One Hat Cyber Team
Your IP :
216.73.216.80
Server IP :
194.44.31.54
Server :
Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64
Server Software :
Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
vo
/
public_html
/
Laspi
/
modules
/
NS-Banners
/
View File Name :
admin.php
<?php // File: $Id: admin.php,v 1.9 2003/07/07 18:42:14 bharvey42 Exp $ $Name: $ // ---------------------------------------------------------------------- // POST-NUKE Content Management System // Copyright (C) 2001 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: // Purpose of file: // ---------------------------------------------------------------------- if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); } $ModName = $module; modules_get_language(); modules_get_manual(); /** * Banners Administration Functions */ function BannersAdmin() { include 'header.php'; $bgcolor2 = $GLOBALS['bgcolor2']; list($clientname) = pnVarCleanFromInput('clientname'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSADMIN."</b></font></center>"; CloseTable(); /* Check if Banners variable is active, if not then print a message */ if (pnConfigGetVar('banners') == 0) { OpenTable(); echo "<center><br><i><b><font class=\"pn-normal\">"._IMPORTANTNOTE."</font></b></i><br><br>" ."<font class=\"pn-normal\">"._BANNERSNOTACTIVE."</font><br>" ."<font class=\"pn-normal\">"._TOACTIVATE."</font><br><br></center>"; CloseTable(); } // Banners List echo "<a name=\"top\"></a>"; if (pnSecAuthAction(0, 'Banners::Banner', '::', ACCESS_READ)) { OpenTable(); echo "<center><font class=\"pn-title\"><b>"._ACTIVEBANNERS."</b></font></center><br>" ."<table width=\"100%\" border=\"0\">" ."<tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._BANTYPE."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._IMPRESSIONS."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._IMPLEFT."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKS."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKSPERCENT."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLIENTNAME."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._FUNCTIONS."</font></b></td>" ."</tr>"; $column = $pntable['banner_column']; $column2 = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[bid], $column[cid], $column[imptotal], $column[impmade], $column[clicks], $column[date], $column2[name], $column[type] FROM $pntable[banner], $pntable[bannerclient] WHERE $column[cid] = ".pnVarPrepForStore($column2['cid'])." ORDER BY $column[bid]"); while(list($bid, $cid, $imptotal, $impmade, $clicks, $date, $name, $typ) = $result->fields) { $result->MoveNext(); // jgm - Get and use $clientname if(!isset($clientname)) { $clientname = ''; } if (pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_READ)) { if($impmade==0) { $percent = 0; } else { $percent = substr(100 * $clicks / $impmade, 0, 5); } if($imptotal==0) { $left = _UNLIMITED; } else { $left = $imptotal-$impmade; } echo "<tr>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($typ) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($impmade) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($left) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($clicks) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($percent) . "%</font></td>" ."<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\">" . pnVarPrepForDisplay($name) . "</font></td>"; if (pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_EDIT)) { echo "<td bgcolor=\"$bgcolor2\" align=center><font class=\"pn-normal\"><a href=\"admin.php?module=" .$GLOBALS['module']."&op=BannerEdit&bid=$bid\">"._EDIT."</a>"; if (pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_DELETE)) { echo " | <a href=\"admin.php?module=".$GLOBALS['module'] ."&op=BannerDelete&bid=$bid&ok=0\">"._DELETE."</a></font></td>"; } else { echo "</font></td>"; } } else { echo "<td bgcolor=\"$bgcolor2\"> </td>"; } echo "</tr>"; } } echo "</table>"; CloseTable(); } /* Finished Banners List */ if (pnSecAuthAction(0, 'Banners::Banner', '::', ACCESS_READ)) { OpenTable(); echo "<center><font class=\"pn-title\"><b>"._FINISHEDBANNERS."</b></font></center><br>" ."<table width=\"100%\" border=\"0\"><tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._IMP."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKS."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKSPERCENT."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._DATESTARTED."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._DATEENDED."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLIENTNAME."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._FUNCTIONS."</font></b></td></tr>"; $column = $pntable['bannerfinish_column']; $column2 = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[bid], $column[cid], $column[impressions], $column[clicks], $column[datestart], $column[dateend], $column2[name] FROM $pntable[bannerfinish], $pntable[bannerclient] WHERE $column[cid] = ".pnVarPrepForStore($column2['cid'])." ORDER BY $column[bid]"); while(list($bid, $cid, $impressions, $clicks, $datestart, $dateend, $name) = $result->fields) { $result->MoveNext(); // jgm - get and use clientname if (pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_READ)) { $percent = substr(100 * $clicks / $impressions, 0, 5); echo "<tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($impressions) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($clicks) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($percent) . "%</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($datestart) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($dateend) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($name) . "</font></td>"; if (pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_DELETE)) { echo "<td bgcolor=\"$bgcolor2\" align=\"center\"><a href=\"admin.php?module=" .$GLOBALS['module']."&op=BannerFinishDelete&bid=$bid&authid=" . pnSecGenAuthKey() . "\"><font class=\"pn-normal\">"._DELETE."</font></a></td>"; } else { echo "<td bgcolor=\"$bgcolor2\"> </td>"; } echo "</tr>"; } } echo "</table>"; CloseTable(); } /* Clients List */ if (pnSecAuthAction(0, 'Banners::Client', '::', ACCESS_READ)) { OpenTable(); echo "<center><font class=\"pn-title\"><b>"._ADVERTISINGCLIENTS."</b></font></center><br>" ."<table width=\"100%\" border=\"0\"><tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLIENTNAME."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._ACTIVEBANNERS2."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CONTACTNAME."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CONTACTEMAIL."</font></b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._FUNCTIONS."</font></b></td></tr>"; $column = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[cid], $column[name], $column[contact], $column[email] FROM $pntable[bannerclient] ORDER BY $column[cid]"); while(list($cid, $name, $contact, $email) = $result->fields) { $result2 = $dbconn->Execute("SELECT COUNT(*) FROM $pntable[banner] WHERE {$pntable['banner_column']['cid']}='".pnVarPrepForStore($cid)."'"); list($numrows) = $result2->fields; echo "<tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($name) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($numrows) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($contact) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($email) . "</font></td>"; if (pnSecAuthAction(0, 'Banners::Client', "$name::$cid", ACCESS_EDIT)) { echo "<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\"><a href=\"admin.php?module=" .$GLOBALS['module']."&op=BannerClientEdit&cid=$cid\">"._EDIT."</a>"; if (pnSecAuthAction(0, 'Banners::Client', "$name::$cid", ACCESS_DELETE)) { echo " | <a href=\"admin.php?module=".$GLOBALS['module'] ."&op=BannerClientDelete&cid=$cid\">"._DELETE."</a></font></td></tr>"; } else { echo "</font></td></tr>"; } } else { echo "<td bgcolor=\"$bgcolor2\"> </td></tr>"; } $result->MoveNext(); } echo "</table>"; CloseTable(); } /* Add Banner */ if (pnSecAuthAction(0, 'Banners::Banner', '::', ACCESS_ADD)) { $column = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[cid], $column[name] FROM $pntable[bannerclient]"); if(!$result->EOF) { OpenTable(); echo "<center><font class=\"pn-title\"><b>"._ADDNEWBANNER."</b></font></center><br><br>" ."<form action=\"admin.php\" method=\"post\">" ."<font class=\"pn-normal\">"._CLIENTNAME.":</font>" ."<select name=\"cid\">"; while(list($cid, $name) = $result->fields) { echo "<option value=\"$cid\">". pnVarPrepForDisplay($name) . "</option>"; $result->MoveNext(); } echo "</select><br>" ."<font class=\"pn-normal\">"._PURCHASEDIMPRESSIONS.": <input type=\"text\" name=\"imptotal\" size=\"12\" maxlength=\"11\"> 0 = "._UNLIMITED."</font><br>" ."<font class=\"pn-normal\">"._BANTYPE.":</font> <input type=\"text\" name=\"type\" size=\"2\" maxlength=\"2\"><br>" ."<font class=\"pn-normal\">"._IMAGEURL.":</font> <input type=\"text\" name=\"imageurl\" size=\"50\" maxlength=\"250\"><br>" ."<font class=\"pn-normal\">"._CLICKURL.":</font> <input type=\"text\" name=\"clickurl\" size=\"50\" maxlength=\"250\"><br>" ."<input type=\"hidden\" name=\"module\" value=\"".$GLOBALS['module']."\">" ."<input type=\"hidden\" name=\"op\" value=\"BannersAdd\">" ."<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" ."<input type=\"submit\" value=\""._ADDBANNER."\">" ."</form>"; CloseTable(); } } /* Add Client */ if (pnSecAuthAction(0, 'Banners::Client', '::', ACCESS_ADD)) { OpenTable(); echo"<form action=\"admin.php\" method=\"post\"> <center><font class=\"pn-title\"><b>"._ADDCLIENT."</b></font><font class=\"pn-normal\"></center><br><br> "._CLIENTNAME.": <input type=\"text\" name=\"name\" size=\"30\" maxlength=\"60\"><br> "._CONTACTNAME.": <input type=\"text\" name=\"contact\" size=\"30\" maxlength=\"60\"><br> "._CONTACTEMAIL.": <input type=\"text\" name=\"email\" size=\"30\" maxlength=\"60\"><br> "._CLIENTLOGIN.": <input type=\"text\" name=\"login\" size=\"12\" maxlength=\"10\"><br> "._CLIENTPASSWD.": <input type=\"text\" name=\"passwd\" size=\"12\" maxlength=\"10\"><br><br> "._EXTRAINFO.":<br><textarea name=\"extrainfo\" cols=\"80\" rows=\"10\"></textarea><br>" ."<input type=\"hidden\" name=\"module\" value=\"".$GLOBALS['module']."\">" ."<input type=\"hidden\" name=\"op\" value=\"BannerAddClient\">" ."<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" ."<input type=\"submit\" value=\""._ADDCLIENT2."\">" ."</font></form>"; CloseTable(); } // Access Banner Settings OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSCONF."</b></font></center><br /><br />"; echo "<a href=\"admin.php?module=".$GLOBALS['module']."&op=getConfig\"><font class=\"pn-normal\">"._BANNERSCONF."</font></a>"; CloseTable(); include ("footer.php"); } function BannersAdd() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); list($name, $cid, $type, $imptotal, $imageurl, $clickurl, $clientname) = pnVarCleanFromInput('name', 'cid', 'type', 'imptotal', 'imageurl', 'clickurl', 'clientname'); // jgm - get and use clientname if(!isset($clientname)) { $clientname = ''; } if (!(pnSecAuthAction(0, 'Banners::Banner', "$clientname::", ACCESS_ADD))) { include 'header.php'; echo _BANNERSADDBANNERNOAUTH; include 'footer.php'; exit; } if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $column = $pntable['banner_column']; $result = $dbconn->Execute("INSERT INTO $pntable[banner] ($column[bid], $column[cid], $column[type], $column[imptotal], $column[impmade], $column[clicks], $column[imageurl], $column[clickurl], $column[date]) VALUES (NULL, '".pnVarPrepForStore($cid)."', '".pnVarPrepForStore($type)."', '".pnVarPrepForStore($imptotal)."', '1', '0', '".pnVarPrepForStore($imageurl)."', '".pnVarPrepForStore($clickurl)."', now())"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } function BannerAddClient() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); list($name, $contact, $email, $login, $passwd, $extrainfo) = pnVarCleanFromInput('name', 'contact', 'email', 'login', 'passwd', 'extrainfo'); if (!(pnSecAuthAction(0, 'Banners::Client', '::', ACCESS_ADD))) { include 'header.php'; echo _BANNERSADDCLIENTNOAUTH; include 'footer.php'; exit; } if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $column = $pntable['bannerclient_column']; $result = $dbconn->Execute("INSERT INTO $pntable[bannerclient] ($column[cid], $column[name], $column[contact], $column[email], $column[login], $column[passwd], $column[extrainfo]) VALUES (NULL, '".pnVarPrepForStore($name)."', '".pnVarPrepForStore($contact)."', '".pnVarPrepForStore($email)."', '".pnVarPrepForStore($login)."', '".pnVarPrepForStore($passwd)."', '".pnVarPrepForStore($extrainfo)."')"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } function BannerFinishDelete() { $bid = pnVarCleanFromInput('bid'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $bannercolumn = &$pntable['banner_column']; $bannerclientcolumn = &$pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $bannerclientcolumn[name] FROM $pntable[banner], $pntable[bannerclient] WHERE $bannercolumn[bid] = 1 AND $bannercolumn[cid] = ".pnVarPrepForStore($bannerclientcolumn['cid']).""); list($clientname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_DELETE)) { include 'header.php'; echo _BANNERSDELBANNERNOAUTH; include 'footer.php'; return; } if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $result = $dbconn->Execute("DELETE FROM $pntable[bannerfinish] WHERE {$pntable[bannerfinish_column][bid]}='".pnVarPrepForStore($bid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } function BannerDelete() { list($bid, $ok) = pnVarCleanFromInput('bid', 'ok'); if (!isset($ok)) { $ok = 0; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $bannercolumn = &$pntable['banner_column']; $bannerclientcolumn = &$pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $bannerclientcolumn[name] FROM $pntable[banner], $pntable[bannerclient] WHERE $bannercolumn[bid] = 1 AND $bannercolumn[cid] = ".pnVarPrepForStore($bannerclientcolumn['cid']).""); list($clientname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_DELETE)) { include 'header.php'; echo _BANNERSDELBANNERNOAUTH; include 'footer.php'; return; } if($ok == 1) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $column = $pntable['banner_column']; $result = $dbconn->Execute("DELETE FROM $pntable[banner] WHERE {$pntable['banner_column']['bid']}='".pnVarPrepForStore($bid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } else { include("header.php"); $bgcolor2 = $GLOBALS['bgcolor2']; GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSADMIN."</b></font></center>"; CloseTable(); $column = $pntable['banner_column']; $column2 = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[cid], $column[imptotal], $column[impmade], $column[clicks], $column[imageurl], $column[clickurl], $column2[name] FROM $pntable[banner], $pntable[bannerclient] WHERE $column[bid]='".pnVarPrepForStore($bid)."' AND $column[cid] = ".pnVarPrepForStore($column2['cid']).""); list($cid, $imptotal, $impmade, $clicks, $imageurl, $clickurl, $name) = $result->fields; OpenTable(); echo "<center><b><font class=\"pn-normal\">"._DELETEBANNER."</font></b><br><br>" ."<a href=\"$clickurl\"><img src=\"$imageurl\" border=\"1\" alt=\"\"></a><br>" ."<a href=\"$clickurl\">$clickurl</a><br><br>" ."<table width=\"100%\" border=\"0\"><tr>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._ID."</font><b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._IMPRESSIONS."</font><b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._IMPLEFT."</font><b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKS."</font><b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLICKSPERCENT."</font><b></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><b><font class=\"pn-normal\">"._CLIENTNAME."</font><b></td></tr>"; $percent = substr(100 * $clicks / $impmade, 0, 5); if($imptotal==0) { $left = _UNLIMITED; } else { $left = $imptotal-$impmade; } echo "<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($bid) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($impmade) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($left) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($clicks) . "</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($percent) . "%</font></td>" ."<td bgcolor=\"$bgcolor2\" align=\"center\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($name) . "</font></td></tr>"; echo "</td></tr></table><br>" ."<font class=\"pn-normal\">"._SURETODELBANNER."</font><br><br>" ."<font class=\"pn-normal\">[ <a href=\"admin.php?module=".$GLOBALS['module']."&op=BannersAdmin\">" ._NO."</a> | <a href=\"admin.php?module=".$GLOBALS['module']."&op=BannerDelete&bid=$bid&ok=1&authid=" . pnSecGenAuthKey() . "\">" ._YES."</a> ]</font></center><br><br>"; CloseTable(); include("footer.php"); } } function BannerEdit($bid) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); include("header.php"); GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSADMIN."</b></font></center>"; CloseTable(); $column = $pntable['banner_column']; $column2 = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[cid], $column[type], $column[imptotal], $column[impmade], $column[clicks], $column[imageurl], $column[clickurl], $column2[name] FROM $pntable[banner], $pntable[bannerclient] WHERE $column[bid]='".pnVarPrepForStore($bid)."' AND $column[cid] = ".pnVarPrepForStore($column2['cid']).""); list($cid, $type, $imptotal, $impmade, $clicks, $imageurl, $clickurl, $name) = $result->fields; if (!pnSecAuthAction(0, 'Banners::Banner', "$name::$bid", ACCESS_EDIT)) { echo _BANNERSEDITBANNERNOAUTH; include 'footer.php'; return; } OpenTable(); echo"<center><font class=\"pn-title\">" ."<b>"._EDITBANNER."</b></font></center><br><br>" ."<center><img src=\"$imageurl\" border=\"1\" alt=\"\"></center><br><br>" ."<form action=\"admin.php\" method=\"post\">" ."<font class=\"pn-normal\">"._CLIENTNAME.":</font> " ."<select name=\"cid\">"; echo "<option value=\"$cid\" selected>".pnVarPrepForDisplay($name)."</option>"; $column = $pntable['banner_column']; $result = $dbconn->Execute("SELECT $column2[cid], $column2[name] from $pntable[bannerclient]"); while(list($ccid, $name) = $result->fields) { $result->MoveNext(); if($cid!=$ccid) { echo "<option value=\"$ccid\">" . pnVarPrepForDisplay($name) . "</option>"; } } echo "</select><br>"; if($imptotal==0) { $impressions = _UNLIMITED; } else { $impressions = $imptotal; } echo "<br><font class=\"pn-normal\">"._ADDIMPRESSIONS.":</font> <input type=\"text\" name=\"impadded\" size=\"12\" maxlength=\"11\"><font class=\"pn-normal\"> "._PURCHASED.": <b>" . pnVarPrepForDisplay($impressions) . "</b> "._MADE.": <b>" . pnVarPrepForDisplay($impmade) . "</b></font><br>" ."<font class=\"pn-normal\">"._BANTYPE.": </font><input type=\"text\" name=\"type\" size=\"2\" maxlength=\"2\" value=\"$type\"><br>" ."<font class=\"pn-normal\">"._IMAGEURL.":</font><input type=\"text\" name=\"imageurl\" size=\"50\" maxlength=\"255\" value=\"$imageurl\"><br>" ."<font class=\"pn-normal\">"._CLICKURL.":</font><input type=\"text\" name=\"clickurl\" size=\"50\" maxlength=\"255\" value=\"$clickurl\"><br>" ."<input type=\"hidden\" name=\"bid\" value=\"$bid\">" ."<input type=\"hidden\" name=\"imptotal\" value=\"$imptotal\">" ."<input type=\"hidden\" name=\"module\" value=\"".$GLOBALS['module']."\">" ."<input type=\"hidden\" name=\"op\" value=\"BannerChange\">" ."<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" ."<input type=\"submit\" value=\""._SAVECHANGES."\">" ."</form>"; CloseTable(); include("footer.php"); } function BannerChange() { list($bid, $cid, $type, $imptotal, $impadded, $imageurl, $clickurl) = pnVarCleanFromInput('bid', 'cid', 'type', 'imptotal', 'impadded', 'imageurl', 'clickurl'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $imp = $imptotal+$impadded; $bannercolumn = &$pntable['banner_column']; $bannerclientcolumn = &$pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $bannerclientcolumn[name] FROM $pntable[banner], $pntable[bannerclient] WHERE $bannercolumn[bid] = 1 AND $bannercolumn[cid] = ".pnVarPrepForStore($bannerclientcolumn['cid']).""); list($clientname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Banners::Banner', "$clientname::$bid", ACCESS_EDIT)) { include 'header.php'; echo _BANNERSEDITBANNERNOAUTH; include 'footer.php'; return; } if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $result = $dbconn->Execute("UPDATE $pntable[banner] SET $bannercolumn[cid]='".pnVarPrepForStore($cid)."', $bannercolumn[type]='".pnVarPrepForStore($type)."', $bannercolumn[imptotal]='".pnVarPrepForStore($imp)."', $bannercolumn[imageurl]='".pnVarPrepForStore($imageurl)."', $bannercolumn[clickurl]='".pnVarPrepForStore($clickurl)."' WHERE $bannercolumn[bid]='".pnVarPrepForStore($bid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } function BannerClientDelete() { list($cid, $ok) = pnVarCleanFromInput('cid', 'ok'); if (!isset($ok)) { $ok = 0; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $bannerclientcolumn = &$pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $bannerclientcolumn[name] FROM $pntable[bannerclient] WHERE $bannerclientcolumn[cid] = '".pnVarPrepForStore($cid)."'"); list($clientname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Banners::Client', "$clientname::$cid", ACCESS_DELETE)) { include 'header.php'; echo _BANNERSDELCLIENTNOAUTH; include 'footer.php'; return; } if ($ok==1) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $result = $dbconn->Execute("DELETE FROM $pntable[banner] WHERE {$pntable['banner_column']['cid']}='".pnVarPrepForStore($cid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } $result = $dbconn->Execute("DELETE FROM $pntable[bannerclient] WHERE {$pntable['bannerclient_column']['cid']}='".pnVarPrepForStore($cid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } else { include("header.php"); GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSADMIN."</b></font></center>"; CloseTable(); $column = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[cid], $column[name] FROM $pntable[bannerclient] WHERE $column[cid]='".pnVarPrepForStore($cid)."'"); list($cid, $name) = $result->fields; OpenTable(); echo "<center><b><font class=\"pn-normal\">"._DELETECLIENT.": $name</b><br><br> "._SURETODELCLIENT."</font><br><br>"; $column = $pntable['banner_column']; $result = $dbconn->Execute("SELECT $column[imageurl], $column[clickurl] FROM $pntable[banner] WHERE $column[cid]='".pnVarPrepForStore($cid)."'"); if($result->EOF) { echo "<font class=\"pn-normal\">"._CLIENTWITHOUTBANNERS."</font><br><br>"; } else { echo "<b><font class=\"pn-normal\">"._WARNING."!!!</b><br> "._DELCLIENTHASBANNERS.":</font><br><br>"; } while(list($imageurl, $clickurl) = $result->fields) { echo "<a href=\"$clickurl\"><img src=\"$imageurl\" border=\"1\" alt=\"\"></a><br> <a href=\"$clickurl\">$clickurl</a><br><br>"; $result->MoveNext(); } echo "<font class=\"pn-normal\">"._SURETODELCLIENT."<br><br> [ <a href=\"admin.php?module=".$GLOBALS['module']."&op=BannersAdmin\">" ._NO."</a> | <a href=\"admin.php?module=".$GLOBALS['module']."&op=BannerClientDelete&cid=$cid&ok=1&authid=" . pnSecGenAuthKey() . "\">" ._YES."</a> ]</font></center><br><br></center>"; CloseTable(); include("footer.php"); } } function BannerClientEdit() { list($cid, $clientname) = pnVarCleanFromInput('cid', 'clientname'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); include("header.php"); GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>"._BANNERSADMIN."</b></font></center>"; CloseTable(); $column = $pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $column[name], $column[contact], $column[email], $column[login], $column[passwd], $column[extrainfo] FROM $pntable[bannerclient] WHERE $column[cid]='".pnVarPrepForStore($cid)."'"); list($name, $contact, $email, $login, $passwd, $extrainfo) = $result->fields; if(!isset($clientname)) { $clientname = ''; } if (!pnSecAuthAction(0, 'Banners::Client', "$clientname::$cid", ACCESS_EDIT)) { echo _BANNERSEDITCLIENTNOAUTH; include 'footer.php'; return; } OpenTable(); echo "<center><font class=\"pn-title\"><b>"._EDITCLIENT."</b></font></center><br><br>" ."<form action=\"admin.php\" method=\"post\">" ."<font class=\"pn-normal\">"._CLIENTNAME.": <input type=\"text\" name=\"name\" value=\"$name\" size=\"30\" maxlength=\"60\"></font><br>" ."<font class=\"pn-normal\">"._CONTACTNAME.": <input type=\"text\" name=\"contact\" value=\"$contact\" size=\"30\" maxlength=\"60\"></font><br>" ."<font class=\"pn-normal\">"._CONTACTEMAIL.": <input type=\"text\" name=\"email\" size=30 maxlength=\"60\" value=\"$email\"></font><br>" ."<font class=\"pn-normal\">"._CLIENTLOGIN.": <input type=\"text\" name=\"login\" size=12 maxlength=\"10\" value=\"$login\"></font><br>" ."<font class=\"pn-normal\">"._CLIENTPASSWD.": <input type=\"text\" name=\"passwd\" size=12 maxlength=\"10\" value=\"$passwd\"></font><br><br>" ."<font class=\"pn-normal\">"._EXTRAINFO."<br><textarea name=\"extrainfo\" cols=\"80\" rows=\"10\">$extrainfo</textarea></font><br>" ."<input type=\"hidden\" name=\"cid\" value=\"$cid\">" ."<input type=\"hidden\" name=\"module\" value=\"".$GLOBALS['module']."\">" ."<input type=\"hidden\" name=\"op\" value=\"BannerClientChange\">" ."<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" ."<input type=\"submit\" value=\""._SAVECHANGES."\">" ."</form>"; CloseTable(); include 'footer.php'; } function BannerClientChange() { list($cid, $name, $contact, $email, $extrainfo, $login, $passwd) = pnVarCleanFromInput('cid', 'name', 'contact', 'email', 'extrainfo', 'login', 'passwd'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = $pntable['bannerclient_column']; // NB - authorisation is against *OLD* client name $bannerclientcolumn = &$pntable['bannerclient_column']; $result = $dbconn->Execute("SELECT $bannerclientcolumn[name] FROM $pntable[bannerclient] WHERE $bannerclientcolumn[cid] = '".pnVarPrepForStore($cid)."'"); list($clientname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Banners::Client', "$clientname::$cid", ACCESS_EDIT)) { include 'header.php'; echo _BANNERSEDITCLIENTNOAUTH; include 'footer.php'; return; } if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } $result = $dbconn->Execute("UPDATE $pntable[bannerclient] SET $column[name]='".pnVarPrepForStore($name)."', $column[contact]='".pnVarPrepForStore($contact)."', $column[email]='".pnVarPrepForStore($email)."', $column[extrainfo]='".pnVarPrepForStore($extrainfo)."', $column[login]='".pnVarPrepForStore($login)."', $column[passwd]='".pnVarPrepForStore($passwd)."' WHERE $column[cid]='".pnVarPrepForStore($cid)."'"); if($dbconn->ErrorNo()<>0) { error_log("Error: " . $dbconn->ErrorMsg()); } pnRedirect('admin.php?module='.$GLOBALS['module'].'&op=BannersAdmin'); } function banners_admin_getConfig() { include 'header.php'; $bgcolor2 = $GLOBALS["bgcolor2"]; // prepare vars $sel_banners['0'] = ''; $sel_banners['1'] = ''; $sel_banners[pnConfigGetVar('banners')] = ' checked'; GraphicAdmin(); OpenTable(); print '<center><font size="3" class="pn-title"><b>'._BANNERSCONF.'</b></font></center><br />' .'<form action="admin.php" method="post">' .'<table border="0"><tr><td class="pn-normal">' ._ACTBANNERS.'</td><td class="pn-normal">' ."<input type=\"radio\" name=\"xbanners\" value=\"1\" class=\"pn-normal\" ".$sel_banners['1'].">"._YES.' ' ."<input type=\"radio\" name=\"xbanners\" value=\"0\" class=\"pn-normal\" ".$sel_banners['0'].">"._NO .'</td></tr><tr><td class="pn-normal">' ._YOURIP.':</td><td>' ."<input type=\"text\" name=\"xmyIP\" value=\"".pnConfigGetVar('myIP')."\" size=\"30\" class=\"pn-normal\">" .'</td></tr></table>' ."<input type=\"hidden\" name=\"module\" value=\"".$GLOBALS['module']."\">" ."<input type=\"hidden\" name=\"op\" value=\"setConfig\">" ."<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" ."<input type=\"submit\" value=\""._SUBMIT."\">" ."</form>"; CloseTable(); include 'footer.php'; } function banners_admin_setConfig($var) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } // Escape some characters in these variables. // hehe, I like doing this, much cleaner :-) $fixvars = array(); // todo: make FixConfigQuotes global / replace with other function foreach ($fixvars as $v) { //$var[$v] = FixConfigQuotes($var[$v]); } // Set any numerical variables that havn't been set, to 0. i.e. paranoia check :-) $fixvars = array(); foreach ($fixvars as $v) { if (empty($var[$v])) { $var[$v] = 0; } } // all variables starting with x are the config vars. while(list ($key, $val) = each ($var)) { if (substr($key, 0, 1) == 'x') { pnConfigSetVar(substr($key, 1), $val); } } pnRedirect('admin.php'); } function banners_admin_main($var) { list($op, $bid) = pnVarCleanFromInput('op', 'bid'); extract($var); if (!(pnSecAuthAction(0, 'Banners::Banner', '::', ACCESS_READ))) { include 'header.php'; echo _BANNERSNOAUTH; include 'footer.php'; } else { switch($op) { case "BannersAdmin": BannersAdmin(); break; case "BannersAdd": BannersAdd(); break; case "BannerAddClient": BannerAddClient(); break; case "BannerFinishDelete": BannerFinishDelete(); break; case "BannerDelete": BannerDelete(); break; case "BannerEdit": BannerEdit($bid); break; case "BannerChange": BannerChange(); break; case "BannerClientDelete": BannerClientDelete(); break; case "BannerClientEdit": BannerClientEdit(); break; case "BannerClientChange": BannerClientChange(); break; case "getConfig": banners_admin_getConfig(); break; case "setConfig": banners_admin_setConfig($var); break; default: BannersAdmin(); break; } } } ?>