOTIFY']."\" /> (0 off, 1 on)<br /><br />
	Email to send notifications to:  <input style=\"font-size:1em;\" type=\"text\" size=\"45\" name=\"emailaddr\" value=\"".$row['EMAILADDR']."\" /><br /><br />
	Subject on notification:  <input style=\"font-size:1em;\" type=\"text\" size=\"60\" name=\"subject\" value=\"".$row['SUBJECT']."\" /><br /><br />
	Number of entries to show per page:  <input style=\"font-size:1em;\" type=\"text\" size=\"25\" name=\"numentry\" value=\"".$row['NUMENTRY']."\" /><br /><br />
	Show email:  <input style=\"font-size:1em;\" type=\"text\" size=\"15\" name=\"showemail\" value=\"".$row['SHOWEMAIL']."\" /> (0 off, 1 on)<br /><br />
	Enable CAPTCHA: <input style=\"font-size:1em;\" type=\"text\" size=\"15\" name=\"captcha\" value=\"".$row['CAPTCHA']."\" /> (0 off, 1 on)<br /><br />
	<button style=\"font-size:1em;\" type=\"submit\">Save Settings</button></form>";
	
	return $settings_frm;
}

function Word_Filter_Form($badlist='',$goodlist='',$bad='',$good='',$mode=''){


   if (!empty($mode) && ($mode == "del")){
      $bad = htmlspecialchars($badlist, ENT_QUOTES);
      $good = htmlspecialchars($goodlist, ENT_QUOTES);
      $query = "DELETE FROM groones_wordfilter WHERE GOODWORD = '".$good."'";
      $result = mysql_query($query);
   }
   if (!empty($mode) && ($mode == "add")){
      $bad = htmlspecialchars($bad, ENT_QUOTES);
      $good = htmlspecialchars($good, ENT_QUOTES);
      $query = "INSERT INTO groones_wordfilter (BADWORD, GOODWORD) VALUES ('".$bad."', '".$good."')";
      $result = mysql_query($query);
   }

$filterfrm .= "<script>
                        function selectu() {
                           for(var i=0;i<document.fmain.goodlist.options.length;i++) {
                              if (document.fmain.badlist.options[i].value == document.fmain.goodlist.options[document.fmain.goodlist.selectedIndex].value) {
                                 document.fmain.badlist.selectedIndex=i;
                              }
                           }
                        }
                        function selectd() {
                           for(var i=0;i<document.fmain.badlist.options.length;i++) {
                              if (document.fmain.goodlist.options[i].value == document.fmain.badlist.options[document.fmain.badlist.selectedIndex].value) {
                                 document.fmain.goodlist.selectedIndex=i;
                              }
                           }
                        }
                        </script>";
$filterfrm .= "<div style=\"clear:both;text-align:center;font-size:1.5em\">";
$filterfrm .= '<table width="100%" cellpadding="3" cellspacing="0" border="0" style="clear:both;margin:auto auto">
           <tr>
		      <td valign="top">';
$filterfrm .= "<form action=\"index.php?act=filter&mode=add\" method=\"post\"><center><input class=\"border\" type=\"TEXT\" name=\"bad\">&nbsp;&nbsp;<input class=\"border\" type=\"TEXT\" name=\"good\">&nbsp;<input type=\"SUBMIT\" value=\"Add Word\" class=\"border\"></center></form>";
   
$filterfrm .= "<form action=\"index.php?act=filter&mode=del\" name=\"fmain\" method=\"post\">";
$filterfrm .= "<table border=\"0\" style=\"clear:both;margin:auto auto\"><tr><td align=\"center\">";
$filterfrm .= "&nbsp;&nbsp;&nbsp;Bad Word's&nbsp;&nbsp;&nbsp;<br>
           <SELECT SIZE=\"9\" name=\"badlist\" onChange=\"selectd();\"> \n";
	$result = mysql_query("SELECT * FROM groones_wordfilter");
   while ($row = mysql_fetch_array($result)){
   		$badoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['BADWORD']."</OPTION> \n";
		$goodoptions .= "<OPTION value=\"".$row['GOODWORD']."\">".$row['GOODWORD']."</OPTION> \n";
   }
            
	$filterfrm .= $badoptions;
		
   $filterfrm .= "</SELECT></td><td align=\"center\">&nbsp;&nbsp;&nbsp;Good Word's&nbsp;&nbsp;&nbsp;<br>";


   $filterfrm .= "<SELECT SIZE=\"9\" name=\"goodlist\" onChange=\"selectu();\">";
   $filterfrm .= $goodoptions;
   $filterfrm .= "</SELECT>
             </td>
         </tr>
         <tr>
            <td></td><td align=\"right\"><input type=\"SUBMIT\" value=\"Remove\" class=\"border\"></td>
         </tr>
    </table>
  </form>";
$filterfrm .= '<td>
   <td width="160" align="right" valign="top">
</td></tr></table></div>';

	return $filterfrm;
}

function Keyword_Function($data=''){
	
	require_once('../inc/keywords.inc.php');
	if(!empty($data)){
		$keywords = $data;
		$data = "<?php\n\n\n\$keywords='".$data."';\n\n\n\n?>";
		$file = "../inc/keywords.inc.php";
		$handle = fopen($file, 'w');
		fwrite($handle, $data);
		fclose($handle);
	}
	
	$keywordfrm	.= "<p align=\"left\" style=\"font-size: 1.1em;\">
	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Spammers tend to use predictable keywords that are not necessarily bad words.<br />  
	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;For example, a spammer might write \"buy inexpensive rolex watches\" whereas<br /> 
	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;your friend might say, \"I bought a rolex watch.\"<br /><br />
	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Separate each phrase or word with a comma, and no spaces. Spaces can be used in phrases.</p>";
	$keywordfrm .= "<form action=\"index.php?act=key\" method=\"post\">
	<textarea cols=\"65\" rows=\"10\" name=\"keywords\">".$keywords."</textarea><br />
	<button type=\"submit\" style=\"font-size: 1.5em;\">Save</button></form>";

	return $keywordfrm;
}

function Moderated_Messages($page, $num_per_page){

$my_date = date("l, F j, Y");
$my_time = time("t");

//=================================================
if (!($num_per_page)){
$num_per_page = 15;} // Default results per-page.
if (!($page)){$page = 0;} // Default page value.
//=================================================
$query = "SELECT * FROM groones_guestbook_mod ORDER BY ID ASC";
$result = mysql_query($query);
$num = mysql_num_rows($result);
//=================================================

$pages = intval($num/$num_per_page); // Number of results pages.

// $pages now contains int of pages, unless there is a remainder from division.
if ($num%$num_per_page) {$pages++;} // has remainder so add one page
$current = ($page/$num_per_page) + 1; // Current page number.
if (($pages < 1) || ($pages == 0)) {$total = 1;} // If $pages is less than one or equal to 0, total pages is 1.
else {
$total = $pages;} // Else total pages is $pages value.
$first = $page + 1; // The first result.
if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$last = $page + $num_per_page;} //If not last results page, last result equals $page plus $num_per_page.
else{
$last = $num;} // If last results page, last result equals total number of results.
?>
<table width="95%" border="0">
 <tr>
  <td width="50%" align="right">
<font>Page <b><?=$current?></b> of <b><?=$total?></b></font>
  </td>
 </tr>
 <tr>
  <td align="right">&nbsp;

  </td>
 </tr>
</table>
<?
//=============================================
$result = mysql_query("SELECT * FROM groones_guestbook_mod ORDER BY ID DESC LIMIT $page, $num_per_page");

echo '<table border="0" cellpadding="0" cellspacing="2" width="100%"><tr><td valign="top">';
while ($row = mysql_fetch_array($result)){
echo "
<div align=\"center\">
  <center><table border=\"0\" width=\"95%\" cellspacing=\"0\" cellpadding=\"1\" class=\"msgBorder\">
  	<tr>
		<td>
		
<table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\" border=\"0\">
  <tr>
    <td height=\"15\" class=\"msgDate\">
       Posted on ".$row["my_date"]."
   </td>
  </tr>
";
echo "
  <tr>
    <td class=\"msgName\" valign=\"middle\">
      <b>name:</b>&nbsp; ".strip_tags($row["user_name"]);
echo "&nbsp;&nbsp;
        <b>email:</b>&nbsp;".strip_tags($row["email_address"])."<br>";

echo "</td>
	</tr>
	<tr>
    	<td valign=\"top\" class=\"msgEntry\"><br>".stripslashes(strip_tags($row["message"]))."<br><br></td>
  	</tr>
";
echo "
  	<tr>
    	<td height=\"19\" class=\"msgWeb\">";
     echo "<a href=\"" . URL . "admin/index.php?act=mod&mode=del&msg=".$row["ID"]."\">Delete</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href=\"" . URL . "admin/index.php?act=mod&mode=approve&msg=".$row["ID"]."\">Approve</A>";
echo "&nbsp;&nbsp;&nbsp;website:&nbsp; <a href=\"".htmlentities($row["website"])."\" target=\"_blank\">".strip_tags($row["website"])."</a>
		</td>
  	</tr>";
echo '
</table>
  </td></tr></table></center>
</div><hr width=\"50%\"><br>
';
}
echo '</td>
<!-- <td width=\"200\" valign="top" align=\"right\">
</td> --></tr></table>'; 
if ($page != 0) { // Don't show back link if current page is first page.

$back_page = $page - $num_per_page;
echo("<font><a href=\"" . URL . "admin/index.php?act=mod&page=$back_page&num_per_page=$num_per_page\">back</a></font>    \n");}
for ($i=1; $i <= $pages; $i++) // loop through each page and give link to it.
{
 $ppage = $num_per_page*($i - 1);
 if ($ppage == $page){
 echo("<font><b>$i</b></font> \n");} // If current page don't give link, just text.
 else{
 echo("<font><a href=\"" . URL . "admin/index.php?act=mod&page=$ppage&num_per_page=$num_per_page\">$i</a></font> \n");}
}
if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) { // If last page don't give next link.
$next_page = $page + $num_per_page;
echo("    <font><a href=\"" . URL . "admin/index.php?act=mod&page=$next_page&num_per_page=$num_per_page\">next</a></font>\n");}

}

function FUNCT_SHOW_MESSAGES($page, $num_per_page){

$my_date = date("l, F j, Y");
$my_time = time("t");

//=================================================
if (!($num_per_page)){
$num_per_page = 15;} // Default results per-page.
if (!($page)){$page = 0;} // Default page value.
//=================================================
$query = "SELECT * FROM groones_guestbook ORDER BY ID ASC";
$result = mysql_query($query);
$num = mysql_num_rows($result);
//=================================================

$pages = intval($num/$num_per_page); // Number of results pages.

// $pages now contains int of pages, unless there is a remainder from division.
if ($num%$num_per_page) {$pages++;} // has remainder so add one page
$current = ($page/$num_per_page) + 1; // Current page number.
if (($pages < 1) || ($pages == 0)) {$total = 1;} // If $pages is less than one or equal to 0, total pages is 1.
else {
$total = $pages;} // Else total pages is $pages value.
$first = $page + 1; // The first result.
if (!((($page + $num_per_page) / $num_per_page) >= $pages) && $pages != 1) {
$last = $page + $num_per_page;} //If not last results page, last result equals $page plus $num_per_page.
else{
$last = $num;} // If last results page, last result equals total number of results.
?>
<table width="95%" border="0">
 <tr>
  <td width="50%" align="right">
<font>Page <b><?=$current?></b> of <b><?=$total?></b></font>
  </td>
 </tr>
 <tr>
  <td align="right">&nbsp;

  </td>
 </tr>
</table>
<?
//=============================================
$result = mysql_query("SELECT * FROM groones_guestbook ORDER BY ID DESC LIMIT $page, $num_per_page");

echo '<table border="0" cellpadding="0" cellspacing="2" width="100%"><tr><td valign="top">';
while ($row = mysql_fetch_array($result)){
echo "
<div align=\"center\">
  <center><table border=\"0\" width=\"95%\" cellspacing=\"0\" cellpadding=\"1\" class=\"msgBorder\">
  	<tr>
		<td>
		
<table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\" border=\"0\">
  <tr>
    <td height=\"15\" class=\"msgDate\">
       Posted on ".$row["my_date"]."
   </td>
  </tr>
";
echo "
  <tr>
    <td class=\"msgName\" valign=\"middle\">
      <b>name:</b>&nbsp; ".strip_tags($row["user_name"]);
echo "&nbsp;&nbsp;
        <b>email:</b>&nbsp;".strip_tags($row["email_address"])."<br>";

echo "</td>
	</tr>
	<tr>
    	<td valign=\"top\" class=\"msgEntry\"><br>".stripslashes(strip_tags($row["message"]))."<br><br></td>
  	</tr>
";
echo "
  	<tr>
    	<td height=\"19\" class=\"msgWeb\">";
     echo "<a href=\"" . URL . "admin/index.php?act=msg0&mode=del&msg=".$row["ID"]."\">Delete</a>";
echo "&nbsp;&nbsp;&nbsp;website:&nbsp; <a href=\"".htmlentities($row["website"])."\" target=\"_blank\">".strip_tags($row["website"])."</a>
		</td>
  	</tr>";
echo '
</table>
  </td></tr></table></center>
</div><hr width=\"50%\"><br>
';
}
echo '</td>
<!-- <td width=\"200\" valign="top" align=\"right\">
</td> --></tr></table>'; 
if ($page != 0) { // Don't show back link if current page is first page.

$back_page = $page - $num_per_page;
echo("<font><a href=\"" . URL . "admin/index.php?act=msg0&page=$back_page&num_per_page=$num_per_page\">back</a></font>    \n");}
for ($i=1; $i <= $pages; $i++) // loop through each page and give link to it.
{
 $ppage = $num_per_page*($i - 1);
 if ($ppage == $page){
 echo("<font><b>$i</b></font> \n");} // If current page don't give link, just text.
 else{
 echo("<font><a href=\"" . URL . "admin/index.php?act=msg0&page=$ppage&num_per_page=$num_per_page\">$i</a></font> \n");}
}
if (!((($page+$num_per_page) / $num_per_page) >= $pages) && $pages != 1) { // If last page don't give next link.
$next_page = $page + $num_per_page;
echo("    <font><a href=\"" . URL . "admin/index.php?act=msg0&page=$next_page&num_per_page=$num_per_page\">next</a></font>\n");}

}
Return current item: GBoook