/*
Main administration script for Intellect Board 2
(c) 2004, XXXX Pro, United Open Project
Visit us online: http://iboard.xxxxpro.ru
*/
error_reporting(E_ERROR | E_WARNING | E_PARSE |E_CORE_ERROR | E_CORE_WARNING);
set_error_handler("err_handler");
$IBOARD=1;
$GLOBALS['admin']=1;
require("../xaphpi.php");
require("../common.php");
require("../database.php");
require("../iboard.php");
require("../db/$DBdriver.php");
require("../addons.php");
session_name("IB2XP");
$mode=$_COOKIE['IB2XP_mode'];
if ($mode==1) session_set_cookie_params(date("r",time()+30*60));
session_start();
if ($mode==2) $_SESSION=unserialize(stripslashes($_COOKIE['IB2XP_long']));
$inuserid = addslashes($_SESSION['uid']);
if (!$inuserid) $inuserid="1";
$inpassword = addslashes($_SESSION['password']);
$insalt = addslashes($_SESSION['salt']);
if ($GLOBALS['opt_secbrowser']) $useragent=$_SERVER['HTTP_USER_AGENT'];
if (file_exists("../install.php")) {
unlink("../install.php");
if (file_exists("../install.php")) global_error("Can't delete install.php! Delete it manually via FTP!");
}
global $link;
if ($DBpersist) $link=db_pconnect($DBhost,$DBusername,$DBpassword);
else $link=db_connect($DBhost,$DBusername,$DBpassword);
db_select_db($DBname,$link);
$sql="SELECT u.u__password,u.u_lformat,u.u_sformat,u.u__level,u.u_timeregion,u.u_encrypted,u.u__key,ln.ln_file,ln.ln_locale,ln.ln_charset,st.st_file FROM ".$GLOBALS['DBprefix']."User u, ".$GLOBALS['DBprefix']."Language ln,".
$GLOBALS['DBprefix']."StyleSet st WHERE ln.ln_id=u.u_lnid AND st.st_id=u.u_stid AND u_id=$inuserid AND u__level>=1000";
$res=db_query($sql,$link);
if (db_num_rows($res)==0) global_error("You are not Administrator!");
$inuser = db_fetch_array($res);
db_free_result($res);
if ($inuser['u_encrypted']) $rightpass = crypt($inuser['u__key'].$useragent.$inuser['u__password'],$insalt);
else $rightpass = crypt($inuser['u__key'].$useragent.md5($inuser['u__password']),$insalt);
if ($inpassword!=$rightpass) global_error("Invalid password");
load_style("admin/message.php");
load_lang("admin.php");
load_lang("main.php");
load_style("main.php");
load_style("admin/main.php");
setlocale(LC_ALL,$inuser['ln_locale']);
$action = getvar("a");
$module = getvar("m");
if ($action) {
$referer=strtolower($_SERVER['HTTP_REFERER']);
$referer=str_replace("www.","",$referer);
$url=strtolower($GLOBALS['opt_url']);
$url=str_replace("www.","",$url);
if (strpos($referer,$url)===false) global_error('HACK ATTEMPT! If you try get into Administration Center legally, check if HTTP_REFERER is not blocked by browser or firewall');
}
if (!$module) $module = "stats";
if (!$action) $action = "view";
load_style("admin/".$module.".php");
require ($module.".php");
if ($action=="logout") {
$_SESSION['uid']=1;
$_SESSION['password']="";
$_SESSION['salt']=0;
header("Location: $opt_url");
exit();
}
else {
header("Content-type: text/html; charset=".$inuser['ln_charset']);
ad_main_start();
$sql="SELECT * FROM ".$GLOBALS['DBprefix']."AdminEntry ORDER BY ad_sortfield,ad_category";
$res=db_query($sql,$link);
$oldcat = "";
while ($menuitem=db_fetch_array($res)) {
if ($menuitem['ad_category']!=$oldcat) {
ad_category($menuitem);
$oldcat = $menuitem['ad_category'];
}
ad_menuitem($menuitem);
}
ad_main_middle();
call_user_func($action);
ad_main_end();
}
function ad_message($msgtext,$text1,$link1) {
// load_style($GLOBALS['inuser'],"admin/message.php");
output_message($msgtext,"$text1","".MSG_go_stats."","");
}
function err_handler($errno, $errstr, $errfile, $errline) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$errfile = substr($errstr,0,strrpos($errfile,"/")-1);
global_error($errno." ($errfile line $errline)"." ".$errstr);
}
}
function global_error($errtext) {
$fh=fopen("../error.log","a");
$errtext=str_replace("\n","
",$errtext);
$errtext=str_replace("\r","",$errtext);
$str=time()."|".$_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_X_FORWARDED_FOR']."|".$GLOBALS['inuserid']."|".htmlspecialchars($GLOBALS['inuser']['u__name'])."|".htmlspecialchars($errtext)."\n";
fputs($fh,$str);
fclose($fh);?>
GLOBAL ADMIN ERROR: =htmlspecialchars($errtext);?> |