<?
/////////////// MyNews 1.1 ///////////////
// Written in Oct. 2004 //
// by Lukas Stalder //
// contact: support@planetluc.com //
// instructions. //
// Visit www.planetluc.com! //
// enjoy it! //
//////////////////////////////////////////////
error_reporting(E_ALL ^ E_NOTICE);
// ************************** CONFIG **************************
// ************************************************************
$ppp = 5; // posts to display per page
$adminname = "acsi";
$adminpwd = "rossano";
$adminexpire = 20*60; // time in seconds until admin has to relogin
$wrap = false; // max. length of a word (to avoid bad entries like "hhhheeeeeeeeelllllllllllloooooooooo" that destroy your design)
// ATTENTION: if wysiwyg is on set $wrap=false; otherwise unwanted spaces are insertetd into html tags!!
$dateformat = "%e.%b.%G"; // %e -> day, %b -> short month, %G -> 4digit year; for all possibilities have a look at http://www.php.net/manual/de/function.strftime.php
$datelang = "en_US"; // language for formatted date output, de_DE -> german formatting; see http://www.php.net/manual/de/function.setlocale.php
//WYSIWYG editor settings
$wysiwyg = true; // turn wysiwyg editor on/off
$pathtoscript = "/mynews/"; // if the mynews.inc.php file is included in a file somewhere outside the mynews folder, this variable has to
// contain the path from the file where mynews.inc.php is included in to the mynews folder. With trailing slash if set!
// language setttings
$txtsign = "Aggiungi News"; // menu item text
$txtview = "Leggi News"; // menu item text
$txtadmin = "Amministrazione News"; // menu item text
$txtbadtitle = "missing title";
$txtbadstory = "missing story";
$txtclickback = "Clicca Back nel tuo browser!";
$txterrors = "Ci sono stati degli errori:";
$txtedit = "modifica";
$txtdelete = "cancella";
$txtoptional = "optional";
// ************************** STYLE DEFs **********************
// ************************************************************
?>
<style type="text/css">
<!--
.smtxt, .smtxt a {
font-size: 11px;
}
.smsmall, .smsmall a {
font-size: 9px;
letter-spacing: 0px;
}
-->
</style>
<?
// ************************** misc other variables - do not change **********************
// ************************************ below here! *************************************
// ************************* unless you know what you're doing **************************
$dir=substr(__FILE__, 0, strrpos(__FILE__, "/")+1);
$dat=$dir."data.dat";
$template=$dir."template.inc.php";
$log=$dir."log.dat.php";
$pathtowysiwyg=$pathtoscript."wysiwyg/";
$badwords=explode(",", $badwords);
setlocale(LC_TIME, $datelang);
$me= $_SERVER['PHP_SELF'];
$empty=false;
$now=time();
$version="1.2";
if (!isset($_GET['hash']) || $_GET['hash']=="") {
srand($now);
for ($i=0; $i<16 ; $i++) $secret.=chr(rand(60, 127));
$secret=md5($secret);
$hash=md5($_SERVER['HTTP_USER_AGENT'].$now.$secret);
}else $hash= $_GET['hash'];
$getvars="?hash=$hash";
if (isset($_REQUEST['do'])) $do=$_REQUEST['do'];
if (isset($_REQUEST['id'])) $id=$_REQUEST['id'];
if (isset($_REQUEST['action'])) $action=$_REQUEST['action'];
if (isset($_REQUEST['title'])) $title=$_REQUEST['title'];
if (isset($_REQUEST['name'])) $name=$_REQUEST['name'];
if (isset($_REQUEST['pwd'])) $pwd=$_REQUEST['pwd'];
if (isset($_REQUEST['email'])) $email=$_REQUEST['email'];
if (isset($_REQUEST['www'])) $www=$_REQUEST['www'];
if (isset($_REQUEST['story'])) $story=$_REQUEST['story'];
if (isset($_REQUEST['time'])) $time=$_REQUEST['time'];
// ************************** functions ***********************
// ************************************************************
class mdasort {
var $data;
var $sortkeys;
function _sortcmp($a, $b, $i=0) {
$r = strnatcmp($a[$this->sortkeys[$i][0]],$b[$this->sortkeys[$i][0]]);
if ($this->sortkeys[$i][1] == "DESC") $r = $r * -1;
if($r==0) {
$i++;
if ($this->sortkeys[$i]) $r = $this->_sortcmp($a, $b, $i);
}
return $r;
}
function msort() {
if(count($this->sortkeys)) {
usort($this->data,array($this,"_sortcmp"));
}
}
}
function getkey($index, $stuff){
foreach ($stuff->data as $key => $item){
if ($item['id']==$index){
$ret=$key;
break;
}
}
return $ret;
}
function validemail($addr){
return eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $addr);
}
function clearoldadmins() {
global $log, $now, $adminexpire;
include($log);
if (count($admins)>0){
$i=0;
$fp=fopen($log, "w");
fputs($fp, "<?\n");
foreach ($admins as $line){
if ($now-$line['time']<$adminexpire)
fputs($fp, "\$admins[$i]['time']=".$line[time]."; \$admins[$i]['hash']='".$line['hash']."';\n");
$i++;
}
fputs($fp, "?>");
fclose($fp);
}
}
function saveposts($stuff){
global $dat;
$fp=fopen($dat, "w");
foreach ($stuff as $item){
$line=$item['id']."|".$item['time']."|".$item['title']."|".$item['story']."\n";
fputs($fp, $line);
}
fclose($fp);
}
function isloggedin() {
global $log, $now, $adminexpire;
include($log);
$logged=false;
if (count($admins)>0){
foreach ($admins as $line){
if ($line['hash']==md5($_GET['hash'])) $logged=true;
}
}
return $logged;
}
function showmenu() {
global $txtsign, $txtview, $txtadmin, $me, $getvars;
echo "<div class='smtxt' style='margin-bottom:8px;'><a href='$me$getvars&do=add'>$txtsign</a> :: <a href='$me$getvars&do=view'>$txtview</a></div>";
}
function emailencoder ($str){
for ($i=0; $i< strlen($str); $i++){
$n=rand(0,10);
if ($n>5) $foo.="&#".ord($str[$i]).";";
else $foo.="&#x".sprintf("%X", ord($str[$i])).";";
}
return $foo;
}
if (!function_exists('str_ireplace'))
{
function str_ireplace ($search, $replace, $subject, $count = null)
{
if (is_string($search) && is_array($replace)) {
trigger_error('Array to string conversion', E_USER_NOTICE);
$replace = (string) $replace;
}
if (!is_array($search)) {
$search = array ($search);
}
if (!is_array($replace))
{
$replace_string = $replace;
$replace = array ();
for ($i = 0, $c = count($search); $i < $c; $i++)
{
$replace[$i] = $replace_string;
}
}
$length_replace = count($replace);
$length_search = count($search);
if ($length_replace < $length_search)
{
for ($i = $length_replace; $i < $length_search; $i++)
{
$replace[$i] = '';
}
}
$was_array = false;
if (!is_array($subject)) {
$was_array = true;
$subject = array ($subject);
}
$count = 0;
foreach ($subject as $subject_key => $subject_value)
{
foreach ($search as $search_key => $search_value)
{
$segments = explode(strtolower($search_value), strtolower($subject_value));
$count += count($segments) - 1;
$pos = 0;
foreach ($segments as $segment_key => $segment_value)
{
$segments[$segment_key] = substr($subject_value, $pos, strlen($segment_value));
$pos += strlen($segment_value) + strlen($search_value);
}
$subject_value = implode($replace[$search_key], $segments);
}
$result[$subject_key] = $subject_value;
}
if ($was_array === true) {
return $result[0];
}
return $result;
}
}
function paging(
$pages,
$pagevar="page",
$ppv=10,
$first ="<a href='{url}'>«««</a> ",
$firsts ="««« ",
$prev ="<a href='{url}'>««</a> ",
$prevs ="«« ",
$num ="<a href='{url}'>{page}</a>",
$nums ="{page}",
$sep =" | ",
$more ="[<a href='{url}'>...</a>]",
$next =" <a href='{url}'>»»</a>",
$nexts =" »»",
$last =" <a href='{url}'>»»»</a>",
$lasts =" »»»"){
// get URI parameters
$getvars=$_SERVER['PHP_SELF']."?";
foreach ($_GET as $key => $val){
if ($key!=$pagevar) $getvars.="$key=$val&";
}
$page=(is_numeric($_GET[$pagevar])) ? $_GET[$pagevar] : 1;
$page=($page>$pages) ? $pages : $page;
$prevpage=($page>1) ? $page-1 : 1;
$nextpage=($page < $pages) ? $page+1 : $pages;
$paging="";
if ($pages>1){
// first
$paging.=($page>1) ? str_replace("{url}", "$getvars$pagevar=1", $first) : $firsts;
// prev
$paging.=($page>1) ? str_replace("{url}", "$getvars$pagevar=$prevpage", $prev) : $prevs;
// pages
$ppvrange=ceil($page/$ppv);
$start=($ppvrange-1)*$ppv;
$end=($ppvrange-1)*$ppv+$ppv;
$end=($end>$pages) ? $pages : $end;
$paging.=($start>1) ? str_replace("{url}", "$getvars$pagevar=".($start-1), $more).$sep : "";
for ($i=1; $i<=$pages; $i++){
if ($i>$start && $i<= $end){
$paging.=($page==$i) ? str_replace("{page}", $i, $nums).(($i<$end) ? $sep : "") : str_replace(array("{url}", "{page}"), array("$getvars$pagevar=$i", $i), $num).(($i<$end) ? $sep : "");
}
}
$paging.=($end<$pages) ? $sep.str_replace("{url}", "$getvars$pagevar=".($end+1), $more) : "" ;
// next
$paging.=($page<$pages) ? str_replace("{url}", "$getvars$pagevar=$nextpage", $next) : $nexts;
// last
$paging.=($page<$pages) ? str_replace("{url}", "$getvars$pagevar=$pages", $last) : $lasts;
}
return $paging;
}
// ************************** MAIN ****************************
// ************************************************************
// init
$foo=file($dat);
$stuff= new mdasort;
$stuff->sortkeys = array(array('time','DESC'));
if (count($foo)==0){
$empty=true;
$nextindex=1;
}else{
$i=0;
foreach ($foo as $line){
$line=explode("|", rtrim($line));
$stuff->data[$i] = array("id" => $line[0], "time" => $line[1], "title" => $line[2], "story" => $line[3]);
$i++;
}
$stuff->sortkeys = array(array('id','DESC'));
$stuff->msort();
$foo=current($stuff->data);
$nextindex=$foo['id']+1;
$stuff->sortkeys = array(array('time','DESC'));
$stuff->msort();
$numposts=count($stuff->data);
}
echo "\n\n<!-- start mynews $version -->\n\n";
echo "<table cellpadding='0' cellspacing='0' border='0' width='100%'><tr><td align='center'>";
clearoldadmins();
// admin stuff
if ($do=="admin") {
if ($action=="login"){
if ($name==$adminname && $pwd==$adminpwd){
include($log);
$fp=fopen($log, "w");
fputs($fp, "<?\n");
$i=0;
if (count($admins)>0){
foreach ($admins as $line){
fputs($fp, "\$admins[$i]['time']=".$line[time]."; \$admins[$i]['hash']='".$line['hash']."';\n");
$i++;
}
}
fputs($fp, "\$admins[$i]['time']=".$now."; \$admins[$i]['hash']='".md5($hash)."';\n?>");
fclose($fp);
echo "<meta http-equiv='refresh' content='0;URL=$me$getvars'>";
}
}
if ($action=="delete" && isloggedin()){
$todel=getkey($id, $stuff);
unset($stuff->data[$todel]);
$stuff->msort();
saveposts($stuff->data);
$do="view";
}else{
?>
<form action="<?=$me.$getvars?>" method="post" name="form2" class="smtxt">
Admin Login<br><br>
<table border="0" cellpadding="0" cellspacing="0" class="smtxt">
<tr><td>Login</td><td>
<input name="name" type="text" id="name" size="20">
</td></tr><tr><td>Password </td>
<td><input name="pwd" type="password" id="pwd" size="20"></td>
</tr><tr><td> </td><td>
<input type="submit" name="Submit" value="Login">
<input name="do" type="hidden" id="do" value="admin">
<input name="action" type="hidden" id="action" value="login">
</td></tr></table>
</form>
<?
}
}
if (isloggedin()){
showmenu();
if ($do=="add"){
if ($action=="save"){
$error=false;
$saveit=false;
if ($title=="") $error.="<br>» $txtbadtitle";
if ($story=="") $error.="<br>» $txtbadstory";
if ($error===false){
if ($id=="new"){
$index=$numposts;
$id=$nextindex;
$time=$now;
$saveit=true;
}else if (is_numeric($id)){
$index=getkey($id, $stuff);
$saveit=true;
}
if ($saveit){
$stuff->data[$index]['id']=$id;
$stuff->data[$index]['time']=$time;
$stuff->data[$index]['title']=$title;
if ($wysiwyg===true) $stuff->data[$index]['story']=str_replace(array("\r", "\n"), array("", ""), $story);
else $stuff->data[$index]['story']=str_replace(array("\r", "\n"), array("", "<br>"), $story);
saveposts($stuff->data);
$stuff->msort();
$empty=false;
}
$do="view";
}else echo "<div class='smtxt' style='color:#cc0000;'><b>$txterrors</b>$error<br><br><i>$txtclickback</i></div>";
}else{
if ($action=="edit"){
$post=$stuff->data[getkey($id, $stuff)];
$title= html_entity_decode($post['title'], ENT_QUOTES);
if ($wysiwyg===true) $story=addslashes(html_entity_decode($post['story'], ENT_QUOTES));
else $story=stripslashes(str_replace("<br>", "\n", html_entity_decode($post['story'], ENT_QUOTES)));
$time=$post['time'];
}else{
$title="";
$story="";
$time="notset";
$id="new";
}
?>
<form name="form1" method="post" action="<?=$me.$getvars?>" onSubmit="return submitForm();">
<table border="0" cellpadding="2" cellspacing="0" class="smtxt">
<tr>
<td>Titolo</td>
<td>
<input name="title" type="text" id="title" value="<?=$title?>" style="width:500px;" >
</td></tr>
<tr>
<td>Testo</td><td>
<? if ($wysiwyg===true){ ?>
<script language="JavaScript" type="text/javascript" src="<?=$pathtowysiwyg?>richtext.js"></script>
<script language="JavaScript" type="text/javascript">
<!--
function submitForm() {
//make sure hidden and iframe values are in sync before submitting form
//to sync only 1 rte, use updateRTE(rte)
//to sync all rtes, use updateRTEs
updateRTE('story');
return true;
}
//Usage: initRTE(imagesPath, includesPath, cssFile)
initRTE("<?=$pathtowysiwyg?>images/", "<?=$pathtowysiwyg?>", "");
//-->
</script>
<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>
<script language="JavaScript" type="text/javascript">
<!--
// Usage: writeRichText(fieldname, html, width, height, buttons, readOnly)
writeRichText('story', '<?=$story?>', 500, 200, true, false);
//-->
</script>
<? } else { ?>
<textarea name="story" cols="50" rows="5" id="story" style="width:350px"><?=$story?></textarea>
<? }?>
</td></tr><tr><td> </td><td>
<input type="submit" name="Submit" value="Add">
<input name="do" type="hidden" id="do" value="add">
<input name="action" type="hidden" id="action" value="save">
<input name="time" type="hidden" id="time" value="<?=$time?>">
<input name="id" type="hidden" id="id" value="<?=$id?>">
</td></tr>
</table>
</form>
<?
}
}
}
// display posts
if ($do=="view" || !isset($do)){
if (!$empty){
$tpl=implode("", file($template));
$i=1;
$from=(is_numeric($_GET['page'])) ? (($_GET['page']-1)*$ppp)+1 : 1;
foreach($stuff->data as $item){
if ($item['id']!=0 && $i>=$from && $i< ($from+$ppp) ){
if ($wrap!==false) $item['story']=wordwrap($item['story'], $wrap, " ", 1);
$match=array("{title}", "{time}", "{story}", "{edit}", "{delete}");
if (isloggedin()) $replace=array($item['title'], strftime($dateformat, $item['time']), stripslashes($item['story']), "<a href='$me$getvars&do=add&action=edit&id=".$item['id']."'>$txtedit</a>", "<a href='$me$getvars&do=admin&action=delete&id=".$item['id']."&page=".$_GET['page']."'>$txtdelete</a>");
else $replace=array($item['title'], strftime($dateformat, $item['time']), stripslashes($item['story']), "", "");
$html.=str_replace($match, $replace, $tpl);
}
$i++;
}
echo $html;
$numpages=(fmod($numposts,$ppp)>0) ? floor($numposts/$ppp)+1 : ($numposts/$ppp);
echo "<div class='smtxt'><br>";
echo paging($numpages);
echo "</div><br>";
}
}
// closing table tags
// Please don't remove the 'powered by...' link
echo "</td></tr><tr class='smtxt'><td align='center' class='smsmall' height='20' valign='bottom'>";
if (!isloggedin()) echo "<a href='$me$getvars&do=admin'>$txtadmin</a> ";
echo "</td></tr></table>";
echo "\n\n<!-- end mynews $version -->\n\n";
?>