<?php
include ("inc/gbconfig.php");
include ("inc/functions.php");
$settings = get_settings($ibnr);
extract($settings);
include("inc/lang/".$lang.".php");
if ($captcha == "3") {
include("inc/questions.php");
}
$fname = $_SERVER['PHP_SELF'];
$section = get_section();
/*
######################### HTML-KOPF & Header/Überschrift #########################
*/
if (empty($path)) { ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php } ?>
<style type="text/css">
<?php include ("inc/style.php"); ?>
</style>
<script src="<?php echo $path; ?>inc/javascript.js" type="text/javascript"></script>
<?php
if (empty($path)) {
echo "</head>\n
<body>";
}
if (!empty($header)) {
echo "<img src=\"".$header."\" alt=\"\" align=\"center\" class=\"header\" />";
}
?>
<div id="box">
<?php
if (!empty($titlegb)) {
echo "<h2>".$titlegb."</h2>";
}
/*
######################### HTML-KOPF & Header/Überschrift ENDE #########################
*/
/*
######################### ADMIN LOGIN #########################
*/
if ($section == "admin") { ?>
<h3><?php echo $adm_center; ?></h3>
<form method="post" action="<?php echo $fname; ?>?section=adminlogin"><table>
<tr>
<th><?php echo $ind_pw; ?></th>
<th><input type="password" name="pw" /></th>
<th><input type="submit" value="Login" /></th>
</tr>
</table></form>(<a href="<?php echo $fname; ?>?section=forgotpw" class="forgotpw"><?php echo $ind_forgotpw; ?>?</a>)<br /><br /><?php
}
if ($section == "adminlogin") {
$result = mysql_query("select adminpw from ".$pre."settings");
$row = mysql_fetch_assoc($result);
if (md5($_POST['pw']) == $row['adminpw']) {
$lastsql = "SELECT lastlogin FROM ".$pre."settings";
$last = mysql_fetch_assoc(mysql_query($lastsql));
$_SESSION['lastlogin'] = $last['lastlogin'];
$time = time();
$sql = "UPDATE ".$pre."settings SET lastlogin = '$time'";
mysql_query($sql);
$_SESSION['admin'] = 1;
$_SESSION['pw'] = $_POST['pw'];
echo "<p>".$ind_loginmsg."</p>";
} else {
echo "<p>".$ind_err_wrongpw."</p>";
}
}
/*
######################### ADMIN LOGIN ENDE #########################
*/
/*
######################### PASSWORT-VERGESSEN FUNKTION #########################
*/
if ($section == "forgotpw") {
if (isset($_POST['pwsec']) and $_SESSION['right_str'] == $_POST['pwsec']) {
// Neuen Hash generieren
$hash = generate_hash(18);
$pwsent = 1;
$sql = "UPDATE ".$pre."settings SET passhash = '$hash'";
mysql_query($sql) or die(mysql_error());
// E-Mail mit neuem Passwort
$betreff = $ind_newpw_mailsubject;
$text = $ind_newpw_mail."\n \n
".$gburl."/index.php?section=newpw&s=".$hash;
mail($adminmail, $betreff, $text);
echo "<p class=\"sendnewpw\">".$ind_newpw_mailsent."</p><br /><br />";
}
if (!isset($pwsent)) { ?>
<img src="inc/captcha.php" alt="sec" /><br /><br />
<form method="post" action="index.php?section=forgotpw">
<input type="text" name="pwsec" />
<input type="submit" value="<?php echo $buttonsend; ?>" />
</form><?php
}
}
// Neues Passwort generieren
if ($section == "newpw") {
$sql = "SELECT passhash FROM ".$pre."settings";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($_GET['s'] == $row['passhash']) {
$newadminpw = md5(generate_hash(10));
$sql = "UPDATE ".$pre."settings SET adminpw = '$newadminpw'";
mysql_query($sql);
echo "<p class=\"sendnewpw\">".$ind_newpw."<br /><br /><b>". $digit."</b></p><br /><br />";
} else {
echo "<p>".$ind_err_wronghash."</p>";
}
}
/*
######################### PASSWORT-VERGESSEN FUNKTION ENDE #########################
*/
/*
######################### NEUEN EINTRAG ABSCHICKEN #########################
*/
if ($section == "add") {
if (isset($_POST['submit'])) {
extract($_POST);
$entry = handle_entry($pre, $ibnr);
extract($entry);
if ($e_error) {
echo "<p>".$e_error."</p>";
} else {
echo "<p>".$ind_saveentry."</p>";
$sql= "INSERT INTO ".$pre."entries (
Autor,
Email,
Homepage,
Datum,
Inhalt,
IP,
Status)
VALUES (
'$e_autor',
'$e_email',
'$e_homepage',
'$e_time',
'$e_sqlcontent',
'$e_ip',
'$e_status')";
if ($spamfilter != 2 or $e_spam == 0) {
mysql_query($sql) or die("Fehler: ".mysql_error());
}
if ($sendmail == "1") {
$betreff = $ind_newentry_mailsubject;
$text = $ind_newentry_mail.": ".$gburl."/index.php";
mail($adminmail, $betreff, $text);
}
if ($activate == "1") {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$fname."?section=activate\">";
} else {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$fname."\">";
}
}
}
$time1 = time();
/*
######################### NEUEN EINTRAG ABSCHICKEN ENDE #########################
*/
.
.
.
.
.
echo show_pages($pagemode, $fname."?", $page, $seiten);
/*
######################### EINTRÄGE ANZEIGEN (AUSGABE) ENDE #########################
*/
/*
######################### FOOTER (NICHT ENTFERNEN) #########################
*/
echo "</div>
<p class=\"copyright\" align=\"center\">".$copy." | <a href=\"".$fname."?section=admin\">Admin</a></p>";
/*
######################### FOOTER ENDE #########################
*/
if ($path == "") {
echo "</body>
</html>";
}
?>