Location: PHPKode > projects > BlogNEasy > index.php
<?php
/*++++++++++++++++++++++++++++++++++++++++++++++++++++
| BlogNEasy
| Copyright 2012 Fernando Baptista
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| index.php main file
| Version 0.9
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
++++++++++++++++++++++++++++++++++++++++++++++++++++++
*/
session_start();
clearstatcache();
error_reporting(E_ERROR | E_WARNING | E_PARSE);
$BNEversion="0.9";

// Redirects to install.php if data files don't exist
if(!file_exists("data/config.php")) header ("Location: install.php");

readsetup();
if($set['language']=="")
	$set['language']="en_US";

// Detects the insertion of code in the $_GET array
foreach ($_GET as $check_url) {
	if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) || (eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) || (eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) || (eregi("\"", $check_url)))
		die ($langmessage[98]);
}
unset($check_url);

// Global variable containing messages to the user;
$message="";

//Time offset from server
$fuso_s = strval($set['timeoffset']) * 3600;

// Disables $_GET except for login and sitemap
if($_GET['do']!="login" && $_GET['do']!="search" && $_GET['do']!="contact" && $_SESSION[$set['password']] != "1")
	unset($_GET['do']);

// Checks if there was a login attempt
if($_POST['submit']=="Login") {
	if(sha1(trim($_POST['password']))==$set['password']) {
		$_SESSION[$set['password']]="1";
		$message=$langmessage[95];
		unset($_GET['do']);
	} else $message=$langmessage[96];
}

if($_GET['do']=="logout") {
	unset($_SESSION[$set['password']]);
	session_destroy();
	unset($_GET['do']);
	$saida="Location: ".$set['homepath'];
	header($saida);
}
// edit these 2 following values to your convenience
$max_upload_file_size=2000000;
$max_upload_image_size=250000;

// reads the admin functions if the user is logged in
if($_SESSION[$set['password']] == "1") {
	require_once "admin.php";
//call admin functions for treating inputs if logged in
	treat_posts();
} else
// Disables $_POST['submit'] except for login, send message and send comment
	if($_POST['submit']!="login" && $_POST['submit']!="search" && $_POST['submit']!="Send message" && $_POST['submit']!="sendcomment" && $_SESSION[$set['password']] != "1")
		unset($_POST['submit']);

if($_POST['submit']=="sendcomment")
	$message=sendcomment();

if($_POST['submit']=="Send message")
	$message=sendmessage();

$templatepath="./templates/".$set['template']."/template.php";
if (!file_exists($templatepath)) $templatepath="./templates/default/template.php";
if (!file_exists($templatepath)) die ($templatepath." ".$langmessage[109]);

//Display the template and call the embebbed functions
$page=file_get_contents($templatepath);

$out="";
while($page != "") {
	if($pagearray=explode("$#",stripslashes($page),2)) {
		$out.=$pagearray[0];
		$page=$pagearray[1];
		if($pagearray=explode("#$",$page,2)) {
			$command=trim($pagearray[0]);
			$page=$pagearray[1];
			switch($command) {
				case "header": $out.= printheader(0); break;
				case "title": $out.='<a href="'.$set['homepath'].'">'.$set['title'].'</a>'; break;
				case "subtitle": $out.=$set['subtitle']; break;
				case "contact": $out.='<a href="'.$set['homepath'].'?do=contact">Contact</a>'; break;
				case "feed": $out.="<a href=\"rss.php\">Feed</a>"; break;
				case "content": content(); break;
				case "recent": recent(); break;
				case "search": $out.=searchform(); break;
				case "homelink": $out.='<a href="'.$set['homepath'].'">Home</a>'; break;
				case "image": $out.="./templates/".$set['template']."/images/"; break;
				case "mainmenu": $out.= mainmenu(0); break;
				case "mainmenu1": $out.= mainmenu(0,1); break;
				case "mainmenu2": $out.= mainmenu(0,2); break;
				case "sitemap": $out.= sitemap(0); break;
				case "login": $out.= loginout(); break;
				case "extra": extra(); break;
				case "footer": $out.= $set['footer']; break;
				default: 
					if(strpos($command, "content")!== false) {
						//$aa=explode(" ",$command,2);
						show_posts();
						//showcontent($pagenum, decode("data/".$pagenum."_".$aa[1].".html"));
					} elseif(strpos($command, "plugin")!== false) {
						$aa=explode(" ",$command,2);
						$pluginpath="plugins/".trim($aa[1]);
						if(file_exists($pluginpath."/first.mod"))
							$out=file_get_contents($pluginpath."/first.mod").$out;
						if(file_exists($pluginpath."/header.mod"))
							$out=str_replace("</head>",file_get_contents($pluginpath."/header.mod")."\n</head>",$out);
						if(file_exists($pluginpath."/onload.mod"))
							$out=str_replace("<body","<body onload=\"".file_get_contents($pluginpath."/onload.mod")."\"",$out);
						if(file_exists($pluginpath."/include.mod"))
							include "plugins/".trim($aa[1])."/include.mod";
						if(file_exists($pluginpath."/place.mod"))
							$out.=file_get_contents("$pluginpath/place.mod");
					} else {
						$out .= $command;
					}
			}
		} else break;
	} else break;
}
if($page != "") $out.=$page;

// finished page creation, send it to the browser
print $out;

### Execution end ###

function content() {
  global $pagenum, $edit, $set, $selected, $message, $menu, $out, $langmessage, $LNEversion, $message, $addons;
  if($message!="") $out.="<h2 class=\"LNE_message\">".$message."</h2>\n";
  if(function_exists('adminmenu')) $out.=adminmenu();
	switch($_GET['do']) {
	case "search":
		$out.="<h2 class=\"LNE_title\">$langmessage[66]</h2>\n";
		$out.=search();
		break;
	case "contact":
		$out.="<h2 class=\"LNE_title\">$langmessage[48]</h2>\n";
		$out.=contact();
		break;
	case "editextra":
		print $out;
		$out="";
		editextra();
		break;
	case "login":
		$out.= loginform();
		break;
	case "settings":
		$out.= settings();
		break;
	case "setup":
		$out.= setup();
		break;
	case "adminposts":
		adminposts();
		break;
	default:
		$expanded=1;
		$collapsed=0;
		if($_GET['showcomments']!="")
			if(!is_intval($_GET['showcomments']))
				die ($langmessage[98]);
			else
				$comenta=intval($_GET['showcomments']);
		else
			$comenta=1;
		if($_GET['categ']!="")
			if(!is_intval($_GET['categ']))
				die ($langmessage[98]);
			else {
				$categ=intval($_GET['categ']);
				$expanded=0;
				$collapsed=99;
			}
		else
			$categ=-1;
		if(!isset($_GET['categ']) && !isset($_GET['showcomments']) && !isset($_GET['id']))
			$out.=show_posts(1,0,2);
		else
			$out.=show_posts($expanded,$collapsed,$comenta,$categ);
	}
}

function clean($string) {
	return trim(str_replace('&nbsp;',' ',$string));
}

function compare($x,$y) {
	if($x[0] == $y[0]) return 0;
	elseif($x[0] < $y[0]) return -1;
	else return 1;
}

function contact() {
	global $langmessage, $set;
	$out="<div id=\"LNE_contact\">\n<form method=\"post\" action=\"\"><fieldset class=\"noborder\" >\n<table>\n";
	$out.="<tr><td align=\"right\">$langmessage[38]:</td>\n";
	$out.="<td><input  type=\"text\" name=\"name\" value=\"\" /></td></tr>\n";
	$out.="<tr><td align=\"right\">$langmessage[73]:</td>\n";
	$out.="<td><input  type=\"text\" name=\"email\" value=\"\" /></td></tr>\n";
	$out.="<tr><td align=\"right\" valign=\"top\">$langmessage[63]:</td>\n";
	$out.="<td><textarea name=\"text\" rows=\"8\" style=\"width: 250px;\"></textarea></td></tr>\n";
	$out.="<tr><td align=\"right\"><b>$langmessage[99]:&nbsp;</b></td>\n";
	if($set['catchpa']==0) {
		//text catchpa
		srand((double) microtime() * 1000000);
		$a = rand(0, 9);
		$b = rand(0, 9);
		$c=$a+$b;
		$out.="<td>$a + $b = ";
		$_SESSION[session_id()] = $c;
		$out.="<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" />";
		$our.="</td></tr>\n";
	} else {
		// image catchpa
		$out.="<td>".catchpa()."</td></tr>\n";
	}
	$out.="<tr><td>&nbsp;</td>\n<td>";
	$out.="<input type=\"hidden\" name=\"submit\" value=\"Send message\" />";
	$out.="<input type=\"submit\" name=\"aa\" value=\"$langmessage[64]\" />";
	$out.="</td></tr>\n</table></fieldset></form></div>\n";
	return $out;
}

function credits() {
global $BNEversion;
return "<!-- +++++++++++++++++++++++++++++++++++++++++++++++++
| BlogNEasy version $BNEversion
| Copyright 2012 Fernando Baptista
++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->\n";
}

function data_formatada($unix_time) {
	global $set;
	return strftime($set['dateformat'], $unix_time);
}

function decode($string) {
	return utf8_decode(stripslashes($string));
}

function deletedata($array,$file,$pos,$value,$numfields) {
	$array1=$array;
	unset($array);
	$fp=fopen("data/".$file.".dat","w");
	$count=0;
	$count1=0;
	while($array1[$count][0]!="") {
		if($array1[$count][$pos]!=$value) {
			for($i=0;$i<$numfields;$i++){
				if($i==$numfields-1) fwrite($fp,$array1[$count][$i]."||");
				else fwrite($fp,$array1[$count][$i]."|");
			}
			$array[$count1]=$array1[$count];
			$count1++;
		}
		$count++;
	}
	fclose($fp);
	return $array;
}

function editor($out) {
	global $set;
	include_once($set['editorpath']."fckeditor.php");
	$CKeditor = new FCKeditor("texto");
	$CKeditor->BasePath = $set['editorpath'];
	$CKeditor->Height = 400 ;
//	$CKeditor->Config['AutoDetectLanguage'] = true ;
//comment out the next line for using the FCK editor default skin
	$CKeditor->Config['SkinPath'] = "skins/silver/";
	$CKeditor->Value = $out;
	$CKeditor->Create() ;
}

function encode($string) {
	return addslashes(utf8_encode($string));
}

function extra() {
	global $out;
	if(file_exists("data/extra.htm")) $out.=showcontent($pagenum,"extra.htm");
}

function filelist($pattern, $start_dir='.', $dir=0) {
$filenames=array();
if ($handle = opendir($start_dir)) {
	while (false !== ($file = readdir($handle))) {
		if (strcmp($file, '.')==0 || strcmp($file, '..')==0) continue;
		if($dir) {
			if(is_dir($start_dir."/".$file))
				array_push($filenames, $file);
		} else
			array_push($filenames, $file);
	}
	closedir($handle);
}
$order=-1;
$filesort = create_function('$a,$b', "\$a1=\$a$sortby;\$b1=\$b$sortby; if (\$a1==\$b1) return 0; else return (\$a1<\$b1) ? -1 : 1;");
uasort($filenames, $filesort);
return $filenames;
}

function is_intval($value) {
     return 1 === preg_match('/^[+-]?[0-9]+$/', $value);
}

function loginform() {
	global $langmessage, $BNEversion;
	$out='<div align="center"><form method="post" action=""><h2>BlogNEasy '.$BNEversion.' '.$langmessage[120].'</h2>';
	$out.='<p>'.$langmessage[6].':&nbsp;<input  type="password" name="password" value="" />';
	$out.='<input type="hidden" name="submit" value="Login" />';
	$out.='<input type="submit" name="aa" value="'.$langmessage[120].'" /></p></form></div>';
	return $out;
}

function loginout() {
	// displays the login/logout link
	global $set, $langmessage;
	if($_SESSION[$set['password']]=="1")
		$out.='<a href="'.$set['homepath'].$set['indexfile'].'?do=logout" rel="nofollow">'.$langmessage[121].'</a>';
	else
		$out.='<a href="'.$set['homepath'].$set['indexfile'].'?do=login" rel="nofollow">'.$langmessage[120].'</a>';
	return $out;
}

function mainmenu($span=0) {
	global $set, $langmessage;
	$aa="\n";
	$aa.="<li><a href=\"".$set['indexfile']."\" class=\"first\">$langmessage[111]</a></li>\n";
	$cat=readdata("categories");
	$count=0;
	$first=true;
	while($cat[$count][0] != "") {
			$aa.='<li';
			if($first) {
				$first=false;
				$aa.='';
			}
			$aa.='>';
			if($span==3) $aa.="<span>";
			$aa.='<a ';
/*			if($menu[$count][0]==$selected['index'])
				$aa.='class="selected" '; */
			$aa.='href="'.$set['indexfile'].'?categ='.$cat[$count][0].'">';
			if($span==2) $aa.="<span>";
			$aa.=$cat[$count][1];
			if($span==1) $aa.="<span>";
			if($span==2 || $span==1) $aa.="</span>";
			$aa.="</a>";
			if($span==3) $aa.="</span>";
			$aa.="</li>\n";
		$count++;
	}
	return $aa;
}

function printheader($generate,$tmpl="-") {
global $set, $langmessage, $cntt, $BNEversion;
$out.= checktitle();
$out.= credits();
$out.="<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\n";
$out.="<meta http-equiv='Content-Language' content='".$set['language']."' />\n";
$out.="<meta http-equiv='Content-Script-Type' content='text/javascript' />\n";
$out.="<meta http-equiv='Content-Style-Type' content='text/css' />\n";
$out.="<meta name='keywords' content='".$set['keywords']."' />\n";
$out.="<meta name='description' content='".$set['description']."' />\n";
$out.="<meta name='author' content='".$set['author']."' />\n";
$out.="<meta name='generator' content='BlogNEasy $BNEversion' />\n";
$out.="<meta name='Robots' content='index, nofollow' />\n";
$out.="<meta http-equiv='imagetoolbar' content='no' /><!-- disable IE's image toolbar -->\n";
$out.="<link rel=\"alternate\" type=\"application/rss+xml\" title=\"".$set['title']." RSS Feed\" href=\"rss.php\" />\n";
$out.="<link rel='stylesheet' type='text/css' href='templates/".$set['template']."/style.css' />\n";
$out.="<link rel='stylesheet' type='text/css' href='css/blogneasy.css' />\n";
//$out.= checkaddons();
return $out;
}

function checktitle() {
global $cntt, $set, $selected, $langmessage, $pagenum;
	if($_GET['id']!="") {
		if(!is_intval($_GET["id"])) die ($langmessage[98]);
		$noticia_numero = $_GET["id"];
	}
	$aa=explode("||",trim(@file_get_contents("data/posts.dat")));
	$count=0;
	$lugar=-1;
	while($aa[$count] != "") {
		$aaa=explode("|",trim($aa[$count]));
		$row_db[$count]=$aaa;
		if($noticia_numero!="" && $row_db[$count][0]==$noticia_numero) {
			$lugar=$count;
			break;
		}
		$count++;
	}
	$count--;
	if($lugar==-1)
		$lugar=$count;
	$out.="<title>".decode($row_db[$lugar][3])." | ".$set['title']."</title>\n";
return $out;
}

function checkaddons() {
	global $pagenum, $addons, $cntt;
	$xtra=stripslashes(decode(file_get_contents("data/extra.htm")));
	if(strpos($cntt, '%!$plugin')!==false) {
		$one=explode('%!$plugin',$cntnt,2);
		$two=explode('$!%',$one[1],2);
		$pluginame="./plugins/".trim($two[0]);
		if(file_exists($pluginame."/header.mod")) {
			$three=file_get_contents($pluginame."/header.mod");
			$out.= $three."\n";
		}
		if(file_exists($pluginame."/first.mod") && !$generate) {
			include "$pluginame/first.mod";
		}
	}
/*	foreach($addons as $addon)
		if((strpos( $cntt,"%!$".$addon[0]) || strpos( $xtra,"%!$".$addon[0])) && strval($addon[5]) && strval($addon[3]))
			require_once "addons/".$addon[0]."/header.php"; */
	return $out;
}

function readdata($file){
	// read a data file, returns an array with the content
	$content=@file_get_contents("data/".$file.".dat");
	str_replace("||\n", "||", $content);
	$aa=array();
	$aa = explode("||",trim($content));
	$count = 0;
	foreach($aa as $aaa) {
		$bb[$count] = explode("|",trim($aaa));
		$count++;
	}
	return $bb;
}

function readsetup() {
	global $set, $langmessage;
	require "data/config.php";
	$set['title']=decode($set['title']);
	$set['subtitle']=decode($set['subtitle']);
	$set['keywords']=decode($set['keywords']);
	$set['description']=decode($set['description']);
	$set['author']=decode($set['author']);
	$set['footer']=decode($set['footer']);
	$set['indexfile']=decode($set['indexfile']);
	$set['fromname']=decode($set['fromname']);
	$set['extension']="php";
	if($set['language']=="") $set['language']="en_US";
	if($set['catchpa']=="") $set['catchpa']="1";
	require "./languages/lang_".$set['language'].".php";
}

function recent($count=5) {
	global $out, $set, $langmessage;
	$posts=readdata("posts");
	$cont=0;
	while($posts[$cont][0]!="") {
		$cont++;
	}
	$out.="<h2>$langmessage[40]</h2>\n<ul>\n";
	$count1=0;
	$pointer=$cont-1;
	while($posts[$pointer][0]!="") {
		if($pointer<0)
			break;
		$out.="<li><a href=\"".$set['indexfile']."?id=".$posts[$pointer][0]."\">".$posts[$pointer][3]."</a></li>\n";
		$count1++;
		if($count1>=$count)
			break;
		$pointer--;
	}
	$out.="</ul>\n";
}

function sanitize($text) {
	if(strpos($text,null) !== false)
		die($langmessage[98]);
	// Convert problematic ascii characters to their true values
	$search = array("40","41","58","65","66","67","68","69","70",
		"71","72","73","74","75","76","77","78","79","80","81",
		"82","83","84","85","86","87","88","89","90","97","98",
		"99","100","101","102","103","104","105","106","107",
		"108","109","110","111","112","113","114","115","116",
		"117","118","119","120","121","122"
		);
	$replace = array("(",")",":","a","b","c","d","e","f","g","h",
		"i","j","k","l","m","n","o","p","q","r","s","t","u",
		"v","w","x","y","z","a","b","c","d","e","f","g","h",
		"i","j","k","l","m","n","o","p","q","r","s","t","u",
		"v","w","x","y","z"
		);
	$entities = count($search);
	for ($i=0;$i < $entities;$i++) $text = preg_replace("#(&\#)(0*".$search[$i]."+);*#si", $replace[$i], $text);
	// the following is based on code from bitflux (http://blog.bitflux.ch/wiki/)
	// Kill hexadecimal characters completely
	$text = preg_replace('#(&\#x)([0-9A-F]+);*#si', "", $text);
	// remove any attribute starting with "on" or xmlns
	$text = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iU', ">", $text);
	do {
		$oldtext = $text;
		preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $text);
	// remove javascript: and vbscript: protocol
	} while ($oldtext != $text);
	$text = preg_replace('#([a-z]*)=([\`\'\"]*)script:#iU', '$1=$2nojscript...', $text);
	$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iU', '$1=$2nojavascript...', $text);
	$text = preg_replace('#([a-z]*)=([\'\"]*)vbscript:#iU', '$1=$2novbscript...', $text);
	$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*expression\([^>]*>#iU', "$1>", $text);
	$text = preg_replace('#(<[^>]+)style=([\`\'\"]*).*behaviour\([^>]*>#iU', "$1>", $text);
	return $text;
}

function strip_html($text) {
	return preg_replace('#<(.|\n)*?>','', $text);
}

function search() {
	global $out, $set, $langmessage, $message;
	if($_POST['submit']=="search" && $_POST['search']!="" && $_POST['search']!=$langmessage[49]) {
		$needle=sanitize($_POST['search']);
		$out.="<h3>$langmessage[68]\"$needle\":</h3>\n<ul>\n";
		$posts=array();
		$posts=readdata("posts");
		//check within titles
		$cont=0;
		while($posts[$cont][0]!="") {
			$text=strip_tags(decode($posts[$cont][3]));
			if(($pos=stripos($text, $needle))!==false) {
				$text=strip_tags($text);
				$first=substr($text,0,strval($pos));
				$last=substr($text , strval($pos)+strlen($needle));
				$out.="<li><a href=\"index.php?id=".$posts[$cont][0]."\">$first<b>$needle</b>$last</a></li>\n";
			}
			$text=strip_tags(decode($posts[$cont][4]));
			if(($pos=stripos($text, $needle))!==false) {
				$first=substr($text,0,strval($pos));
				if(strlen($first)>=50)
					$first="...".substr($first,strlen($first)-50);
				$last=substr($text , strval($pos)+strlen($needle));
				if(strlen($last)>=50)
					$last=substr($last, 0,50)."...";
				$out.="<li><a href=\"index.php?id=".$posts[$cont][0]."\">".$posts[$cont][3]."</a><p>$first<b>$needle</b>$last</p></li>\n";
			}
			$cont++;
		}
		$out.="</ul>";
	}
}

function searchform() {
	global $set, $langmessage, $message;
	$out.="<div class=\"f_search\">\n<form method=\"post\" action=\"index.php?do=search\">\n";
	$out.="<p><input type=\"text\" name=\"search\" value=\"$langmessage[49]\" class=\"search\" onblur=\"if(this.value=='') this.value='$langmessage[49]';\" onfocus=\"if(this.value=='search...') this.value='';\" />\n";
	$out.="<input type=\"hidden\" name=\"submit\" value=\"search\" />\n";
	$out.="<input type=\"submit\" value=\"$langmessage[65]\" class=\"submit\" /></p>\n";
	$out.="</form>\n</div>\n";
	return $out;
}

function sendcomment() {
	global $editar, $langmessage;
	if(!is_intval(trim($_POST['newsid'])) || !is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) die ("Send Comment - aha! Clever!");
	$editar=true;
	if($_POST['commentname']=="" || $_POST['commentmessage']=="")
		return $langmessage[101];
	else {
		if($_POST['secCode'] != $_SESSION[session_id()])
			return $langmessage[139];
		else {
			$text=sanitize(strip_tags($_POST['commentmessage']));
			$order = array("\r\n", "\n", "\r");
			$text = str_replace($order, "<br />", $text);
			if($_POST['commentemail']=="") $email="-";
			else $email = sanitize(strip_tags($_POST['commentemail']));
			$name=sanitize(strip_tags($_POST['commentname']));
			if(!$fp=fopen("./data/comments.dat","a")) die ($langmessage[142]);
			fwrite($fp,$_POST['newsid']."|".encode($name)."|".encode($email)."|".time()."|".encode($text)."||\n");
			fclose($fp);
			$editar=false;
			return $langmessage[141];
		}
	}
}

function sendmessage() {
	global $set, $langmessage, $message;
	if(!is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) die ($langmessage[98]);
	if($_POST['secCode'] != $_SESSION[session_id()]) {
		$message=$langmessage[139];
	} else {
		if(isset($_POST['text'])) {
			$message=$langmessage[56];
			if($_POST['text']!="" && $_POST['name']!="") {
				//Contribution from user Utaka:
/*               if(extension_loaded("mbstring") && function_exists("mb_encode_mimeheader")) {
                    mb_language("uni");
                    mb_internal_encoding("UTF-8");
                    $fromname =  '"'. mb_encode_mimeheader($set['fromname']).'" <'.$set['fromemail'].'> ';
                } else { */
                    $fromname = $set['fromemail'];
//                }
                $email = html_entity_decode(sanitize($_POST['email']));
                $text = html_entity_decode(sanitize($_POST['text']));
                $name = html_entity_decode(sanitize($_POST['name']));

                $additional_header = array();
                $additional_header[] = 'MIME-Version: 1.0';
                $additional_header[] = 'Content-Type: text/plain; charset=utf-8';
//                $additional_header[] = 'Content-Transfer-Encoding: 7bit ';
                $additional_header[] = 'From: ' .$fromname;
                $to=$set['toemail']."\r\n";
                if(function_exists(mb_send_mail))
					if(!mb_send_mail($to, $langmessage[57].$set['fromname'], $langmessage[57].$name." at ".$email."\r\n".$text, implode("\r\n", $additional_header) ))
						$message=$langmessage[58];
				else
					if(!mail($to, $langmessage[57].$set['fromname'], $langmessage[57].$name." at ".$email."\r\n".$text, implode("\r\n", $additional_header) ))
						$message=$langmessage[58];
			} else
				$message=$langmessage[59];
		} else
			$message=$langmessage[59];
	}
	return $message;
}

function showcontent($pagenum,$file="") {
	global $out, $addons;
	$open="%!$";
	$close="$!%";
	if(file_exists("data/".$file))
		$page=stripslashes(decode(file_get_contents("data/".$file)));
	else 
		$page="<h2>$langmessage[116]</h2>\n";
	while(strpos($page,$open)) {
		$pagearray=explode($open,$page,2);
		$out.=$pagearray[0];
		unset($pagearray1);
		$pagearray1=explode($close,$pagearray[1],2);
		if(substr($pagearray1[0],0,7)=="include") {
			print $out;
			$out="";
			include(trim(substr($pagearray1[0],7)));
		} elseif(substr($pagearray1[0],0,8)=="function") {
			$bb=trim(substr($pagearray1[0],8));
			$aa=explode(" ",$bb);
			if($aa[3]!="") $out.=$aa[0]($aa[1],$aa[2],$aa[3]);
			elseif($aa[2]!="") $out.=$aa[0]($aa[1],$aa[2]);
			elseif($aa[1]!="") $out.=$aa[0]($aa[1]);
			else $out.=$aa[0]();
		} elseif(substr($pagearray1[0],0,6)=="plugin") {
			$pluginame="./plugins/".clean(substr($pagearray1[0],6));
			if(file_exists($pluginame."/header.mod"))
				$out=str_replace("</head",file_get_contents($pluginame."/header.mod")."\n</head",$out);
			if(file_exists($pluginame."/first.mod"))
				include $pluginame."/first.mod";
			if(file_exists($pluginame."/onload.mod"))
				$out=str_replace("<body","<body onload=\"".file_get_contents($pluginame."/onload.mod")."\"",$out);
			if(file_exists("$pluginame/place.mod"))
				$out.=file_get_contents("$pluginame/place.mod");
			if(file_exists("$pluginame/include.mod")) {
				print $out;
				include "$pluginame/include.mod";
				$out="";
			}
		} else {
			$out .= "\n".$pagearray1[0]."\n";
		}
		$page = $pagearray1[1];
	}
	if($page!="") $out .= $page;
}

function show_posts($post_integra=1,$post_cabecalho=9,$comenta=0,$categ=-1) {
	global $langmessage, $set, $fuso_s;
	if($_GET['id']!="") {
		if(!is_intval($_GET["id"])) die ($langmessage[98]);
		$noticia_numero = $_GET["id"];
	}
	$aa=explode("||",trim(@file_get_contents("data/posts.dat")));
	$count=0;
	$lugar=-1;
	$cc=0;
	//read all posts or only posts=$categ, if set
	while($aa[$cc] != "") {
		$aaa=explode("|",trim($aa[$cc]));
		if($categ==-1 || (strval($aaa[7]) == strval($categ))) {
			$row_db[$count]=$aaa;
			if($noticia_numero!="" && $row_db[$count][0]==$noticia_numero)
				$lugar=$count;
			$count++;
		}
		$cc++;
	}
	$count--;
	$total=$count;
	if($lugar==-1)
		$noticia_numero=$row_db[$count][0];
	else {
	// place the selected posts on top
		$n=$row_db[$lugar];
		for($i=$lugar; $i<$total; $i++) {
			$row_db[$i]=$row_db[$i+1];
		}
		$row_db[$total]=$n;
		$post_integra=1;
	}
	$row_cmt=readdata("comments");
	$first=true;
	$firstcomment=true;
	// display expanded posts
	$out.="<div id=\"LNEnews\">\n";
	$ctg=readdata("categories");
	while($row_db[$count][0]!="" && $total-$count<$post_integra) {
		if(!$first) $out.="<hr /><br />";
		$out.=show_one_post($row_db[$count][3],$row_db[$count][5],$row_db[$count][4],$row_db[$count][1],$row_db[$count][2],$row_db[$count][0]);
		$c1=0;
		while($ctg[$c1][0]!=$row_db[$count][7] && $ctg[$c1][0]!="") {
			$c1++;
		}
		if($ctg[$c1][3]) { // are comments set in the corresponding category?
			// read comments
			$j=0;
			foreach($row_cmt as $aaa) {
				if($aaa[0]==$row_db[$count][0]) {
					$comments[$j]=$aaa;
					$j++;
				}
			}
			if($j) { // there are comments
				if($comenta==2) {
					$ff=true;
					$i=0;
					while($comments[$i][0]!="") {
						if($ff) {
							$out.="<div class=\"LNEnews_comments\">".$langmessage[143].":</div>";
							$ff=false;
						}
						$out.="<div class=\"LNEnews_comment\">\n";
						$out.="<span class=\"time\">".$langmessage[112]." ".data_formatada($comments[$i][3] + $fuso_s)."</span>";
						$out.="<span class=\"poster\">$langmessage[144]: </span>\n";
						$out.="<span class=\"author\">";
						$out.=decode($comments[$i][1])."</span>";
						$out.="<span class=\"text\">".stripslashes(decode($comments[$i][4]))."</span>";
						if($_SESSION[$set['password']]=="1") {
							$out.="\n<form method=\"post\" action=\"\">\n";
							$out.="<input type=\"hidden\" name=\"newsid\" value=\"".$comments[$i][0]."\" />\n";
							$out.="<input type=\"hidden\" name=\"id\" value=\"".$comments[$i][3]."\" />\n";
							$out.="<input type=\"hidden\" name=\"submit\" value=\"deletecomment\" />\n";
							$out.="<input type=\"image\" name=\"aaa\" src=\"images/editdelete.png\" style=\"width: 16px; height: 16px; border: none; background: transparent;\" value=\"\" title=\"$langmessage[174]\" />\n";
							$out.="</form>\n";
						}
						$out.="</div>\n";
						$i++;
//						unset($_GET['showcomments']);
					}
				} else
					$out.="<a href=\"".$_SERVER['SCRIPT_NAME']."?id=".$noticia_numero."&amp;showcomments=2\">".$langmessage[143].": ".$j."</a><br />\n";
			}
			// display comments form
			if($firstcomment) {
				if(intval($comenta))
					$out.="<br />".commentform($noticia_numero);
				$firstcomment=false;
			}
		}
		$first=false;
		$count--;
	}
	$first=true;
	$GETarray = $_GET;
	$total=$count;
	while($row_db[$count][0]!="" && $total-$count<$post_cabecalho) {
		if($first) {
			$first=false;
			$out.="<div style=\"text-align: center; font-size: 85%; font-weight: bold; \">$langmessage[113]</div>";
			$out.="<table border='0' align='center'><tr><td>$langmessage[12]</td><td>$langmessage[114]</td><td>$langmessage[16]</td></tr>";
		}
		$GETarray['id'] = $row_db[$count][0];
		$call = $_SERVER['SCRIPT_NAME'] . "?" . http_build_query($GETarray,'','&amp;');
		$out.="<tr><td><a href=\"".$call."\">".decode($row_db[$count][3])."</a></td><td>".strftime("%d/%m/%y - %I:%M %p", $row_db[$count][5] + $fuso_s)."</td><td>".$row_db[$count][1]."</td></tr>";
		$count--;
	}
	if(!$first) $out.="</table>";
	$out.="</div>\n<div class=\"clear\"></div>\n";
	return $out;
}

function show_one_post($a,$b,$c,$d,$e,$f) {
	global $langmessage, $fuso_s, $set;
	if(function_exists('adminmenu')) {
		$out.="<a href=\"".$set['homepath'].$set['indexfile']."?do=adminposts&action=edit&id=$f\">\n";
		$out.="<img src=\"images/edit.png\" alt=\"edit\" align=\"left\" border=\"0\" /></a>\n";
	}
	$out.="<h2 class=\"LNEnews_title\" >".decode($a);
	$out.="</h2>\n";
	$out.="<h3 class=\"LNEnews_date\"><span class=\"LNEnews_author\">$langmessage[16]: ";
	$out.=stripslashes(decode($d));
	$out.="</span> - ";
	$out.=$langmessage[112]." ".data_formatada(strval($b) + $fuso_s)."</h3>\n";
	$out.="<div class=\"LNEnews_text\">".stripslashes(decode($c))."</div>\n";
	return $out;
}

function commentform($newsid) {
	global $langmessage,$editar, $set;
	$out="<form action=\"\" method=\"post\"><fieldset class=\"noborder\">\n";
	if($_SESSION[$set['password']]=="1") {
		$out.="<input type=\"hidden\" name=\"commentname\" value=\"".$set['fromname']."\" />\n";
		$out.="<input type=\"hidden\" name=\"commentemail\" value=\"".$set['fromemail']."\" />\n";
	} else {
		$out.="<b>$langmessage[38]:&nbsp;</b><br />\n";
		$out.="<input type=\"text\" name=\"commentname\" style=\"width:250px\" value=\"";
		if($editar) $out.=$_POST['commentname'];
		$out.="\" /><br/>\n";
		$out.="<b>$langmessage[33]:&nbsp;</b><br/>\n";
		$out.="<input type=\"text\" name=\"commentemail\" style=\"width:250px\" value=\"";
		if($editar) $out.=$_POST['commentemail'];
		$out.="\"><br/>\n";
	}
	$out.="<b>$langmessage[138]:&nbsp;</b><br/>\n";
	$out.="<textarea name=\"commentmessage\" style=\"width:100%; height:80px\">";
	if($editar) $out.=$_POST['commentmessage'];
	$out.="</textarea><br/>\n";
	if(function_exists('adminmenu')) {
		$_SESSION[session_id()]="1";
		$out.="<input type=\"hidden\" name=\"secCode\" value=\"1\" />\n";
	} elseif($set['catchpa']=="0") {
		$out.="<b>$langmessage[99]:<br/>";
		//text catchpa
		srand((double) microtime() * 1000000);
		$a = rand(0, 9);
		$b = rand(0, 9);
		$c=$a+$b;
		$out.="$a + $b = ";
		$_SESSION[session_id()] = $c;
		$out.="<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" />\n";
	} else {
		$out.="<b>$langmessage[99]:<br/>";
		// image catchpa
		$out.= catchpa();
	}
	$out.="<input type=\"hidden\" name=\"submit\" value=\"sendcomment\" /><br />";
	$out.="<input type=\"hidden\" name=\"newsid\" value=\"$newsid\" /><br/>";
	$out.="<input type=\"submit\" value=\"$langmessage[137]\" />\n</td></tr>\n</fieldset></form><br />\n";
	return $out;
}

function sv($s) {
	if (!isset($_SERVER)) {
		global $_SERVER;
		$_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
	}
	if (isset($_SERVER[$s]))return $_SERVER[$s];
	else return'';
}

function convertRGB($color) {
    $color = eregi_replace('[^0-9a-f]', '', $color);
    return array(hexdec(substr($color, 0, 2)), hexdec(substr($color, 2, 2)), hexdec(substr($color, 4, 2)));
}

function createImage($text, $width, $height, $font = 5) {
    global $fontColor, $bgColor, $lineColor, $set;

    if($img = @ImageCreate($width, $height)) {
      list($R, $G, $B) = convertRGB($fontColor);
      $fontColor = ImageColorAllocate($img, $R, $G, $B);
      list($R, $G, $B) = convertRGB($bgColor);
      $bgColor = ImageColorAllocate($img, $R, $G, $B);
      list($R, $G, $B) = convertRGB($lineColor);
      $lineColor = ImageColorAllocate($img, $R, $G, $B);
		imagefilledrectangle($img, 0, 0, imagesx($img), imagesy($img), $bgColor);
      for($i = 0; $i <= $width; $i += 5) {
        @ImageLine($img, $i, 0, $i, $height, $lineColor);
      }
      for($i = 0; $i <= $height; $i += 5) {
        @ImageLine($img, 0, $i, $width, $i, $lineColor);
      }

      $hcenter = $width / 2;
      $vcenter = $height / 2;
      $x = round($hcenter - ImageFontWidth($font) * strlen($text) / 2);
      $y = round($vcenter - ImageFontHeight($font) / 2);
      ImageString($img, $font, $x, $y, $text, $fontColor);

      if(function_exists('ImagePNG')) {
        @ImagePNG($img, "data/catchpa.png");
		return("png");
      } else if(function_exists('ImageGIF')) {
		@ImageGIF($img, "data/catchpa.gif");
		return("gif");
      }
      else if(function_exists('ImageJPEG')) {
        @ImageJPEG($img, "data/catchpa.jpg");
        return("jpg");
      }
      ImageDestroy($img);
    }
}

function catchpa(){
    global $fontColor, $bgColor, $lineColor, $set, $out;
	$fontSize = 5;              // font size (1 - 5)
	$fontColor = "000000";      // font color (RGB hexcode)
	$bgColor = "FFFFFF";        // background color (RGB hexcode)
	$lineColor = "B0B0B0";      // line color (RGB hexcode)
	srand((double) microtime() * 1000000);
	$secCode = '';
	for($i = 0; $i < 6; $i++)
		$secCode .= rand(0, 9);
	$_SESSION[session_id()] = $secCode;
	$ext=createImage($secCode, 71, 21, $fontSize);
	return("<input type=\"text\" name=\"secCode\" maxlength=\"6\" style=\"width:50px\" />\n&nbsp;<b>&laquo;</b>&nbsp;<img src=\"data/catchpa.$ext\" width=\"71\" height=\"21\" align=\"absmiddle\" />");
}

//replacement for PHP5 function http_build_query() if that function doesn't exist
//taken from the PHP online manual
if(!function_exists('http_build_query')) {
    function http_build_query($data,$prefix=null,$sep='',$key='') {
        $ret    = array();
            foreach((array)$data as $k => $v) {
                $k    = urlencode($k);
                if(is_int($k) && $prefix != null) {
                    $k    = $prefix.$k;
                };
                if(!empty($key)) {
                    $k    = $key."[".$k."]";
                };

                if(is_array($v) || is_object($v)) {
                    array_push($ret,http_build_query($v,"",$sep,$k));
                }
                else {
                    array_push($ret,$k."=".urlencode($v));
                };
            };

        if(empty($sep)) {
            $sep = ini_get("arg_separator.output");
        };

        return    implode($sep, $ret);
    };
};
?>
Return current item: BlogNEasy