','

',$wub_content); $wub_content = str_replace('

','

',$wub_content); fclose($fp); } else $wub_content = ''; $res = str_replace($ed_tag,$btn_tag.$wub_content,$src); return $res; } // ----------------------------------------------------- function get_page_params($page_id) //GALIA { $max_line_chars = 25000; $sitemap_fname = '../sitemap.php'; $temp = ''; if (file_exists($sitemap_fname)) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); if(strpos($data_str, ''.$page_id)!==false) { $temp = $data; break; } } fclose($fp); } } return $temp; } $page_info = get_page_params($page_id); //GALIA function get_fs($src,$start,$stop) //GALIA { if ($start == '') $res = $src; else if (strpos($src,$start) === false) { $res = ''; return $res; } else $res = substr($src,strpos($src,$start) + strlen($start)); if (($stop != '') && (strpos($res,$stop) !== false)) $res = substr($res,0,strpos($res,$stop)); return $res; } function format_users($users) //GALIA { $users_array = array(); $details_arr = array(); $i = 1; while (strpos($users, ''); $basic = get_fs($all, '').' '; $details = get_fs($all, '

'); list($section, $type) = explode (' ', $access_str); $access_arr [] = array(substr($section, 0, strpos($section, '=')) => get_fs($section, '="', '"'), substr($type, 0, strpos($type, '=')) => get_fs($type, '="', '"')); $j++; } $users_array [] = array('id' => $i, 'username' => get_fs($username, '="', '"'), 'password' => get_fs($password, '="', '"'), 'access' => $access_arr, 'details' => $details_arr); $i++; } return $users_array; } function get_user($username) //GALIA { $users = ''; $users_arr = array(); $specific_user = array(); $filename = "../documents/centraladmin.ezg.php"; clearstatcache(); if (file_exists($filename)) { $fp = fopen($filename, 'r' ); $fsize = filesize($filename); if ($fsize > 0) { $file_contents = fread( $fp,$fsize); $users = get_fs($file_contents,'',''); } fclose($fp); } if($users!='') { $users_arr = format_users($users); } if(!empty($users_arr)) { foreach($users_arr as $k=>$v) { if(array_search($username, $v)!==false) { $specific_user = $v; break; } } } return $specific_user; } function has_write_access($pv_user,$pv_pawd) //GALIA { global $page_info; $auth = false; $section_flag = false; $write_flag = false; $user_account = array(); $user_account = get_user($pv_user); if (isset($page_info [7]) && ($page_info[7]!='-1' && $page_info[7]!='' || $page_info [6]=='TRUE') && !empty($user_account)) { if($user_account['access'][0]['section']!='ALL' && $user_account['username'] == $pv_user && $user_account['password']==crypt($pv_pawd,$user_account['password']) ) { foreach($user_account['access'] as $k=>$v) { if( $page_info[7] == $v['section']) { if($v['type']=='1') { $auth = true; } else { $auth = false; } break; } } } else { $auth = false; } } return $auth; } // ----------------------------------------------------- function show_page($login,$pwd,$alertid,$actionid) { global $editor_pwd,$page_target,$page_id,$wrong_pwd,$show_dialog; global $page_info; //GALIA $session_id = GetSessionId(); if ($pwd == '') { if($page_info[7]=='-1' || $page_info[7]=='') { //GALIA $admin_access = (isset($_SESSION['cur_pwd'.$session_id]) && $editor_pwd == ($_SESSION['cur_pwd'.$session_id])); } else { if($actionid=='doedit' && isset($_SESSION['cur_pwd']) && isset($_SESSION['cur_user']) && has_write_access($_SESSION['cur_user'],$_SESSION['cur_pwd'])==true) { $_SESSION['cur_pwd'.$session_id] = $_SESSION['cur_user']; } elseif($actionid=='doedit' && isset($_SESSION['SID_ADMIN'])) { if(!isset($_SESSION['HTTP_USER_AGENT']) || isset($_SESSION['HTTP_USER_AGENT']) && ($_SESSION['HTTP_USER_AGENT'] == md5($_SERVER['HTTP_USER_AGENT'])) ) { $_SESSION['cur_pwd'.$session_id] = $_SESSION['SID_ADMIN']; } } if(isset($_SESSION['cur_pwd'.$session_id]) && (isset($_SESSION['cur_user']) && $_SESSION['cur_user']==($_SESSION['cur_pwd'.$session_id]) || isset($_SESSION['SID_ADMIN']) && $_SESSION['SID_ADMIN'] == ($_SESSION['cur_pwd'.$session_id]))) { $admin_access = true; } else { $admin_access = false; if($alertid!=3) {$alertid = 0;} } //GALIA } } else { $admin_access = ($editor_pwd == $pwd); if ($admin_access) { $_SESSION['cur_pwd'.$session_id]= $editor_pwd; $alertid = 2; } else { $_SESSION["cur_pwd".$session_id] = NULL; unset($_SESSION["cur_pwd".$session_id]); $alertid = 1; } } if ($actionid == 'edit') { if ($admin_access) { edit_page($_GET['tag']); exit(); } } if (($actionid == 'save') && ($admin_access)) {save_page(); } $p_name = GetPageName(); $fp = fopen($p_name, "r"); $contents = fread($fp, filesize($p_name)); fclose($fp); if (isset($_SESSION['SID_ADMIN'])) $contents = str_replace('','back to CENTRAL ADMIN',$contents); while (substr_count($contents," 0): $editable_tag = GetFromStringAbi($contents,""); $subpage_id = GetFromString($editable_tag,"name=",">"); $btn_tag = ""; if ($admin_access) { $btn_tag = ""; } $contents = replace_editable_tags($contents,$editable_tag,$subpage_id,$btn_tag); endwhile; if($page_info[7]!='-1' && $page_info[7]!='') { $contents = str_replace('36_ezgedit.php?action=login','../documents/centraladmin.php?pageid=36&indexflag=index',$contents);} else if ($admin_access) $contents = str_replace('_ezgedit.php?action=login','_ezgedit.php?action=remcookie',$contents); if ($login) { $java = ' '; $contents = str_replace('',$java.'',$contents); } else if ($alertid > 0) { $alerts = array(1 => 'Password not valid!', 'Editing enabled', 'Editing disabled'); if ($show_dialog || ($alertid == 1)) { $java = ' '; $contents = str_replace('',$java.'',$contents); } } if (strpos(strtolower($contents),''.trim($contents).'<'.'?'; eval($contents); } else print $contents; } function save_page() { global $page_id; $content = $_POST['htmlarea']; $content_temp = $_POST['htmlarea']; $page_tag = $_GET['tag']; $new_font_tag = ""; $content = str_replace("

",'

' ,$content); $content = str_replace("\'","'",$content); $content = str_replace('\"','"',$content); $ezg_page_name = $page_id."_".$page_tag.".ezg"; if (!$handle = fopen($ezg_page_name, 'w+')) { print "Cannot open file ($ezg_page_name)"; exit; } if (fwrite($handle, $content) === FALSE) { print "Cannot write to file ($ezg_page_name)"; exit; } fclose($handle); } function edit_page($page_tag) { global $body_html,$bodytag_html,$header_html,$page_id; $ed_content = $body_html; $ezg_page_name = $page_id."_".$page_tag.".ezg"; if ((file_exists($ezg_page_name)) && (filesize($ezg_page_name) > 0)) { $fp = fopen($ezg_page_name, "r"); $content = fread($fp, filesize($ezg_page_name)); fclose($fp); } else $content = ""; $ed_content = str_replace("%CONTENT%",$content,$ed_content); $ed_content = str_replace("%TAGID%",$page_tag,$ed_content); $ed_content = str_replace('

' ,"

",$ed_content); print GetTemplate($ed_content,$bodytag_html,$header_html); } function set_edit_cookie($password) { global $editor_pwd; if ($editor_pwd == $password) { $session_id = GetSessionId(); $_SESSION['cur_pwd'.$session_id]= $editor_pwd; } } function remove_edit_cookie() { $session_id = GetSessionId(); $_SESSION["cur_pwd".$session_id] = NULL; unset($_SESSION["cur_pwd".$session_id]); } function replaceNewlines($src) { $result=str_replace ("\r\n", " ", $src); $result=str_replace ("\n", " ", $result); $result=str_replace ("\r", " ", $result); $result=str_replace ("'", "\'", $result); $result=str_replace ("&#", "&#", $result); $result=str_replace ("&", "&", $result); $result=str_replace ("<", "<", $result); $result=str_replace ("<", "<", $result); $result=str_replace (">", ">", $result); $result=str_replace ('"../', '"', $result); return $result; } function process_edit() { global $page_id, $page_info; if(empty($_SESSION) ) { session_start(); } $action_id = ''; if (isset($_GET['action'])) { $action_id = $_GET['action']; } else if (isset($_POST['action'])) { $action_id = $_POST['action']; } else $action_id = "show"; if ($action_id == "show") { if (isset($_GET['alertid'])) $alertid = $_GET['alertid']; else $alertid = 0; if (isset($_GET['password'])) $pwd = $_GET['password']; else $pwd = ''; show_page(false,$pwd,$alertid,$action_id); } elseif ($action_id == "save") { show_page(false,'',0,$action_id); } elseif ($action_id == "edit") { show_page(true,'',0,$action_id); } elseif ($action_id == "doedit") { if($page_info[7]=='-1' || $page_info[7]=='') { set_edit_cookie($_GET['password']); } //GALIA show_page(false,'',2,$action_id); } elseif ($action_id == "remcookie") {remove_edit_cookie(); show_page(false,'',3,$action_id);} elseif ($action_id == "logoff"){ remove_edit_cookie(); show_page(false,'',3,$action_id); } elseif ($action_id == "noedit"){ remove_edit_cookie(); show_page(false,'',3,$action_id); } elseif ($action_id == "login") { show_page(true,'',0,$action_id); } elseif ($action_id == "content") { $id = $_REQUEST['id']; $p_name = $page_id.'_'.$id.'.ezg'; $fp = fopen($p_name, "r"); $result = replaceNewlines(fread($fp, filesize($p_name))); fclose($fp); print "document.write('".$result."');"; } } process_edit(); ?>