query("SELECT U_NICK, U_COL, U_RIGHT, U_SESS FROM $rcom_user WHERE U_SESS = '".session_id()."'") as $row) { $u_nick = $row[0]; $u_col = $row[1]; $u_right = $row[2]; $u_sess = $row[3]; } if($u_right != 10) { header("Location: index.php"); }else{ $RCOM_LOGIN = 'User: ['.$u_nick.']
'; $RCOM_LOGIN_M = '
• Eintrag hinzufügen
• Menü & Style bearbeiten
• Benutzer bearbeiten
• Statistiken
• My Account

'; } foreach($dbh->query("SELECT S_ID, S_PFAD FROM $rcom_style WHERE S_AKTIVE = '1'") as $row) { $s_id = $row[0]; $s_pfad = $row[1]; } foreach($dbh->query("SELECT M_CAT, M_NAME, M_PRIVATE FROM $rcom_menu") as $row) { $RCOM_MENU[] = array( 'M_CAT' => $row[0], 'M_NAME' => $row[1], 'M_PRIVATE' => $row[2], ); } foreach($dbh->query("SELECT L_ID, L_NAME, L_URL FROM $rcom_link") as $row) { $RCOM_LINK[] = array( 'L_ID' => $row[0], 'L_NAME' => $row[1], 'L_URL' => $row[2], ); } if($style == "true"){ $MENU = @strip_tags(htmlspecialchars($_GET["menu"],ENT_QUOTES)); $MCAT = @(int)$_GET["mcat"]; $STYLE = @strip_tags(htmlspecialchars($_GET["styleedit"],ENT_QUOTES)); $S_ID = @(int)$_GET["sid"]; $LINK = @strip_tags(htmlspecialchars($_GET["link"],ENT_QUOTES)); $LID = @(int)$_GET["lid"]; foreach($dbh->query("SELECT S_ID, S_PFAD, S_AKTIVE FROM $rcom_style") as $row) { $RCOM_STYLE_SWITCH[] = array( 'S_ID' => $row[0], 'S_PFAD' => $row[1], 'S_AKTIVE' => $row[2],); $strDir = './templates_c/'; $arFiles = scandir ( $strDir ); foreach ( $arFiles as $strFile ) { if ( $strFile != '.' && $strFile != '..' && ! is_link ( $strDir . $strFile ) && is_file ( $strDir . $strFile ) ) unlink ( $strDir . $strFile ); } $strDir2 = './cache/'; $arFiles = scandir ( $strDir2 ); foreach ( $arFiles as $strFile ) { if ( $strFile != '.' && $strFile != '..' && ! is_link ( $strDir2 . $strFile ) && is_file ( $strDir2 . $strFile ) ) unlink ( $strDir2 . $strFile ); }} if(isset($_POST['styleedit'])){ $STYLE = strip_tags(htmlspecialchars($_GET["styleedit"],ENT_QUOTES)); $STYLE_NEW = strip_tags(htmlspecialchars(@$_POST["style_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_style SET S_PFAD = '$STYLE_NEW' WHERE S_ID = '$S_ID'"); $dbh->query("OPTIMIZE TABLE $rcom_style"); $STYLE = ''; $dbh = null; header("Location: acp_menu.php?style=true"); } if(isset($_POST['stylenew'])){ $STYLE_NEW = strip_tags(htmlspecialchars(@$_POST["style_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->beginTransaction(); $dbh->exec("INSERT INTO $rcom_style (S_ID, S_PFAD) values ('', '$STYLE_NEW')"); $dbh->commit(); $dbh->query("OPTIMIZE TABLE $rcom_style"); $dbh = null; header("Location: acp_menu.php?style=true"); } if(isset($_POST['menuedit'])){ $MENU = strip_tags(htmlspecialchars($_GET["menu"],ENT_QUOTES)); $MENU_NEW = strip_tags(htmlspecialchars(@$_POST["menu_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_menu SET M_NAME = '$MENU_NEW' WHERE M_CAT = '$MCAT'"); $dbh->query("OPTIMIZE TABLE $rcom_menu"); $MENU = ''; $dbh = null; header("Location: acp_menu.php?style=true"); } if(isset($_POST['menunew'])){ $MENU_NEW = strip_tags(htmlspecialchars(@$_POST["menu_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->beginTransaction(); $dbh->exec("INSERT INTO $rcom_menu (M_NAME, M_PRIVATE) values ('$MENU_NEW', '0')"); $dbh->commit(); $dbh->query("OPTIMIZE TABLE $rcom_menu"); $dbh = null; header("Location: acp_menu.php?style=true"); } if(isset($_POST['linkedit'])){ $LINK = strip_tags(htmlspecialchars($_GET["link"],ENT_QUOTES)); $LINK_NEW = strip_tags(htmlspecialchars(@$_POST["link_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_link SET L_NAME = '$LINK_NEW' WHERE L_ID = '$LID'"); $dbh->query("OPTIMIZE TABLE $rcom_link"); $LINK = ''; $dbh = null; header("Location: acp_menu.php?style=true"); } if(isset($_POST['linknew'])){ $LINK_NEW = strip_tags(htmlspecialchars(@$_POST["link_new"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->beginTransaction(); $dbh->exec("INSERT INTO $rcom_link (L_ID, L_NAME) values ('', '$LINK_NEW')"); $dbh->commit(); $dbh->query("OPTIMIZE TABLE $rcom_link"); $dbh = null; header("Location: acp_menu.php?style=true"); } try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M); $tpl -> assign('RCOM_STYLE_SWITCH', $RCOM_STYLE_SWITCH); $tpl -> assign('MENU', $MENU); $tpl -> assign('MCAT', $MCAT); $tpl -> assign('LINK', $LINK); $tpl -> assign('LID', $LID); $tpl -> assign('STYLE', $STYLE); $tpl -> assign('S_ID', $S_ID); $tpl -> assign('MOD', $MOD); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('acp_style.tpl'); } catch(optException $exception) { optErrorHandler($exception); } } elseif($newsadd == "true"){ $oFCKeditor = new FCKeditor('FCKeditor'); $oFCKeditor->BasePath = 'lib/fckeditor/'; $oFCKeditor->ToolbarSet = 'Default'; $oFCKeditor->Value = ""; $oFCKeditor->Width = '100%' ; $oFCKeditor->Height = '300' ; $EDITOR = $oFCKeditor->CreateHtml(); if(isset($_POST['newsadd'])){ $B_CAT = (int)@$_POST["b_cat"]; $CONTENT = @$_POST["FCKeditor"]; $HEAD = strip_tags(htmlspecialchars(@$_POST["head"],ENT_QUOTES)); $PRIVATE = strip_tags(htmlspecialchars(@$_POST["private"],ENT_QUOTES)); if($PRIVATE != true){$PRIVATE = '0';}else{$PRIVATE = '1';} $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->exec("INSERT INTO $rcom_blog (B_CAT, B_PRIVATE, B_HEAD, B_TEXT, B_DATE, B_COM, B_OWNER, B_COL) values ('$B_CAT', '$PRIVATE', '$HEAD', '$CONTENT', '$timestamp', '0', '$u_nick', '$u_col')"); $dbh->query("OPTIMIZE TABLE $rcom_blog"); $dbh = null; header("Location: index.php?cat=$B_CAT"); } try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M); $tpl -> assign('EDITOR', $EDITOR); $tpl -> assign('MOD', $MOD); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('acp_newsadd.tpl'); } catch(optException $exception) { optErrorHandler($exception); } } elseif($newsedit != ''){ if(isset($_POST['newsedit'])){ $B_CAT = (int)@$_POST["b_cat"]; $CONTENT = strip_tags(@$_POST["FCKeditor"],$ALLOWED_TAGS); $HEAD = strip_tags(htmlspecialchars(@$_POST["head"],ENT_QUOTES)); $PRIVATE = strip_tags(htmlspecialchars(@$_POST["private"],ENT_QUOTES)); if($PRIVATE != true){$PRIVATE = '0';}else{$PRIVATE = '1';} $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_blog SET B_CAT = '$B_CAT', B_PRIVATE = '$PRIVATE', B_HEAD = '$HEAD', B_TEXT = '$CONTENT' WHERE B_TOPIC = '$newsedit'"); $dbh->query("OPTIMIZE TABLE $rcom_blog"); $dbh = null; header("Location: index.php?topic=$newsedit"); } $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT B_CAT, B_TOPIC, B_PRIVATE, B_HEAD, B_TEXT FROM $rcom_blog WHERE B_TOPIC = '$newsedit'") as $row) { $B_CAT = $row[0]; $B_TOPIC = $row[1]; $B_PRIVATE = $row[2]; $B_HEAD = $row[3]; $B_TEXT = $row[4]; if($B_PRIVATE == '1'){$PRIVATE_CHECKBOX = 'checked="checked"';} } $dbh = null; $oFCKeditor = new FCKeditor('FCKeditor'); $oFCKeditor->BasePath = 'lib/fckeditor/'; $oFCKeditor->ToolbarSet = 'Default'; $oFCKeditor->Value = $B_TEXT; $oFCKeditor->Width = '100%' ; $oFCKeditor->Height = '300' ; $EDITOR = $oFCKeditor->CreateHtml(); try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M); $tpl -> assign('RCOM_NEWSEDIT', $newsedit); $tpl -> assign('PRIVATE_CHECKBOX', $PRIVATE_CHECKBOX); $tpl -> assign('B_HEAD', $B_HEAD); $tpl -> assign('EDITOR', $EDITOR); $tpl -> assign('MOD', $MOD); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('acp_newsedit.tpl'); } catch(optException $exception) { optErrorHandler($exception); } } elseif($useredit == "true"){ $NICK = @strip_tags(htmlspecialchars(@$_POST["nick"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT U_NICK FROM $rcom_user") as $row) { $RCOM_USER_EDIT_SELECT[] = array( 'U_NICK_SELECT' => $row[0], ); } foreach($dbh->query("SELECT U_ID, U_NICK, U_MAIL, U_COL, U_HP, U_RIGHT, U_LOGIN, U_LOCK, U_LASTLOGIN, U_REGED FROM $rcom_user WHERE U_NICK = '$NICK'") as $row) { $U_LASTLOGIN = timestamp_convert($row[8]); $U_REGED = timestamp_convert($row[9]); $RCOM_USER_EDIT[] = array( 'U_ID' => $row[0], 'U_NICK' => $row[1], 'U_MAIL' => $row[2], 'U_COL' => $row[3], 'U_HP' => $row[4], 'U_RIGHT' => $row[5], 'U_LOGIN' => $row[6], 'U_LOCK' => $row[7], 'U_LASTLOGIN' => $U_LASTLOGIN['date']. ' ' .$U_LASTLOGIN['time'], 'U_REGED' => $U_REGED['date']. ' ' .$U_REGED['time'] ); } try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M); $tpl -> assign('RCOM_USER_EDIT', $RCOM_USER_EDIT); $tpl -> assign('RCOM_USER_EDIT_SELECT', $RCOM_USER_EDIT_SELECT); $tpl -> assign('MOD', $MOD); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('acp_useredit.tpl'); } catch(optException $exception) { optErrorHandler($exception); } } elseif($stats == "true"){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT VERSION()") as $row) { $SQLVERSION = $row[0]; } $dbh = null; $SERVER_INFO = '

Apache Version:	'.$_SERVER['SERVER_SOFTWARE'].'
SQL Version:	'.$SQLVERSION.'
Server IP:	'.$_SERVER['SERVER_ADDR'].'
Server Admin:	'.$_SERVER['SERVER_ADMIN'].'

'; $STATS = '

User Online:	'.$online.'
Heute Online:	'.$day_value.'
Woche Online:	'.$week_value.'
Monat Online:	'.$month_value.'
Jahr Online:	'.$year_value.'
Gesammt Online:	'.$all_value.'
Rekord:	'.$record_value.' ('.date("d.m.Y", strtotime($record_date)).')

'; try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('RCOM_LOGIN_M', $RCOM_LOGIN_M); $tpl -> assign('SERVER_INFO', $SERVER_INFO); $tpl -> assign('STATS', $STATS); $tpl -> assign('MOD', $MOD); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('acp_stats.tpl'); } catch(optException $exception) { optErrorHandler($exception); } } $dbh = null; ?>