<?
#################################################################################################
#
# project : phpBannerEx
# filename : adm.php
# last modified by :
# e-mail : hide@address.com
# purpose : adminpanel
#
#################################################################################################
# Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");
db_connect();
ReadConfig();
$user = authorize();
if($user[ur_id] != 1) {
unauthorize();
print "<script> document.location=document.location; </script>";
exit;
}
function main_list() {
global $lang;
echo "<center>\n";
$sql = "SELECT * FROM site WHERE st_status = 0";
$res = db_query($sql);
if(mysql_num_rows($res) > 0) {
echo "<form name=\"frmBann\" method=post>\n";
echo "<h1>".get_msg(notapproved,$lang)." ".get_msg(sites,$lang)."</h1>\n";
echo "<table class=list width=50%>\n";
echo " <tr>\n";
echo " <th class=list>".get_msg(sitecode,$lang)."</th>\n";
echo " <th class=list>".get_msg(sitetitle,$lang)."</th>\n";
echo " <th class=list>".get_msg(status,$lang)."</th>\n";
echo " </tr>\n";
while($row = mysql_fetch_array($res)) {
if($row[st_status]) {
$status = get_msg(approved,$lang);
} else {
$status = get_msg(notapproved,$lang);
}
echo " <tr>\n";
echo " <td class=list>$row[st_id]</td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=site_view&bid=$row[st_id]\">$row[st_name]</a></td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=site_appr&bid=$row[st_id]&ret=1\">$status</a></td>\n";
echo " </tr>\n";
}
echo "</table>\n";
echo "<p>\n";
echo "</form>\n";
}
echo "<form name=\"frmCust\" method=post>\n";
echo "<h1>".get_msg(customers,$lang)."</h1>\n";
echo "<table class=list width=50%>\n";
echo " <tr>\n";
echo " <th class=list>".get_msg(username,$lang)."</th>\n";
echo " <th class=list>".get_msg(email,$lang)."</th>\n";
echo " <th width=60 class=list>".get_msg(sites,$lang)."</th>\n";
echo " <th width=60 class=list>".get_msg(password,$lang)."</th>\n";
echo " <th width=60 class=list>".get_msg(delete,$lang)."</th>\n";
echo " </tr>\n";
$sql = "SELECT * FROM user";
$res = db_query($sql);
while($row = mysql_fetch_array($res)) {
$sql2 = "SELECT st_id FROM site WHERE st_status=1 AND st_user_ref='$row[ur_id]'";
$res2 = db_query($sql2);
$sitecount = mysql_num_rows($res2);
echo " <tr>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=user_mod_form&uid=$row[ur_id]\"> $row[ur_name] </a></td>\n";
echo " <td class=list><a href=\"mailto:$row[ur_mail]\"> $row[ur_mail] </a></td>\n";
echo " <td class=list>";
if ($sitecount>0) {
echo "<a href=\"adm.php?lang=$lang&act=site_list&uid=$row[ur_id]\">".get_msg(view,$lang);
} else {
echo "0";
}
echo "</a></td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=user_psw_form&uid=$row[ur_id]\">".get_msg(change,$lang)."</a></td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=user_del&uid=$row[ur_id]\">".get_msg(delete,$lang)."</a></td>\n";
echo " </tr>\n";
}
echo "</table>\n";
echo "<p>\n";
echo "<a href=\"adm.php?lang=$lang&act=user_add_form\">".get_msg(adduser,$lang)."</a>\n";
echo "</form>\n";
echo "<p>\n";
}
# Customers Administration
function user_add_form() {
global $lang;
echo "<center>\n";
echo "<form name=\"frmCust\" method=post>\n";
echo "<h1>".get_msg(adduser,$lang)."</h1>\n";
echo "<table class=standard>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(username,$lang)."</td>\n";
echo " <td class=standard><input type=text name=\"ur_name\"</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(password,$lang)."</td>\n";
echo " <td class=standard><input type=password name=\"ur_pasw1\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(retype,$lang)."</td>\n";
echo " <td class=standard><input type=password name=\"ur_pasw2\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(email,$lang)."</td>\n";
echo " <td class=standard><input type=text name=\"ur_mail\"></td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<p>\n";
echo "<input type=hidden name=act value=user_add>\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "<input type=submit value=\"".get_msg(submit,$lang)."\">\n";
echo "</form>";
}
function user_add() {
global $ur_name, $ur_mail, $ur_pasw1, $ur_pasw2,$lang;
$sql = "SELECT ur_name FROM user WHERE ur_name='$ur_name'";
$res = db_query($sql);
$row = mysql_fetch_row($res);
if(!$ur_name || !$ur_pasw1 || $ur_pasw1 != $ur_pasw2 || !$ur_mail || $row[0] == $ur_name) {
echo "<center>\n";
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if(!$ur_name) { echo get_msg(error_emptyusername,$lang)."!<br>\n"; }
if(!$ur_pasw1) { echo get_msg(error_emptyuserpasw,$lang)."!<br>\n"; }
if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."!<br>\n"; }
if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."!<br>\n"; }
if($row[0] == $ur_name) { echo get_msg(error_userdup,$lang)."!<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
echo "<FORM action=\"adm.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
} else {
$sql = "INSERT INTO user (ur_name, ur_pasw, ur_mail) VALUES ('$ur_name', '$ur_pasw1', '$ur_mail')";
$res = db_query($sql);
main_list();
}
}
function user_mod_form() {
global $uid,$lang;
$sql = "SELECT * FROM user WHERE ur_id = '$uid'";
$res = db_query($sql);
$row = mysql_fetch_array($res);
echo "<center>\n";
echo "<form name=\"frmCust\" method=post>\n";
echo "<h1>".get_msg(edituser,$lang)."</h1>\n";
echo "<table class=standard>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(username,$lang)."</td>\n";
echo " <td class=standard><input type=text name=\"ur_name\" value=\"$row[ur_name]\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(email,$lang)."</td>\n";
echo " <td class=standard><input type=text name=\"ur_mail\" value=\"$row[ur_mail]\"></td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<p>\n";
echo "<input type=hidden name=act value=user_mod>\n";
echo "<input type=hidden name=uid value=\"$uid\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "<input type=submit value=\"".get_msg(submit,$lang)."\">\n";
echo "</form>";
}
function user_mod() {
global $uid, $ur_name, $ur_mail, $ur_pasw1, $ur_pasw2,$lang;
$sql = "SELECT ur_name,ur_id FROM user WHERE ur_name='$ur_name'";
$res = db_query($sql);
$row = mysql_fetch_row($res);
if(!$ur_name || !$ur_mail || ($row[0] == $ur_name && $row[1] != $uid)) {
echo "<center>\n";
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if($ur_name && $row[0] == $ur_name && $row[1] != $uid) { echo get_msg(error_userdup,$lang)."!<br>\n"; }
if(!$ur_name) { echo get_msg(error_emptyusername,$lang)."!<br>\n"; }
if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."!<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
echo "<FORM action=\"adm.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
} else {
$sql = "UPDATE user SET ur_name='$ur_name', ur_mail='$ur_mail' WHERE ur_id='$uid'";
$res = db_query($sql);
main_list();
}
}
function user_psw_form() {
global $uid,$lang;
echo "<center>\n";
echo "<form name=\"frmCust\" method=post>\n";
$sql = "SELECT * FROM user WHERE ur_id = '$uid'";
$res = db_query($sql);
$row = mysql_fetch_array($res);
echo "<h1>".get_msg(changepassword, $lang)."</h1>\n";
echo "<table class=standard>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(username, $lang)."</td>\n";
echo " <td class=standard>$row[ur_name]</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(password, $lang)."</td>\n";
echo " <td class=standard><input type=password name=\"ur_pasw1\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=standard>".get_msg(retype, $lang)."</td>\n";
echo " <td class=standard><input type=password name=\"ur_pasw2\"></td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<p>\n";
echo "<input type=hidden name=act value=user_psw>\n";
echo "<input type=hidden name=uid value=\"$uid\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "<input type=submit value=\"".get_msg(submit, $lang)."\">\n";
echo "</form>";
}
function user_psw() {
global $uid, $ur_pasw1, $ur_pasw2,$lang;
if(!$ur_pasw1 || $ur_pasw1 != $ur_pasw2) {
echo "<center>\n";
echo "<table class=\"standard\">\n";
echo " <tr>\n";
echo " <td class=\"standard\">\n";
echo " <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <td class=\"standard\">\n";
if(!$ur_pasw1) { echo get_msg(error_emptyuserpasw,$lang)."!<br>\n"; }
if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."!<br>\n"; }
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "</center>\n";
echo "<FORM action=\"adm.php\" method=\"POST\">\n";
echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
if(isset($lang)) { echo " <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
echo "</FORM>\n";
echo "<p>\n";
} else {
$sql = "UPDATE user SET ur_pasw = '$ur_pasw1' WHERE ur_id = '$uid'";
$res = db_query($sql);
main_list();
}
}
function user_del() {
global $uid;
$sql = "DELETE FROM user WHERE ur_id = '$uid'";
$res = db_query($sql);
main_list();
}
# Site Administration
function site_list() {
global $uid,$lang;
echo "<form name=\"frmBann\" method=post>\n";
echo "<h1>".get_msg(sites,$lang)."</h1>\n";
echo "<table class=list width=80%>\n";
echo " <tr>\n";
echo " <th class=list>".get_msg(sitecode,$lang)."</th>\n";
echo " <th class=list>".get_msg(sitetitle,$lang)."</th>\n";
echo " <th class=list>".get_msg(status,$lang)."</th>\n";
echo " <th class=list>".get_msg(shows,$lang)."</th>\n";
echo " <th class=list>".get_msg(clicks,$lang)."</th>\n";
echo " <th width=60 class=list>".get_msg(delete,$lang)."</th>\n";
echo " </tr>\n";
$sql = "SELECT * FROM site WHERE st_user_ref='$uid' ORDER BY st_id"; $res = db_query($sql);
while($row = mysql_fetch_array($res)) {
if($row[st_status]) {
$status = get_msg(approved,$lang);
} else {
$status = get_msg(notapproved,$lang);
}
echo " <tr>\n";
echo " <td class=list>$row[st_id]</td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=site_view&bid=$row[st_id]\">$row[st_name]</a></td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=site_appr&uid=$uid&bid=$row[st_id]\">$status</a></td>\n";
$ratio = 0;
if ($row[st_show_me] > 0 ) { $ratio = $row[st_show_my]/$row[st_show_me]; }
echo " <td class=list>".sprintf("%d / %d (%3.2f)",$row[st_show_my],$row[st_show_me],$ratio)."</td>\n";
echo " <td class=list>$row[st_click_my]</td>\n";
echo " <td class=list><a href=\"adm.php?lang=$lang&act=site_del&bid=$row[st_id]\">".get_msg(delete,$lang)."</a></td>\n";
echo " </tr>\n";
}
echo "</table>\n";
echo "</form>\n";
echo "<p>\n";
echo "<a href=\"adm.php?lang=$lang&\">".get_msg(customers,$lang)."</a>\n";
echo "<p>\n";
}
function site_view() {
global $bid, $lang, $show_categories;
$sql = "SELECT * FROM site WHERE st_id='$bid'";
$ban = mysql_fetch_array(db_query($sql));
echo "<table class=list width=50%>\n";
echo " <tr>\n";
echo " <th colspan=2 class=list>".get_msg(site,$lang)."</th>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=list>".get_msg(siteurl,$lang)."</td>\n";
echo " <td class=list>$ban[st_url]</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=list>".get_msg(sitetitle,$lang)."</td>\n";
echo " <td class=list>$ban[st_name]</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=list>".get_msg(sitedesc,$lang)."</td>\n";
echo " <td class=list>".nl2br($ban[st_desc])."</td>\n";
echo " </tr>\n";
if ($show_categories) {
if($lang) {
$sql = "SELECT ct_id, cl_name FROM cat LEFT JOIN cat_l ON (ct_id = cl_cat_ref) WHERE cl_lang_ref='$lang' ORDER BY cl_name";
} else {
$sql = "SELECT ct_id, ct_name FROM cat ORDER BY ct_name";
}
$cat = mysql_fetch_row(db_query($sql));
echo " <tr>\n";
echo " <td class=list>".get_msg(category,$lang)."</td>\n";
echo " <td class=list>$cat[1]</td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <th colspan=2 class=list>".get_msg(banner,$lang)."</th>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td colspan=2 class=list><img src=\"adm_show.php?id=$ban[st_id]\"></th>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<p>\n";
echo "<FORM method=\"POST\">\n";
echo "<INPUT TYPE=\"button\" name=\"Done_submit\" onclick=\"javascript:history.back()\" VALUE=\"".get_msg(done,$lang)."\">\n";
echo "</FORM>\n";
echo "<p>\n";
}
function site_appr() {
global $bid, $ret;
$sql = "UPDATE site SET st_status=1-st_status WHERE st_id='$bid'";
db_query($sql);
if($ret == 1) {
$sql = "SELECT st_id, st_user_ref FROM site WHERE st_id='$bid'";
$res = db_query($sql);
$sit = mysql_fetch_array($res);
$sql = "SELECT * FROM user WHERE ur_id='$sit[st_user_ref]'";
$res = db_query($sql);
$usr = mysql_fetch_array($res);
mail_appnotifyuser($usr[ur_name], $usr[ur_pasw], $usr[ur_fname], $usr[ur_lname], $usr[ur_mail]);
main_list();
} else {
site_list();
}
}
function site_del() {
global $bid;
$sql = "DELETE FROM site WHERE st_id='$bid'";
db_query($sql);
site_list();
}
include($addheader);
include("adm_menu.inc");
if(!$act) { main_list(); }
if($act == "user_add_form") { user_add_form(); }
if($act == "user_add") { user_add(); }
if($act == "user_mod_form") { user_mod_form(); }
if($act == "user_mod") { user_mod(); }
if($act == "user_psw_form") { user_psw_form(); }
if($act == "user_psw") { user_psw(); }
if($act == "user_del") { user_del(); }
if($act == "site_list") { site_list(); }
if($act == "site_view") { site_view(); }
if($act == "site_appr") { site_appr(); }
if($act == "site_del") { site_del(); }
include("$addfooter");
?>