xGB

"; /* Date-Format (uses the same syntax as the date() function from PHP) */ $cfg['date_format'] = "d.m.y, H:i"; class admin { var $xgb; // xgb-obj. /* constructor */ function admin() { $this->xgb = new xGB; // create xgb-obj. // what to do? ;) if( empty($_GET['do']) ) $do = $_POST['do']; else $do = $_GET['do']; // Security if( !empty($_REQUEST['do']) && $_REQUEST['do'] != "login" && $_REQUEST['do'] != "logout") { if( !$this->check() ) die("Sorry, you're not an admin!"); } switch($do) { default: if($this->check()) echo $this->menu(); else echo $this->logon(); break; case login: break; case logout: @session_unset(); @session_destroy(); echo "Thanks, logged out --> Main Page\n"; exit; case edit_del: echo $this->xgb->get_posts(); break; case del: if( csv::delete($_GET['id']) ) echo "Thanks, message deleted --> Main Page\n"; else echo "Sorry, could not delete message ..."; break; case edit: echo $this->edit_form($_GET['id']); break; case edit_msg: if( csv::save_edited_msg($_POST['id']) ) echo "Thanks, message edited --> Main Page\n"; else echo "Sorry, could not edit message ..."; break; case badwords: echo $this->badwords(); break; case save_badwords: if( csv::save_badwords() ) echo "Thanks, badwords saved --> Main Page\n"; else echo "Sorry, could not save badwords ..."; break; case smilies: echo $this->smilies(); break; case new_smilie: if( csv::add_smilie() ) echo "Thanks, new smilie saved --> Main Page\n"; else echo "Sorry, could not save smilie ..."; break; case delete_smilie: if( csv::del_smilie() ) echo "Thanks, new smilie deleted --> Main Page\n"; else echo "Sorry, could not delete smilie ..."; break; } } /* logged on? */ function check() { global $cfg; if( $_SESSION['xgb_pass'] == $cfg['admin_pass']) return true; else return false; } /* login-form */ function logon() { return <<

!!! Please note that cookies are required here !!!
[ back ] EOF; } /* validate login */ function check_login_data() { global $cfg; if($_POST['pass'] == $cfg['admin_pass']) { // start sess. $_SESSION['xgb_pass'] = $_POST['pass']; return true; } else { return false; } } /* admin-menu */ function menu() { return <<xGB 2.0 Admin-Menu
[ Edit/Delete Messages | Edit Badwords | Edit Smilies | visit x-dev.de ]
[ Logout ] :: [ Main ] EOF; } /* edit-form */ function edit_form($id) { // get line foreach( file("csv/posts.txt") as $line) { if( preg_match("/^".$_GET['id']."/i", $line) ) { $data = explode("²",$line); break; } } // replace
with \n $data['4'] = preg_replace("/
/i", "\n", $data['4']); return << Name:

E-Mail:

Homepage:

Message:
$data[4]

EOF; } /* show off the badwords */ function badwords() { // get them $fp = fopen("csv/badwords.txt","r"); $bw = fread($fp, filesize("csv/badwords.txt") ); fclose($fp); clearstatcache(); return <<Enter badwords seperatated with , !
Example: Bullshit,Ass,Shit,Damn

$bw

EOF; } /* show smilies & form to add a new one */ function smilies() { $main = new xGB; $html = "Add a new Smile:
The image must be uploaded to the 'img' folder!
\n"; $html .= "
\n"; $html .= "\n"; $html .= "\n"; $html .= "\n"; $html .= " \n
\n"; $html .= " "; $html .= "
\n
\nAvailable Smilies:
\n"; $html .= "
".$main->show_smilies(true)."
\n"; return $html; } ) class csv { var $_output = array(); /* save a posting to csv/posts.txt */ function _save_posting($mail, $name, $page, $post) { $fp = fopen("csv/posts.txt", "a"); // del \n 's, ^ 's and \r 's $post = nl2br($post); $post = preg_replace("/\n|\r/is", "" , $post); $post = preg_replace("/²/is", "²", $post); // format the string to write $str = time() . "²" .$mail . "²" .$name . "²" . $page . "²" . $post . "\n"; // write csv flock($fp, LOCK_EX); $write = fputs($fp, $str); flock($fp, LOCK_UN); fclose($fp); if($write) return true; else return false; } /* get posts */ function _get_posts() { global $cfg; $cnt = 0; // get max. line-length $line_len = $cfg['max_email'] + $cfg['max_name'] + $cfg['max_hp_url'] + $cfg['max_posting'] + 10; // start at? if( empty($_GET['s']) ) $start = 0; else $start = $_GET['s']; // to? $to = $start + $cfg['posts_per_page']; // get file $line = array_reverse( file("csv/posts.txt") ); // get posts for($i = $start; $i < $to; $i++) { $row = explode("²", $line[$i]); $this->_output[$cnt]['time'] = $row['0']; $this->_output[$cnt]['mail'] = $row['1']; $this->_output[$cnt]['name'] = $row['2']; $this->_output[$cnt]['page'] = $row['3']; $this->_output[$cnt]['post'] = $row['4']; $cnt++; // is this the end? ;) if($i == count($line) -1) break; } return $this->_output; } /* get total count of posts */ function _get_total_count() { return count( file("csv/posts.txt") ); } /* delete a posting (admin) */ function delete($id) { $new_str = ""; foreach( file("csv/posts.txt") as $line) { if( !preg_match("/^".$id."/", $line) ) $new_str .= $line; } // write csv $fp = fopen("csv/posts.txt","w"); flock($fp, LOCK_EX); $ok = fwrite($fp, $new_str); flock($fp, LOCK_UN); fclose($fp); if($ok) return true; else return false; } /* save an edited msg (admin) */ function save_edited_msg($id) { $new = ""; // del \n 's, ^ 's and \r 's $post = nl2br($_POST['post']); $post = preg_replace("/\n|\r/is", "" , $post); $post = preg_replace("/²/is", "²", $post); foreach( file("csv/posts.txt") as $line) { // replace edited line if( preg_match("/^".$id."/i", $line) ) $new .= $id . "²" .$_POST['mail'] . "²" .$_POST['name'] . "²" . $_POST['page'] . "²" . $post . "\n"; else $new .= $line; } // write csv $fp = fopen("csv/posts.txt","w"); flock($fp, LOCK_EX); $ok = fwrite($fp, $new); flock($fp, LOCK_UN); fclose($fp); if($ok) return true; else return false; } /* save the badwords (admin) */ function save_badwords() { $fp = fopen("csv/badwords.txt","w"); $ok = fwrite($fp, $_POST['badwords'], strlen($_POST['badwords']) ); fclose($fp); if($ok) return true; else return false; } /* add a smilie to the list (admin) */ function add_smilie() { $str = $_POST['code'] . "###" . $_POST['img'] . "\n"; $fp = fopen("csv/smilies.txt", "a"); $ok = fputs($fp, $str); fclose($fp); if($ok) return true; else return false; } /* delete a smilie from the list (admin) */ function del_smilie() { $new_str = ""; foreach( file("csv/smilies.txt") as $line) { $temp = trim( quotemeta($_GET['img']) ); if( !preg_match("/".$temp."/", $line) ) $new_str .= $line; } // write csv $fp = fopen("csv/smilies.txt","w"); fwrite($fp, $new_str); fclose($fp); return true; } } lass xGB { /* var's */ var $html; // html-output string /* add's any html-tag(s) to the output-string */ function show($tags, $br = false) { if($br) $this->html .= $tags . "
" . "\n"; // with
else $this->html .= $tags . "\n"; // no
} /* print sign-form */ function sign_form() { global $cfg; $this->show(""); // html-status if($cfg['html'] == "on") $this->show("[ HTML ".ON." ]"); else $this->show("[ HTML ".OFF." ]"); $this->show(" ".SEPERATOR." "); // bb-code status if($cfg['bb_codes'] == "on") $this->show("[ BB-Codes ".ON." ]"); else $this->show("[ BB-Codes ".OFF." ]"); // smilie-link $this->show(" ".SEPERATOR." [ ".SMILIES." ]",true); $this->show(""); // form $this->show("
\n
"); $this->show("",true); $this->show(ENTER_NAME."
\n
",true); $this->show(ENTER_EMAIL."
\n
",true); $this->show(ENTER_HOMEPAGE."
\n
",true); $this->show(ENTER_MESSAGE."
\n",true); $this->show("
\n"); $this->show(" "); $this->show("
"); // © $this->show( $this->copyright() ); return $this->html; } /* validate a new posting */ function validate() { global $cfg; $error = ""; // error's? if( empty($_POST['name']) ) $error .= "
".ERR_NAME; if( !preg_match("/^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,4}|museum$/i", $_POST['mail']) ) { $error .= "
".ERR_MAIL; } if( !empty( $_POST['page']) && !preg_match("/^http:\/\//i", $_POST['page']) ) $error .= "
".ERR_HP; if( strlen($_POST['post']) < 10) $error .= "
".ERR_POST; if( strlen($_POST['post']) > $cfg['max_posting'] ) $error .= "
".ERR_POSTLEN; // if we have a homepage-string, but only 'http://', let's delete it if( preg_match("/^http:\/\/$/i", $_POST['page']) ) $_POST['page'] = ""; // print error, if we really have one ;) if( $error != "") return "
".ERROR."\n
".$error."\n
\n
".BACK."
"; // parse & save it if( csv::_save_posting($_POST['mail'], htmlentities($_POST['name'], ENT_QUOTES), htmlentities($_POST['page'], ENT_QUOTES), $_POST['post']) ) { // ok-msg return "\n\n
".POST_SAVED."
".REFERER."
"; } else { // error-msg return "Can't save to CSV-File (chmod?). Sorry!"; } } /* parse a posting */ function parse($post) { global $cfg; // html-tags if($cfg['html'] == "off") $post = strip_tags($post, "
"); else $post = strip_tags($post, $cfg['allowed_tags']."
"); // bb-codes if($cfg['bb_codes'] == "on") { $post = preg_replace( "#\[b\](.+?)\[/b\]#is", "\\1", $post); // [b] $post = preg_replace( "#\[i\](.+?)\[/i\]#is", "\\1", $post); // [i] $post = preg_replace( "#\[u\](.+?)\[/u\]#is", "\\1", $post); // [u] } // auto-parse url's $pat = '#(^|[^\"=]{1})(http://|ftp://|mailto:|news:|https://)([^\s<>]+)([\s\n<>]|$)#smi'; $post = preg_replace($pat, "\\1 \\2\\3\\4", $post); // replace badwords $post = $this->badwords($post); // del backslashes $post = stripslashes($post); return $this->_parse_smilies($post); } /* parse smilies */ function _parse_smilies($post) { // get them $smilies = file("csv/smilies.txt"); // replace the, in post foreach($smilies as $row) { $temp = explode("###", $row); $post = preg_replace("/".quotemeta($temp['0'])."/i", "", $post); } return $post; } /* show all smilies (popup) */ function show_smilies($_admin = false) { // read csv $lines = file("csv/smilies.txt"); // table $this->show(""); $this->show(""); if(!$_admin) $this->show(""); foreach($lines as $row) { $temp = explode("###", $row); // admin-links if($_admin) $link = "[ del ]"; else $link = ""; $this->show("\n\t"); $this->show("\t\n"); } $this->show("
".SMILIES."
".SMILIES_INFO."
".$temp['0']." ".$link."
",true); if(!$_admin) $this->show("[ ".CLOSE_WIN." ]"); return $this->html; } /* parse badwords */ function badwords($post) { // get them $fp = fopen("csv/badwords.txt", "r"); $words = fread($fp, filesize("csv/badwords.txt") ); fclose($fp); clearstatcache(); // replace them foreach( explode(",", $words) as $word) { $post = preg_replace("/$word/i", $word{0}.str_repeat( "*", strlen($word)-1 ), $post); } return $post; } /* get posts */ function get_posts() { global $cfg; $cnt = 0; // get data from csv $posts = csv::_get_posts(); for($i = 0; $i < count($posts); $i ++) { /* format & print posting from/with the template */ // is this a converted datestring from xGB v1.0 or a unix-timestamp? if( strlen($posts[$i]['time']) == 10 ) $time = date( $cfg['date_format'], $posts[$i]['time'] ); else $time = $posts[$i]['time']; $name = htmlentities( $posts[$i]['name'], ENT_QUOTES ); $temp = explode("@", $posts[$i]['mail']); $mail = "javascript:contact(\"".$temp['0']."\",\"".$temp['1']."\");"; $post = $this->parse($posts[$i]['post']); // hp if( empty($posts[$i]['page']) ) $page = ""; else $page = "".HOMEPAGE.""; // show admin-options if we're logged in as admin //if( admin::check() && $_GET['do'] == "edit_del" ) echo "Edit ".SEPERATOR." Delete"; if( $_GET['do'] == "edit_del" ) echo "Edit ".SEPERATOR." Delete"; // get template include("inc/template.inc.php"); $cnt++; } echo "
\n" . $this->navi(); echo "
\n" . $this->copyright(); return $this->html; } /* copyright, please don't removet this - thank you in advance */ function copyright() { global $cfg; return "
\n
[ powered by xGB 2.1 ".SEPERATOR." © ".$cfg['page_name']." ".SEPERATOR." admin ]"; } /* menu and total count of posts */ function menu() { if( empty($_GET['act']) && empty($_POST['act']) ) { $count = csv::_get_total_count(); return "
[ ".SIGN." ".SEPERATOR." ".$count." ".TOTAL_POSTS." ]\n

\n"; } elseif( $_GET['act'] == "sign" ) { return "
[ ".MAIN_PAGE." ]\n

\n"; } else { return ""; } } /* navigation */ function navi() { global $cfg; $html = ""; // admin-mode? if($_GET['act'] == "admin") $cc = "&act=admin&do=edit_del"; else $cc = ""; // get navi-var's $all = csv::_get_total_count(); $next = $_GET['s'] + $cfg['posts_per_page']; $prev = $_GET['s'] - $cfg['posts_per_page']; if(!$_GET['s']) $page = 1; else $page = $_GET['s'] / $cfg['posts_per_page'] + 1; // print navi if( isset($_GET['s']) && $_GET['s'] != 0 ) $html .= "[ ".ARROW_BACKWARDS." ] ".SEPERATOR; $html .= " [ ".PAGE." ".$page." ] "; if($_GET['s'] + $cfg['posts_per_page'] < $all) $html .= SEPERATOR." [ ".ARROW_FORWARD." ]\n"; return $html; } } $xgb = new xGB; /* create admins-session */ if($_REQUEST['act'] == "admin") { session_start("xgb"); if($_REQUEST['do'] == "login") { $ad = new admin; include 'inc/header.inc.php'; if( !$ad->check_login_data() ) echo $ad->logon(); else echo $ad->menu(); exit(); } } // misc. define(SEPERATOR ,"::"); define(SUBMIT ,"Submit"); define(CHECK_LEN ,"Check Length"); define(ENTER_EMAIL ,"Your E-Mail:"); define(ENTER_NAME ,"Your Name:"); define(ENTER_HOMEPAGE ,"Your Homepage:"); define(ENTER_MESSAGE ,"Message:"); define(SIGN ,"Sign Guestbook"); define(MAIN_PAGE ,"Main Page"); define(ADMIN ,"Admin"); define(TOTAL_POSTS ,"Total Posts"); define(BACK ,"back"); define(POST_SAVED ,"Thanks, posting saved ..."); define(REFERER ,"Redirecting ..."); define(ON ,"on"); define(OFF ,"off"); define(SMILIES ,"Smilies"); define(SMILIES_INFO ,"[ Click one to add it ]"); define(CLOSE_WIN ,"close window"); define(ADD ,"add"); define(NEXT_PAGE ,"next page"); define(PREV_PAGE ,"prev page"); define(ARROW_FORWARD ,"-->"); define(ARROW_BACKWARDS ,"<--"); define(PAGE ,"Page"); define(HOMEPAGE ,"Homepage"); // error's define(NO_MSG ,"Currently are no postings available!"); define(ERROR ,"The follwing error(s) appeared:"); define(ERR_NAME ,"Please enter a name"); define(ERR_MAIL ,"Please enter a valid eMail"); define(ERR_HP ,"Invalid Homepage-URL"); define(ERR_POST ,"Please enter a posting with 10 chars at least"); define(ERR_POSTLEN ,"Your posting is to long ..."); xGB

/* show menu */ echo $xgb->menu(); /* what are we going to do right now? */ if( isset($_GET['act']) ) $act = $_GET ['act']; else $act = $_POST['act']; switch ($act) { default: echo $xgb->get_posts(); break; case sign: echo $xgb->sign_form(); break; case save_posting: echo $xgb->validate(); break; case smilies: echo $xgb->show_smilies(); break; case admin: $dummy = new admin; break; }