webadmin.php
Das Verwaltungsbackend
<?
$TSS=array();
if(file_exists("system.php"))
{
$fx=file("system.php");
foreach($fx as $e)
{
$h=split("=",$e);
if(isset($h[1]))$TSS[$h[0]]=trim($h[1]);
}
}
function kopf($bgc="#eeeeee")
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?
global $TSS;
$s="<head><title>".$TSS['website']."</title><link rel='stylesheet' type='text/css' href='menu.css'>";
$s.="<script language='JavaScript' type='text/javascript' src='rte/html2xhtml.js'></script>";
$s.="<script language='JavaScript' type='text/javascript' src='rte/richtext_compressed.js'></script>\n";
$s.="<meta http-equiv='Content-Type' content='text/html;' charset='ISO-8859-1' />";
$s.="</head><body bgcolor=$bgc leftmargin=0 topmargin=0><br>\n";
echo $s;
}
function initRTE()
{
?>
<script language="JavaScript" type="text/javascript">
<!--
function submitForm() {
//make sure hidden and iframe values are in sync for all rtes before submitting form
updateRTEs();
//change the following line to true to submit form
//alert("rte1 = " + htmlDecode(document.RTEDemo.rte1.value));
return true;
}
//Usage: initRTE(imagesPath, includesPath, cssFile, genXHTML, encHTML)
initRTE("rte/images/", "rte/", "", true);
//-->
</script>
<?
}
// initRTE();
// onsubmit='return submitForm();'
// buildRTE();
function buildRTE($text="",$h=300)
{
$r="<script language='JavaScript' type='text/javascript'>";
$r.="var rte1 = new richTextEditor('rte1');\n";
if($text!="")$r.="rte1.html ='".rteSafe($text)."'";
$r.="\nrte1.cmdFormatBlock = true;rte1.cmdFontName = true;rte1.cmdFontSize = true;rte1.cmdIncreaseFontSize = true;rte1.cmdDecreaseFontSize = true;";
$r.="rte1.cmdBold = true;rte1.cmdItalic = true;rte1.cmdUnderline = false;rte1.cmdStrikethrough = true;";
$r.="rte1.cmdSuperscript = true;rte1.cmdSubscript = true;";
$r.="rte1.cmdJustifyLeft = true; rte1.cmdJustifyCenter = true; rte1.cmdJustifyRight = true; rte1.cmdJustifyFull = true;";
$r.="rte1.cmdInsertHorizontalRule = true; rte1.cmdInsertOrderedList = true; rte1.cmdInsertUnorderedList = true;";
$r.="rte1.cmdOutdent = false; rte1.cmdIndent = false;";
$r.="rte1.cmdForeColor = true;rte1.cmdHiliteColor = true;";
$r.="rte1.cmdInsertLink = true; rte1.cmdInsertImage = false; rte1.cmdInsertSpecialChars=true; rte1.cmdInsertTable=false;";
$r.="rte1.cmdSpellcheck = false; rte1.cmdUnlink = true;";
$r.="rte1.cmdCut = true;rte1.cmdCopy = true;rte1.cmdPaste = true;rte1.cmdUndo = true;rte1.cmdRedo = true;rte1.cmdRemoveFormat = true;";
$r.="rte1.width=596;rte1.toggleSrc = false;";
$r.="rte1.height=".$h;
$r.="\nrte1.build();</script>";
return($r);
}
function rteSafe($strText) {
//returns safe code for preloading in the RTE
$tmpString = $strText;
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
// $tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}
class admin
{
function admin()
{
global $TSS;
mysql_select_db($TSS['website'],mysql_connect("localhost",$TSS['mysqluser'],$TSS['mysqlpasswort']));
}
//Seiten
function edit()
{
kopf();
$this->menue();
$s="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=1000>";
$s.="<tr><td>Seiten <a href='webadmin.php?subject=np'>neue Seite</a></td></tr>";
$result=mysql_query("SELECT * FROM seiten");
while($row = mysql_fetch_object($result))
{
$s.="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=ssave>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' width=1000>";
$s.="<tr class='tabin'><td>pid: <input type='text' name='pid' size=3 value=".$row->pid."></td>";
$s.="<td>Titel: <textarea name='ti' cols=30 rows=1>".$row->titel."</textarea></td>";
$s.="<td>".$row->datum."</td>";
if($row->sichtbar==1)$ch="checked"; else $ch="";
$s.="<td>sichtbar: <input type='checkbox' name='cb' $ch></td>";
$s.="<td>Vorlage: <textarea name='vl' cols=30 rows=1>".$row->vorlage."</textarea></td><tr>";
$liste1=$this->contentliste("la",$row->content1);
$liste2=$this->contentliste("lb",$row->content2);
$liste3=$this->contentliste("lc",$row->content3);
$liste4=$this->contentliste("ld",$row->content4);
$s.="<tr class='tabin'><td>Submenü: $liste1</td>";
$s.="<td>Inhalte: $liste2</td>";
$s.="<td>Register: $liste3</td>";
$s.="<td>Banner: $liste4</td>";
$s.="<td align='right'><a href='webadmin.php?subject=delp&nr=$row->nummer'>löschen</a> <input type='submit' value='speichern'></td>";
$s.="</tr></table><input type=hidden name=nr value=$row->nummer></form>\n";
$s.="<tr height=2><td> </td></tr>";
}
$s.="</table></center>\n";
echo $s;
}
function contentliste($n,$c)
{
$l="<select name=$n style='width:120px;'><option></option>";
$result=mysql_query("SELECT * FROM inhalte ORDER BY titel");
while($row = mysql_fetch_object($result))
{
if($c==$row->nummer)
{
$l.="<option value=".$row->nummer." selected>".$row->titel."</option>";
}
else
{
$l.="<option value=".$row->nummer.">".$row->titel."</option>";
}
}
$l.="</select>";
return($l);
}
function menue()
{
$s="<a href='webadmin.php?subject=editselect'>Seiten</a> / ";
$s.="<a href='webadmin.php?subject=edit'>alle</a> :: ";
$s.="<a href='webadmin.php?subject=editi'>Inhalte</a> :: ";
$s.="<a target='_blank' href='index.php?id=0'>Vorschau</a>";
echo $s;
}
function seite_speichern()
{
$nr=$_REQUEST['nr'];
$pid=$_REQUEST['pid'];
$titel=$_REQUEST['ti'];
$da=date("Y.m.d H:i");
if($_REQUEST['cb']=="on")$cb=1; else $cb=0;
$vorlage=$_REQUEST['vl'];
$c1=$_REQUEST['la'];if($c1=="")$c1=0;
$c2=$_REQUEST['lb'];if($c2=="")$c2=0;
$c3=$_REQUEST['lc'];if($c3=="")$c3=0;
$c4=$_REQUEST['ld'];if($c4=="")$c4=0;
$sql="UPDATE seiten SET pid=$pid,autor=1,sichtbar=$cb,titel='$titel',datum='$da',vorlage='$vorlage',content1=$c1,content2=$c2,content3=$c3,content4=$c4 WHERE nummer=$nr";
mysql_query($sql);
echo("<p>Seite gespeichert!</p>");
$this->seite_select();
}
function edit_inhalte()
{
kopf();
$this->menue();
$s="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=insel>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=600>";
$s.="<tr><td>Inhalte</td></tr><tr class='tabin'><td><select name=li><option></option>";
$result=mysql_query("SELECT * FROM inhalte ORDER BY titel");
while($row = mysql_fetch_object($result))
{
$s.="<option value=$row->nummer>$row->titel</option>";
}
$s.="</select></td></tr>\n";
$s.="<tr class='tabsub'><td align='right'><a href='webadmin.php?subject=nc'>neuer Inhalt</a> <input type='submit' value='Edit'></td></tr>";
$s.="</table></form></center>\n";
echo $s;
}
function sel_inhalt($pfad="")
{
$nr=$_REQUEST['li'];
kopf();
$this->menue();
initRTE();
$s="\n<form method='POST' action='webadmin.php' onsubmit='return submitForm();'><input type=hidden name=subject value=insave>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=600>";
$s.="<tr><td>Inhalt editieren</td></tr><input type=hidden name=nr value=$nr>";
$result=mysql_query("SELECT * FROM inhalte WHERE nummer=$nr");
$row = mysql_fetch_object($result);
$s.="<tr class='tabin'><td>Titel: <textarea name='ti' cols=40 rows=1>$row->titel</textarea> Datensatznummer: $row->nummer</td></tr>";
$text=$row->text;
if($pfad!="")$text.="<p><img src=$pfad></p>";
$s.="<tr class='tabin'><td>".buildRTE($text)."</td></tr>";
$s.="<tr class='tabsub'><td align='right'><a href='webadmin.php?subject=editinhtml&li=$nr'>HTML</a> <a href='webadmin.php?subject=delc&nr=$nr'>Inhalt löschen</a> <input type='submit' value='Speichern'></td></tr>";
$s.="</table></form>\n";
echo $s;
$dl=$this->dateiliste($nr);
$s="<BR><FORM ENCTYPE='multipart/form-data' METHOD='POST' ACTION='webadmin.php'>\n";
$s.="<input type=hidden name=subject value=aupl>";
$s.="<input type='hidden' name='MAX_FILE_SIZE' value='10000000'>";
$s.="<input type=hidden name=nr value=$nr>";
$s.="<table class='tab' width=600><tr><td>Datei hochladen:</td></tr>";
$s.="<tr class='tabin'><td>Dateiliste: (Nach jeder Datei Inhalt speichern!)<br>$dl</td></tr>";
$s.="<tr class='tabsub'><td align=right><INPUT NAME='userfile' TYPE='file'>";
$s.="<INPUT TYPE='SUBMIT' VALUE='Datei hochladen'></td></tr></table><p>";
$s.="</FORM></center>";
echo $s;
}
function dateiliste($nr)
{
global $TSS;
$pfad=$TSS['aktivitätpfad']."/".$nr;
if(file_exists($pfad))
{
$liste="";
$handle=opendir($pfad);
while($file = readdir($handle))
{
if ($file != "." && $file != "..")
{
$fu=$pfad."/".$file;
$fu=realpath($fu);
if(is_dir($pfad."/".$file))
{
}
else
{
$d=$pfad."/".$file;
$liste.="<a href=$d target='_blank'>$file</a> <a href='webadmin.php?subject=deldat&f=$d&nr=$nr'>löschen</a><br>";
}
}
}
closedir($handle);
}
return($liste);
}
function editinhtml($pfad="")
{
$nr=$_REQUEST['li'];
kopf();
$this->menue();
$s="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=insave>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=600>";
$s.="<tr><td>Inhalt editieren</td></tr><input type=hidden name=nr value=$nr>";
$result=mysql_query("SELECT * FROM inhalte WHERE nummer=$nr");
$row = mysql_fetch_object($result);
$s.="<tr class='tabin'><td>Titel: <textarea name='ti' cols=40 rows=1>$row->titel</textarea> Datensatznummer: $row->nummer</td></tr>";
$text=$row->text;
if($pfad!="")$text.="<p><img src=$pfad></p>";
$s.="<tr class='tabin'><td>Text: <textarea name='rte1' rows=20 cols=100>$text</textarea></td></tr>";
$s.="<tr class='tabsub'><td align='right'><a href='webadmin.php?subject=editinhtml&nr=$nr'>HTML</a> <a href='webadmin.php?subject=delc&nr=$nr'>Inhalt löschen</a> <input type='submit' value='Speichern'></td></tr>";
$s.="</table></form>\n";
echo $s;
$dl=$this->dateiliste($nr);
$s="<BR><FORM ENCTYPE='multipart/form-data' METHOD='POST' ACTION='webadmin.php'>\n";
$s.="<input type=hidden name=subject value=aupl>";
$s.="<input type='hidden' name='MAX_FILE_SIZE' value='10000000'>";
$s.="<input type=hidden name=nr value=$nr>";
$s.="<table class='tab' width=600><tr><td>Datei hochladen:</td></tr>";
$s.="<tr class='tabin'><td>Dateiliste: (Nach jeder Datei Inhalt speichern!)<br>$dl</td></tr>";
$s.="<tr class='tabsub'><td align=right><INPUT NAME='userfile' TYPE='file'>";
$s.="<INPUT TYPE='SUBMIT' VALUE='Datei hochladen'></td></tr></table><p>";
$s.="</FORM></center>";
echo $s;
}
function deldat()
{
$d=$_REQUEST['f'];
$nr=$_REQUEST['nr'];
if(file_exists($d))unlink($d);
echo $d;
$_REQUEST['li']=$nr;
$this->sel_inhalt();
}
function inhalt_speichern()
{
$nr=$_REQUEST['nr'];
$titel=$_REQUEST['ti'];
$da=date("Y.m.d H:i");
$text=$_REQUEST['rte1'];
$text=ereg_replace("Ü","Ü",$text);
$text=ereg_replace("ü","ü",$text);
$text=ereg_replace("Ä","Ä",$text);
$text=ereg_replace("ä","ä",$text);
$text=ereg_replace("Ö","Ö",$text);
$text=ereg_replace("ö","ö",$text);
$text=ereg_replace("ß","ß",$text);
$text=ereg_replace("background: #FFF;","",$text);
$sql="UPDATE inhalte SET autor=1,titel='$titel',datum='$da',text='$text' WHERE nummer=$nr";
mysql_query($sql);
echo("<p>Inhalt gespeichert!</p>");
$this->edit_inhalte();
}
function neue_seite()
{
$pid=0;
$result=mysql_query("SELECT pid FROM seiten");
while($row = mysql_fetch_object($result))
{
if($row->pid>$pid)$pid=$row->pid;
}
$pid++;
$da=date("Y.m.d H:i");
$sql="INSERT INTO seiten SET pid=$pid,autor=1,sichtbar=1,titel='1 neue Seite',datum='$da',vorlage='vorlage.html'";
mysql_query($sql);
echo("<p>neue Seite angelegt!</p>");
$this->seite_select();
}
function seite_del()
{
$nr=$_REQUEST['nr'];
mysql_query("DELETE FROM seiten WHERE nummer=$nr");
echo("<p>Seite gelöscht!</p>");
$this->seite_select();
}
function neuer_inhalt()
{
$da=date("Y.m.d H:i");
$sql="INSERT INTO inhalte SET autor=1,titel='1 neuer Inhalt',datum='$da'";
mysql_query($sql);
echo("<p>neuer Inhalt gespeichert!</p>");
$_REQUEST['li']=mysql_insert_id();
$this->sel_inhalt();
}
function del_inhalt()
{
$nr=$_REQUEST['nr'];
mysql_query("DELETE FROM inhalte WHERE nummer=$nr");
echo("<p>Inhalt gelöscht!</p>");
$this->edit_inhalte();
}
function upload()
{
global $TSS;
$nr=$_REQUEST['nr'];
if($_FILES['userfile']['size']>10000000)exit("<center><font size=3 color=red>Die Datei ist zu groß!</font>");
echo "File wird hochgeladen!";
$pfad=$TSS['aktivitätpfad']."/".$nr;
if(!file_exists($pfad))mkdir($pfad,0700);
$pfad.="/".$_FILES['userfile']['name'];
move_uploaded_file($_FILES['userfile']['tmp_name'], $pfad);
$_REQUEST['li']=$nr;
$this->sel_inhalt($pfad);
}
function seite_select()
{
kopf();
$this->menue();
$s="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=seitensel>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=600>";
$s.="<tr><td>Seiten</td></tr><tr class='tabin'><td><select name=li><option></option>";
$result=mysql_query("SELECT * FROM seiten ORDER BY titel");
while($row = mysql_fetch_object($result))
{
$s.="<option value=$row->nummer>$row->titel</option>";
}
$s.="</select></td></tr>\n";
$s.="<tr class='tabsub'><td align='right'><a href='webadmin.php?subject=np'>neue Seite</a> <input type='submit' value='Edit'></td></tr>";
$s.="</table></form></center>\n";
echo $s;
}
function edit_seite()
{
global $TSS;
$nr=$_REQUEST['li'];
kopf();
$this->menue();
$s="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=1000>";
$s.="<tr><td>Seiten <a href='webadmin.php?subject=np'>neue Seite</a></td></tr>";
$result=mysql_query("SELECT * FROM seiten WHERE nummer=$nr");
$row = mysql_fetch_object($result);
$s.="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=ssave>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' width=1000>";
$s.="<tr class='tabin'><td>pid: <input type='text' name='pid' size=3 value=".$row->pid."></td>";
$s.="<td>Titel: <textarea name='ti' cols=30 rows=1>".$row->titel."</textarea></td>";
$s.="<td>".$row->datum."</td>";
if($row->sichtbar==1)$ch="checked"; else $ch="";
$s.="<td>sichtbar: <input type='checkbox' name='cb' $ch></td>";
$s.="<td>Vorlage: <textarea name='vl' cols=30 rows=1>".$row->vorlage."</textarea></td><tr>";
$liste1=$this->contentliste("la",$row->content1);
$liste2=$this->contentliste("lb",$row->content2);
$liste3=$this->contentliste("lc",$row->content3);
$liste4=$this->contentliste("ld",$row->content4);
$s.="<tr class='tabin'><td>Submenü: $liste1</td>";
$s.="<td>Inhalte: $liste2</td>";
$s.="<td>Register: $liste3</td>";
$s.="<td>Banner: $liste4</td>";
$s.="<td align='right'><a href='webadmin.php?subject=delp&nr=$row->nummer'>löschen</a> <input type='submit' value='speichern'></td>";
$s.="</tr></table><input type=hidden name=nr value=$row->nummer></form>\n";
$s.="<tr height=2><td> </td></tr>";
$s.="</table></center>\n";
echo $s;
}
} // Ende der Klasse admin
class anmeldung
{
function anmeldung()
{
global $TSS;
mysql_select_db($TSS['website'],mysql_connect("localhost",$TSS['mysqluser'],$TSS['mysqlpasswort']));
}
function login()
{
kopf();
$s="\n<form method='POST' action='webadmin.php'><input type=hidden name=subject value=login>";
$s.="<center><table class='tab' border='1' cellpadding='2' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width=300>";
$s.="<tr><td>Anmeldung</td></tr><tr class='tabin'><td>Name: <select name='un'><option></option>";
$result=mysql_query("SELECT * FROM user");
while($row = mysql_fetch_object($result))
{
$s.="<option>$row->name</option>";
}
$s.="</select></td></tr><tr class='tabin'><td>Passwort: <input type='password' size=20 name='up'></td></tr>\n";
$s.="<tr><td class='tabsub' align=right><input type='submit' value='Login'></td></tr>";
$s.="</table></form></center>\n";
echo $s;
}
function logincheck()
{
$un=$_REQUEST['un'];
$up=$_REQUEST['up'];
$result=mysql_query("SELECT * FROM user WHERE name='$un'");
$row = mysql_fetch_object($result);
if($row->passwort!=$up || !$row)
{
$this->login();
}
else
{
if($un=="admin"){$c=new admin(); $c->seite_select();}
}
}
} // Ende der Klasse anmeldung
if(isset($_REQUEST["subject"]))$subject=$_REQUEST["subject"]; else $subject="";
switch($subject)
{
case "": $c=new anmeldung(); $c->login(); break;
case "login": $c=new anmeldung(); $c->logincheck(); break;
case "ssave": $c=new admin(); $c->seite_speichern(); break;
case "edit": $c=new admin(); $c->edit(); break;
case "editi": $c=new admin(); $c->edit_inhalte(); break;
case "insel": $c=new admin(); $c->sel_inhalt(); break;
case "insave": $c=new admin(); $c->inhalt_speichern(); break;
case "np": $c=new admin(); $c->neue_seite(); break;
case "delp": $c=new admin(); $c->seite_del(); break;
case "nc": $c=new admin(); $c->neuer_inhalt(); break;
case "delc": $c=new admin(); $c->del_inhalt(); break;
case "aupl": $c=new admin(); $c->upload(); break;
case "deldat": $c=new admin(); $c->deldat(); break;
case "editselect": $c=new admin(); $c->seite_select(); break;
case "seitensel": $c=new admin(); $c->edit_seite(); break;
case "editinhtml": $c=new admin(); $c->editinhtml(); break;
}
?>