<?php
/*LICENSE INFORMATION*
* Kure is distributed under the terms of the GNU General Public License
* (http://www.gnu.org/licenses/gpl.html).
* Kure Copyright 2007-2008 Ben Carlsson
*
*-->
* This file is part of Kure.
*
* Kure is free software: you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation, either version
* 3 of the License, or (at your option) any later version.
*
* Kure is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with Kure. If
* not, see <http://www.gnu.org/licenses/>.
*-->
*
* Please see index.php for notes and license information.
*/
$root = "../"; // so functions.php knows where we are
require_once("../config.php");
require_once("../functions.php");
session_start();
// logout
if(isset($_GET['logout'])) {
unset($_SESSION['admin']);
session_destroy();
header("Location: ../");
}
// login
if($_SESSION['admin'] != $config['adminpass']) {
if(isset($_POST['login'])) {
if(md5($_POST['password']) == $config['adminpass']) {
$_SESSION['admin'] = $config['adminpass'];
header("Location: ./");
} else {
runtemplate("admin_header");
print("<div style=\"position: absolute; left: 400px; top: 180px;\">");
error("Invalid password.", false);
}
} else runtemplate("admin_header");
print("<div style=\"position: absolute; left: 400px; top: 200px;\">");
if(isset($_SESSION['admin'])) // bad session
print("<span class=\"error\">Session invalid; please login again.</span><br />");
print("<span class=\"sitetitle\">administrate</span> <span class=\"sitesub\">" . $config['blog_name'] . "</span><br /><br />");
print("<form action=\"./\" method=\"post\">");
print("<a type=\"blog_title\">enter password</a><br /><input type=\"password\" name=\"password\">");
print(" <input type=\"submit\" name=\"login\" value=\"login\"></form>");
exit(); // don't allow any further access of administration unless logged in
}
runtemplate("admin_header");
if(isset($_GET['config'])) {
print("<span class=\"pagesub\">config</span><br /><br />\n");
if(isset($_POST['config_submit'])) {
$options = array(
'blog_name' => $_POST['blog_name'],
'blog_sub' => $_POST['blog_sub'],
'num_posts' => $_POST['num_posts'],
'docdates' => $_POST['docdates'],
'docspagedates' => $_POST['docspagedates'],
'abcdocs' => $_POST['abcdocs'],
'abcposts' => $_POST['abcposts'],
'showadmin' => $_POST['showadmin']
);
if(!write_config($options))
exit("<span class=\"error\">Couldn't write to <tt>config.php</tt>; check permissions and try again.</span>");
print("<span class=\"success\">Configuration saved.</span>");
} else {
?>
<form action="?config" method="post">
blog name<br /><input type="text" name="blog_name" value="<?php print($config['blog_name']); ?>" class="form_text"><br /><br />
subname<br /><input type="text" name="blog_sub" value="<?php print($config['blog_sub']); ?>" class="form_text"><br /><br />
posts per page<br /><input type="text" name="num_posts" value="<?php print($config['num_posts']); ?>" class="form_text" size="3"> <span class="note">0 for unlimited</span><br /><br />
<select name="docdates">
<option value="true" <?php if($config['docdates']) print("selected"); ?>>Yes</option>
<option value="false" <?php if(!$config['docdates']) print("selected"); ?>>No</option>
</select> display dates on docs<br /><br />
<select name="docspagedates">
<option value="true" <?php if($config['docspagedates']) print("selected"); ?>>Yes</option>
<option value="false" <?php if(!$config['docspagedates']) print("selected"); ?>>No</option>
</select> display dates on doc listing<br /><br />
<select name="abcdocs">
<option value="true" <?php if($config['abcdocs']) print("selected"); ?>>Alphabetical</option>
<option value="false" <?php if(!$config['abcdocs']) print("selected"); ?>>Date descending</option>
</select> doc order<br /><br />
<select name="abcposts">
<option value="true" <?php if($config['abcposts']) print("selected"); ?>>Alphabetical</option>
<option value="false" <?php if(!$config['abcposts']) print("selected"); ?>>Date descending</option>
</select> post order<br /><br />
<select name="showadmin">
<option value="true" <?php if($config['showadmin']) print("selected"); ?>>Yes</option>
<option value="false" <?php if(!$config['showadmin']) print("selected"); ?>>No</option>
</select> show admin panel link in sidebar<br /><br />
<input type="submit" name="config_submit" value="save" class="form_submit">
<?php
}
}
elseif(isset($_GET['plugins'])) {
print("<span class=\"pagesub\">plugins</span><br />\n");
print("<div style=\"position: relative; left: 8px;\">");
plug("admplugins", "listing");
print("</div>");
}
elseif(isset($_GET['plugin'])) {
// blank page for plugins to use as a config/about page
plug("admplugins", "page");
}
elseif(isset($_GET['templates'])) {
print("<span class=\"pagesub\">templates</span><br /><br />\n");
if(isset($_POST['template_submit'])) {
if(!write_config(array("template" => $_POST['template'])))
exit("<span class=\"error\">Error writing to <tt>config.php</tt>. Check permissions and try again.</span>");
print("<span class=\"success\">Template changed.</span>");
} else {
print("<form action=\"?templates\" method=\"post\">\n");
$templates = glob($root . "templates/*", GLOB_ONLYDIR);
foreach($templates as $template) {
$template = str_replace($root . "templates/", "", $template);
print("<input type=\"radio\" name=\"template\" value=\"$template\"");
if($config['template'] == $template) print(" checked");
print("> <tt>$template</tt><br />\n");
}
print("<br /><input type=\"submit\" name=\"template_submit\" value=\"save\" class=\"form_submit\"></form>");
}
}
elseif(isset($_GET['create'])) {
print("<span class=\"pagesub\">create</span><br /><br />\n");
if(isset($_POST['submit_post'])) {
if(create_entry($_POST['title'], $_POST['content'], $_POST['type']))
print("<span class=\"success\">Entry created.</span>");
} else {
plug("admcreate", "top");
print("<form action=\"?create\" method=\"post\">\n");
print("title<br /><input class=\"form_text\" name=\"title\" size=\"50\" type=\"text\"><br><br>\n");
plug("admcreate", "title_after");
print("content<br /><textarea class=\"form_textarea\" cols=\"80\" name=\"content\" rows=\"12\"></textarea><br><br>\n");
plug("admcreate", "content_after");
print("<input checked name=\"type\" type=\"radio\" value=\"posts\">post\n");
print("<input name=\"type\" type=\"radio\" value=\"docs\">doc\n");
plug("admcreate", "type_after");
print("<br><br>\n");
print("<input class=\"form_submit\" name=\"submit_post\" type=\"submit\" value=\"post\">\n");
plug("admcreate", "button_after");
print("</form>\n\n");
}
}
elseif(isset($_GET['modify'])) {
print("<span class=\"pagesub\">modify</span><br /><br />\n");
if($_GET['modify'] != null) {
if(isset($_POST['modify_post'])) {
$oldname = $_POST['oldfile'];
if(strstr($oldname, "docs/")) {
$type = "docs";
$oldname = str_replace("docs/", "", $oldname);
} elseif(strstr($oldname, "posts/")) {
$type = "posts";
$oldname = str_replace("posts/", "", $oldname);
}
if(!delete_entry($oldname, $type))
exit("<span class=\"error\">Old entry could not be removed. Check permissions and try again.</span>");
if(create_entry($_POST['title'], $_POST['content'], $_POST['type']))
print("<span class=\"success\">Entry modified.</span>");
} else {
if(substr($_GET['modify'], 0, 5) == "posts") {
$oldtype = "posts";
$oldtitle = str_replace("posts/", "", $_GET['modify']);
} elseif(substr($_GET['modify'], 0, 4) == "docs") {
$oldtype = "docs";
$oldtitle = str_replace("docs/", "", $_GET['modify']);
}
else exit("<span class=\"error\">Bad entry type.</span>");
$oldtitle = deparse_title($oldtitle);
$oldcontent = file_get_contents($root . $_GET['modify'] . ".txt");
plug("admmodify", "top");
print("<form action=\"?modify=submit\" method=\"post\">\n");
print("title<br /><input class=\"form_text\" name=\"title\" size=\"50\" type=\"text\" value=\"$oldtitle\"><br><br>\n");
plug("admmodify", "title_after");
print("content<br /><textarea class=\"form_textarea\" cols=\"80\" name=\"content\" rows=\"12\">$oldcontent</textarea><br><br>\n");
plug("admmodify", "content_after");
print("<input ");
if($oldtype == "posts") print("checked ");
print("name=\"type\" type=\"radio\" value=\"posts\">post\n");
print("<input ");
if($oldtype == "docs") print("checked ");
print("name=\"type\" type=\"radio\" value=\"docs\">doc\n");
plug("admmodify", "type_after");
print("<br><br>\n");
print("<input type=\"hidden\" name=\"oldfile\" value=\"" . $_GET['modify'] . "\">\n");
print("<input class=\"form_submit\" name=\"modify_post\" type=\"submit\" value=\"modify\">\n");
plug("admmodify", "button_after");
print("</form>\n\n");
}
} else {
$posts = glob($root . "posts/*.txt");
$docs = glob($root . "docs/*.txt");
usort($posts, "sort_by_mtime");
usort($docs, "sort_by_mtime");
$poststr = "";
$docstr = "";
foreach($posts as $post) {
$post = str_replace("../posts/", "", $post);
$post = str_replace(".txt", "", $post);
$post_title = deparse_title($post);
$poststr .= " <a href=\"?del=posts/$post\" class=\"small\">[del]</a> <a href=\"?modify=posts/$post\">$post_title</a><br />";
}
foreach($docs as $doc) {
$doc = str_replace("../docs/", "", $doc);
$doc = str_replace(".txt", "", $doc);
$doc_title = deparse_title($doc);
$docstr .= " <a href=\"?del=docs/$doc\" class=\"small\">[del]</a> <a href=\"?modify=docs/$doc\">$doc_title</a><br />";
}
$poststr = str_replace("'", "\\'", $poststr);
$docstr = str_replace("'", "\\'", $docstr); // escape the ' character so it doesn't interefere with the javascript
?>
<div id="tabs"></div>
<script src="../js/tabs.js" type="text/javascript"></script>
<script type="text/javascript">
var tabs = new Tabs(document.getElementById('tabs'));
tabs.Add('posts', postsTabSwitch);
tabs.Add('docs', docsTabSwitch);
function postsTabSwitch(paneElement) {
if(paneElement.innerHTML == '')
paneElement.innerHTML = '<?php print($poststr); ?>'
}
function docsTabSwitch(paneElement) {
if(paneElement.innerHTML == '')
paneElement.innerHTML = '<?php print($docstr); ?>'
}
</script>
<?php
}
}
elseif(isset($_GET['del'])) {
if(strstr($_GET['del'], "docs/")) {
$type = "doc";
$title = str_replace("docs/", "", $_GET['del']);
} elseif(strstr($_GET['del'], "posts/")) {
$type = "post";
$title = str_replace("posts/", "", $_GET['del']);
}
if(isset($_POST['confirm_delete'])) {
if(delete_entry($title, $type))
print("<span class=\"success\">Entry deleted.</span>");
else
print("<span class=\"error\">Couldn't delete $type <tt>" . deparse_title($title) . "</tt>. Check permissions and try again.</span>");
} else {
print("<span class=\"pagesub\">delete entry</span><br /><br />\n");
print("Are you sure you want to delete the $type <b><tt>" . deparse_title($title) . "</tt></b>? This cannot be undone.<br /><br />\n");
print("<div align=\"right\"><form action=\"?del=" . $_GET['del'] . "\" method=\"post\"><input type=\"submit\" name=\"confirm_delete\" value=\"Yes, delete this " . $type . "\"></form>\n");
print("<a href=\"?modify\" class=\"navitem\">Go back</a></div>");
}
}
elseif(isset($_GET['password'])) {
print("<span class=\"pagesub\">change password</span><br /><br />\n");
if(isset($_POST['pass_submit'])) {
if($_POST['newpass1'] != $_POST['newpass2'] || $_POST['newpass1'] == "")
exit("Passwords did not match or were not entered. <a href=\"?password\">Try again</a>.");
if(md5($_POST['curpass']) != $config['adminpass'])
exit("Incorrect current password. <a href=\"?password\">Try again</a>.");
if(!write_config(array("adminpass" => md5($_POST['newpass1']))))
exit("<span class=\"error\">Error writing to <tt>config.php</tt>. Check permissions and try again.</span>");
print("<span class=\"success\">Password changed.</span>");
} else {
?>
<form action="?password" method="post">
current password<br /><input type="password" name="curpass" class="form_text"><br /><br />
new password<br /><input type="password" name="newpass1" class="form_text"><br /><br />
confirm<br /><input type="password" name="newpass2" class="form_text"><br /><br />
<input type="submit" name="pass_submit" value="change password" class="form_submit"></form>
<?php
}
}
else { // main
?>
<p>>> <a href="?config" class="pagesub">config</a> •
change site options + variables</p>
<p>>> <a href="?plugins" class="pagesub">plugins</a> •
enable, disable, and manage plugins</p>
<p>>> <a href="?templates" class="pagesub">templates</a> •
swap templates</p>
<br />
<p>>> <a href="?create" class="pagesub">create</a> •
make a new post or doc</p>
<p>>> <a href="?modify" class="pagesub">modify</a> •
edit or delete posts and docs</p>
<br />
<p>>> <a href="?password" class="pagesub">change password</a> •
change your administration password</p>
<p>>> <a href="?logout" class="pagesub">logout</a> •
destroy your administration session and return to your blog</p>
<br />
<p><< <a href="../" class="pagesub">back to site</a> •
return to your blog</p>
<?php
}
runtemplate("admin_footer");
?>