0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); if(strpos($data_str, ''.$page_id)!==false) { $page = $data; break; } } fclose($fp); } } if(empty($page)) { if($thispage_id==$page_id) { echo "ERROR: no start page set for this login page!"; } else { echo "ERROR: the protected page set as start page doesn't exist or isn't protected anymore!"; } exit; } return $page; } function int_start_session_ca() { $session_ini='../sessions_path.ini'; if (file_exists($session_ini)) { $fp=@fopen($session_ini,"r"); $session_save_path=trim(fread($fp,filesize($session_ini))); fclose($fp); if ($session_save_path != '') session_save_path($session_save_path); } session_start(); } function get_login_form_html() { global $thispage_id; $contents = ''; $pattern = ''; $protected_page_info = get_page_info($thispage_id); $protected_page_name = $protected_page_info[1]; //path if(!empty($protected_page_info[7])) { $login_page_info = get_page_info($protected_page_info[7]); $login_page_name = $login_page_info[1]; //path $fp = fopen($login_page_name, "r"); $contents = fread($fp, filesize($login_page_name)); fclose($fp); } else { $contents = '
'; $contents .= "
" . "" . "" . "" . "
Central Admin Login
" . "".'username'."
" . "".'password'."
" . "
'"; } if(!isset($_GET['pageid']) || isset($_GET['pageid']) && isset($_GET['indexflag']) || isset($_GET['pageid']) && in_array($protected_page_info[4], array('21', '130', '140')) ) { $pattern = GFS($contents,'method="post" action="','">'); // login form action fixation if($pattern=='') { $pattern = GFS($contents,'method=post action=','>'); } if(isset($_GET['indexflag'])) { $contents = str_replace($pattern, "../documents/centraladmin.php?pageid=$thispage_id&indexflag=index", $contents); } elseif(isset($_GET['pageid']) && in_array($protected_page_info[4], array('21', '130', '140'))) //SHOP and lister support { $contents = str_replace($pattern, "../documents/centraladmin.php?pageid=$thispage_id", $contents); } else { $contents = str_replace($pattern, $protected_page_name, $contents); } //----------------------------- if(in_array($protected_page_info[4], array( '136', '137', '138', '143', '144', '20'))) // Special PHP pages { $f_dir = ($protected_page_info[4]=='20' ?'../'.GFS($protected_page_info[1],'../','/').'/' : '../documents/'); if (($protected_page_info[15] == '0') &&($protected_page_info[3] == '1')) // FRAMES and SUBPAGE { $protected_page_name_fixed=($protected_page_info[6]=='TRUE'?$f_dir.'SUB_'.$thispage_id.'.php':$f_dir.'SUB_'.$thispage_id.'.html'); } else { $protected_page_name_fixed = ($protected_page_info[6]=='TRUE'?$f_dir.$thispage_id.'.php' :$f_dir.$thispage_id.'.html'); } } elseif(in_array($protected_page_info[4], array('21', '130', '140'))) // shop and lister pages { $f_dir = '../'.GFS($protected_page_info[1],'../','/').'/'; if (($protected_page_info[15] == '0') &&($protected_page_info[3] == '1')) // FRAMES and SUBPAGE { $protected_page_name_fixed = $f_dir.'SUB_'.$thispage_id.'.html'; } else { $protected_page_name_fixed = $f_dir.$thispage_id.'.html'; } } else { $protected_page_name_fixed = $protected_page_name; } $fp = fopen($protected_page_name_fixed, "r"); $protpage_content = fread($fp, filesize($protected_page_name_fixed)); fclose($fp); //----------------------------- if(strpos($contents,'')!==false) { $replace_with = GFS($contents, '',''); } elseif(strpos($contents,'').'>'; if(strpos($contents,'')!==false) $end_body = ''; else $end_body = ''; $replace_with = GFS($contents, $str_body,$end_body); } elseif(strpos($contents,'').'>'; if(strpos($contents,'')!==false) $end_body = ''; else $end_body = ''; $replace_with = GFS($contents, $str_body,$end_body); } $login_page_scripts = GFS($contents, '', ''); if(strpos($protpage_content,'')!==false) { $for_replace = GFS($protpage_content, '',''); } elseif(strpos($protpage_content,'').'>'; if(strpos($protpage_content,'')!==false) $end_body = ''; else $end_body = ''; $for_replace = GFS($protpage_content, $str_body,$end_body); } elseif(strpos($protpage_content,'').'>'; if(strpos($protpage_content,'')!==false) $end_body = ''; else $end_body = ''; $for_replace = GFS($protpage_content, $str_body,$end_body); } $contents = str_replace($for_replace, $replace_with, $protpage_content); $contents = str_replace(GFS($contents, '',''),'', $contents); $contents = str_replace('', $login_page_scripts.'', $contents); } return $contents; } function GFS($src,$start,$stop) { if ($start == '') $res = $src; else if (strpos($src,$start) === false) { $res = ''; return $res; } else $res = substr($src,strpos($src,$start) + strlen($start)); if (($stop != '') && (strpos($res,$stop) !== false)) $res = substr($res,0,strpos($res,$stop)); return $res; } function GFSAbi($src,$start,$stop) { $res2 = GFS($src,$start,$stop); return $start.$res2.$stop; } function error() { $contents = get_login_form_html(); if (strpos($contents,'')!='') { $contents = str_replace('', "

" , $contents); } else { $contents = str_replace(GFSAbi($contents,''), 'please, use correct username and password to login' , $contents); } } else { $contents = str_replace(GFSAbi($contents,'',''), 'error occured!' , $contents); } echo $contents; exit; } function checkauth($user,$pawd) { global $access_type, $thispage_id; $auth = false; $section_flag = false; $write_flag = false; $user_account = array(); $user_account = db_get_specific_user($user); $protected_page_info = get_page_info($thispage_id); $protected_page_name = $protected_page_info[1]; //path if (!empty($user_account)) { if($user_account['access'][0]['section']!='ALL') { foreach($user_account['access'] as $k=>$v) { if( $protected_page_info[7]==$v['section']) { $section_flag = true; if($v['type']=='1') { $write_flag = true; } else { $write_flag = false; } break; } } $pass = $user_account['password']; if ($user_account['username']==$user && $pass==crypt($pawd,$pass) && $section_flag===true) { if(!isset($_GET['indexflag'])) { $auth = true; } else { if($write_flag == true) $auth = true; } } } else { if ( ($user_account['username'] == $user) && ($user_account['password'] == crypt($pawd,$user_account['password'])) ) { if(!isset($_GET['indexflag'])) { $auth = true; } } } } return $auth; } function users_import() { global $db_file, $db_dir; $result = false; $flag = false; $sections = array(); $sections_info = get_sections_info_list(); foreach($sections_info as $k=>$v) { $sections [] = $v[1]; } //sections path list foreach($sections as $k=>$v) { if(!empty($v)) { $newdb_file = str_replace('.html', '', $v).'users.ezg.php'; $olddb_file = str_replace('.html', '', $v).'users.php'; if(file_exists($db_dir.$db_file) && filesize($db_dir.$db_file)==0) { if (file_exists($newdb_file) && filesize($newdb_file)>0 || file_exists($olddb_file) && filesize($olddb_file)>0) { $flag = true; break; } } } } if($flag == true) { $existing_users_arr = array(); $existing_users = db_get_users(); if($existing_users!='') { $existing_users_arr = format_users_on_read($existing_users); } foreach($sections as $k=>$v) { $new_users = ''; $newdb_file = str_replace('.html', '', $v).'users.ezg.php'; $olddb_file = str_replace('.html', '', $v).'users.php'; if (file_exists($newdb_file) && filesize($newdb_file)>0) { $import_from_file = $newdb_file; } elseif (file_exists($olddb_file) && filesize($olddb_file)>0) { $import_from_file = $olddb_file; } $fp = fopen($import_from_file, 'r' ); $fsize = filesize($import_from_file); $buffer = fread($fp,$fsize); fclose($fp); $users = GFS($buffer,'',''); $users_arr = explode('|', $users); foreach($users_arr as $k=>$v) { if(!empty($v)) { $t = explode(':', $v); if(!empty($existing_users_arr)) { foreach($existing_users_arr as $k=>$v) { if(!in_array($t[0], $v)) { db_write_user('add', $t[0], $t[1], '','
'); } } } else { db_write_user('add', $t[0], $t[1], '','
'); } } } } $result = true; } return $result; } function buildselect($name, &$data, $selected, $style="") { $r = ''; if (is_array($data) and !empty($data)) { $r = "" . "".'password'." " . " "; $body_section .= ""; return $body_section; } function add_user_form ($flag, $msg='Add user', $username = "", $data = '') //flags - add, editpass, editaccess, editdetails { global $access_type; $section_list = get_sections_info_list (); $buffer_id = array(); $buffer_access = array(); $body_section = "
"; $body_section .= "
".$msg."

"; $body_section .= ""; if($flag=='add') { $body_section .= ""; } elseif($flag=='editaccess') { $body_section .= ""; } else { $body_section .= ""; } if($flag=='add' || $flag=='editdetails' ) { $body_section .= ""; $body_section .= ""; $body_section .= ""; } if($flag=='add' || $flag=='editpass') { $body_section .= ""; $body_section .= ""; } if($flag=='add' || $flag=='editaccess') { $section_id = array(); $section_access = array(); $body_section .= "'; } if($flag=='add') $body_section .= ""; $body_section .= ""; $body_section .= "
".'username'."*
".'username'." $username
".'username'." $username
".'name'."
".'surname'."
".'email'."
".'password'."*
".'repeat password'."*
".'access to login sections'."* "; $body_section .= " All (Read Only Access)
"; $body_section .= " Selected
"; if($data!='') { foreach($data as $k=>$v) { $section_id [] = $v['section']; $section_access []= $v['type']; } } elseif(!empty($_POST["section_list"])) { foreach($_POST["section_list"] as $k=>$v) { $section_id [] = $v; $section_access []= $_POST["accesstype".$v]; } } foreach ($section_list as $k=>$v) { $sec_id = str_replace('', '', $v[10]); $sec_name = $v[8]; if($flag=='add' && isset($_POST['section_list']) || $flag=='editaccess' ) { $key_of_access = array_search($sec_id, $section_id); if($key_of_access!==false) { $t = $section_access[$key_of_access]; settype($t, 'integer'); } } $body_section .= "     " ."[check section range]  " . buildselect('accesstype'.$sec_id, $access_type, (isset($key_of_access) && $key_of_access!==false && $key_of_access!==NULL? $t:"0")) ." 
"; } $body_section .= '
(*) reguired fields
"; $body_section .= "
"; return $body_section; } function get_pages_list () { global $special_pages_ids; global $sitemap_fname, $max_line_chars; $pages = array(); if (file_exists($sitemap_fname)) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); $buffer = array(); if(strpos($data_str, '*/ ?>')===false && strpos($data_str, '')!==false) { $buffer ['name'] = trim($p_name); $buffer ['id'] = trim($data[4]); $buffer ['url'] = $data[1]; $buffer ['protected'] = $data[6]; $buffer ['section'] = $data[7]; $buffer ['subpage'] = $data[3]; $buffer ['frames'] = $data[15]; $buffer ['subpage_url'] = $data[18]; $buffer ['pageid'] = str_replace('','',$data[10]); if(in_array($data[4], $special_pages_ids)) { if($data[4]=='133') { $t = substr($data[1], strrpos($data[1],'/')+1); $buffer ['adminurl'] = '../subscribe/subscribe_'.substr($t, 0, strrpos($t,'.')) .'.php?action=subscribers'; } elseif($data[4]=='143') { $buffer ['adminurl'] = $data[1].'&action=index'; } elseif($data[4]=='21') { $buffer ['adminurl'] = str_replace('action=list', 'action=orders', $data[1]); } elseif($data[4]=='20') { if($data[7]!='' && $data[7]!='-1' || $data[6]=='TRUE') { $buffer ['adminurl'] = str_replace('action=show', 'action=doedit', $data[1]); } else { $buffer ['adminurl'] = str_replace('action=show', 'action=login', $data[1]); } } else { $buffer ['adminurl'] = $data[1].'?action=index'; } } } else { $buffer = array('name' => trim($p_name)); } $pages [] = $buffer; } } } fclose($fp); } return $pages; } function get_protected_pages_list ($section_id = '') { global $sitemap_fname, $max_line_chars; $pages = array(); if (file_exists($sitemap_fname)) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); if(strpos($data_str, '')!==false) { $p_name = strpos($data[0],'#')!==false && strpos($data[0],'#')==0? str_replace('#','',trim($data[0])): trim($data[0]); if($section_id=='') { if($data[7]!='' && $data[7]!='-1' || $data[6]=='TRUE') { $temp = array ('name' => $p_name, 'url' => $data[1], 'section' => $data[7], 'protected' => $data[6]); $pages [] = $temp; } } else { if( (($data[7]!='' && $data[7]!='-1' || $data[6]=='TRUE')) && $data[7]==$section_id) { $temp = array ('name' => $p_name, 'url' => $data[1], 'section' => $data[7], 'protected' => $data[6]); $pages [] = $temp; } } } } } fclose($fp); } return $pages; } function get_sections_info_list () { global $sitemap_fname, $max_line_chars; $sections = array(); if (file_exists($sitemap_fname)) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); if(strpos($data_str, '')!==false) { if($data[4]=='22') { $sections []= $data; } } } } fclose($fp); } return $sections; } function get_section_name ($section_id) { global $sitemap_fname, $max_line_chars; $sections_name = ''; if (file_exists($sitemap_fname)) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { while ($data = fgetcsv($fp, $max_line_chars, '|')) { $data_str = implode('|', $data); if(strpos($data_str, '')!==false) { if($data[4]=='22' && strpos($data[10], ''.$section_id)!==false) { $sections_name = $data[8]; } } } } fclose($fp); } return $sections_name; } function check_section_range($section_id, $username = '') // check section range screen { $section_range = get_protected_pages_list($section_id); $section_name = get_section_name ($section_id); $body_section = "
Login section range
"; $body_section .= ""; $body_section .= ""; $body_section .= "'; $body_section .= "'; $body_section .= ""; $body_section .= "
".'section'." $section_name
".'protected pages'.""; $body_section .= "
"; foreach ($section_range as $k=>$v) { if($v['protected']=='TRUE') { $body_section .= " ::".$v['name']. " (".$v['url'].") 
"; } } $body_section .= '
".'non-protected pages controlled by Central Admin'.""; $body_section .= "
"; foreach ($section_range as $k=>$v) { if($v['protected']=='FALSE') { $body_section .= " :: ".$v['name']. " (".$v['url'].") 
"; } } $body_section .= '
[back]
"; $body_section .= "
"; return $body_section; } function index() // site map screen { global $special_pages_ids, $counter_db_fname; $body_section = ''; $counter_on=file_exists($counter_db_fname)&&(filesize($counter_db_fname)!==0); $os = array('Other', 'Win95','Win98','WinNT','W2000','WinXP','W2003','WinVista','Linux','Mac','Windows'); // COUNTER $browsers = array('Other','IE','Opera','Firefox','Netscape','AOL','Safari','Konqueror','IE5','IE6','IE7','Opera7','Opera8','Firefox 1','Firefox 2','Netscape 6', 'Netscape 7'); // COUNTER $body_section .= build_menu(); if(isset($_GET['stat']) && $_GET['stat'] = 'detailed') // COUNTER detailed stat { $max_rec_on_page = 10; $screen = (isset($_GET['screen'])? $_GET['screen']:1); $counter_stat = read_data($counter_db_fname, 'detailed'); $i = 1; $records = array(); while (strpos($counter_stat, '')!==false) { $record = GFS($counter_stat, '', ''); $record_arr = explode('|', $record); if(isset($_GET['pid'])) { if($record_arr[0]==$_GET['pid']) $records [] = $record_arr; } else $records [] = $record_arr; $i++; } $records = array_reverse($records); $n_screens = (count($records)%$max_rec_on_page==0? count($records)/$max_rec_on_page: ceil(count($records)/$max_rec_on_page)); settype($n_screens, "integer"); $body_section .= '
Site map >> Detailed stat '.(isset($_GET['pid'])? 'for '.$_GET['pname'].' page':'') .'

'; if(count($records)>$max_rec_on_page) // navigation { if($screen>1) { $body_section .= "[FIRST]  "; } if(($screen-1)>0) { $body_section .= "[PREV]  "; } if($screen>2 && count($records)>$max_rec_on_page*$max_rec_on_page) { $body_section .= "... "; } if(count($records)>$max_rec_on_page*$max_rec_on_page) { if($screen==2) $st = $screen-1; elseif($screen>2) $st = $screen-2; else $st = $screen; } else { $st = 1; } for($i=$st; $i<=(count($records)>$max_rec_on_page*$max_rec_on_page?($st+5):$n_screens); $i++) { if($i==$screen) { $body_section .= "[$i]"; } elseif($i<=$n_screens) { $body_section .= " ".$i." "; } } if(count($records)>$max_rec_on_page*$max_rec_on_page && $screen<$n_screens) { $body_section .= " ..."; } if($screen<$n_screens) { $body_section .= "  [NEXT] "; } if($screen!=$n_screens) { $body_section .= "  [LAST] "; } } $body_section .= "    "; if($n_screens>=1) { $body_section .= "". (($screen-1)*$max_rec_on_page+1).' - '.($max_rec_on_page*$screen>count($records)?count($records) :$max_rec_on_page*$screen).' of '.count($records).""; } // navigation $body_section .= ""; if(count($records)>$max_rec_on_page) { $records = array_slice($records, ($screen-1)*$max_rec_on_page, $max_rec_on_page); } foreach($records as $k=>$v) { $body_section .= "'; } $body_section .= '
Date
Time
Browser
OS
Resolution
Host/IP/Referring Link
".date ('j F Y',$v[1])."".date ('H:i:s O',$v[1])."".$browsers[$v[4]]."".$os[$v[5]]."".$v[6]."".$v[3].' ('.$v[2].') Referer
'; } else { $pages_list = get_pages_list(); $counter_stat = read_data($counter_db_fname,'totals'); // COUNTER $body_section .= '
Site map

'; $body_section .= "".($counter_on ? "":"").""; foreach($pages_list as $k=>$v) { if(isset($v['id'])) { if( $v['subpage']=='1') { $body_section .= ""; $body_section .= ""; $body_section .= ($counter_on ? "":"").""; // COUNTER } else { $body_section .= "".($counter_on ? "":"").""; } } $body_section .= "".($counter_on ? "":"").""; if($counter_on) { $body_section .= ""; } $body_section .= '
Page name
 Admin link
 Protected
 CA controlled
 Page loads
    - "; } else { $body_section .= "
:: "; } if(in_array($v['id'], $special_pages_ids)) { $body_section .= ""; if($v['id']=='20') { $body_section .= '[edit]'; } else { $body_section .= '[admin]'; } $body_section .= ""; } $body_section .= "".($v['protected']=='TRUE'? '[X]': '') ."" .(in_array($v['id'], $special_pages_ids)&&($v['section']>'0' || $v['protected']=='TRUE') || $v['id']=='144' ||!in_array($v['id'],$special_pages_ids)&&$v['protected']=='TRUE'?'[X]':'') ." ". get_loads($counter_stat,$v['pageid'],$v['url'],$v['name'])."
".$v['name']."
:: Tell a Friend Admin
 
 
[X]
 
Total Pageloads: ".GFS($counter_stat,'','')."  ".(GFS($counter_stat,'','')!='0'? "[details]":"")."
Unique Visitors: ".GFS($counter_stat,'','')."
First Time Visitors: ".GFS($counter_stat,'','')."
Returning Visitors: ".GFS($counter_stat,'','')."
'; } $body_section = GT($body_section); print $body_section; } function get_loads($counter_stat, $page_id, $page_url, $page_title) // COUNTER get page loads { if(strpos($counter_stat, "")!==false) { $page_total = GFS($counter_stat, "",""). "  [details]"; } else { $page_total = 'NA'; } return $page_total; } function read_data($file, $type) // COUNTER read stat || read settings - 'counter' { $data = ''; clearstatcache(); if (file_exists($file)) { $fp = fopen($file, 'r' ); $fsize = filesize($file); if ($fsize > 0) { $file_contents = fread($fp,$fsize); $data = GFS($file_contents,'<'.$type.'>',''); } fclose($fp); } return $data; } function write_data($type, $newsettings) // write settings - 'counter' { global $settings_fname; $file_contents = ' */ ?>'; if (!$fp = fopen($settings_fname, 'r+')) { print "Cannot open file ($settings_fname)"; } else { flock($fp, LOCK_EX); $fsize = filesize($settings_fname); if ($fsize > 0) { $file_contents = fread( $fp,$fsize); } if(strpos($file_contents, "<$type>")!==false) { $oldsettings = GFS($file_contents, "<$type>", ""); $file_contents = str_replace("<$type>".$oldsettings."", "<$type>".$newsettings."", $file_contents); } else { $file_contents = str_replace("*/ ?>", "<$type>".$newsettings."*/ ?>", $file_contents); } ftruncate($fp, 0); fseek($fp, 0); if (fwrite($fp, $file_contents) === FALSE) { print "Cannot write to file ($settings_fname)"; exit; } flock($fp, LOCK_UN); fclose( $fp ); } } function conf_counter () // COUNTER { global $settings_fname; $C_MAX_VISIT_LENGHT = 1800; $C_NUMBER_OF_DIGITS = 8; $C_DIGIT_COLOR = 'FFFFFF'; $C_BG_COLOR = '000000'; $C_SIZE = 4; // 1, 2, 3, 4, 5 $C_DISPLAY = 0; //1- page loads; 0- unique $C_UNIQUE_START_COUNT = 0; $C_LOADS_START_COUNT = 0; $visit_len_list = array ('1800'=>'30 min','3600'=>'1 h','7200'=>'2 h','10800'=>'3 h','216000'=>'6 h','432000'=>'12 h','864000'=>'24 h'); $number_digits_list = array (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30); $show_list = array('show unique visitors', 'show pageloads'); $body_section = build_menu(); if(!isset($_POST['save'])) { $settings = read_data($settings_fname, 'counter'); if(strpos($settings, '')!==false) $max_visit_len = GFS($settings, '', ''); else $max_visit_len = $C_MAX_VISIT_LENGHT; if(strpos($settings, '')!==false) $number_of_digits = GFS($settings, '', ''); else $number_of_digits = $C_NUMBER_OF_DIGITS; if(strpos($settings, '')!==false) $size = GFS($settings, '', ''); else $size = $C_SIZE; if(strpos($settings, '')!==false) $digit_color = GFS($settings, '', ''); else $digit_color = $C_DIGIT_COLOR; if(strpos($settings, '')!==false) $bg_color = GFS($settings, '', ''); else $bg_color = $C_BG_COLOR; if(strpos($settings, '')!==false) $display = GFS($settings, '', ''); else $display = $C_DISPLAY; if(strpos($settings, '')!==false) $loads_start_count = GFS($settings, '', ''); else $loads_start_count = $C_LOADS_START_COUNT; if(strpos($settings, '')!==false) $unique_start_count = GFS($settings, '', ''); else $unique_start_count = $C_UNIQUE_START_COUNT; $src = "../documents/centraladmin.php?process=countersample" .(isset($_GET['bg_color'])&&isset($_GET['digit_color'])?'&bg_color='.$_GET['bg_color'].'&digit_color='.$_GET['digit_color']:''); $body_section .= "
"; $body_section .= "
Counter Settings


"; $body_section .= ''; $body_section .= ''; $s = (isset($_GET['size'])? $_GET['size']: $size); $body_section .= "'; $body_section .= ''; $body_section .= ""; $body_section .= ""; $body_section .= ''; $body_section .= ''; $body_section .= ""; $body_section .= '
Background color
Digit color


Font size"; $body_section .= ""; $body_section .= ""; $body_section .= ""; $body_section .= ""; $body_section .= "
Small font "; if(function_exists('imagecreate') && (function_exists('imagegif') || function_exists('imagejpeg') || function_exists('imagepng') ) ) { $body_section .= ""; } $body_section .= "
Medium font "; if(function_exists('imagecreate') && (function_exists('imagegif') || function_exists('imagejpeg') || function_exists('imagepng') ) ) { $body_section .= ""; } $body_section .= "
Bold font "; if(function_exists('imagecreate') && (function_exists('imagegif') || function_exists('imagejpeg') || function_exists('imagepng') ) ) { $body_section .= ""; } $body_section .= "
Large font "; if(function_exists('imagecreate') && (function_exists('imagegif') || function_exists('imagejpeg') || function_exists('imagepng') ) ) { $body_section .= ""; } $body_section .= "
Stylish font "; if(function_exists('imagecreate') && (function_exists('imagegif') || function_exists('imagejpeg') || function_exists('imagepng') ) ) { $body_section .= ""; } $body_section .= ' '; $body_section .= "


"; $body_section .= '

Display'.build_select_ca('display',$show_list,(isset($_GET['display'])? $_GET['display']: $display)).'
Number of digits" .build_select_ca('number_digits',$number_digits_list,(isset($_GET['num_digits'])? $_GET['num_digits']: $number_of_digits-1))."
Maximum visit length" .build_select_ca('max_visit_len',$visit_len_list,(isset($_GET['v_length'])? $_GET['v_length']: $max_visit_len)) ."
Unique start offset
Pageloads start offset
 
'; $body_section .= ""; } else { $newsettings = ''.$_POST['max_visit_len'].'' .''.($_POST['number_digits']+1).'' .''.$_POST['size'].'' .''.str_replace('#','',$_POST['digitcolor']).'' .''.str_replace('#','',$_POST['bgcolor']).'' .''.$_POST['display'].'' .''.$_POST['l_st_count'].'' .''.$_POST['u_st_count'].''; write_data('counter', $newsettings); $body_section .= "
Counter settings were saved successfully!

"; } $body_section = GT($body_section); print $body_section; } function hexrgb ($hexstr) { $int = hexdec($hexstr); return array("red" => 0xFF & ($int >> 0x10), "green" => 0xFF & ($int >> 0x8), "blue" => 0xFF & $int); } function counter_sample($size) // COUNTER { global $settings_fname; $settings = read_data($settings_fname, 'counter'); if(strpos($settings, '')!==false) $digit_color = GFS($settings, '', ''); else $digit_color = 'FFFFFF'; if(strpos($settings, '')!==false) $bg_color = GFS($settings, '', ''); else $bg_color = '000000'; $bg_color_rgb = (isset($_GET['bg_color'])? hexrgb($_GET['bg_color']): hexrgb($bg_color)); $digit_color_rgb = (isset($_GET['digit_color'])? hexrgb($_GET['digit_color']): hexrgb($digit_color)); if($size==1) { $w = 7; $h = 11; } elseif($size==2) { $w = 8; $h = 16; } elseif($size==3) { $w = 9; $h = 16; } elseif($size==4) { $w = 10; $h = 18; } elseif($size==5) { $w = 11; $h = 18; } $string = '0123456789'; $im = imagecreate(10*$w-10, $h); $bg = imagecolorallocate($im, $bg_color_rgb['red'], $bg_color_rgb['green'], $bg_color_rgb['blue']); $textcolor = imagecolorallocate($im, $digit_color_rgb['red'], $digit_color_rgb['green'], $digit_color_rgb['blue']); imagestring($im, $size, 3, 1, $string, $textcolor); if (function_exists("imagegif")) { header("Content-type: image/gif"); imagegif($im); } elseif (function_exists("imagejpeg")) { header("Content-type: image/jpeg"); imagejpeg($im); } elseif (function_exists("imagepng")) { header("Content-type: image/png"); imagepng($im); } } function reset_counter () // COUNTER resetting { global $counter_db_fname, $settings_fname; if(isset($_GET['confirmreset']) && file_exists($counter_db_fname) && (filesize($counter_db_fname)!==0)) { //$buff = ' 0000*/ '; $fp = fopen($counter_db_fname, 'r+' ); flock($fp, LOCK_EX); $fsize = filesize($counter_db_fname); ftruncate($fp, 0); fseek($fp, 0); //if (fwrite($fp, $buff) === FALSE) { print "Cannot write to file ($counter_db_fname)"; exit; } flock($fp, LOCK_UN); fclose($fp); write_data("counter_cookie_suffix", mktime()); $body_section = build_menu(); $body_section .= "
Counter reset succcessfully!

"; $body_section = GT($body_section, true); } else { $body_section = build_menu(); $body_section .= "
Reset Counter

Reset Counter only in case you need to start counting from zero.
Note that resetting counter will permanently remove all counter statistics!
If you want to proceed, press the link below to confirm resetting.

"; $body_section .= "Confirm Resetting Counter

"; $body_section = GT($body_section); } print $body_section; } function build_select_ca($name, &$data, $selected, $style="") { $r = ''; if (is_array($data) && !empty($data)) { $r = ""; $body_section .= "
"; $body_section = GT($body_section); print $body_section; } function process_users() //process add/edit/remove user { $body_section = ""; $body_section .= build_menu(); $sections = ''; $details = ''; if(isset($_POST["selectall"]) && $_POST["selectall"]=='no') { if(isset($_POST["section_list"])) { foreach($_POST["section_list"] as $k=>$v) { $sections .= ''; } } else { $sections .= ''; } } else { $sections .= ''; } if(isset($_POST["email"]) || isset($_POST["name"]) || isset($_POST["sirname"])) { $details .= '
'; } else { $details .= '
'; } //---------------------------------- if(isset($_POST['save'])) { $username = (isset($_POST['username'])?$_POST['username']:""); $flag = (isset($_POST['flag'])?$_POST['flag']:""); if ($flag=='add' && !preg_match("/^[A-Za-z_0-9]+$/", $_POST['username']) ) { $msg = "username can contain only A-Z, a-z, _ & 0-9 "; $body_section .= add_user_form ($flag, $msg); } elseif ($flag=='add' && duplicated_user($_POST['username']) ) { $msg = "user with such name already exists "; $body_section .= add_user_form ($flag, $msg); } elseif( $flag=='add' && ((empty($_POST['username'])) || (empty($_POST['password'])))) { $body_section .= add_user_form ($flag, "".'please, fill in both "username" and "password"'."", $username); } elseif( $flag=='editpass' && (empty($_POST['password'])) ) { $body_section .= add_user_form ($flag, "".'please, fill in "password"'."", $username); } elseif( ($flag=='add'|| $flag=='editpass') && empty($_POST['repeatedpassword'])) { $msg = "please, repeat password"; $body_section .= add_user_form ($flag, $msg, $username); } elseif ( ($flag=='add'|| $flag=='editpass') && $_POST['password']!=$_POST['repeatedpassword']) { $msg = "password and repeated password do not match"; $body_section .= add_user_form ($flag, $msg, $username); } elseif( ($flag=='add'|| $flag=='editpass') && strlen(trim($_POST['password']))<5) { $msg = "your password should be at least five symbols"; $body_section .= add_user_form ($flag, $msg, $username); } elseif( ($flag=='add'|| $flag=='editaccess') && $_POST["selectall"]=='no' && !isset($_POST["section_list"])) { $msg = "please, select access page"; $body_section .= add_user_form ($flag, $msg, $username); } elseif( ($flag=='add'|| $flag=='editdetails') && !empty($_POST["email"]) && !ch_email($_POST["email"])) { $msg = "please, use valid email address"; $body_section .= add_user_form ($flag, $msg, $username); } else { if($flag=='add') { db_write_user('add', $username, crypt($_POST['password']), $sections, $details); // ADD USER manage_users(); exit; } elseif($flag=='editpass') { db_write_user('editpass', $username, crypt($_POST['password'])); // CHANGE PASS manage_users(); exit; } elseif($flag=='editaccess') { db_write_user('editaccess', $username, '', $sections); // CHANGE ACCESS manage_users(); exit; } elseif($flag=='editdetails') { db_write_user('editdetails', $username, '', '', $details); // CHANGE DETAILS manage_users(); exit; } } } elseif(isset($_GET['editaccess'])) // SHOW CHANGE ACCESS FORM { $username = $_GET['editaccess']; $user_data = db_get_specific_user($username); $body_section .= add_user_form('editaccess', 'Edit user access', $username, $user_data['access']); } elseif(isset($_GET['editdetails'])) // SHOW CHANGE DETAILS FORM { $username = $_GET['editdetails']; $user_data = db_get_specific_user($username); $body_section .= add_user_form('editdetails', 'Edit user access', $username, $user_data['details']); } elseif(isset($_GET['editpass'])) //SHOW CHANGE PASS FORM { $username = $_GET['editpass']; $body_section .= add_user_form('editpass', 'Edit password', $username); } elseif(isset($_GET['removeuser'])) { $username = $_GET['removeuser']; db_remove_user($username); // REMOVE USER manage_users(); exit; } elseif(isset($_GET['checksection'])) //SHOW CHANGE PASS FORM { $section_id = $_GET['checksection']; $username = (isset($_GET['username'])? $_GET['username']:''); $body_section .= check_section_range($section_id, $username); } else { $body_section .= add_user_form('add', 'Add user'); } $body_section = GT($body_section); print $body_section; } function format_users_on_read($users) { $users_array = array(); $details_arr = array(); $i = 1; while (strpos($users, ''); $basic = GFS($all, '').' '; $details = GFS($all, '
').' '; $access = GFS($all, '', '').' '; list($username, $password) = explode (' ', $basic); $details_str = explode (' ', $details); foreach($details_str as $k=>$v) { if($v!='') $details_arr [substr($v, 0, strpos($v, '='))] = GFS($v, '="', '"'); } $access_arr = array(); $j = 1; while (strpos($access, ''); list($section, $type) = explode (' ', $access_str); $access_arr [] = array(substr($section, 0, strpos($section, '=')) => GFS($section, '="', '"'), substr($type, 0, strpos($type, '=')) => GFS($type, '="', '"')); $j++; } $users_array [] = array('id' => $i, 'username' => GFS($username, '="', '"'), 'password' => GFS($password, '="', '"'), 'access' => $access_arr, 'details' => $details_arr); $i++; } return $users_array; } function db_get_users() { global $db_file, $db_dir; $users = ''; $filename = $db_dir.$db_file; clearstatcache(); if (file_exists($filename)) { $fp = fopen($filename, 'r' ); $fsize = filesize($filename); if ($fsize > 0) { $file_contents = fread( $fp,$fsize); $users = GFS($file_contents,'',''); } fclose($fp); } return $users; } function db_get_specific_user($username) //get specific user from db { $users_arr = array(); $specific_user = array(); $users = db_get_users(); if($users!='') { $users_arr = format_users_on_read($users); } if(!empty($users_arr)) { foreach($users_arr as $k=>$v) { if(in_array($username, $v)) { $specific_user = $v; break; } } } return $specific_user; } function db_remove_user($username) // remove user { global $db_file, $db_dir; $result = false; $updated_users = ''; $filename = $db_dir.$db_file; $users_arr = array(); $users = db_get_users(); if($users!='') { $users_arr = format_users_on_read($users); } if(!empty($users_arr)) { $counter = 0; if (!$fp = fopen($filename, 'r+')) { print "Cannot open file ($filename)"; exit; } flock($fp, LOCK_EX); $fsize = filesize($filename); if ($fsize > 0) $file_contents = fread( $fp,$fsize); foreach($users_arr as $k=>$v) { if(!in_array($username, $v)) { $counter++; $updated_users .= ' '; foreach($v['access'] as $key=>$val) { $updated_users .= ''; } $updated_users .= '
'; } } $file_contents = str_replace($users,$updated_users,$file_contents); ftruncate($fp, 0); fseek($fp, 0); if (fwrite($fp, $file_contents) === FALSE) { print "Cannot write to file ($filename)"; exit; } flock($fp, LOCK_UN); fclose( $fp ); $result = true; } return $result; } function db_write_user($flag, $username, $pwd='', $sections='', $details='') //write user { $users_arr = array(); $specific_user = array(); $users = db_get_users(); if($users!='') { $users_arr = format_users_on_read($users); } if(!empty($users_arr)) { foreach($users_arr as $k=>$v) { if(in_array($username, $v)) { $id = $k+1; break; } } } if(isset($id)) db_edit_user($flag, $id, $pwd, $sections, $details); else db_add_user(count($users_arr)+1, $username, $pwd, $sections, $details); } function db_add_user($id, $username, $pwd, $sections, $details) //add user { global $db_file, $db_dir; $result = false; $filename = $db_dir.$db_file; $file_contents = ' */ ?>'; $new_user = ' '.$sections.' '.$details.' '; if (!$fp = fopen($filename, 'r+')) { print "Cannot open file ($filename)"; exit; } flock($fp, LOCK_EX); $fsize = filesize($filename); if ($fsize > 0) $file_contents = fread( $fp,$fsize); $file_contents = str_replace('', $new_user.'', $file_contents); if(strpos($file_contents, '/*')===FALSE) { $file_contents = str_replace('', '/*', $file_contents); $file_contents = str_replace('', '*/', $file_contents); } ftruncate($fp, 0); fseek($fp, 0); if (fwrite($fp, $file_contents) === FALSE) { print "Cannot write to file ($filename)"; exit; } flock($fp, LOCK_UN); fclose( $fp ); $result = true; } function db_edit_user($flag, $id, $pwd='', $sections='', $details='') //edit user's password or access { global $db_file, $db_dir; $result = false; $users = ''; $file_contents = ''; $fixed = ''; $filename = $db_dir.$db_file; $users = db_get_users(); if (!$fp = fopen($filename, 'r+')) { print "Cannot open file ($filename)"; exit; } flock($fp, LOCK_EX); $fsize = filesize($filename); if ($fsize > 0) $file_contents = fread( $fp,$fsize); $user_to_update = '').''; if(strpos($user_to_update, '')===false || strpos($user_to_update, '')!==false) { $fixed = str_replace('', '', $user_to_update); } else { if(strpos($user_to_update, '
0) $file_contents = fread( $fp,$fsize); } if($flag=='editpass') { $updated_user = str_replace(GFS($user_to_update, 'password="', '"'), $pwd, $user_to_update); } elseif($flag=='editaccess') { $updated_user = str_replace(GFS($user_to_update, '', ''), $sections, $user_to_update); } elseif($flag=='editdetails') { $updated_user = str_replace('
').'>', $details, $user_to_update); } else { $updated_user = $user_to_update; } $file_contents = str_replace($user_to_update, $updated_user, $file_contents); ftruncate($fp, 0); fseek($fp, 0); if (fwrite($fp, $file_contents) === FALSE) { print "Cannot write to file ($filename)"; exit; } flock($fp, LOCK_UN); fclose( $fp ); $result = true; return $result; } function getadmininfo() { global $db_file, $db_dir; $admin = ''; $filename = $db_dir.$db_file; if (file_exists($filename)) { $fp = fopen($filename, 'r' ); $fsize = filesize($filename); if ($fsize > 0) { $file_contents = fread( $fp,$fsize); $admin = GFS($file_contents,'',''); } fclose($fp); } return $admin; } function login_admin() // process login admin { global $db_file, $db_dir, $username, $pwd; $body_section = ""; if(isset($_POST['login'])) { $admin_account = getadmininfo(); if($admin_account!='') { $admin_account_array = explode('|', $admin_account); $user = $admin_account_array[0]; $pass = (get_magic_quotes_gpc()? $account_array[1]: str_replace( array( '\\\\', '\\\'', '\"' ), array('\\', '\'', '"'), ($account_array[1]))); if(isset($_POST['password'])) $pass_filled = crypt($_POST['password'], $pass); } else { $user = $username; $pass = $pwd; if(isset($_POST['password'])) $pass_filled = $_POST['password']; } if((empty($_POST['username'])) || (empty($_POST['password']))) { $body_section .= build_login_form("".'please, fill in both fields'.""); $body_section = GT($body_section); print $body_section; } elseif((strcmp(trim($_POST['username']), trim($user))!=0) || (strcmp(trim($pass_filled),trim($pass))!=0)) { $body_section .= build_login_form("".'incorrect'." ". 'username'."/".'password'.""); $body_section = GT($body_section); print $body_section; } else { setsession( 'SID_ADMIN', $user); //ADMIN if(isset($_SERVER['HTTP_USER_AGENT'])) setsession( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT'])); index(); } } else { $body_section .= build_login_form(); $body_section = GT($body_section); print $body_section; } } function logout_admin() { global $template_fname; unsetsession(); if(isset($_GET['pageid'])) { $protected_page_info = get_page_info($_GET['pageid']); $protected_page_name = $protected_page_info[1]; header("Location: ".$protected_page_name); } else { header("Location: $template_fname"); exit; } } function getsession($Var) { return (isset( $_SESSION[$Var]) ? $_SESSION[$Var] : ""); } function setsession($Var, $varValue) { $_SESSION[$Var] = $varValue; } function islogged($Var) { return ( "" != getsession($Var) ); } function unsetsession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); } function logoff_user() { global $template_fname, $thispage_id; $protected_page_info = get_page_info($thispage_id); $protected_page_name = $protected_page_info[1]; //path unsetsession(); if(isset($_GET['pageid'])) { $fixed_name = $protected_page_name; if(isset($_GET['indexflag'])) { if ($protected_page_info[4]=='143') { $fixed_name = $protected_page_name.'&action=index'; } if($protected_page_info[4]=='20') { $fixed_name = str_replace('action=show', 'action=noedit', $protected_page_name); } elseif (!in_array($protected_page_info[4], array('21', '130', '140'))) { $fixed_name = $protected_page_name.'?action=index'; } } header("Location: ".$fixed_name); } else { header("Location: $template_fname"); } exit; } function process_admin() { global $username, $pwd, $thispage_id, $version, $special_pages_ids; global $template_fname, $ca_version, $sitemap_fname, $set_login_cookie; $action_id = ''; $old_action_id = ''; $access_flag = false; users_import(); if(empty($_SESSION) ) { int_start_session_ca(); header("Cache-control: private"); } if (isset($_GET['process'])) $action_id = $_GET['process']; else if (isset($_POST['process'])) $action_id = $_POST['process']; if (isset($_GET['action'])) $old_action_id = $_GET['action']; // for old 'user logoff' compatibility if ($action_id == 'logout' || $old_action_id == 'logoff') { logoff_user(); } elseif ($action_id == "version") { echo $version; } elseif ($action_id == 'sitemap') { $file_contents = ''; if ((isset($_GET['pwd'])) && (crypt('admin',$_GET['pwd']) == 'llRanR22sJYds')) { $fp = fopen($sitemap_fname, 'r' ); $fsize = filesize($sitemap_fname); if ($fsize > 0) { $file_contents = fread( $fp,$fsize); } fclose($fp); } $file_contents = str_replace('', '', $file_contents); print $file_contents; exit; } elseif ($action_id == "logoutadmin") { logout_admin(); } elseif ($action_id == "countersample") { if(isset($_GET['size'])) counter_sample($_GET['size']); } elseif ($action_id == "index" || $action_id == "manageusers" || $action_id == "processuser" || $action_id == "loginadmin" || $action_id == "confcounter" || $action_id == "resetcounter") { if(!islogged('SID_ADMIN')) { if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) { session_regenerate_id();} // anti Session Fixation login_admin(); exit; } if(islogged('SID_ADMIN') && isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) { session_regenerate_id();} login_admin(); exit; } } if ($action_id == "index") { index(); } elseif ($action_id == "adminscreens") { admin_screens(); } elseif ($action_id == "manageusers") { manage_users(); } elseif ($action_id == "processuser") { process_users(); } elseif ($action_id == "loginadmin") { login_admin(); } elseif ($action_id == "confcounter") { conf_counter(); } elseif ($action_id == "resetcounter") { reset_counter(); } } else { $protected_page_info = get_page_info($thispage_id); $protected_page_name = $protected_page_info[1]; //path //start of actual pwd protection if(isset($_POST['pv_username'])) $pv_username = $_POST['pv_username']; if(isset($_POST['pv_password'])) $pv_password = $_POST['pv_password']; if(isset($_POST['pv_username']) && isset($_POST['pv_password'])) { if (checkauth($pv_username,$pv_password) == false) { if($username!=$pv_username || $pwd!=$pv_password) { error(); } } } if(!islogged('SID_ADMIN') || islogged('SID_ADMIN') && islogged('HTTP_USER_AGENT') && ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) ) //if not working in Central admin { if (!isset($_SESSION['cur_user']) || isset($_SESSION['cur_user']) && checkauth($_SESSION['cur_user'],$_SESSION['cur_pwd']) == false) { if(!isset($pv_username) || !isset($pv_password)) { $contents = get_login_form_html(); $pattern = GFS($contents,''); $contents = str_replace('', "" , $contents); print $contents; exit; } else { if(function_exists('session_regenerate_id') && version_compare(phpversion(),"4.3.3",">=") ) { session_regenerate_id();} if (checkauth($pv_username,$pv_password) == true) { $_SESSION['cur_pwd']= $pv_password; $_SESSION['cur_user'] = $pv_username; if($set_login_cookie==true) { setcookie("logged", $pv_username, time()+60*60*24); } $access_flag = true; } else { if($username != $pv_username) error(); //wrong username if(isset($pwd)) { if($pwd == $pv_password) { $_SESSION['SID_ADMIN']= $pv_password; if($set_login_cookie==true) { setcookie("logged", "admin", time()+60*60*24); } if(isset($_SERVER['HTTP_USER_AGENT'])) { setsession( 'HTTP_USER_AGENT',md5($_SERVER['HTTP_USER_AGENT'])); } $access_flag = true; } else error(); } else error(); } } } else { $access_flag = true; } } else { $access_flag = true; } if(isset($_GET['pageid'])) { if($access_flag==true) { $load_page = $protected_page_name; if(isset($_GET['indexflag'])) { if ($protected_page_info[4]=='143') { $load_page = $protected_page_name.'&action=index'; } elseif ($protected_page_info[4]=='133') { $load_page = '../subscribe/subscribe_'.str_replace('', '', $protected_page_info[10]).'.php?action=subscribers'; } elseif($protected_page_info[4]=='20') { if (isset($_SESSION['cur_pwd'.$_GET['pageid']])) $load_page = str_replace('action=show', 'action=remcookie', $protected_page_name); else $load_page = str_replace('action=show', 'action=doedit', $protected_page_name); } elseif($protected_page_info[4]=='21') { $load_page = str_replace('action=list', 'action=orders', $protected_page_name); } else { $load_page = $protected_page_name. '?action=index'; } } //else { ??? elseif ($protected_page_info[15] == '0' && ($protected_page_info[3] == '1' || $protected_page_info[3] == '0' && strpos($protected_page_info[1],'/SUB_')!==false) ) // FRAMES and SUBPAGE { if ($protected_page_info[7] > 0) { if (strpos($protected_page_info[1],'/SUB_')!==false) { $login_page_info = get_page_info($protected_page_info[7]); if (isset($login_page_info[3]) && ($login_page_info[3] == '0')) $load_page = str_replace('SUB_','',$load_page); } else if(in_array($protected_page_info[4], $special_pages_ids)) { $login_page_info = get_page_info($protected_page_info[7]); if (isset($login_page_info[3]) && ($login_page_info[3] == '0')) $load_page = str_replace('','',$protected_page_info[10]).'.php'; } } } header("Location: ".$load_page); } } } } process_admin(); ?>