<?php
/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package QuickTalk Guestbook
* @author Philippe Vandenberghe <hide@address.com>
* @copyright 2009-2012 The PHP Group
* @version 2.5 build:20100731
*/
session_start();
require_once('bin/qtg_init.php');
if ( !isset($_SESSION['qtgAuth']) ) HtmlRedirect('qtg_login.php'); // CHECK LOGIN
if ( $_SESSION['qtgAuth']!='yes' ) HtmlRedirect('qtg_login.php');
include(GetLang().'qtg_adm.php');
$qtg_skin='admin';
$pg_name='';
$pg_url='qtg_adm_medit_exe.php';
function ToCsv($str='')
{
if ( empty($str) ) return '""';
return '"'.str_replace('"',"'",$str).'"';
}
// CHECK ARGUMENTS
if ( !isset($_GET['y']) ) die ('Missing argument [y]');
if ( !isset($_GET['m']) ) die ('Missing argument [m]');
if ( !isset($_GET['ip']) ) die ('Missing argument [ip]');
if ( !isset($_GET['n']) ) die ('Missing argument [n]');
if ( !isset($_GET['charset']) ) $_GET['charset']='UTF-8';
// READ ARGUMENTS (protection against injection)
$intYear = intval($_GET['y']);
$intMonth = intval($_GET['m']);
$strIp = strip_tags(substr($_GET['ip'],0,30));
$intNum = intval($_GET['n']);
$strCharset = strip_tags(substr($_GET['charset'],0,15));
$bHidden = true;
$bBbc = true;
$bSmile = true;
if ( isset($_GET['f']) ) { $f=substr($_GET['f'],0,3); } else { $f='txt'; }
if ( isset($_GET['h']) ) { if ( $_GET['h']=='N' ) $bHidden=false; }
if ( isset($_GET['b']) ) { if ( $_GET['b']=='N' ) $bBbc=false; }
if ( isset($_GET['s']) ) { if ( $_GET['s']=='N' ) $bSmile=false; }
// --------
// SUBMITTED
// --------
if ( isset($_GET['export']) || isset($_GET['delete']) || isset($_GET['hide']) || isset($_GET['unhide']) )
{
$strDate = strval($intYear); if ( $intMonth>0 ) $strDate = strval($intYear*100+$intMonth);
switch(substr($oDB->type,0,5))
{
case 'mysql':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'mssql':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'pg': $strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'ibase':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'sqlit':$strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'db2': $strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'oci': $strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
case 'file': $strWhere = ''; break;
default: die('Unknown db type '.$oDB->type);
}
if ( isset($_GET['delete']) || isset($_GET['hide']) || isset($_GET['unhide']) )
{
include('qtg_p_header.php');
include('qtg_adm_menu.php');
if ( isset($_GET['hide']) )
{
if ( is_a($oDB,'cDT') )
{
if ( !empty($strIp) ) $strWhere .= $strIp;
$strWhere .= '-y';
$arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
foreach($arr as $str)
{
$oPost = new cPost();
$oPost->id = $str;
$oPost->SetStatus('n');
}
}
else
{
if ( !empty($strIp) )$strWhere .= ' AND ip="'.$strIp.'"';
$oDB->Query('UPDATE '.TABMESSAGE.' SET visible="N" WHERE id>=0 AND '.$strWhere);
}
}
if ( isset($_GET['unhide']) )
{
if ( is_a($oDB,'cDT') )
{
if ( !empty($strIp) ) $strWhere .= $strIp;
$strWhere .= '-n';
$arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
foreach($arr as $strFile)
{
$oPost = new cPost();
$oPost->id = $strFile;
$oPost->SetStatus('y');
}
}
else
{
if ( !empty($strIp) ) $strWhere .= ' AND ip="'.$strIp.'"';
$oDB->Query('UPDATE '.TABMESSAGE.' SET visible="Y" WHERE id>=0 AND '.$strWhere);
}
}
if ( isset($_GET['delete']) )
{
if ( is_a($oDB,'cDT') )
{
if ( !empty($strIp) ) $strWhere .= $strIp;
$arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
foreach($arr as $strFile)
{
$oPost = new cPost();
$oPost->id = $strFile;
$oPost->Delete();
}
}
else
{
if ( !empty($strIp) ) $strWhere .= ' AND ip="'.$strIp.'"';
$oDB->Query('DELETE FROM '.TABMESSAGE.' WHERE id>=0 AND '.$strWhere);
}
}
echo '<h1>',$L['Update_successfull'],'</h1>';
echo '
<p><a id="exiturl" href="qtg_adm_msg.php">',$L['Messages'],'</a></p>
<script type="text/javascript">
<!--
setTimeout(\'window.location=document.getElementById("exiturl").href\',1000);
-->
</script>
';
include('qtg_p_footer.php');
exit;
}
if ( isset($_GET['export']) )
{
// query
if ( is_a($oDB,'cDT') )
{
if ( !empty($strIp) ) $strWhere .= $strIp;
if ( !$bHidden ) $strWhere .= '-y';
$oDB->GetFiles($strWhere,0,$strDate,$strDate);
rsort($oDB->arrFiles);
$oDB->curFiles=0;
}
else
{
$oDB->Query('SELECT * FROM '.TABMESSAGE.' WHERE id>=0 AND '.$strWhere.($bHidden ? '' : ' AND visible="Y"'));
}
// export
if ( !headers_sent() )
{
header('Content-Type: text/plain; charset='.$strCharset);
header('Content-Disposition: attachment; filename="qt_'.date('Ymd').'.'.$f);
}
while($row=$oDB->Getrow())
{
$oPost = new cPost($row);
if ( $bBbc || $bSmile )
{
if ( strstr($oPost->message,'[') )
{
if ( $bBbc ) $oPost->message=QTunbbc($oPost->message,true);
if ( $bSmile ) $oPost->message=preg_replace('\[(\:|\;).\]','',$oPost->message);
}
if ( strstr($oPost->name,'[') )
{
if ( $bBbc ) $oPost->name=QTunbbc($oPost->name,true);
if ( $bSmile ) $oPost->name=preg_replace('\[(\:|\;).\]','',$oPost->name);
}
}
// uncode all html entities (requires php 4.3)
$oPost->message = html_entity_decode($oPost->message,ENT_QUOTES,$strCharset);
$oPost->name = html_entity_decode($oPost->name,ENT_QUOTES,$strCharset);
$oPost->postfrom = html_entity_decode($oPost->postfrom,ENT_QUOTES,$strCharset);
if ( $f=='txt' )
{
echo $oPost->name;
if ( !empty($oPost->userage) ) echo " ($oPost->userage)";
if ( !empty($oPost->useremail) ) echo ", $oPost->useremail";
if ( !empty($oPost->postfrom) ) echo ", $oPost->postfrom";
if ( !empty($oPost->issuedate) ) echo " ".QTdatestr($oPost->issuedate,'j-n-Y',$qtg_formattime);
echo "\r\n\r\n".$oPost->message;
echo "\r\n___________________________\r\n\r\n";
}
if ( $f=='csv' )
{
$oPost->message = str_replace("\r\n","\n",$oPost->message);
$oPost->message = str_replace("\n","\\n",$oPost->message);
echo ToCsv($oPost->id).';';
echo ToCsv($oPost->name).';';
echo ToCsv($oPost->userage).';';
echo ToCsv($oPost->useremail).';';
echo ToCsv($oPost->postfrom).';';
echo ToCsv(QTdatestr($oPost->issuedate,'Y-m-d','H:i')).';';
echo ToCsv($oPost->y).';';
echo ToCsv($oPost->x).';';
echo ToCsv($oPost->z).';';
echo ToCsv($oPost->message).';';
echo "\r\n";
}
}
exit;
}
}
// --------
// HTML START
// --------
include('qtg_p_header.php');
include('qtg_adm_menu.php');
if ( !isset($_GET['a']) ) die ('Missing argument [a]');
$a = substr($_GET['a'],0,6);
if ( $a=='Export' )
{
$arr = array(
"ISO-8859-1"=>"ISO-8859-1 (Western European, Latin-1)",
"ISO-8859-15"=>"ISO-8859-15 (Western European, Latin-9)",
"UTF-8"=>"UTF-8 (ASCII compatible multi-byte 8-bit Unicode)",
"cp1251"=>"cp1251 (Windows-specific Cyrillic charset)",
"cp1252"=>"cp1252 (Windows specific charset for Western European)");
echo '
<h1>',$L['Export'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
',$L['Format'],' <select name="f">
<option value="txt">Text</option>
<option value="csv">CSV</option>
</select> Charset
<select name="charset">
',QTasTag($arr,$strCharset),'
</select><br/><br/>
',$L['Include_hidden'],' <select name="h">
<option value="Y"',($bHidden ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bHidden ? QSEL : ''),'>',$L['No'],'</option>
</select>
',$L['Drop_bbc'],' <select name="b">
<option value="Y"',($bBbc ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bBbc ? QSEL : ''),'>',$L['No'],'</option>
</select>
',$L['Drop_smile'],' <select name="s">
<option value="Y"',($bSmile ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bSmile ? QSEL : ''),'>',$L['No'],'</option>
</select>
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="export" value="',$L['Ok'],'"/>
</form></p>
';
}
if ( $a=='Hide' )
{
echo '
<h1>',$L['Hide'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="hide" value="',$L['Hide'],' !"/>
</form></p>
';
}
if ( $a=='Unhide' )
{
echo '
<h1>',$L['Unhide'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="unhide" value="',$L['Unhide'],' !"/>
</form></p>
';
}
if ( $a=='Delete' )
{
echo '
<h1>',$L['Delete'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="delete" value="',$L['Delete'],' !"/>
</form></p>
';
}
// --------
// HTML END
// --------
include('qtg_p_footer.php');
?>