<?
// PHP Bookmarks Admin Module v1.15
$pbcodever = "1.C";
$ver = "v1.15";
// configuration
// set insecure to 0 (which is good). It can be changed in conf.php.
$insecure = 0;
if(file_exists("conf.php"))
{
include("conf.php");
}
if($_SERVER["SERVER_PORT"] != "80" and $_SERVER["SERVER_PORT"] != "443")
{
$serverport = ":" . $_SERVER["SERVER_PORT"];
}
$httpprefix = "http";
if($_SERVER["HTTPS"] == "on")
{
$httpprefix = "https";
}
if(!isset($baseurl))
{
$baseurl = "$httpprefix://" . $_SERVER["SERVER_NAME"] . $serverport . $_SERVER["PHP_SELF"];
$baseurl = str_replace("admin.php", "index.php", $baseurl);
}
if(!isset($rssurl))
{
$rssurl = "$httpprefix://" . $_SERVER["SERVER_NAME"] . $serverport . $_SERVER["PHP_SELF"];
$rssurl = str_replace("admin.php", "rss.php", $rssurl);
}
if(!isset($adminurl))
{
$adminurl = "$httpprefix://" . $_SERVER["SERVER_NAME"] . $serverport . $_SERVER["PHP_SELF"];
}
require("functions.php");
// set admin
if($_SERVER["PHP_AUTH_USER"] or $insecure)
{
$admin = $_REQUEST["admin"];
}
elseif($_REQUEST["admin"] and !$insecure)
{
// Error: requesting admin functions while not authenticated
$fauxadmin = 1;
$admin = 0;
}
else
{
// Error: requesting page while not flagged as admin
$admin = 0;
header("Location: $baseurl");
}
require("header.php");
if(!$admin)
{
print "<b>Admin</b><br>\n<br>\n";
if($fauxadmin and !$insecure)
{
print "Error: requesting admin functions while not authenticated<br><br>\n";
}
print "You are not in admin mode. Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$baseurl\">return</a> ] to main page<br>\n";
exit;
}
if($SQLADMIN == "SETUP" and $dbname == "")
{
checkdbversion("");
exit;
}
$mysql_link = mysql_connect($dbmachine, $dbuser, $dbpassword);
mysql_select_db($dbname, $mysql_link);
// javascript:document.location =
// 'http://krux.org/bookmarks/admin.php?add=item
// &bookmarkmode=1
// &admin=1
// &item_itemname=' + escape(document.title) + '
// &item_itemdesc=' + escape(document.location)
if($_GET["bookmarkmode"])
{
$returnurl = $_GET["inputitemdesc"];
$item_itemname = stripslashes($_GET["item_itemname"]);
$returndesc = "to " . stripslashes($_GET["item_itemname"]);
$item_itemdesc = $_GET["item_itemdesc"];
}
if($_POST["bookmarkmode"])
{
$returnurl = $_POST["inputitemdesc"];
$item_itemname = $_POST["inputitemname"];
$returndesc = "to " . stripslashes($_POST["inputitemname"]);
$item_itemdesc = $_POST["inputitemdesc"];
}
else
{
$returnurl = "$baseurl?admin=$admin";
$returndesc = "to main page";
}
if($_REQUEST["edit"])
{
// edit item subroutine
$query = "SELECT item.ID, category.ID, category.name, item.name, item.description, item.comment, item.private ";
$query .= "FROM item LEFT JOIN category ON item.categoryID = category.ID ";
$query .= "WHERE item.ID = '" . $_REQUEST["edit"] . "' ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_itemID = $row[0];
$item_categoryID = $row[1];
$item_categoryname = $row[2];
$item_itemname = $row[3];
$item_itemdesc = $row[4];
$item_itemcomment = $row[5];
$item_itemprivate = $row[6];
}
$item_itemcommentprivate = $item_itemprivate & 1;
$item_itementryprivate = $item_itemprivate & 2;
if($_POST["edit"] == "submit")
{
// edit item
$item_itemcommentprivate = $_POST["inputitemcommentprivate"];
$item_itementryprivate = $_POST["inputitementryprivate"];
$item_itemprivate = 0;
if($item_itemcommentprivate)
{
$item_itemprivate = $item_itemprivate | 1;
}
if($item_itementryprivate)
{
$item_itemprivate = $item_itemprivate | 2;
}
$inputitemname = trim($_POST["inputitemname"]);
$inputitemdesc = trim($_POST["inputitemdesc"]);
$inputitemcomment = trim($_POST["inputitemcomment"]);
$inputcategoryID = trim($_POST["inputcategoryID"]);
$inputitemID = trim($_POST["inputitemID"]);
$query = "UPDATE item ";
$query .= "SET name = '$inputitemname', ";
$query .= " description = '$inputitemdesc', ";
$query .= " comment = '$inputitemcomment', ";
$query .= " categoryID = '$inputcategoryID', ";
$query .= " private = $item_itemprivate ";
$query .= "WHERE ID = '$inputitemID' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Edit Item</b><br>\n<br>\n";
print "<b>" . stripslashes($inputitemname) . "</b> updated<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["edit"] == "cancel")
{
// action canceled
print "<b>Edit Item</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Edit Item</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"edit\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"inputitemID\" value=\"$item_itemID\">\n";
print "Category:<br>\n";
categorynest($item_categoryID, $item_categoryID, 0, 0);
print "Name:<br>\n";
print "<input type=\"text\" name=\"inputitemname\" value=\"" . htmlspecialchars($item_itemname) . "\" size=64><br>\n";
print "URL:<br>\n";
print "<input type=\"text\" name=\"inputitemdesc\" value=\"$item_itemdesc\" size=64><br>\n";
print "Comment:<br>\n";
print "<input type=\"text\" name=\"inputitemcomment\" value=\"" . htmlspecialchars($item_itemcomment) . "\" size=64><br>\n";
print "Security:<br>\n";
print "<input type=\"checkbox\" name=\"inputitemcommentprivate\" value=\"1\"";
if($item_itemcommentprivate)
{
print " checked";
}
print "> hide comment<br>\n";
print "<input type=\"checkbox\" name=\"inputitementryprivate\" value=\"1\"";
if($item_itementryprivate)
{
print " checked";
}
print "> hide entry<br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"edit\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"edit\" value=\"cancel\">\n";
print "</form>";
}
}
elseif($_REQUEST["add"])
{
// add record subroutine
if($_POST["add"] == "submit")
{
// add item
$item_itemcommentprivate = $_POST["inputitemcommentprivate"];
$item_itementryprivate = $_POST["inputitementryprivate"];
$item_itemprivate = 0;
if($item_itemcommentprivate)
{
$item_itemprivate = $item_itemprivate | 1;
}
if($item_itementryprivate)
{
$item_itemprivate = $item_itemprivate | 2;
}
$inputitemname = trim($_POST["inputitemname"]);
$inputitemdesc = trim($_POST["inputitemdesc"]);
$inputitemcomment = trim($_POST["inputitemcomment"]);
$inputcategoryID = trim($_POST["inputcategoryID"]);
$inputitemID = trim($_POST["inputitemID"]);
$query = "INSERT INTO item (categoryID, date, name, description, comment, private) ";
$query .= "VALUES ('$inputcategoryID', now(), '$inputitemname', '$inputitemdesc', "
. "'$inputitemcomment', $item_itemprivate)";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Add Item</b><br>\n<br>\n";
print "<b>" . stripslashes($inputitemname) . "</b> added<br>\n<br>\n";
print "[ <a class=footer href=\"$adminurl?add=item&category=$inputcategoryID&admin=$admin\">add another</a> ]<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["add"] == "cancel")
{
// action canceled
print "<b>Add Item</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
$query = "SELECT name FROM category WHERE ID = '". $_GET["category"] . "' ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_categoryname = $row[0];
}
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"add\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"bookmarkmode\" value=\"" . $_REQUEST["bookmarkmode"] . "\">\n";
print "<b>Add Item</b> ";
if($_GET["category"])
{
print "[ <b>$item_categoryname</b> ]<br>\n";
print "<input type=\"hidden\" name=\"inputcategoryID\" value=\"" . $_GET["category"] . "\">\n";
}
else
{
print "<br>\nCategory:<br>\n";
// set flag for selecting the first item
$selectfirst = 3;
categorynest($item_categoryID, $item_categoryID, 0, 0);
}
print "Name:<br>\n";
print "<input type=\"text\" name=\"inputitemname\" value=\"" . htmlspecialchars($item_itemname) . "\" size=64><br>\n";
print "URL:<br>\n";
print "<input type=\"text\" name=\"inputitemdesc\" value=\"$item_itemdesc\" size=64><br>\n";
print "Comment:<br>\n";
print "<input type=\"text\" name=\"inputitemcomment\" value=\"" . htmlspecialchars($item_itemcomment) . "\" size=64><br>\n";
print "Security:<br>\n";
print "<input type=\"checkbox\" name=\"inputitemcommentprivate\" value=\"1\"> hide comment<br>\n";
print "<input type=\"checkbox\" name=\"inputitementryprivate\" value=\"1\"> hide entry<br>\n";
print "<br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"add\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"add\" value=\"cancel\">\n";
print "<br><br>Add this Quick Link to \n";
print "<a href=\"javascript:document.location = '$adminurl?";
print "add=item&bookmarkmode=1&admin=1&item_itemname=' + escape(document.title) + '&";
print "item_itemdesc=' + escape(document.location)\">Add to bookmarks</a> to your browser tool bar.";
print "</form>";
}
}
elseif($_REQUEST["del"])
{
// deletion subroutine
$query = "SELECT item.ID, category.ID, category.name, item.name, item.description, item.comment ";
$query .= "FROM item LEFT JOIN category ON item.categoryID = category.ID ";
$query .= "WHERE item.ID = '" . $_REQUEST["del"] . "' ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_itemID = $row[0];
$item_categoryID = $row[1];
$item_categoryname = $row[2];
$item_itemname = $row[3];
$item_itemdesc = $row[4];
$item_itemcomment = $row[5];
}
if($_POST["del"] == "submit")
{
// delete item
$inputitemname = trim($_POST["inputitemname"]);
$inputitemID = trim($_POST["inputitemID"]);
$query = "DELETE FROM item ";
$query .= "WHERE ID = '$inputitemID' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Delete Item</b><br>\n<br>\n";
print "<b>" . stripslashes($inputitemname) . "</b> deleted<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["del"] == "cancel")
{
// action canceled
print "<b>Delete Item</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Delete Item</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"del\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"inputitemID\" value=\"$item_itemID\">\n";
print "<input type=\"hidden\" name=\"inputitemname\" value=\"" . htmlspecialchars($item_itemname) . "\">\n";
print "<b>$item_itemname</b> will be deleted.<br>\n";
print "Proceed with deletion?<br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"del\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"del\" value=\"cancel\">\n";
print "</form>";
}
}
elseif($_REQUEST["category"])
{
// add category subroutine
if($_POST["category"] == "submit")
{
// add category
$inputcategoryname = trim($_POST["inputcategoryname"]);
$inputcategorycomment = trim($_POST["inputcategorycomment"]);
$inputcategoryparent = trim($_POST["inputcategoryparent"]);
if($inputcategoryparent)
{
$query = "INSERT INTO category (name, comment, parent) ";
$query .= "VALUES ('$inputcategoryname', '$inputcategorycomment', $inputcategoryparent)";
}
else
{
$query = "INSERT INTO category (name, comment) ";
$query .= "VALUES ('$inputcategoryname', '$inputcategorycomment')";
}
$mysql_result = mysql_query($query, $mysql_link);
if($inputcategoryparent)
{
$query = "SELECT ID FROM category ";
$query .= "WHERE name = '$inputcategoryname' ";
$query .= "AND parent = $inputcategoryparent ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_categoryID = $row[0];
}
$inputcategoryname = categorytitle($inputcategoryname, $item_categoryID);
}
print "<b>Add Category</b><br>\n<br>\n";
print "<b>$inputcategoryname</b> added<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["category"] == "cancel")
{
// action canceled
print "<b>Add Category</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Add Category</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"category\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
if($_REQUEST["parent"])
{
print "<input type=\"hidden\" name=\"inputcategoryparent\" value=\"" . $_REQUEST["parent"] . "\">\n";
}
print "Category name:<br>\n";
print "<input type=\"text\" name=\"inputcategoryname\" value=\"\" size=32><br>\n";
print "Category comment:<br>\n";
print "<input type=\"text\" name=\"inputcategorycomment\" value=\"\" size=32><br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"category\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"category\" value=\"cancel\">\n";
print "</form>";
}
}
if($_REQUEST["categoryedit"])
{
// edit category subroutine
$query = "SELECT ID, name, comment, parent ";
$query .= "FROM category WHERE ID = '" . $_REQUEST["categoryedit"] . "' ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_categoryID = $row[0];
$item_categoryname = $row[1];
$item_categorycomment = $row[2];
$item_categoryparent = $row[3];
}
if($_POST["categoryedit"] == "submit")
{
// edit item
$inputcategoryname = trim($_POST["inputcategoryname"]);
$inputcategorycomment = trim($_POST["inputcategorycomment"]);
$inputparentID = trim($_POST["inputparentID"]);
$inputcategoryID = trim($_POST["inputcategoryID"]);
$query = "UPDATE category ";
$query .= "SET name = '$inputcategoryname', ";
$query .= " comment = '$inputcategorycomment', ";
$query .= " parent = '$inputparentID' ";
$query .= "WHERE ID = '$inputcategoryID' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Edit Item</b><br>\n<br>\n";
$inputcategoryname = categorytitle($inputcategoryname, $inputcategoryID);
print "<b>$inputcategoryname</b> updated<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["categoryedit"] == "cancel")
{
// action canceled
print "<b>Edit Item</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Edit Item</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"categoryedit\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"inputcategoryID\" value=\"$item_categoryID\">\n";
print "Parent:<br>\n";
categorynest($item_categoryID, $item_categoryparent, 0, 1);
print "Category name:<br>\n";
print "<input type=\"text\" name=\"inputcategoryname\" value=\"" . htmlspecialchars($item_categoryname) . "\" size=64><br>\n";
print "Category comment:<br>\n";
print "<input type=\"text\" name=\"inputcategorycomment\" value=\"" . htmlspecialchars($item_categorycomment) . "\" size=64><br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"categoryedit\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"categoryedit\" value=\"cancel\">\n";
print "</form>";
}
}
if($_REQUEST["categorydel"])
{
// edit category subroutine
$query = "SELECT ID, name ";
$query .= "FROM category WHERE ID = '" . $_REQUEST["categorydel"] . "' ";
$mysql_result = mysql_query($query, $mysql_link);
while($row = mysql_fetch_row($mysql_result))
{
$item_categoryID = $row[0];
$item_categoryname = $row[1];
}
if($_POST["categorydel"] == "submit")
{
// delete category
$inputcategoryname = trim($_POST["inputcategoryname"]);
$inputcategoryID = trim($_POST["inputcategoryID"]);
print "<b>Delete Item</b><br>\n<br>\n";
purgecategory($inputcategoryname, $inputcategoryID);
print "All items deleted\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["categorydel"] == "cancel")
{
// action canceled
print "<b>Delete Item</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Delete Item</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"categorydel\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"inputcategoryID\" value=\"$item_categoryID\">\n";
print "<input type=\"hidden\" name=\"inputcategoryname\" value=\"" . htmlspecialchars($item_categoryname) . "\">\n";
print "<b>$item_categoryname</b> and it's items will be deleted.<br>\n";
print "Proceed with deletion?<br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"categorydel\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"categorydel\" value=\"cancel\">\n";
print "</form>";
}
}
if($_REQUEST["orderby"])
{
// edit category subroutine
$orderby = $_REQUEST["orderby"];
if($_POST["orderby"] == "submit")
{
// change default sort order
$inputorderby = trim($_POST["inputorderby"]);
$query = "UPDATE config SET val = '$inputorderby' WHERE name = 'orderby' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Sort order</b><br>\n<br>\n";
print "Default sort order changed to <b>$inputorderby</b>\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
elseif($_POST["orderby"] == "cancel")
{
// action canceled
print "<b>Sort order</b><br>\n<br>\n";
print "Action canceled<br>\n<br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
else
{
// display form
print "<b>Sort order</b><br>\n";
print "<form action=\"$adminurl\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"orderby\" value=\"submit\">\n";
print "<input type=\"hidden\" name=\"admin\" value=\"$admin\">\n";
print "<input type=\"hidden\" name=\"inputorderby\" value=\"$orderby\">\n";
print "Change the default sort order to <b>$orderby</b>?<br>\n";
print "<br>\n";
print "<input type=\"submit\" name=\"orderby\" value=\"submit\">\n";
print "<input type=\"submit\" name=\"orderby\" value=\"cancel\">\n";
print "</form>";
}
}
if(isset($_GET["setcomments"]))
{
// toggle comments
$query = "UPDATE config SET val = '" . $_GET["setcomments"] . "' WHERE name = 'comments' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Comments</b><br>\n<br>\n";
print "Comments are now <b>";
if($_GET["setcomments"])
{
print "visible";
}
else
{
print "hidden";
}
print "</b>\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
if(isset($_GET["seturls"]))
{
// toggle urls
$query = "UPDATE config SET val = '" . $_GET["seturls"] . "' WHERE name = 'urls' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>URLs</b><br>\n<br>\n";
print "URLs are now <b>";
if($_GET["seturls"])
{
print "visible";
}
else
{
print "hidden";
}
print "</b>\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
if(isset($_GET["closedorder"]))
{
// toggle urls
$query = "UPDATE config SET val = '" . $_GET["closedorder"] . "' WHERE name = 'closedorder' ";
$mysql_result = mysql_query($query, $mysql_link);
print "<b>Closed Categories</b><br>\n<br>\n";
print "Closed top level categories are now <b>";
print($_GET["closedorder"]);
print "</b>\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
}
if(isset($_GET["admintoclose"]))
{
// toggle locking of open/close in non admin mode
print "<b>Closed Categories</b><br>\n<br>\n";
print "Open/close functionality of categories while not in admin mode is now <b>";
if($_GET["admintoclose"])
{
$admintoclose = 1;
print "locked";
}
else
{
$admintoclose = 0;
print "unlocked";
}
print "</b>\n<br><br>\n";
print "[ <a class=footer href=\"$returnurl\">return</a> ] $returndesc<br>\n";
$query = "UPDATE config SET val = '$admintoclose' WHERE name = 'admintoclose' ";
$mysql_result = mysql_query($query, $mysql_link);
}
require("footer.php");
?>