';
else
// if($generat) $aa.='href="'.$menu[$count][3].".".$set['extension'].'">';
// JSS Changed to make HOME just a slash
if($generat) $aa.= ($count > 0) ? 'href="'.$menu[$count][3].".".$set['extension'].'">' : 'href="' . $set["homepath"] .'">';
else $aa.='href="'.$set['indexfile'].'?page='.$menu[$count][3].'">';
$aa.=$menu[$count][4]."\n";
}
$count++;
}
return $aa;
}
function filelist($pattern, $start_dir='.', $dir=0) {
$filenames=array();
if ($handle = opendir($start_dir)) {
while (false !== ($file = readdir($handle))) {
if (strcmp($file, '.')==0 || strcmp($file, '..')==0) continue;
if($dir) {
if(is_dir($start_dir."/".$file))
array_push($filenames, $file);
} else
array_push($filenames, $file);
}
closedir($handle);
}
//$order=-1;
$filesort = create_function('$a,$b', "\$a1=\$a$sortby;\$b1=\$b$sortby; if (\$a1==\$b1) return 0; else return (\$a1<\$b1) ? -1 : 1;");
uasort($filenames, $filesort);
return $filenames;
}
function fullmenu($generat=0) {
global $pagenum, $menu, $selected, $extension, $set;
$count=0;
$out="\n";
while($menu[$count][0] != "") {
// Bugfix by Jochen Wendel
if(strpos($menu[$count][3],"#") === false && $menu[$count][0] != "0") {
$out.='';
// JSS replaced to make HOME just a slash
elseif($generat)
$out.= ($count > 0) ? 'href="'.$menu[$count][3].".".$set['extension'].'">' : 'href="' . $set["homepath"] .'">';
// elseif($generat)
// $out.='href="'.$menu[$count][3].".".$set['extension'].'">';
else
$out.='href="'.$set['indexfile'].'?page='.$menu[$count][3].'">';
$out.=$menu[$count][4]."\n";
}
$count++;
}
return $out;
}
function is_intval($value) {
return 1 === preg_match('/^[+-]?[0-9]+$/', $value);
}
function login() {
global $message, $set, $langmessage, $prefix;
if($_SESSION[$set['password']]!="1") {
if($_GET['do']=="login" && $_POST['handle']!="") {
$result=dbquery('SELECT * FROM '.$prefix.'users WHERE handle="'.$_POST['handle'].'"');
if($row = fetch_array($result)) {
if($row['password'] == sha1($_POST['password'])) {
//inserts password in cookie
setcookie('userpass', sha1(trim($_POST['password'])), time() + 60 * 60 * 24 * 30);
setcookie('userhandle', $_POST['handle'], time() + 60 * 60 * 24 * 30);
$_SESSION[$set['password']]="1";
$_SESSION['user']=$row['handle'];
$_SESSION['adminlevel']=$row['adminlevel'];
$message=$langmessage[95];
unset($_GET['do']);
header("Location: ".$set['homepath']);
} else
$message=$langmessage[96];
} else
$message=$langmessage[96];
} else {
//Checks if there is a login cookie from past session
if ($_COOKIE['userhandle'] != "") {
$result=dbquery('SELECT * FROM '.$prefix.'users WHERE handle="'.$_COOKIE['userhandle'].'"');
if($row = fetch_array($result)) {
if($row['password'] == $_COOKIE['userpass']) {
$_SESSION[$set['password']]="1";
$_SESSION['user']=$_COOKIE['userhandle'];
$_SESSION['adminlevel']=$row['adminlevel'];
$message="Ah, pois!";
header("Location: ".$set['homepath']);
}
}
}
}
}
}
function loginform() {
//Called by $#loginform#$, prints a login form in the template. Alternative to $#login#$.
global $langmessage, $LNEversion, $set;
if ($_SESSION[$set['password']]=="1") {
$out="\n\n";
$out.=$langmessage[31]." ".$_SESSION['user']."\n";
$out.="\n";
$out.="\n";
$out.="\n";
} else {
$out=''.$langmessage[120].'
';
$out.='
';
$out.='
\n";
$out.="\n
$langmessage[165]
\n";
$result=dbquery('SELECT * FROM '.$prefix.'users WHERE handle="'.$_COOKIE['userhandle'].'"');
if($row = fetch_array($result)) {
$out.="\n\n";
}
return $out;
}
function readmenu() {
global $menu,$pagenum,$selected, $prefix;
unset($men);
$menu=array();
$result = dbquery("SELECT * FROM ".$prefix."menu ORDER BY m1 ASC, m2 ASC, m3 ASC");
$count=0;
while($men=fetch_array($result)) {
$result1 = dbquery("SELECT * FROM ".$prefix."paginas WHERE page=\"".$men[3]."\"");
$row1=fetch_array($result1);
$men[4]=decode($men[4]);
if(intval($_SESSION['adminlevel'])>=$row1['restricted']) {
$menu[$count]=$men;
if($menu[$count][3]==$pagenum) {
$selected['index']=$men['m1'];
$selected['m2']=$men['m2'];
$selected['m3']=$men['m3'];
$selected['link']=$men['page'];
$selected['name']=$men['nome'];
$selected['description']=decode($row1['description']);
$selected['template']=$row1['template'];
// JSS added to allow for page specific title and keywords
$selected['title']=$row1['title'];
$selected['keywords']=$row1['keywords'];
}
$count++;
}
}
}
function readsetup() {
global $set, $fuso_s, $prefix;
$query="SELECT * FROM ".$prefix."settings";
if(!$result=dbquery($query)) die ("Error - Could not read the settings");
$set=fetch_array($result);
$set['title']=decode($set['title']);
$set['subtitle']=decode($set['subtitle']);
$set['keywords']=decode($set['keywords']);
$set['description']=decode($set['description']);
$set['author']=decode($set['author']);
$set['footer']=decode($set['footer']);
$fuso_s = intval($set['timeoffset']) * 3600;
}
function restrictedpage ($level) {
global $langmessage;
$out = "$langmessage[146]
\n";
if($level<4)
$out.= "$langmessage[147]
\n";
else
$out.= "$langmessage[164]
\n";
return $out;
}
function sanitize($text) {
// Convert problematic ascii characters to their true values
$search = array("40","41","58","65","66","67","68","69","70",
"71","72","73","74","75","76","77","78","79","80","81",
"82","83","84","85","86","87","88","89","90","97","98",
"99","100","101","102","103","104","105","106","107",
"108","109","110","111","112","113","114","115","116",
"117","118","119","120","121","122"
);
$replace = array("(",")",":","a","b","c","d","e","f","g","h",
"i","j","k","l","m","n","o","p","q","r","s","t","u",
"v","w","x","y","z","a","b","c","d","e","f","g","h",
"i","j","k","l","m","n","o","p","q","r","s","t","u",
"v","w","x","y","z"
);
$entities = count($search);
for ($i=0;$i < $entities;$i++) $text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
// the following is based on code from bitflux (http://blog.bitflux.ch/wiki/)
// Kill hexadecimal characters completely
$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
// remove any attribute starting with "on" or xmlns
$text = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iU', ">", $text);
do {
$oldtext = $text;
preg_replace('#]*>#i', "", $text);
// remove javascript: and vbscript: protocol
} while ($oldtext != $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
return $text;
}
function saveprofile() {
global $message, $prefix;
if(!is_intval($_POST['userid'])) die ("aha! Naughty!");
$handle=sanitize($_POST['handle']);
$password=sanitize($_POST['password']);
$repeatpassword=sanitize($_POST['repeatpassword']);
$email=sanitize($_POST['email']);
$firstname=sanitize($_POST['firstname']);
$lastname=sanitize($_POST['lastname']);
$website=sanitize($_POST['website']);
$location=sanitize($_POST['location']);
$query="UPDATE ".$prefix."users SET email=\"$email\", firstname=\"$firstname\", lastname=\"$lastname\", handle=\"$handle\", website=\"$website\", location=\"$location\"";
if($_POST['password']!="") {
if($_POST['password']==$_POST['repeatpassword'])
$query.=", password=\"".sha1($_POST['password'])."\"";
else
$message="Passwords don't match";
}
$query.=" WHERE id=".$_POST['userid'];
dbquery($query);
}
function showsitemap($langmessage,$gen) {
$out="$langmessage[88]
\n
\n";
$out.="\n";
return $out;
}
function submenu($generat) {
global $pagenum,$menu,$selected, $set;
$count=0;
while($menu[$count][0] != "") {
if($menu[$count][3]==$pagenum) {
$m1=$menu[$count][0];
$m2=$menu[$count][1];
$m3=$menu[$count][2];
if($m3) $sub=3; else
if($m2) $sub=2; else $sub=1;
break;
}
$count++;
}
$count=0;
$out="\n";
while($menu[$count][0] != "") {
if(strpos($menu[$count][3], "_") === false) {
if($menu[$count][0]==$m1 && ($menu[$count][1]!="0" || $menu[$count][2]!="0")) {
if (($sub==1 && $menu[$count][2]==0) ||
($sub==2 && $menu[$count][0]==$m1 && ($menu[$count][1]==$m2 || $menu[$count][2]=="0")) ||
($sub==3 && $menu[$count][1]==$m2 && $menu[$count][0]==$m1)) {
$out.=''.$menu[$count][4]."\n";
else
if($generat)
$out.='href="'.$menu[$count][3].".".$set['extension'].'">'.$menu[$count][4]."\n";
else
$out.='href="'.$set['indexfile'].'?page='.$menu[$count][3].'">'.$menu[$count][4]."\n";
}
}
}
$count++;
}
return $out;
}
//for compability with earlier php versions
function sv($s) {
if (!isset($_SERVER)) {
global $_SERVER;
$_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
}
if (isset($_SERVER[$s]))return $_SERVER[$s];
else return'';
}
function treemenu($generat=0) {
global $pagenum, $menu, $selected, $extension, $set;
$replace_chars=array(" ", ",", ".", "/", "?", "!", "-", ";", "'");
// $out='";
}
// $out.="";
return $out;
}
function db_changes() {
global $MySQL, $sqldbdb;
if($MySQL==1) {
return mysql_affected_rows($sqldbdb);
} elseif($MySQL==0) {
return sqlite_changes($sqldbdb);
} else {
return $sqldbdb->changes();
}
}
function num_rows($result) {
global $MySQL;
if($MySQL==1) {
return mysql_num_rows($result);
} elseif($MySQL==0) {
return sqlite_num_rows($result);
} else {
for($i = 0; fetch_array($result); $i++);
$result->reset();
return $i;
}
}
function fetch_all($result) {
for($i = 0; $array[$i] = fetch_array($result); $i++);
array_pop($array);
return $array;
}
function fetch_array($result) {
global $MySQL;
if($MySQL==1) {
return mysql_fetch_array($result);
} elseif($MySQL==0) {
return sqlite_fetch_array($result);
} else {
return $result->fetchArray();
}
}
function opendb() {
global $MySQL, $prefix;
require_once "data/database.php";
if($MySQL==1) {
$a = @mysql_connect($databasehost, $databaselogin, $databasepassword) or die("Error - Could not connect to MySQL server: " . mysql_error());
@mysql_select_db($databasename) or die("Error - Could not open database " . mysql_error());
} elseif($MySQL==0) {
if(!$a = @sqlite_open("./data/$databasename.db")) die ("Error - Could not open database");
} else {
if(!$a= new SQLite3("./data/$databasename.db")) die ("Couldn't open SQLite 3 database");
}
return $a;
}
function dbquery($query) {
global $sqldbdb, $MySQL;
if($MySQL) {
$result = @mysql_query($query,$sqldbdb) or die($query." ".mysql_error());
return $result;
} elseif($MySQL==0) {
$result = @sqlite_query($sqldbdb,$query);
if (!$result) {
print $query.sqlite_error_string(sqlite_last_error($sqldbdb));
return false;
} else return $result;
} else {
$result = $sqldbdb->query($query);
if (!$result) {
echo $query." ".$sqldbdb->lastErrorMsg();
return false;
} else {
return $result;
}
}
}
//replacement for PHP5 function http_build_query() if that function doesn't exist
//taken from the PHP online manual
if(!function_exists('http_build_query')) {
function http_build_query($data,$prefix=null,$sep='',$key='') {
$ret = array();
foreach((array)$data as $k => $v) {
$k = urlencode($k);
if(is_int($k) && $prefix != null) {
$k = $prefix.$k;
};
if(!empty($key)) {
$k = $key."[".$k."]";
};
if(is_array($v) || is_object($v)) {
array_push($ret,http_build_query($v,"",$sep,$k));
}
else {
array_push($ret,$k."=".urlencode($v));
};
};
if(empty($sep)) {
$sep = ini_get("arg_separator.output");
};
return implode($sep, $ret);
};
};
?>