Location: PHPKode > projects > Peardrop CMS > peardrop/admin.php
<?php
	
	include('./config/vars.inc.php'); //Do Authentication check, this must be at the top due to the use of HTTP Header
	include('./inc/auth.inc.php'); //Do Authentication check, this must be at the top due to the use of HTTP Header
	//Working Directories for file manipulation
// This funtion is for logging admin events.
function logEvent($logEntry)
	{
		$log = "./config/system.log";
		$file = fopen($log, "a+");
		$size = filesize($log);

		$ip = $_SERVER['REMOTE_ADDR']; //Get there ip address.
		$date = date("[d-M-Y H:i:s]: "); //Get the date and time.
		fwrite($file, $date.$logEntry." from IP [".$ip."]\n");

		$text = fread($file, $size);
		fwrite ($file, $space);
		fclose($file);
	}
	
	//get instructions from the url
	$page = $_GET['do'];
	$file = $_GET['f'];
	$act = $_GET['a'];
	$msg = $_GET['m'];
	$type = $_GET['t'];

$savedata = $_REQUEST['savedata']; //Are we saving data?
if ($savedata == 1) // savedata 1 is for saving plain text for use as HTML or css etc.
{ 
	$dir = $_GET['t'];
	$file = $_POST['FileName'];
	$type = $_POST['type'];
	$stringData = $_POST['editor1'];

	$fh = fopen($file, 'w') or die(print"<meta http-equiv=\"REFRESH\" content=\"0;url=admin.php?m=Error witing temp file!!!&mt=alert\"></HEAD>");

	fwrite($fh, $stringData);
	fclose($fh);
		if ($dir === "hidden" || $dir === "content" || $dir === "inc" || $dir === "css") 
		{
		copy ("$file", "$dir$type/$file") or die (print"<meta http-equiv=\"REFRESH\" content=\"0;url=admin.php?m=Could not move file, check folder permissions of $dir$type&mt=alert\"></HEAD>");
		unlink ("$file");
		}
		if ($type === "hidden" || $type === "content" || $type === "inc" || $type === "css") 
		{
		copy ("$file", "$dir$type/$file") or die (print"<meta http-equiv=\"REFRESH\" content=\"0;url=admin.php?m=Could not move file, check folder permissions of $dir$type&mt=alert\"></HEAD>");
		unlink ("$file");
		}
		$msg = "File saved!"; //everything went well, we shall exit this stage with a message of our success and continue loading.
		$msgt = "info";
		logEvent($file.' page saved');
}

if ($savedata == 2){ //Type 2 is for the handling of raw data (a file upload)

if ($_GET['folder'] == "docs") {
	$target = "docs/";
}
if ($_GET['folder'] == "images") {
	$target = "images/";
}


$target = $target . basename( $_FILES['uploaded']['name']) ; 

//File type black list, Check the file is permitted prior to upload.
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".shtml", ".pl", ".py", ".exe");
foreach ($blacklist as $file) 
{
if(preg_match("/$file\$/i", $_FILES['uploaded']['name'])) 
	{
	echo ('ERROR: Uploading this format is Not Allowed for security reasons');
	logEvent('Dissallowed File Upload (blacklisted extension)');
	echo ('<br><a href="admin.php?savedata=form">[Back]</a>');
	}
	else 
		{ 
		if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
		{ 

		echo ('Successfully Uploaded') .basename($_FILES['uploaded']['name']);
		logEvent('File upload: '.basename($_FILES['uploaded']['name']));
		echo ('<br><a href="admin.php?savedata=form">[Back]</a>');
		} 		
	}	 
}
	exit(0);
}

if ($savedata == 3){ //type 3 used for saving stuff to the config
$string = '<?php 

$username = "'. $_POST["username"]. '";

$password = "'. md5($_POST["password"]). '";

$email = "'. $_POST["email"]. '";

?>';

$fp = fopen("passwd.inc.php", "w");

fwrite($fp, $string);
fclose($fp);
copy ("passwd.inc.php", "./config/passwd.inc.php") or die (print "meta http-equiv=\"REFRESH\" content=\"0;url=install.php?logout&msg=Could not save file, verify permissions&msgt=alert&step=4\"></HEAD>");
unlink ("passwd.inc.php");
chmod("./config/passwd.inc.php", 0644);
		$msg = "Settings saved!"; //everything went well, we shall exit this stage with a message of our success and continue loading.
		$msgt = "info";	
		logEvent('User Details changed');
		
}

if ($savedata == "form"){ //Upload form
?>
<!DOCTYPE html>
<html>
<head>
<title>Peardrop File Uploader</title>
<link href="./css/admin_style.css" type="text/css" rel="stylesheet">
<script src="./js/jquery-latest.js"></script>
<!-- JS to toggle upload form -->
	<script type="text/javascript">
		function show(layer) {
			$('.toggle').show();
		   
	}
		function hide(layer) {
			$('.toggle').hide();
		
	}
	</script>
	<!-- Java/Jquery for AJAX File submission -->
<!-- JS for Upload form selection -->
	<script type="text/javascript">
		$(document).ready(function(){
		$('#box1').hide();
		$('#box2').hide();
		$("#thechoices").change(function(){
		if(this.value == 'all')
		{$("#uploads").children().show();}
		else
		{$("#" + this.value).show().siblings().hide();}
		});
		$("#thechoices").change();
		});
	</script>
	          
        <style type="text/css">
			html, body {
			font-size: 12px;
			font-family: Verdana, Arial, Helvetica, sans-serif;
			}
			div.hidden {
			display: none;
			
			}
			div.promptshow {
			background: #white;
			display: block;
				position: abosolute;
				margin: 0 auto;
				width: 80px;
				height: 40px;
				
			}
			div.promptshow img{
				margin: 0 auto;
				position: absolute;
				padding-left: 20px;
			}
          </style>
	</head>
	<body>
		<p>
		Upload a file</span> &#40;Max: <?php echo ini_get('upload_max_filesize'); ?>B&#41;<br>

	To: <select id="thechoices">
	<option value="">--Pick Folder--</option>
	<option value="box1">Images</option>
	<option value="box2">Documents</option> 
	</select>

	<div class="uploads"> 
		<div id="box1" class="uploads">
	<form enctype="multipart/form-data" action="admin.php?savedata=2&folder=images" method="post">
  <div align="center">
    <p><span class="style1">Please choose a file</span><br />
        <input name="uploaded" type="file" size="20"/>
        <br />
        <input name="submit" type="submit" onclick="change('hiddendiv1', 'promptshow');" value="Upload"/>
        <script type="text/javascript">
		function change(id, newClass)
		{
		identity=document.getElementById(id);
		identity.className=newClass;
		}
		</script>
			</p>
		  </div>
		  </br>
		</form>
		</div>
		<div id="box2" class="uploads">
		<form enctype="multipart/form-data" action="admin.php?savedata=2&folder=docs" method="post">
		<div align="center">
		<p><span class="style1">Please choose a file</span><br />
        <input name="uploaded" type="file" size="20"/>
        <br />
        <input name="submit" type="submit" onclick="change('hiddendiv1', 'promptshow');" value="Upload"/>
        <script type="text/javascript">
		function change(id, newClass)
		{
		identity=document.getElementById(id);
		identity.className=newClass;
		}
		</script>
			</p>
			<div>
			</div>
		  </div>
		  </br>
		</form>
		</div>
	</div> 
	<p>
		<div class="hidden" id="hiddendiv1">
        <p><img src='./img/loading.gif' alt="uploading" width="40" height="40" /><br />
        
    </p>
    Uploading...
      </div>
	</body>
</html>
<?php

exit(0); //Exit, we dont want to print anything else in this mode
		
}

if ( $act == "delete" ) {
		copy ("$type/$file", "$bin/$type/$file") or die (print "<meta http-equiv=\"REFRESH\" content=\"0;url=admin.php?m=\"Could not move file, check file permissions of $type&mt=alert\"></HEAD>");
		unlink ("$type/$file");
		$msg = "Moved $file to the recycle bin";
		$msgt = "info";
		logEvent($file.' Deleted (moved to trash)');
	}
	if ( $act == "permdelete" ) {
		unlink ("$bin/$type/$file");
		$msg = "Perminently deleted  $file from recycle bin";
		$msgt = "info";
		logEvent($file.' Purged from trash');
	}
	if ( $act == "undelete" ) {
		copy ("$bin/$type/$file", "$type/$file") or die (print"<meta http-equiv=\"REFRESH\" content=\"0;url=admin.php?m=Could not move file, check file permissions of $type\ and $bin&mt=alert\"></HEAD>");
		unlink ("$bin/$type/$file");
		$msg = "Restored $file from recycle bin.";
		$msgt = "info";
		logEvent($file.' restored from trash');
	}
?>
<!DOCTYPE html>
<html>
   <head>
	<?php 
	$header = file_get_contents("./inc/header");
	$meta = file_get_contents("./inc/meta");
	$footer = file_get_contents("./inc/footer");
	include('./inc/folders.inc.php'); //required to list pages in nav menu

	?>
	<link href="./css/admin_style.css" type="text/css" rel="stylesheet">
	<title>Peardrop Admin Panel</title>
	<meta name="author" content="Ron Laws">
	<meta charset="utf-8">
	<SCRIPT LANGUAGE="JavaScript">
		<!-- Original:  Wayne Nolting (hide@address.com) -->

		<!-- This script and many more are available free online at -->
		<!-- The JavaScript Source!! http://javascript.internet.com -->

		<!-- Begin
		function verify() {
		var themessage = "You are required to complete the following fields: ";
		if (document.form.password.value=="") {
		themessage = themessage + " - Password";
		}
		if (document.form.email.value=="") {
		themessage = themessage + " -  E-mail";
		}
		//alert if fields are empty and cancel form submit
		if (themessage == "You are required to complete the following fields: ") {
		document.form.submit();
		}
		else {
		alert(themessage);
		return false;
		   }
		}
		//  End -->
	</script>
	<script type="text/javascript" src="./ckeditor/ckeditor.js"></script>
	    <link rel="stylesheet" href="./CodeMirror/lib/codemirror.css">
	    <script src="./CodeMirror/lib/codemirror.js"></script>
	    <script src="./CodeMirror/lib/util/overlay.js"></script>
	    <script src="./CodeMirror/mode/xml/xml.js"></script>
	    <script src="./CodeMirror/mode/css/css.js"></script>
	<link rel="stylesheet" type="text/css" href="./css/pro_dropdown_3.css" />
	<script src="./js/stuHover.js" type="text/javascript"></script>
	  <script src="./js/jquery-latest.js"></script>
	  <script>
	  $(document).ready(function(){
	   setTimeout(function(){
	  $("div.msgbox").fadeOut("slow", function () {
	  $("div.msgbox").remove();
	      });
	    
	}, 6000);
	 });
	  </script>
	  <!-- AJAX for directories-->
		 <script>
		var auto_refresh = setInterval(
		function()
		{
		$('#loaddivImages').load('./inc/images.php').fadeIn("slow");
		}, 2000);
		</script>
		 <script>
		var auto_refresh = setInterval(
		function()
		{
		$('#loaddivDocs').load('./inc/docs.php').fadeIn("slow");
		}, 2000);
		</script>
		 <script>
		var auto_refresh = setInterval(
		function()
		{
		$('#loaddivTrash').load('./inc/bin.php').fadeIn("slow");
		}, 2000);
		</script>

		 <script>
		var auto_refresh = setInterval(
		function()
		{
		$('#loaddivPages').load('./inc/pages.php').fadeIn("slow");
		}, 2000);
		</script>	
	
   </head>
<body>
	<div id="overlay" style="display:none" class="toggle">
	<h1>File Uploader<a  href="javascript:hide('overlay')"><img  src="./img/close.png" alt="(X)" title="Close"></a></h1>
	
		<div id="box-overlay">
		
		</div>
	</div>
<div id="container">
<?php
	if ($msg == "") { //check that something above hasnt printed a message
		$msg = $_GET['m'];
	}
	if ($msgt == "") { //check that something above hasnt printed a message type
		$msgt = $_GET['mt'];
	}
	$type = $_GET['t'];
	//Print a messege if theres one.
	if (file_exists("./install.php")) { //check for installer first And print an alert.
		$msg = "WARNING!!! install.php is still present, for security reasons you must delete this file!";
		$msgt = "alert";
		
	}
	if ( $msg != NULL) {
			if ( $msgt == "info" ) {
				echo("<div class=\"msgbox\"><p><img class=\"align-left\" src=\"./img/info.png\" alt=\"info\">$msg</p></div>");
		} 
			if ( $msgt == "alert" ) {
				echo("<div class=\"msgbox\"><p><img class=\"align-left\" src=\"./img/alert.png\" alt=\"alert\">$msg</p></div>");
		}
		
	}
	
?>   
	<ul id="nav">
		<li class="top"><a href="#" id="products" class="top_link"><span class="down">File</span></a>
		<ul class="sub">
			<li><a href="#" class="fly">New Page</a>
					<ul>
						<li><a href="admin.php?do=edit">Easy Editor</a></li>
						<li><a href="admin.php?do=advanced-edit">Source Editor</a></li>
					</ul>
			</li>
			<li> <!-- <a href="javascript:show('overlay')">Upload</a> -->
			<a href="javascript: void(0)" 
					   onclick="window.open('admin.php?savedata=form', 
					  'windowname1', 
					  'width=350, height=300'); 
					   return false;">Upload Files</a>
			</li>
			<li><b>Open Page In</b></li>
			<li><a href="#" class="fly">Easy Editor</a>
						<?php
						// print 'em
						print("<ul>");
						print("<li><b>Listed Pages</b></li>");
						// loop through the array of files and print them all
						for($index=0; $index < $indexCount; $index++) {
							if (substr("$dirArray[$index]", 0, 1) != "."){ // don't list hidden files
								print("<li><a href=\"admin.php?do=edit&t=content&f=$dirArray[$index]\">$dirArray[$index]</a></li>");
							}
						}
						// print Hidden Pages
						print("<li><b>Hidden Pages</b></li>");
						// loop through the array of files and print them all
						for($indexh=0; $indexh < $indexCounth; $indexh++) {
							if (substr("$dirArrayh[$indexh]", 0, 1) != "."){ // don't list hidden files
							print("<li><a href=\"admin.php?do=advanced-edit&t=content&f=$dirArrayh[$indexh]\">$dirArrayh[$indexh]</a></li>");	
							}
						}
						print ("</ul>");
					?>
			</li>
			<li><a href="#" class="fly">Source Editor</a>
						<?php
						// print Listed Pages
						print("<ul>");
						print("<li><b>Listed Pages</b></li>");
						// loop through the array of files and print them all
						for($index=0; $index < $indexCount; $index++) {
							if (substr("$dirArray[$index]", 0, 1) != "."){ // don't list hidden files
								print("<li><a href=\"admin.php?do=advanced-edit&t=content&f=$dirArray[$index]\">$dirArray[$index]</a></li>");
							}
						}
						// print Hidden Pages
						print("<li><b>Hidden Pages</b></li>");
						// loop through the array of files and print them all
						for($indexh=0; $indexh < $indexCounth; $indexh++) {
							if (substr("$dirArrayh[$indexh]", 0, 1) != "."){ // don't list hidden files
							print("<li><a href=\"admin.php?do=advanced-edit&t=content&f=$dirArrayh[$indexh]\">$dirArrayh[$indexh]</a></li>");	
							}
						}
						print ("</ul>");
					?>
			</li>
			<li><b>Delete Page</b></li>
			<li><a href="#" class="fly">Listed</a>
					
						<?php
						// print Listed Pages
						print("<ul>");
						
						// loop through the array of files and print them all
						for($index=0; $index < $indexCount; $index++) {
							if (substr("$dirArray[$index]", 0, 1) != "."){ // don't list hidden files
								print("<li><a href=\"admin.php?a=delete&f=$dirArray[$index]&t=content\">$dirArray[$index]</a></li>");
							}
						}
						print ("</ul>");
					?>
					
			</li>
			<li><a href="#" class="fly">Hidden</a>
						<?php
						// print Listed Pages
						print("<ul>");
						
						// loop through the array of files and print them all
						for($indexh=0; $indexh < $indexCounth; $indexh++) {
							if (substr("$dirArrayh[$indexh]", 0, 1) != "."){ // don't list hidden files
								print("<li><a href=\"admin.php?a=delete&f=$dirArrayh[$indexh]&t=hidden\">$dirArrayh[$indexh]</a></li>");
							}
						}
						print ("</ul>");
					?>
							
			</li>
			<li><b></b></li>
			<li><a href="admin.php?logout">Log Out</a></li>
		</ul>
	</li>
	<li class="top"><a href="#" id="services" class="top_link"><span class="down">Edit Global...</span></a>
		<ul class="sub">
			<li><a href="admin.php?do=edit-css">CSS Styles</a></li>
			<li><a href="admin.php?do=edit-header">Header Tags</a></li>
		</ul>
	</li>
	<li class="top"><a href="#" id="contacts" class="top_link"><span class="down">Admin</span></a>
		<ul class="sub">
			<li><a href="admin.php?do=passwd">User Info</a></li>
			<li><a href="admin.php?do=edit-meta">Site details</a></li>
			<li><a href="admin.php?do=updates">Check Updates</a></li>
			<li><a href="admin.php?do=log">View Log</a></li>	
		</ul>
	</li>
	<li class="top"><a href="#" class="top_link"><span class="down">Help</span></a>
		<ul class="sub">
			<li><a href="http://peardrop.coolmediatech.com/index.php/Documentation" target="_blank">Peardrop Wiki</a></li>
			<li><a href="http://peardrop.coolmediatech.com/index.php/Report_Bugs" target="_blank">Report A Bug</a></li>
		</ul>
	</li>
	<img class="logo-icon" src="./img/peardrop-logo.png" alt="logo">
	</ul>
	<!--Start Content -->
	<div id="content">
<?php

	//Check that the page id has no illegal expressions
	if (strstr($page, "/")) {
	$page = NULL; //NULL the $page variable forcing the script to load the home page
	}
	if (strstr($page, ":")) {
	$page = NULL; //NULL the $page variable forcing the script to load the home page
	}
	if (strstr($page, ".")) {
	$page = NULL; //NULL the $page variable forcing the script to load the home page
	}
	//If blank load the home page
	if ( $page == NULL ) {
	?>	
	<div id="images-box" class="box-float">
	<img class="box-float-icon" src="./img/image.png" alt="images"> 
	<h3>Images</h3>
		<div id="loaddivImages" class="small-box-list">
		<!-- Empty, this is handled by AJAX -->		
		</div>
	</div>
	
	<div id="pages-box" class="box-float">
	<img class="box-float-icon" src="./img/page.png" alt="pages">
	<h3>Pages</h3>
	<div id="loaddivPages" class="big-box-list">
		<!-- Empty, this is handled by AJAX -->			
		</div>
	</div>

	<div id="docs-box" class="box-float">
	<img class="box-float-icon" src="./img/folder.png" alt="docs">
	<h3>Docs</h3>
	<div id="loaddivDocs" class="big-box-list">
		<!-- Empty, this is handled by AJAX -->		
		</div>
	</div>

	<div id="trash-box" class="box-float">
	<img class="box-float-icon" src="./img/trash.png" alt="trash">
	<h3>Trash</h3>
	<div id="loaddivTrash" class="small-box-list">
		<!-- Empty, this is handled by AJAX -->		
		</div>
	</div>

	<?php
	} else {
		print('<a href="admin.php">&lt;&lt;Back to Admin Home</a><p>');
		include("./inc/$page.inc.php");
		print('</p>');
	}

	?>
</div>
<div id="footer">Peardrop CMS</div>
</body>
</html>
Return current item: Peardrop CMS