<?php
/*
MGB 0.6.x - OpenSource PHP and MySql Guestbook
Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// ================ //
// activate.inc.php //
// ================ //
//
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //
// make sure nobody has direct access to this script
if (!defined('ADMINISTRATION'))
{
include ("error.html");
die();
}
else
{
if(check_rights($_GET['action'], $_SESSION['ID']))
{
// load config, settings and language files
require ("../includes/config.inc.php");
require ("../includes/load_settings.inc.php");
require ("../language/".$settings['language_path']."/lang_admin.php");
// load templates
require ("load_template_admin.inc.php");
// set number of site to "1" if it is "0"
if(!isset($_GET['p'])) { $_GET['p'] = 1; }
// connect to database
$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(activate.inc.php) Error, line 48: ".mysql_error());
@mysql_select_db($db['dbname'], $link) or die ("(activate.inc.php) Error, line 49: ".mysql_error());
$_POST['dropbox'] = cleanstr($_POST['dropbox']);
if(isset($_POST['dropbox']) AND $_POST['dropbox'] == 1)
{
$sql = "UPDATE `".$db['prefix']."entries` SET `checked` = '1' WHERE checked=0";
@mysql_query($sql, $link) or die ("(activate.inc.php) Error, line 56: ".mysql_error());
}
elseif(isset($_POST['dropbox']) AND $_POST['dropbox'] == 2)
{
$sql = "UPDATE `".$db['prefix']."entries` SET `isspam` = '1' WHERE isspam=0";
@mysql_query($sql, $link) or die ("(activate.inc.php) Error, line 61: ".mysql_error());
}
if(isset($_GET['id']))
{
if(isset($_GET['isspam']) AND secure_value($_GET['isspam'] == 1))
{
$sql = "UPDATE `".$db['prefix']."entries` SET `isspam` = '1' WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
}
else
{
$sql = "UPDATE `".$db['prefix']."entries` SET `checked` = '1' WHERE ID=".secure_value($_GET['id'])." LIMIT 1";
}
@mysql_query($sql, $link) or die ("(activate.inc.php) Error, line 75: ".mysql_error());
// send an email to user
if(isset($_GET['notify']) AND $_GET['notify'] == 1 AND !isset($_GET['isspam']))
{
$sql = "SELECT name, email, message FROM ".$db['prefix']."entries WHERE id=".secure_value($_GET['id'])." LIMIT 1";
$result = @mysql_query($sql, $link) or die ("(activate.inc.php) Error, line 81: ".mysql_error());
$data = mysql_fetch_array($result);
$name = $data['name'];
$email = $data['email'];
$message = $data['message'];
$date = date("d"."/"."m"."/"."Y");
$time = date("H".":"."i");
$url_to_gb = "http://".$settings['h_domain'].$settings['gb_path']."index.php";
$lang['sendmail_user_notification_title'] = format_mail(repl_uml($lang['sendmail_user_notification_title'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", "");
$settings['sendmail_user_notification_text'] = format_mail(repl_uml($settings['sendmail_user_notification_text'], $charset), $name, $date, $time, xhtmlbr2nl($message), $settings['h_domain'], $url_to_gb, "", "", "", "", "", "");
$mail_header = "content-type: text/plain; charset=".$charset."\n";
$mail_header .= "from: ".$settings['admin_gbemail'];
if (!empty($email))
{
if (@mail($email, $lang['sendmail_user_notification_title'], $settings['sendmail_user_notification_text'], $mail_header) )
{
$sendemail_successfull = 1;
}
else
{
$sendemail_successfull = 0;
}
}
}
}
// get total number of entries
$results = @mysql_query("SELECT COUNT(ID) FROM ".$db['prefix']."entries WHERE CHECKED = 0 AND ISSPAM = 0") or die ("(activate.inc.php) Error, line 114: ".mysql_error());
$total = @mysql_result($results, 0);
// compute how many pages there are
$p = ($total / 20);
if ($p <= 1)
{
$p = 0;
if ($total > 1)
{
$how_many_entries = "<span class=\"admin\">".$total." ".$lang['entries']."</span>";
}
elseif ($total == 0)
{
$how_many_entries = "<span class=\"admin\">".$lang['no_deactivated_entries']."</span>";
}
else
{
$how_many_entries = "<span class=\"admin\">".$total." ".$lang['entry']."</span>";
}
}
else
{
$p = ceil($p);
$how_many_entries = "<span class=\"admin\">".$total." ".$lang['entries_on_pages']."</span>";
}
$load_start = ($_GET['p'] * 20) - 20;
$load_end = 20;
$pages_total = ceil($p);
if ($_GET['p'] == 1)
{
$sf_forwards = "<a class=\"admin\" href=\"admin.php?action=activate&p=".($_GET['p'] + 1).$sid."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
$sf_pagenumber = $_GET['p'];
if ($pages_total >= 3 )
{
$sf_last = "<a class=\"admin\" href=\"admin.php?action=activate&p=".$pages_total."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
}
}
if ($_GET['p'] > 1)
{
if (($pages_total >= 3) AND ($_GET['p'] > 2))
{
$sf_first = "<a class=\"admin\" href=\"admin.php?action=activate&p=1".$sid."\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
}
$sf_backwards = "<a class=\"admin\" href=\"admin.php?action=activate&p=".($_GET['p'] - 1).$sid."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
$sf_pagenumber = $_GET['p'];
$sf_forwards = "<a class=\"admin\" href=\"admin.php?action=activate&p=".($_GET['p'] + 1).$sid."\" title=\"".$lang['page_forwards']."\">".$lang['page_forwards_symbol']."</a>";
if (($pages_total >= 3) AND ($_GET['p'] < ($pages_total - 1)))
{
$sf_last = " <a class=\"admin\" href=\"admin.php?action=activate&p=".$pages_total.$sid."\" title=\"".$lang['page_last']."\">".$lang['page_last_symbol']."</a>";
}
}
if ($_GET['p'] == $pages_total)
{
if ($pages_total >= 3)
{
$sf_first = "<a class=\"admin\" href=\"admin.php?action=activate&p=1".$sid."\" title=\"".$lang['page_first']."\">".$lang['page_first_symbol']."</a>";
}
$sf_backwards = "<a class=\"admin\" href=\"admin.php?action=activate&p=".($_GET['p'] - 1).$sid."\" title=\"".$lang['page_backwards']."\">".$lang['page_backwards_symbol']."</a>";
$sf_pagenumber = $_GET['p'];
$sf_forwards = "";
}
if ($pages_total <= 0)
{
$content_scrolling_function = "<br><br>";
}
// load guestbook entries
$sql = "SELECT * FROM ".$db['prefix']."entries WHERE checked=0 AND isspam=0 ORDER BY ID DESC LIMIT $load_start, $load_end";
$result = @mysql_query($sql, $link) or die ("(activate.inc.php) Error, line 190: ".mysql_error());
$counter = 0;
for($i = 0; $i < mysql_num_rows($result); $i++)
{
$entry[$i] = mysql_fetch_array($result);
$counter++;
}
if ($counter <= 1)
{
if ($_GET['p'] == 1)
{
$add_page_nr = NULL;
}
else
{
$add_page_nr = "&p=".($_GET['p'] - 1);
}
}
else
{
$add_page_nr = "&p=".$_GET['p'];
}
// fill entry template with content
require ("../includes/functions.inc.php");
if(!isset($entry)) { $entry = NULL; }
for($i = 0; $i < count($entry); $i++)
{
$page_entry[$i] = $content_activate;
if($entry[$i]['ip'] == NULL) { $entry[$i]['ip'] = "-"; }
if($entry[$i]['comment'] == NULL) { $entry[$i]['comment'] = "-"; }
// wordwrap: if message contains words longer than $settings['wordwrap'] they will
// be broken into two or more strings. If $settings['wordwrap'] == 0, function is off
// this method taken from http://de.php.net/manual/en/function.wordwrap.php#64517
// will luckily not affect html tags
$entry[$i]['message'] = textWrap($entry[$i]['message'], 45);
$entry[$i]['comment'] = textWrap($entry[$i]['comment'], 45);
// convert bbcodes
$entry[$i]['message'] = bbcode_format($entry[$i]['message'], "adminpanel");
$entry[$i]['comment'] = bbcode_format($entry[$i]['comment'], "adminpanel");
// fill template with entry (strings)
$page_entry[$i] = template("ENTRY_ID", $entry[$i]['ID'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_NAME", substr($entry[$i]['name'], 0, 20), $page_entry[$i]);
$page_entry[$i] = template("ENTRY_MESSAGE", $entry[$i]['message'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_IP", $entry[$i]['ip'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_EMAIL", $entry[$i]['email'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_HP", $entry[$i]['hp'], $page_entry[$i]);
$page_entry[$i] = template("ENTRY_COMMENT", $entry[$i]['comment'], $page_entry[$i]);
$page_entry[$i] = template("LANG_QUOTE", $lang['quote'], $page_entry[$i]);
$page_entry[$i] = template("ACTIVATE", "<a href=\"admin.php?action=activate&id=".$entry[$i]['ID']."&notify=".$entry[$i]['user_notification'].$add_page_nr.$sid."\"><img class=\"icon\" src=\"templates/default/images/activate.png\" title=\"".$lang['activate_entry']."\" alt=\"".$lang['activate_entry']."\"></a>", $page_entry[$i]);
$page_entry[$i] = template("MARK_AS_SPAM", "<a href=\"admin.php?action=activate&id=".$entry[$i]['ID']."&isspam=1".$add_page_nr.$sid."\"><img class=\"icon\" src=\"templates/default/images/spam.png\" title=\"".$lang['mark_as_spam']."\" alt=\"".$lang['mark_as_spam']."\"></a>", $page_entry[$i]);
$page_entry[$i] = template("TEMPLATE_PATH", "templates/".$settings['template_path'], $page_entry[$i]);
if(!isset($page_include)) { $page_include = NULL; }
$page_include .= $page_entry[$i];
}
}
else
{
$page_include = "<span class=\"admin\">".$lang['errormessage4']."</span>";
$content_scrolling_function = "<br>";
}
}
// close sql connection
@mysql_close($link);
?>