<?php

/*-------------------------------------------------------+

| PHP-Fusion Content Management System

| Copyright (C) 2002 - 2008 Nick Jones

| http://www.php-fusion.co.uk/

+--------------------------------------------------------+

| Filename: panels.php

| Author: Nick Jones (Digitanium)

+--------------------------------------------------------+

| This program is released as free software under the

| Affero GPL license. You can redistribute it and/or

| modify it under the terms of this license which you

| can read by viewing the included agpl.txt or online

| at www.gnu.org/licenses/agpl.html. Removal of this

| copyright header is strictly prohibited without

| written permission from the original author(s).

+--------------------------------------------------------*/

if (!defined("IN_FUSION")) { header("Location: ../../index.php"); exit; }



// Calculate current true url

$script_url = explode("/", $_SERVER['PHP_SELF'].(FUSION_QUERY ? "?".FUSION_QUERY : ""));

$url_count = count($script_url);

$base_url_count = substr_count(BASEDIR, "/") + 1;

$start_page = "";

while ($base_url_count != 0) {

   $current = $url_count - $base_url_count;

   $start_page .= "/".$script_url[$current];

   $base_url_count--;

}



define("START_PAGE", substr(preg_replace("#(&amp;|\?)(s_action=edit&amp;shout_id=)([0-9]+)#s", "", $start_page), 1));



// Side & center panels

ob_start();

$plc = 0;



// Render left panels

if(!defined("ADMIN_PANEL")){

   if (check_panel_status("left")) {

      $p_res = dbquery("SELECT * FROM ".DB_PANELS." WHERE panel_side='1' AND panel_status='1' ORDER BY panel_order");

      if (dbrows($p_res)) {

         while ($p_data = dbarray($p_res)) {

            if (checkgroup($p_data['panel_access'])) {

               if ($p_data['panel_type'] == "file") {

                  $panel_name = $p_data['panel_filename'];

                  include INFUSIONS.$panel_name."/".$panel_name.".php";

               } else {

                  eval(stripslashes($p_data['panel_content']));

               }

               $plc++;

            }

         }

      }

   }

}else{

   require_once ADMIN."navigation.php";

}



define("LEFT", ob_get_contents());

ob_end_clean();



// Render right panels

$prc = 0;

ob_start();

if(!defined("ADMIN_PANEL")){

   if (check_panel_status("right")) {

      $p_res = dbquery("SELECT * FROM ".DB_PANELS." WHERE panel_side='4' AND panel_status='1' ORDER BY panel_order");

      if (dbrows($p_res)) {

         while ($p_data = dbarray($p_res)) {

            if (checkgroup($p_data['panel_access'])) {

               if ($p_data['panel_type'] == "file") {

                  $panel_name = $p_data['panel_filename'];

                  include INFUSIONS.$panel_name."/".$panel_name.".php";

               } else {

                  eval(stripslashes($p_data['panel_content']));

               }

               $prc++;

            }

         }

      }

   }

}

define("RIGHT", ob_get_contents());

ob_end_clean();



// Set the require div-width class

if(defined("ADMIN_PANEL")){

   $main_style = "side-left";

}elseif ($plc && $prc) {

   $main_style = "side-both";

} elseif ($plc && !$prc) {

   $main_style = "side-left";

} elseif (!$plc && $prc) {

   $main_style = "side-right";

} elseif (!$plc && !$prc) {

   $main_style = "";

}



// Render upper center panels   

ob_start();



if(!defined("ADMIN_PANEL")){

   echo "<a id='content' name='content'></a>\n";

   if (iADMIN && $settings['maintenance']) {

      echo "<div class='admin-message'>".$locale['global_190']."</div>";

   }

   if (iSUPERADMIN && file_exists(BASEDIR."setup.php")) {

      echo "<div class='admin-message'>".$locale['global_198']."</div>";

   }

   if (iADMIN && !$userdata['user_admin_password']) {

      echo "<div class='admin-message'>".$locale['global_199']."</div>";

   }

   if (check_panel_status("upper")) {

      $p_res = dbquery("SELECT * FROM ".DB_PANELS." WHERE panel_side='2' AND panel_status='1' ORDER BY panel_order");

      if (dbrows($p_res)) {

         while ($p_data = dbarray($p_res)) {

            if (checkgroup($p_data['panel_access'])) {

               if ($p_data['panel_display'] == 1 || $settings['opening_page'] == START_PAGE) {

                  if ($p_data['panel_type'] == "file") {

                     $panel_name = $p_data['panel_filename'];

                     include INFUSIONS.$panel_name."/".$panel_name.".php";

                  } else {

                     eval(stripslashes($p_data['panel_content']));

                  }

               }

            }

         }

      }

   }

}

define("U_CENTER", ob_get_contents());

ob_end_clean();



// Render lower center panels

ob_start();



if(!defined("ADMIN_PANEL")){

   if (check_panel_status("lower")) {

      $p_res = dbquery("SELECT * FROM ".DB_PANELS." WHERE panel_side='3' AND panel_status='1' ORDER BY panel_order");

      if (dbrows($p_res) != 0) {

         while ($p_data = dbarray($p_res)) {

            if (checkgroup($p_data['panel_access'])) {

               if ($p_data['panel_display'] == 1 || $settings['opening_page'] == START_PAGE) {

                  if ($p_data['panel_type'] == "file") {

                     $panel_name = $p_data['panel_filename'];

                     include INFUSIONS.$panel_name."/".$panel_name.".php";

                  } else {

                     eval(stripslashes($p_data['panel_content']));

                  }

               }

            }

         }

      }

   }

}

define("L_CENTER", ob_get_contents());

ob_end_clean();

?>

<?php

/*---------------------------------------------------+

| PHP-Fusion 6 Content Management System

+----------------------------------------------------+

| Copyright © 2002 - 2005 Nick Jones

| http://www.php-fusion.co.uk/

+----------------------------------------------------+

| Released under the terms & conditions of v2 of the

| GNU General Public License. For details refer to

| the included gpl.txt file or visit http://gnu.org

+----------------------------------------------------*/

require_once "../../maincore.php";

require_once BASEDIR."subheader.php";

require_once ADMIN."navigation.php";

include LOCALE.LOCALESET."admin/members.php";

include LOCALE.LOCALESET."user_fields.php";



if (!checkrights("IP")) fallback("../index.php");



if (!isset($_GET['delete'])){

if (!isset($_GET['nuke'])){

if (!isset($_GET['view']) || !is_numeric($_GET['view'])){



opentable("Audit Trail");

if (!isset($sortby) || !preg_match("/^[A-Z,0-9]$/", $sortby)) $sortby = "all";

$orderby = ($sortby == "all" ? "" : " WHERE user_name LIKE '".stripinput($sortby)."%'");

$result = dbquery("SELECT * FROM ".$db_prefix."users".$orderby."");

$rows = dbrows($result);

if (!isset($rowstart) || !isNum($rowstart)) $rowstart = 0;

$result = dbquery("SELECT * FROM ".$db_prefix."users".$orderby." ORDER BY user_status DESC, user_level DESC, user_name LIMIT $rowstart,20");

if ($rows != 0) {

$i = 0;

echo "<table align='center' cellpadding='0' cellspacing='1' width='450' class='tbl-border'>

<tr>

<td class='tbl2'><b>".$locale['401']." </b></td>

<td align='center' width='1%' class='tbl2' style='white-space:nowrap'><b>".$locale['403']."</b></td>

<td align='center' width='1%' class='tbl2' style='white-space:nowrap'><b>".$locale['404']."</b></td>

</tr>\n";

while ($data = dbarray($result)) {

$cell_color = ($i % 2 == 0 ? "tbl1" : "tbl2");

echo "<tr>\n<td class='$cell_color'><a href='".BASEDIR."profile.php?lookup=".$data['user_id']."'>".$data['user_name']."</a></td>

<td align='center' width='1%' class='$cell_color' style='white-space:nowrap'>".getuserlevel($data['user_level'])."</td>

<td align='center' width='1%' class='$cell_color' style='white-space:nowrap'>";

if (iUSER >= $data['user_level'] && $data['user_id'] != 1) {

echo "<a href='".FUSION_SELF."?view=".$data['user_id']."'>View Trail</a>";

}

echo "</td>\n</tr>\n"; $i++;

}

echo "</table>\n";

} else {

echo "<center><br>\n".$locale['410']."$sortby<br><br>\n</center>\n";

}

$search = array(

"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R",

"S","T","U","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9"

);

echo "<hr>\n<table align='center' cellpadding='0' cellspacing='1' class='tbl-border'>\n<tr>\n";

echo "<td rowspan='2' class='tbl2'><a href='".FUSION_SELF.$aidlink."&sortby=all'>".$locale['411']."</a></td>";

for ($i=0;$i < 36;$i++) {

echo "<td align='center' class='tbl1'><div class='small'><a href='".FUSION_SELF.$aidlink."&sortby=".$search[$i]."'>".$search[$i]."</a></div></td>";

echo ($i==17 ? "<td rowspan='2' class='tbl2'><a href='".FUSION_SELF.$aidlink."&sortby=all'>".$locale['411']."</a></td>\n</tr>\n<tr>\n" : "\n");

}

echo "</tr>\n</table>\n";

if ($rows > 20) echo "<div align='center' style='margin-top:5px;'>".makePageNav($rowstart,20,$rows,3,FUSION_SELF."?sortby=$sortby&")."\n</div>\n";



closetable();



} else {

if(iSUPERADMIN){

$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='".$_GET['view']."'");

$data = dbarray($result);

opentable("Audit trail for ".$data['user_name']);

unset($data);

$result2 = dbquery("SELECT * FROM fusion_audit WHERE audit_user='".$_GET['view']."' ORDER BY audit_id DESC");

if(dbrows($result2) !== "0"){

echo "<center><table width=100%>";

echo "<tr><td><b>ID</b></td><td><b>Location</b></td><td><b>Time/Date</b></td><td><b>IP Address</b></td></tr>";

while($data = dbarray($result2)){

echo "<tr><td>".$data['audit_id']."</td><td>".$data['audit_location']."</td><td>".$data['audit_date']."</td><td><a href='".INFUSIONS."bad_login/admin.php?lookup=".$data['audit_ip']."'>".$data['audit_ip']."</a></td></tr>";

}

echo "</table><br><br><a href='".FUSION_SELF."?nuke=".$_GET['view']."'>Destroy Audit Trail</a></center>";



} else {

echo "<center>This user has no audit trail</center>";

}

closetable();

} elseif(iMEMBER){

$result = dbquery("INSERT INTO fusion_audit VALUES('', '".$userdata['user_id']."', 'Tried to access trail', '".date("F j, Y, g:i a")."', '".USER_IP."')");

opentable("Unauthorized");

echo "You are not authorized to view audits! The admin has been warned of your activity!";

closetable();

} else {

$nope = "nope";

}

}

} else {

if(iSUPERADMIN){

$result = dbquery("DELETE FROM fusion_audit WHERE audit_user='".$_GET['nuke']."'");

opentable("Deleted");

echo "The audit trail was destroyed.";

closetable();

} else {

if(iMEMBER){

$result = dbquery("INSERT INTO fusion_audit VALUES('', '".$userdata['user_id']."', 'Tried to destroy trail', '".date("F j, Y, g:i a")."', '".USER_IP."')");

opentable("Unauthorized");

echo "You are not authorized to destroy an audit trail! The admin has been warned of your activity!";

closetable();

}

}

}

} else {

if(iSUPERADMIN){

$result = dbquery("DELETE FROM fusion_audit WHERE audit_id='".$_GET['delete']."'");

opentable("Deleted");

echo "The audit was deleted.";

closetable();

} else {

if(iMEMBER){

$result = dbquery("INSERT INTO fusion_audit VALUES('', '".$userdata['user_id']."', 'Tried to delete audit', '".date("F j, Y, g:i a")."', '".USER_IP."')");

opentable("Unauthorized");

echo "You are not authorized to delete an audit! The admin has been warned of your activity!";

closetable();

}

}

}



echo "</td>\n";

require_once BASEDIR."footer.php";

?>