codice:
<?php
// Security stuff ...
unset(
$design,
$news,
$comment,
$comments,
$line,
$linen,
$en_settings,
$en_paths,
$smilielist,
$commenteditlink,
$startat,
$endat,
$newspages,
$bbcodehelplink,
$deletecheck,
$deletebutton,
$dontsave,
$del
);
$trenner = ','; // Separator for the values with the News.
if ($en_settings['header']) eval ('echo "' . en_gettemplate('header') . '";');
if ($_GET['action'] == '' AND $_GET['do'] == '') {
$number = $_GET['number'];
if(empty($number)) $number = 0;
if(file_exists($en_paths['newsfile'])) {
$line = file($en_paths['newsfile']);
$linen = sizeof($line);
}
if ($linen) {
for($i = $number; $i < $number + $en_settings['maxentries']; $i++) {
if(($line[$i] != '') AND ($line[$i] != "\n")) {
$news = en_getdata(chop($line[$i]), $en_newsscheme);
$id = $linen - $i;
$cid = chop($news['commentid']);
$commentfile = $en_paths['comments'] . '/' . $cid . '.dat';
$counter = file_exists($commentfile) ? sizeof(file($commentfile)) : 0;
$cmtext = ($counter == 1) ? 'comment' : 'commenti';
if ($en_settings['addcomments'] == 'yes') {
eval ('$commenttext = "' . en_gettemplate('comments_link') . '";');
en_commentpages($counter);
} else {
$commenttext = '';
}
echo en_newsoutput($news);
}
}
}
if ($linen > $en_settings['maxentries']) {
$pagesbits = pages($linen, ($number / $en_settings['maxentries']) + 1, 3, $en_settings['maxentries'], '$_SERVER[PHP_SELF]?number=$pagenumber');
eval ('echo "' . en_gettemplate('news_pages') . '";');
}
eval ('echo "' . en_gettemplate('copyright') . '";');
}
if ($_GET['action'] == 'show' AND $_GET['do'] == '') {
$line = file($en_paths['newsfile']);
$linen = sizeof($line);
$id = $_GET['id'];
$idb = $linen - $id;
if (($line[$idb] != '') AND ($line[$idb] != "\n")) {
$news = en_getdata(chop($line[$idb]), $en_newsscheme);
$cid = chop($news['commentid']);
$commentfile = $en_paths['comments'] . '/' . $cid . '.dat';
$counter = file_exists($commentfile) ? sizeof(file($commentfile)) : 0;
$cmtext = ($counter == 1) ? 'comment' : 'comments';
if ($en_settings['addcomments'] == 'yes') {
eval ('$commenttext = "' . en_gettemplate('comments_link') . '";');
if ($endpage > $pages) $endpage = $pages;
en_commentpages($counter);
}
echo en_newsoutput($news, NEWS_SHOWFULL);
}
eval ('echo "' . en_gettemplate('backhome') . '";');
}
if ($_GET['action'] == "mail" AND $_GET['do'] == "") {
if(!$_POST['send']) {
$line = file($en_paths['newsfile']);
$linen = sizeof($line);
$id = $_GET['id'];
$idb = $linen - $id;
if (($line[$idb] != '') AND ($line[$idb] != "\n")) {
$news = en_getdata(chop($line[$idb]), $en_newsscheme);
$cid = chop($news['commentid']);
echo en_newsoutput($news, NEWS_ADDHEADER);
}
eval ('echo "' . en_gettemplate('email_recommend_form') . '";');
} else {
$recipient = $_POST['recipient'];
$mail = $_POST['mail'];
$sender = $_POST['sender'];
$sender = htmlspecialchars(preg_replace('#\s+#', ' ', $sender));
if ($recipient != '' AND $mail != '' AND $sender != '') {
$subject = 'Interesting article';
$fromaddress = 'noreply@easyscripts.org';
mail($recipient, $subject, $mail, 'From: ' . $sender . ' <' . $fromaddress . '>');
eval('en_showmessage("' . en_gettemplate('emailthanks') . '");');
} else {
en_showmessage('Error!
You must fill out all fields!');
}
}
eval ('echo "' . en_gettemplate('backhome') . '";');
}
if ($_GET['action'] == 'comments' AND $_GET['do'] == '' AND $_POST['save'] == '' AND $_POST['preview'] == '') {
if(file_exists($en_paths['newsfile'])) {
$line = file($en_paths['newsfile']);
$linen = sizeof($line);
$id = $_GET['id'];
$idb = $linen - $id;
if(($line[$idb] != '') AND ($line[$idb] != "\n")) {
$news = en_getdata(chop($line[$idb]), $en_newsscheme);
$cid = chop($news['commentid']);
echo en_newsoutput($news, NEWS_ADDHEADER);
}
}
$cmfile = $en_paths['comments'] . '/' . $cid . '.dat';
if(file_exists($cmfile)) {
$line = file($cmfile);
$linen = sizeof($line);
$number = $_GET['number'];
if (!$number) $number = 0;
if ($linen > $en_settings['maxcomments']) {
$pagesbits = pages($linen, ($number / $en_settings['maxcomments']) + 1, 3, $en_settings['maxcomments'], '$_SERVER[PHP_SELF]?action=comments&id=' . $id . '&number=$pagenumber');
eval ('$pagestext = "' . en_gettemplate('comments_pages') . '";');
}
for($ci = $number; $ci < $number + $en_settings['maxcomments']; $ci++) {
if (($line[$ci] != '') AND ($line[$ci] != "\n")) {
$comments .= en_commentoutput($line[$ci]);
}
}
eval ('echo "' . en_gettemplate('comments_main') . '";');
}
if ($en_settings['addcomments'] == 'yes') {
if ($en_settings['bbcomm'] == 'yes') {
eval ('$bbcommtext = "' . en_gettemplate('bbcodehelp_link') . '";');
} else {
$bbcommtext = '';
}
eval ('echo "' . en_gettemplate('comments_form') . '";');
} else {
eval ('echo "' . en_gettemplate('comments_disabled') . '";');
}
eval ('echo "' . en_gettemplate('backhome') . '";');
}
if ($_GET['action'] == 'help') {
foreach($en_smilies AS $smiliepattern => $smiliereplacement) {
eval ('$smilielist .= "' . en_gettemplate('bbcodehelp_smilie') . '";');
}
$smilielist = chop($smilielist);
eval ('echo "' . en_gettemplate('bbcodehelp') . '";');
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == 'design') {
if ($_POST['save'] != '') {
if (en_checklogin(ADMIN_DESIGN)) {
$design = en_getformdata($en_designscheme);
en_savedesign($en_paths['data'] . '/design.php');
en_showmessage('Saved!');
} else {
eval ('en_showmessage("Wrong password!' . en_gettemplate('gobacklink') . '");');
}
}
if ($_POST['preview'] != '') $design = en_getformdata($en_designscheme);
eval ('echo "' . en_gettemplate('admin') . '";');
$news['date'] = 'date';
$news['author'] = 'author';
$news['title'] = 'newstitle';
$news['text'] = 'newstext';
$news['time'] = 'time';
$commenttext = '123 commenti';
$newsexample = en_newsoutput($news);
eval ('echo "' . en_gettemplate('admin_design') . '";');
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == 'deletecomment') {
$id = $_REQUEST['id'];
$cid = en_getcid($id);
$file = $en_paths['comments'] . '/' . $cid . '.dat';
$cline = file($file);
if($_POST['todo'] == 'delete') {
if (en_checklogin(ADMIN_DELETECOMMENTS)) {
$cline[$_POST['number']] = '';
$text = en_implode($cline);
save($file, $text);
eval ('en_showmessage("Comment deleted!' . en_gettemplate('backtocomments') . '");');
} else {
eval('en_showmessage("' . en_gettemplate('error_wrongpass') . '");');
}
} else {
$commenttext = en_commentoutput(chop($cline[$_GET['number']]), true);
eval ('echo "' . en_gettemplate('login_deletecomment') . '";');
}
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == 'getip') {
$id = $_REQUEST['id'];
$cid = en_getcid($id);
$file = $en_paths['comments'] . '/' . $cid . '.dat';
$cline = file($file);
if($_POST['todo'] == 'show') {
if (en_checklogin(ADMIN_IP)) {
$comment = en_getdata(chop($cline[$_POST['number']]), $en_commentscheme);
$ip = trim($comment['ip']);
$host = @gethostbyaddr($ip);
eval ('en_showmessage("IP: $ip, Host: $host' . en_gettemplate('backtocomments') . '");');
} else {
eval('en_showmessage("' . en_gettemplate('error_wrongpass') . '");');
}
} else {
$commenttext = en_commentoutput(chop($cline[$_GET['number']]), true);
eval ('echo "' . en_gettemplate('login_showip') . '";');
}
}
if ($_GET['action'] == 'comments' AND $_POST['preview'] != '' AND $en_settings['addcomments'] == 'yes') {
$id = $_POST['id'];
$comment = en_getformdata($en_commentscheme);
echo en_commentoutput(en_makedata(en_createcommentdata($comment), $en_commentscheme), true);
$comment = en_createcommentdata($comment, true);
eval ('echo "' . en_gettemplate('comments_form') . '";');
}
if ($_GET['action'] == 'comments' AND $_POST['save'] != '' AND $en_settings['addcomments'] == 'yes') {
if($_POST['author'] AND $_POST['email'] AND $_POST['text']) {
$comment = en_createcommentdata($_POST);
$id = $_POST['id'];
$cid = en_getcid($id);
if(file_exists($en_paths['comments'] . '/' . $cid . '.dat'))
$line = file($en_paths['comments'] . '/' . $cid . '.dat');
$line[] = en_makedata($comment, $en_commentscheme);
save($en_paths['comments']. '/' . $cid . '.dat', en_implode($line));
if($en_settings['mailcomment'] == 'yes') {
$subject = 'comment to the news!';
$sender = 'easyNews Mailer';
$fromaddress = 'noreply@easyscripts.org';
eval('$mail = "' . en_gettemplate('mail_newcomment') . '";');
@mail($en_settings['commmail'], $subject, $mail, 'From: ' . $sender . ' <' . $fromaddress . '>');
}
eval ('en_showmessage("Thank you for your comment!' . en_gettemplate('backtocomments') . '");');
} else {
eval ('en_showmessage("Please you fill out all fields!' . en_gettemplate('gobacklink') . '");');
}
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == '' AND $_POST['news_do'] == '') {
eval ('echo "' . en_gettemplate('admin') . '";');
}
if ($_GET['action'] == 'admin' AND $_POST['news_do'] == 'savenews' AND $_POST['preview'] != '') {
$form_do = 'savenews';
$applybutton = 'add';
$pagetitle = 'addnews';
eval ('echo "' . en_gettemplate('admin') . '";');
eval ('$bbcodehelplink = "' . en_gettemplate('bbcodehelp_link') . '";');
$news = en_createnewsdata($_POST);
echo en_newsoutput($news, NEWS_ADDHEADER);
$news = en_createnewsdata($_POST, true);
eval ('echo "' . en_gettemplate('admin_newsform') . '";');
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == 'addnews' AND $_POST['news_do'] == '') {
$form_do = 'savenews';
$applybutton = 'add';
$pagetitle = 'addnews';
$news['date'] = date('F dS, Y');
$news['time'] = date('h:i A');
eval ('echo "' . en_gettemplate('admin') . '";');
eval ('$bbcodehelplink = "' . en_gettemplate('bbcodehelp_link') . '";');
eval ('echo "' . en_gettemplate('admin_newsform') . '";');
}
if ($_GET['action'] == 'admin' AND $_POST['news_do'] == 'savenews' AND $_POST['apply'] != '') {
$news = en_getformdata($en_newsscheme);
eval ('echo "' . en_gettemplate('admin') . '";');
if($news['date'] AND $news['author'] AND $news['title'] AND $news['text'] AND $news['time']) {
if (en_checklogin(ADMIN_ADDNEWS)) {
if(!file_exists($en_paths['newsfile'])) {
$line[0] = '';
} else {
$line = file($en_paths['newsfile']);
}
$line[0] = en_makedata(en_createnewsdata($news), $en_newsscheme) . "\n" . $line[0];
save($en_paths['newsfile'], en_implode($line));
if ($en_settings['userss']) require_once($en_paths['script'] . '/rss.php');
en_showmessage('News were added!');
} else {
eval ('en_showmessage("Wrong password!' . en_gettemplate('gobacklink') . '");');
}
} else {
eval ('en_showmessage("Please you fill out all fields!' . en_gettemplate('gobacklink') . '");');
}
}
if ($_GET['action'] == 'admin' AND $_GET['do'] == 'editnews') {
if(file_exists($en_paths['newsfile'])) {
eval ('echo "' . en_gettemplate('admin') . '";');
$newsbits = '';
$line = file($en_paths['newsfile']);
$linen = sizeof($line);
if ($en_settings['maxeditentries'] > 0) {
$number = $_GET['number'];
if(empty($number)) $number = 0;
if ($linen > $en_settings['maxeditentries']) {
$pagesbits = pages($linen, ($number / $en_settings['maxeditentries']) + 1, 3, $en_settings['maxeditentries'], '$_SERVER[PHP_SELF]?action=admin&do=editnews&number=$pagenumber');
eval ('$newspages = "' . en_gettemplate('news_pages') . '";');
}
$startat = $number;
$endat = $number + $en_settings['maxeditentries'];
} else {
$startat = 0;
$endat = $linen;
}
for($i = $startat; $i < $endat; $i++) {
if(($line[$i] != '') AND ($line[$i] != "\n")) {
$id = $linen - $i;
$news = en_getdata(chop($line[$i]), $en_newsscheme);
eval ('$commenteditlink = "' . en_gettemplate('admin_edit_commentlink') . '";');
eval ('$commenteditlink .= "' . en_gettemplate('admin_edit_editdeletelink') . '";');
$newsbits .= en_newsoutput($news,
?>
Rispondi quotando