Location: PHPKode > projects > LySite > lysite/admin.php
<?php
/*----------------------------------------------------------

       LySite
       Brad Landis (hide@address.com)

   Copyright (C) 2005 Brad Landis

   This program is free software; you can redistribute it
   and/or modify it under the terms of the GNU General
   Public License as published by the Free Software
   Foundation; either version 2 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be
   useful, but WITHOUT ANY WARRANTY; without even the
   implied warranty of MERCHANTABILITY or FITNESS FOR A
   PARTICULAR PURPOSE.  See the GNU General Public License
   for more details.
   
   You should have received a copy of the GNU General Public
   License along with this program; if not, write to the
   Free Software Foundation, Inc., 51 Franklin Street, Fifth
   Floor, Boston, MA  02110-1301, USA.

----------------------------------------------------------*/
require("includes.php");
$subtitle = "Administration";
$iconlist[] = "<form action='admin.php'><button type='submit' name='monthly_message' title='Edit Email Message'><img src='icon/email_edit.jpg'><span>Edit Email Message</span></button></form>";
$iconlist[] = "<form action='admin.php'><button type='submit' name='search_list'><img src='icon/search_list.jpg'><span>Search List</span></button></form>";
if($_GET['user'])
	$iconlist[] = "||<form action='admin.php'><input type='hidden' name='user' value='$_GET[user]'><button type='submit' name='send_message' title='Edit Email Message'><img src='icon/email_edit.jpg'><span>Send Email to User</span></button></form>";

/****************************************************************
 * shorten_text(): Used for comments to make it fit easier.	*
 ****************************************************************/
function shorten_text($text,$maxlength=50) {
	if(strlen($text) > $maxlength) {
		$new_title = substr($text, 0, $maxlength-2);
		$end = strrpos($new_title," ");
		if($end) {
			$new_title = substr($new_title, 0, $end);
		}
		return $new_title."...";
	} else {
		return $text;
	}
}

/****************************************************************
 * get_user_level(): Get the text interpretation of the user	*
 *	level.							*
 ****************************************************************/
function get_user_level($num) {
	if($num >= 15)
		return "Admin";
	else if($num >= 10)
		return "Preapproved";
	else if($num >= 5)
		return "Normal";
	else
		return "Unprivileged";
}
if(!is_admin_user()) {
	log_event("Admin Page Attempt",null,null,2);
	header("Location: index.php");
} else {
	if(isset($_GET['del_search_term'])) {
		$query = "DELETE FROM top_searches WHERE search_term='$_GET[del_search_term]' LIMIT $_GET[cnt]";
		if(mysql_query($query)) {
			header("Location: admin.php?search_list=&notice=Successfully+deleted+the+search+term.");
		} else trigger_error(mysql_error());
	} else if(isset($_POST['m_message'])) {
		if(isset($_POST['update'])) {
			$query = "UPDATE options SET v='$_POST[m_message]' WHERE k='m_message' LIMIT 1";
		} else {
			$query = "INSERT INTO options SET v='$_POST[m_message]', k='m_message'";
		}
		if(mysql_query($query)) {
			log_event("Monthly Message Updated",null,"admin.php?monthly_message=");
			header("Location: admin.php?notice=Success!");
		} else trigger_error(mysql_error());
	} else if(isset($_GET['user_level'])) {
		$query = "UPDATE users SET permissions='$_GET[user_level]' WHERE user_id='$_GET[user]' LIMIT 1";
		log_event(get_user_fullname($_GET['user'])."'s User Level Changed",null,"admin.php?user=$_GET[user]");
		if(mysql_query($query)) {
			header("Location: admin.php?user=$_GET[user]");
		}
	} else if(isset($_POST['send_message'])) {
		if(mail($_POST['email'],$_POST['subject'],$_POST['message'],"From: ".SITE_TITLE." - ".SITE_SUBTITLE." <".SITE_EMAIL.">\r\n")) {
			log_event("Message Sent to $_POST[email]",$line['message'],NULL);
			header("Location: admin.php?notice=Email+successfully+sent.");
		}
	}
	
	include("header.php");
	if($_GET['user']) {
		$query = "SELECT * FROM users WHERE user_id='$_GET[user]' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				$user = mysql_fetch_assoc($results);
				echo "<table><tr><td>Username: $user[username]\n";
				echo "<tr><td>Name: $user[name]\n";
				echo "<tr><td>Email: $user[email]\n";
				echo "<tr><td>Subscribed: ".($user['subscribe']=='y'?'Yes':($user['subscribe']=='monthly'?'Monthly':'No'))."\n";
				echo "<tr><td>User Level: ".get_user_level($user['permissions']);
				echo ($user['permissions']>=5?" <a href='admin.php?user=$user[user_id]&user_level=".($user['permissions']-5)."'>-</a>":"").($user['permissions']<=10?" <a href='admin.php?user=$user[user_id]&user_level=".($user['permissions']+5)."'>+</a>":"");
				echo "\n";
				echo "</table>\n";
			}
		} else trigger_error(mysql_error());
		
		if(isset($_GET['send_message'])) {
			echo "<h2>Send Message</h2>\n";
			echo "<form action='admin.php' method='post'>\n<fieldset><legend>Send Email to $user[username]</legend>\n<input type='hidden' name='email' value='$user[name] &lt;$user[email]&gt;'>\n";
			echo "<p><label>Subject</label><br>\n<input type='text' name='subject' value='Message from the Admin' size='40'>\n";
			echo "<p><label>Message</label><br>\n<textarea name='message' cols='40' rows='10'>Dear ".($user['name']?$user['name']:$user['username']).",\n\n\nThanks,\n".SITE_ADMIN."\n".SITE_URL."</textarea>\n";
			echo "<p><input type='submit' name='send_message' value='Send'>\n";
			echo "</fieldset></form>\n";
		} else {
			echo "<h2>User Log</h2>\n";
			$query = "SELECT log_id,time,level,user_id,ip_addr,url,title FROM log WHERE user_id='$_GET[user]' ORDER BY time DESC";
			if($results = mysql_query($query)) {
				if(mysql_num_rows($results) > 0) {
					echo "<table id='log'>\n";
					while($line = mysql_fetch_assoc($results)) {
						if($line['level'] >= 3) {
							$color = $color=='#dbb'?'#ecc':'#dbb';
						} else if($line['level'] >= 0) {
							$color = $color=='#bbb'?'#ccc':'#bbb';
						} else {
							$color = $color=='#fff'?'#eee':'#fff';
						}
						echo "<tr style='background:$color'><td>".($line['level']==2?"<img src='warning.jpg'>":($line['level']==4?"<img src='warning.jpg' alt='Err'>":""))."\n<td>".date("j M y | g:i A",strtotime($line['time']))."\n<td>".($line['url']?"<a href='$line[url]'>$line[title]</a>":"$line[title]")."<br>\n".($line['user_id'] != null?get_username($line['user_id']):"Anonymous")." (<a href='admin.php?ip_addr=$line[ip_addr]'>".long2ip($line['ip_addr'])."</a>)\n<td><a href='admin.php?log_id=$line[log_id]'>View</a>\n";
					}
					echo "</table>\n";
				} else {
					echo "<p>No logged events.";
				}
			} else {
				trigger_error(mysql_error());
			}
			
			echo "<h2>User Favorites</h2>\n";
			$query = "SELECT lyrics.title,lyrics.lid FROM favs LEFT JOIN lyrics USING(lid) WHERE favs.user_id='$line[user_id]' ORDER BY title";
			if($results = mysql_query($query)) {
				if(mysql_num_rows($results) > 0) {
					echo "<div class='block'>\n";
					while($line = mysql_fetch_assoc($results)) {
						echo "<a href='songs.php?song=$line[lid]'>$line[title]</a> <br>\n";
					}
					echo "</div>";
				} else {
					echo "<p>This user has no favorites.\n";
				}
			} else {
				trigger_error(mysql_error());
			}
		}
	} else if(isset($_GET['monthly_message'])) {
		echo "<form action='admin.php' method='post'>\n<fieldset><legend>Monthly Email Message</legend>\n";
		$query = "SELECT v FROM options WHERE k='m_message' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				$v = mysql_fetch_assoc($results);
				$v = $v['v'];
			}
			echo "<input type='hidden' name='update' value='t'>\n";
		} else {
			trigger_error(mysql_error());
		}
		echo "<label for='m_message'>Message:</label><br><textarea name='m_message' cols=60 rows=8>$v</textarea><br>\n";
		echo "<input type='submit' value='Submit'>";
		echo "</fieldset></form>";
	} else if(isset($_GET['no_copyright'])) {
		$query = "SELECT * FROM lyrics WHERE copyright='' ORDER BY title,author";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				echo "<table id='list'><tr><th colspan='2'><h2>Song List</h2>\n<tr><th><a href='songs.php'>Title</a><th style='text-align: right'><a href='songs.php?order_by=author'>Author</a>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<tr".($line['approved'] != 'y'?" class='unapproved'":"")."><td><a href='songs.php?song=$line[lid]'>$line[title]</a><td style='text-align: right'>$line[author]\n";
				}
				echo "</table>\n";
			} else {
				echo "No songs found.";
			}
		}
	} else if(isset($_GET['phpinfo'])) {
		phpinfo();
	} else if(isset($_GET['log_id'])) {
		$query = "SELECT * FROM log WHERE log_id='$_GET[log_id]' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				echo "<h2>Log Details</h2>\n";
				$line = mysql_fetch_assoc($results);
				echo "<p>Level: $line[level]\n<p>Date: ".date("j M y | g:i A",strtotime($line['time']))."\n<p>Title: ".($line['url']?"<a href='$line[url]'>$line[title]</a>":"$line[title]")."\n<p>Username: ".($line['user_id'] != null?get_username($line['user_id']):"Anonymous")."\n<p>IP: <a href='admin.php?ip_addr=$line[ip_addr]'>".long2ip($line['ip_addr'])."</a>\n<p>Details:<br>\n<div style='background: #ddd; padding: 8px 12px; border: solid 2px #bbb; white-space: normal;'>".nl2br($line['desc'])."</div>\n";
			} else {
				notice("No Log With this ID Found");
			}
		}
	} else if($_GET['ip_addr']) {
		echo "<h2>Log By IP Address: ".long2ip($_GET['ip_addr'])."<form style='display:inline; font-size: 10px;' method='post' action='http://ws.arin.net/cgi-bin/whois.pl' target='_blank'><input type='hidden' name='queryinput' value='".long2ip($_GET['ip_addr'])."'><input type='submit' value='WhoIs'></form></h2>\n";
		$query = "SELECT log_id,time,level,user_id,ip_addr,url,title FROM log WHERE ip_addr='$_GET[ip_addr]' ORDER BY time DESC";
		if($results = mysql_query($query)) {
			echo "<table id='log'>\n";
			while($line = mysql_fetch_assoc($results)) {
				if($line['level'] >= 3) {
					$color = $color=='#dbb'?'#ecc':'#dbb';
				} else if($line['level'] >= 0) {
					$color = $color=='#bbb'?'#ccc':'#bbb';
				} else {
					$color = $color=='#fff'?'#eee':'#fff';
				}
				echo "<tr style='background:$color'><td>".($line['level']==2?"<img src='warning.jpg'>":($line['level']==4?"<img src='warning.jpg' alt='Err'>":""))."\n<td>".date("j M y | g:i A",strtotime($line['time']))."\n<td>".($line['url']?"<a href='$line[url]'>$line[title]</a>":"$line[title]")."<br>\n".($line['user_id'] != null?get_username($line['user_id']):"Anonymous")." (<a href='admin.php?ip_addr=$line[ip_addr]'>".long2ip($line['ip_addr'])."</a>)\n<td><a href='admin.php?log_id=$line[log_id]'>View</a>\n";
			}
			echo "</table>\n";
		} else {
			trigger_error(mysql_error());
		}
	} else if(isset($_GET['log'])) {
		define(LOG_PER_PAGE, 150);
		echo "<h2>Log</h2>\n";
		$query = "SELECT log_id,time,level,user_id,ip_addr,url,title FROM log ORDER BY time DESC LIMIT ".($_GET['offset'] > 0?"$_GET[offset],":"").LOG_PER_PAGE;
		if($results = mysql_query($query)) {
			echo "<table id='log'>\n";
			while($line = mysql_fetch_assoc($results)) {
				if($line['level'] >= 3) {
					$color = $color=='#dbb'?'#ecc':'#dbb';
				} else if($line['level'] >= 0) {
					$color = $color=='#bbb'?'#ccc':'#bbb';
				} else {
					$color = $color=='#fff'?'#eee':'#fff';
				}
				echo "<tr style='background:$color'><td>".($line['level']==2?"<img src='warning.jpg'>":($line['level']==4?"<img src='warning.jpg' alt='Err'>":""))."\n<td>".date("j M y | g:i A",strtotime($line['time']))."\n<td>".($line['url']?"<a href='$line[url]'>$line[title]</a>":"$line[title]")."<br>\n".($line['user_id'] != null?get_username($line['user_id']):"Anonymous")." (<a href='admin.php?ip_addr=$line[ip_addr]'>".long2ip($line['ip_addr'])."</a>)\n<td><a href='admin.php?log_id=$line[log_id]'>View</a>\n";
			}
			echo "<tr><td colspan=7><div style='float:right'><a href='admin.php?log=&offset=".($_GET['offset']?$_GET['offset']+LOG_PER_PAGE:LOG_PER_PAGE)."'>Next</a></div>\n";
			if($_GET['offset'] > 0)
				echo "<a href='admin.php?log=&offset=".($_GET['offset']-LOG_PER_PAGE)."'>Previous</a>\n";
			echo "</table>\n";
		} else {
			trigger_error(mysql_error());
		}
	} else if(isset($_GET['resize_images'])) {
		//Resize all album_art
		echo "<pre>";
		error_reporting(E_ALL);
		exec("mogrify -resize 60x80 album_art/*", $o,$r);
		if($r != 0)
			echo "Error executing mogrify\n\n";
		else
			echo "Success\n";
		foreach($o as $op)
			echo $op."\n";
		echo "</pre>";
	} else if(isset($_GET['search_list'])) {
		$query = "SELECT *,COUNT(*) cnt FROM top_searches GROUP BY search_term ORDER BY cnt DESC LIMIT 12";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				echo "<h2>Top Searches</h2>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='index.php?from_link=&search=".urlencode(strtolower($line['search_term']))."'>".ucwords($line['search_term'])."</a> <a href='admin.php?del_search_term=".urlencode($line['search_term'])."&cnt=".($line['cnt']-1)."'><img src='icon/small_delete.jpg'></a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		
		$query = "SELECT * FROM top_searches ORDER BY search_id DESC LIMIT 50";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) > 0) {
				echo "<h2>Newest Searches</h2>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='index.php?from_link=&search=".urlencode($line['search_term'])."'>$line[search_term]</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
	} else {
		echo "<h2>Log <small><a href='admin.php?log='>View All</a></small></h2>\n";
		$query = "SELECT log_id,time,level,user_id,ip_addr,url,title FROM log ORDER BY time DESC LIMIT 15";
		if($results = mysql_query($query)) {
			echo "<table id='log'>\n";
			while($line = mysql_fetch_assoc($results)) {
				if($line['level'] >= 3) {
					$color = $color=='#dbb'?'#ecc':'#dbb';
				} else if($line['level'] >= 0) {
					$color = $color=='#bbb'?'#ccc':'#bbb';
				} else {
					$color = $color=='#fff'?'#eee':'#fff';
				}
				echo "<tr style='background:$color'><td>".($line['level']==2?"<img src='warning.jpg'>":($line['level']==4?"<img src='warning.jpg' alt='Err'>":""))."\n<td>".date("j M y | g:i A",strtotime($line['time']))."\n<td>".($line['url']?"<a href='$line[url]'>$line[title]</a>":"$line[title]")."<br>\n".($line['user_id'] != null?get_username($line['user_id']):"Anonymous")." (<a href='admin.php?ip_addr=$line[ip_addr]'>".long2ip($line['ip_addr'])."</a>)\n<td><a href='admin.php?log_id=$line[log_id]'>View</a>\n";
			}
			echo "</table>\n";
		} else {
			trigger_error(mysql_error());
		}
		
		echo "<h2>Approval Queue</h2>\n";
		$query = "SELECT * FROM lyrics WHERE approved='n' ORDER BY lid DESC";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) != 0) {
				echo "<p><b>Lyrics to Approve (".mysql_num_rows($results).")</b><br>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='songs.php?song=$line[lid]'>$line[title]</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		$query = "SELECT * FROM albums WHERE approved='n' ORDER BY aid DESC";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) != 0) {
				echo "<p><b>Albums to Approve (".mysql_num_rows($results).")</b><br>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='albums.php?album=$line[aid]'>$line[album_title]</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		$query = "SELECT * FROM category_names WHERE approved='n' ORDER BY cat_names_id DESC";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) != 0) {
				echo "<p><b>Categories to Approve (".mysql_num_rows($results).")</b><br>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='categories.php?cat_names_id=$line[cat_names_id]'>$line[cat_name]</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		$query = "SELECT * FROM attachments WHERE approved='n'";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) != 0) {
				echo "<p><b>Attachments to Approve (".mysql_num_rows($results).")</b><br>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='attachments.php?attachment_id=$line[attachment_id]'>".($line['filename']?$line['filename']:$line['url'])."</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		$query = "SELECT * FROM comments WHERE reported_by IS NOT NULL ORDER BY comment_id DESC";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) != 0) {
				echo "<p><b>Reported Comments (".mysql_num_rows($results).")</b><br>\n";
				while($line = mysql_fetch_assoc($results)) {
					echo "<a href='comments.php?comment_id=$line[comment_id]'>\"".shorten_text($line['comment'])."\"</a><br>\n";
				}
			}
		} else {
			trigger_error(mysql_error());
		}
		
		$query = "SELECT * FROM comments ORDER BY comment_id DESC LIMIT 10";
		if($results = mysql_query($query)) {
			echo "<p><b>Newest Comments</b><br>\n";
			while($line = mysql_fetch_assoc($results)) {
				echo "<a href='comments.php?comment_id=$line[comment_id]'>".shorten_text($line['comment'])."</a> (".get_user_fullname($line['user_id']).")<br>\n";
			}
		}
		
		$query = "SELECT * FROM users ORDER BY user_id DESC";
		if($results = mysql_query($query)) {
			echo "<h2>Users (".mysql_num_rows($results).")</h2>\n<table><tr><th>Username</th><th>Name</th><th>Permissions</th><th>Subscription Level</th></tr>\n";
			while($line = mysql_fetch_assoc($results)) {
				echo "<tr><td><a href='admin.php?user=$line[user_id]'>$line[username]</a></td><td>$line[name]</td><td>".get_user_level($line['permissions'])."</td><td>"
				.($line['subscribe']=='y'?"All Updates":($line['subscribe']=='No Emails'?"No":"Monthly Only"))
				."</td></tr>\n";
			}
			echo "</table>\n";
		}
	}
	include("footer.php");
}
?>
Return current item: LySite