Location: PHPKode > projects > Spam free PHP GuestBook > guestbook/gb/admin/include/clsmain.php
<?php
/*
Copyright (c) 2008 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class clsmain
{
protected $site;
protected $list_perpage=20;
protected $prefix;

function __construct()
{
        include "../include/connection.php";
        $db=new connection('../');
        $this->prefix=$db->get_prefix();
        $this->site=$db->siteinf();
}

protected function validate_user()
{
        if($this->validate_pw()){return true;}
        $query  = "SELECT login, session FROM ".$this->prefix."admin";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(isset($_SESSION['fw_admin'])&&($_SESSION['fw_admin']===$row['session']) && ($_SERVER['REMOTE_ADDR']==$row['login'])){return true;}
        return false;
}

private function validate_pw()
{
        if(empty($_POST['password'])||empty($_POST['name'])){return false;}
        $_SESSION['fw_try']=((isset($_SESSION['fw_try']))? 1+$_SESSION['fw_try'] : 1);
        if($_SESSION['fw_try'] > 3){return false;}
        $name=bin2hex(htmlspecialchars(fw_strip_slashes(trim($_POST['name']))));
        $pass=md5(fw_strip_slashes(trim($_POST['password'])));
        $query ="SELECT* FROM ".$this->prefix."admin";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(($pass==$row['password'])&&($name==bin2hex($row['user']))){
            $random=fw_random();
            $random=substr($random,0,12);
            $_SESSION['fw_admin']=$random;
            $_SESSION['fw_try']=0;
            $addr=$_SERVER["REMOTE_ADDR"];
            $query="UPDATE ".$this->prefix."admin SET login = '$addr', session = '$random'";
            if(@mysql_query($query)!==false){return true;}
        }
}

protected function log_out()
{
        unset($_SESSION['fw_admin']);
        $query = "UPDATE ".$this->prefix."admin SET login ='' AND session =''";
        @mysql_query($query);
        $this->log_in();
}

protected function log_in()
{
        if(file_exists("../database/newlogin.php")){
              $this->update_password();
              $message='<div style="background:#dfdfdf; clear:both; padding:5px; color:#338833;"><b>Your user name and password has been updated.</b></div>';}
        $message=$this->msg;
		$this->build_head("Login",'<script type="text/javascript" src="script/admin.js"></script>');
        include "include/login.php";
        $this->build_footer();
}

protected function build_head($title, $script='')
{
        $leftmenu='';
        if(isset($_SESSION['fw_admin'])){
            $leftmenu.= '<a href="index.php?qur=2M">Post</a>';
            $leftmenu.= '&nbsp;|&nbsp;<a href="index.php?qur=9M">Comments</a>';
            $leftmenu.= '&nbsp;|&nbsp;<a href="index.php?qur=3M">User</a>';
			$leftmenu.= '&nbsp;|&nbsp;<a href="index.php?qur=6M">Settings</a>';
            $leftmenu.= '&nbsp;|&nbsp;<a href="index.php?qur=0M5M">Logout</a>';
        }
        else{
            $leftmenu.= '<a href="index.php">Login</a>';
            $leftmenu.= '&nbsp;|&nbsp;<a href="index.php?qur=8M2">Forget password</a>';
        }
        include "include/head.php";
}

protected function build_footer()
{
        include "include/footer.html";
        exit;
}

private function forget_password()
{
        if((empty($_POST['newname']))||(empty($_POST['newpw']))){
             $this->build_head("Forget password",'<script type="text/javascript" src="script/forget.js"></script>');
             include "include/forget.php";
             $this->build_footer();
        }
        else{
             $s='<?php exit; ?>'."\n";
             $s.='//Do not edit this file. Please upload it to your '.fw_get_docroot().'gb/database/ directory.'."\n";
             $s.=$_POST['newname'].'< >'.md5(fw_strip_slashes($_POST['newpw']));
             $filename='newlogin.php';
             @header("Content-type: application/text");
             @header("Content-Disposition: attachment; filename=$filename");
             echo $s;
        }
}

private function update_password()
{
        if(($lines=@file("../database/newlogin.php"))===false){return;}
        $data=explode('< >',$lines[2]);
        $newuser=$data[0];
        $newpassword=trim($data[1]);
        $query="UPDATE ".$this->prefix."admin SET user = '$newuser', password = '$newpassword'";
        @mysql_query($query);
        @unlink("../database/newlogin.php");
}

public function get_query($query='')
{
    if ($this->validate_user()){
          switch ($query[1]) {
          case "5":
              $this->log_out();
          break;
          default :
              $this->show_list(1,0,0,0);}
    }
    else {
         switch ($query[1]){
          case "2":
              $this->forget_password();
          break;
          default :
              $this->log_in();}}
}

protected function show_list($page,$uid,$sortColumn,$sortDirection)
{
        $search='';
        $sortDir=((empty($sortDirection))? 'Desc' : 'Asc');
		$sort_arr=array('tp.id','tp.title','c','tp.date');
        $sortCol=$sort_arr[$sortColumn];
        if(!empty($_GET['SearchFileString'])){$search=htmlspecialchars(fw_strip_slashes($_GET['SearchFileString']));}
        $this->build_head("Post list", "");
		$query="SELECT id FROM ".$this->prefix."post WHERE ";
		if(!empty($uid)){$query.="uid = $uid AND ";}
		$query.="title LIKE '%%%s%%' OR keywords LIKE '%%%s%%'";
        $result = @mysql_query(sprintf($query,mysql_real_escape_string($search),mysql_real_escape_string($search)));
        $num_rows = @mysql_num_rows($result);
        $start_count=($page-1)*$this->list_perpage;
        $totalpage=fw_total_page($num_rows, $this->list_perpage);
        $query ="SELECT tp.id, tp.uid, tp.locked, tp.title, tp.date, tp.publish, IF(ISNULL(tc.id), 0,COUNT(tc.id)) AS c, tu.user FROM ".$this->prefix."post tp LEFT JOIN ".$this->prefix."comments tc ON tp.id=tc.pid LEFT JOIN ".$this->prefix."user tu ON tp.uid=tu.id WHERE ";
		if(!empty($uid)){$query.="tp.uid = $uid AND ";}
		$query.="(tp.title LIKE '%%%s%%' OR tp.keywords LIKE '%%%s%%') GROUP BY tp.id ";
		$query.="ORDER BY $sortCol $sortDir LIMIT ".$start_count.", ".$this->list_perpage;
		$query=sprintf($query,mysql_real_escape_string($search),mysql_real_escape_string($search));
        echo '<table id="list"><tr><td width="62%" class="heading" style="border-left:1px solid #d0d0d0;">';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M1M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M1M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Title</td>';
		echo '<td width="16%" class="heading">';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M2M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M2M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Comments</td>';
		echo '<td width="8%" class="heading" style="text-align:center;">User</td>';
		echo '<td width="14%" class="heading" style="border-right:#888888;">';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M3M1"><img src="images/asc.gif" onmouseover="this.src=\'images/asc-h.gif\'" onmouseout="this.src=\'images/asc.gif\'" /></a>';
		echo '<a href="index.php?qur=2M6M1M'.$uid.'M3M0"><img src="images/dsc.gif" onmouseover="this.src=\'images/dsc-h.gif\'" onmouseout="this.src=\'images/dsc.gif\'" /></a>Modified</td></tr>';
		echo '<tr><td colspan="4"><a title="Remove filter" href="index.php?qur=2M">Post list:</a></td></tr>';
        $result = @mysql_query($query);
        while($row = @mysql_fetch_array($result, MYSQL_ASSOC))
        {
            echo '<tr onMouseOver="this.className=\'highlight\'" onMouseOut="this.className=\'normal\'">';
			$src='<img title="Approved" src="images/approved.gif" alt="P" />';$color='approved';
            if($row['locked']==='Y'){$src='<img title="Locked" src="images/locked.gif" alt="L" />';$class='lock';}
			if($row['publish']!=='Y'){$src='<img title= "Pending approval" src="images/unpublished.gif" alt="U" />';$class='pending';}
            echo '<td>'.$src.'<a class="'.$class.'" href="index.php?qur=2M1M'.$row['id'].'">'.$row['title'].'</a></td>';
            echo '<td>'.((empty($row['c']))? 'Comment(0)' : '<a href="index.php?qur=9M6M1M0M'.$row['id'].'M0M0">Comment('.$row['c'].')</a>').'</td>';
			echo '<td style="text-align:center;"><a href="index.php?qur=3M7M'.$row['uid'].'">'.$row['user'].'</a></td>';
            echo '<td>'.date("M d, H:i", $row['date']).'</td></tr>';
        }

        echo '<tr><td colspan="4"><b>No. of pages:&nbsp;'.$totalpage.'</b>&nbsp;&nbsp;&nbsp;';
        $start=(($page>10)? $page-10 : 1);
        $end=(($totalpage<=21)? $totalpage : $start+20);
        echo(($page>1)? '<a href="index.php?qur=2M6M'.($page-1).'M'.$uid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">Back</a>&nbsp;' : '<span style="color:#808080;">Back</span>&nbsp;');
        for($p=$start; $p<=$end; $p++){
             if($p==$page){echo '<span style="color:#808080;">['.$p.']</span>&nbsp;';}
             else{echo '[<a href="index.php?qur=2M6M'.$p.'M'.$uid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">'.$p.'</a>]&nbsp;';}
        }
        echo(($page<$totalpage)? '<a href="index.php?qur=2M6M'.($page+1).'M'.$uid.'M'.$sortColumn.'M'.$sortDirection.'&SearchFileString='.$search.'">Next</a>&nbsp;' : '<span style="color:#808080;">Next</span>&nbsp;');
        echo '</td></tr>';
        echo '<tr><td colspan="4" style="background:#e0e0e0; padding-bottom:0;">';
        echo '<form name="frmSearchList" style="float:right; margin:0; color:#000000;" onSubmit="return fw_search(\'index.php?qur=2M6M1M0M0M0\');">';
        echo 'Search file:&nbsp;<input name="txtSearch" style="padding-left:5px; width:180px; font-size:11px; color:#666666;" type="text" value="';
        echo (($search=='')? 'Type few characters...' : $search);
        echo '" size="20" onclick="fw_cleartext(this,\'Type few characters...\');">&nbsp;<input name="Submit" type="button" style="width:80px; font-size:11px; color:#333333;" value="Search" onClick="fw_search(\'index.php?qur=2M6M1M0M0M0\');"></form></td></tr></table>';
        echo '</div>';
        $this->build_footer();
}
}
?>
Return current item: Spam free PHP GuestBook