1) { $strExt = strtolower($arFilename[count($arFilename)-1]); $strSleutel = implode(".", array_splice($arFilename, 0, count($arFilename)-1)); } else { $strExt = "html"; $strSleutel = $strFilename; } if ($strSleutel == "") $strSleutel = $strHome; if ($strPath == "") $strPath = $strHome . ".html"; setContentType($strExt); if ($arPath[0] == "images") { $strIMG = "upload/" . $strFilename; if (count(explode("x", $arPath[1])) == 2) { $arSize = explode("x", $arPath[1]); } else { $arSize = array(0, 0); } if (count($arSize) == 2) { switch($strExt) { case "gif": $image = @imagecreatefromgif($strIMG); break; case "jpg": case "jpeg": $image = @imagecreatefromjpeg($strIMG); break; case "png": $image = @imagecreatefrompng($strIMG); break; default: echo "image werd niet herkend"; die(); } $iOW = imagesx($image); $iOH = imagesy($image); $iNW = (intval($arSize[0]) != 0) ? intval($arSize[0]) : ( ($iOW > 640)?640:$iOW); $iNH = (intval($arSize[1]) != 0) ? intval($arSize[1]) : floor($iOH / $iOW * $iNW); $oTarget = imagecreatetruecolor($iNW, $iNH); imagecopyresized($oTarget, $image, 0, 0, 0, 0, $iNW, $iNH, $iOW, $iOH); switch($strExt) { case "gif": imagegif($oTarget); break; case "jpg": case "jpeg": imagejpeg($oTarget); break; case "png": imagepng($oTarget); break; } imagedestroy($image); imagedestroy($oTarget); exit(); } } switch($strExt) { case "htm": case "html": $arFolders = array("admin", "cached"); foreach ($arFolders as $strFolder) { if (file_exists("$strFolder/$strPath")) { readfile("$strFolder/$strPath"); exit(); } } break; default: $arFolders = array("template", "admin", "cached", "upload"); foreach ($arFolders as $strFolder) { if (file_exists("$strFolder/$strPath")) { readfile("$strFolder/$strPath"); exit(); } } } include ("database.inc.php"); $strHTML = makeAbsolute(content("template/index.html")); $strHeader = ""; $bAdmin = false; $iAdmin = 0; $arQRY = array(); // querystring voor admin $strKey = ( isset($_GET["k"]) ) ? $_GET["k"] : $_POST["k"]; if (isset($strKey)) { $qIngelogd = sql1("select * from tblSessies where code = '$strKey' and start <= " . time() . " and stop > " . time() . "; "); if ($qIngelogd) { if (($qIngelogd["code"] == $strKey)&&($qIngelogd["ip"] == $_SERVER['REMOTE_ADDR'])) { // foreach ($_GET as $strKey => $strVal) $arQRY[strtolower($strKey)] = $strVal; $arQRY["k"] = $strKey; $bAdmin = true; $iAdmin = $qIngelogd["login"]; $qRelong = sql("update tblSessies set stop = " . (time()+$iSessieTijd*60) . " where id = " . $qIngelogd["id"] . "; "); // $iRevision = intval(( isset($_GET["rev"]) ) ? $_GET["rev"] : $_POST["rev"]); $strHeader .= makeAbsolute(content("admin/header.inc.html")); $strHeader = str_replace("[SECKEY]", "$strKey", $strHeader); $strHeader = str_replace("[PAGE]", "$strSleutel", $strHeader); // $strHeader = str_replace("[REVISION]", "$iRevision", $strHeader); } else { header("Location: " . $strRoot . $strPath); exit(); } } else { header("Location: " . $strRoot . $strPath); exit(); } } /* **************** NAVIGATIE **************** */ $iNav = 0; $strNavigatie = ""; $oNavigatie = new tree($strSleutel); $iNavigatie = $oNavigatie->getID(); /* **************** SAVES OPSLAAN **************** */ if ($bAdmin) { switch($_POST["edit"]) { case "content": $strContent = $_POST["wysiwyg"]; $strBlock = $_POST["block"]; $iActief = intval($_POST["release"]); $iSaveNav = ($arRegions[$strBlock]["type"] == "content") ? $iNavigatie : 0; if ($iActief == 1) sql("update tblContent set actief = 0 where sleutel = '" . mysql_real_escape_string($strBlock) . "' and navigatie = $iSaveNav; "); sql("insert into tblContent (sleutel, actief, datum, navigatie, html, auteur) values ('" . mysql_real_escape_string($strBlock) . "', $iActief, " . time() . ", $iSaveNav, '" . mysql_real_escape_string($strContent) . "', $iAdmin)"); array_push($arMeldingen, "Je aanpassingen werden opgeslaan"); break; case "titel": $strContent = $_POST["block" . intval($_POST["block"])]; sql("update tblNavigatie set longtitle = '" . mysql_real_escape_string($_POST["titel"]) . "' where page = '$strSleutel';"); array_push($arMeldingen, "De titel werd aangepast"); break; case "menu": $arTree = json_decode($_POST["tree"]); doSaveNewTree(1, 0, $arTree); $oNavigatie = new tree($strSleutel); $iNavigatie = $oNavigatie->getID(); } } /* **************** CONTACTFORM **************** */ if (!$bAdmin) { if (isset($_POST["pst_region"])) { if ($_POST["pst_cd"] == md5($_POST[$_POST["pst_spm"]])) { $bIngevuld = false; $strMail = ""; foreach ($_POST as $strKey => $strVal) { switch($strKey) { case "pst_region": case "pst_mail": case "pst_cd": case "pst_spm": case "pst_page": case $_POST["pst_spm"]: case "": break; default: $strMail .= "" . "" . "" . ""; if (trim($strVal) != "") $bIngevuld = true; } } $strMail .= "
$strKey: " . nl2br($strVal) . "

IP-adres verzender: " . $_SERVER['REMOTE_ADDR'] . ""; $strSubject = "Contactformulier dierenartsottevaere.be (" . $_POST["pst_page"] . ")"; if ($bIngevuld) { $strFromMail = (isset($_POST["pst_mail"])) ? $_POST[$_POST["pst_mail"]] : "" ; $strResult = domail($strMail, $strFromMail, "", $strSubject); save("contact/" . md5(time().$strMail) . ".html", $strMail); $strHTML = str_replace("[" . $_POST["pst_region"] . "]", $strResult, $strHTML); } } } } /* **************** REDO NAVIGATIE **************** */ $strHTML = str_replace("[navigatie]", $oNavigatie->menu($bAdmin), $strHTML); /* **************** QUERYSTRING INC REVISIE-OPENS **************** */ $arQRYrev = $arQRY; foreach ($arRegions as $strRegion => $arRegion) { switch ($arRegion["type"]) { case "content": case "block": $arQRYrev[$strRegion] = intval($_GET[$strRegion]); } } /* **************** SPECIAL PAGES **************** */ switch(strtolower($strSleutel)) { case "admin": case "login": case "user": if (isset($_POST["login"])) { $strLogin = $_POST["login"]; $strPaswoord = hash('sha256', $_POST["paswoord"]); $record = sql1("select * from tblUsers where username = '$strLogin' and paswoord = '$strPaswoord';"); if ($record){ if ($strPaswoord == $record["paswoord"]) { $strKey = hash('sha256', $record["id"] . "-" . rand(0, 100000000) . time()); $qSessie = sql("insert into tblSessies (login, ip, code, start, stop) values('" . $record["id"] . "', '" . $_SERVER['REMOTE_ADDR'] . "', '$strKey', '" . time() . "', '" . (time()+$iSessieTijd*60) . "')"); if (count($arPath) > 1) { unset($arPath[count($arPath)-1]); header("Location: " . $strRoot . implode("/", $arPath) . "?k=" . $strKey); exit(); } else { header("Location: " . $strRoot . $strHome . ".html?k=" . $strKey); exit(); } } else { $strPaswoord = ""; } } else $strHTML = str_replace("[content]", "Inloggen niet gelukt ", $strHTML); } $strInhoud = content("admin.html"); $strHTML = str_replace("[titel]", "Inloggen", $strHTML); $strHTML = str_replace("[content]", $strInhoud, $strHTML); break; case "admin.menuedit": if ($bAdmin) { $strHTML = str_replace("[titel]", "Structuur aanpassen", $strHTML); $xml = simplexml_load_string("
    "); $strInhoud = '
    '; // . $xml->asXML(); $strInhoud .= $oNavigatie->editmenu(); $strInhoud .= " Pagina toevoegen "; $strInhoud .= "
    "; } else $strInhoud = "code 936"; $strHTML = str_replace("[content]", $strInhoud, $strHTML); break; case "admin.contactform" : $strContactForm = "contact/" . $_GET["f"]; switch($_GET["a"]) { case "delete": unlink($strContactForm); $strInhoud = "Bestand werd gewist"; break; default: $strInhoud = content($strContactForm); $strInhoud .= "

    Datum verzending: " . datum(filemtime($strContactForm)) . "

    " . "

    wissen

    "; } $strHTML = str_replace("[content]",$strInhoud, $strHTML); break; case "admin.upload": if ($bAdmin) { $arFouten = array(); $strInhoud = content("admin/fotoupload.html"); if (isset($_GET["i"])) $strFN = $_GET["i"]; if (isset($_FILES['bestand'])) { if($_FILES['bestand']['size'] > 5000000) { array_push($arFouten, "Bestand te groot"); } else { if($_FILES['bestand']['type'] == "image/gif" || $_FILES['bestand']['type'] == "image/png" || $_FILES['bestand']['type'] == "image/pjpeg" || $_FILES['bestand']['type'] == "image/jpeg") { $strFN = time() . "." . $_FILES['bestand']['name']; move_uploaded_file($_FILES['bestand']['tmp_name'], "upload/" . $strFN); $strFN = $strRoot . "images/" . $strFN; } else { array_push($arFouten, "Het bestand is geen png, jpg of gif"); } } } $strInhoud = str_replace("[image]", $strFN, $strInhoud); echo $strInhoud; } else echo ("code 236"); exit(); break; case "admin.menu": if ($bAdmin) { echo $oNavigatie->AhrefMenu(); } else echo ("code 936"); exit(); break; } /* **************** CONTENTBLOKKEN **************** */ $arJSsettings = array(); $strBlockMenu = ""; foreach ($arRegions as $strRegion => $arRegion) { switch ($arRegion["type"]) { case "content": case "block": if (strrpos($strHTML, "[$strRegion]") !== false) { $arJSsettings[$strRegion] = array( "live" => false, "datum" => 0, "navigatie" => 0, "revision" => 0, ); if ($bAdmin) { $strBlockMenu .= '
  1. ' . (isset($arRegion["title"])?$arRegion["title"]:$strRegion) . '
  2. '; $iBlockID = intval($_GET[$strRegion]); if ($iBlockID == 0) { $strSQL = "select * from tblContent where sleutel = '" . $strRegion . "' and (navigatie = 0 or navigatie = $iNavigatie) order by navigatie desc, id desc limit 1; "; } else { $strSQL = "select * from tblContent where sleutel = '" . $strRegion . "' and (navigatie = 0 or navigatie = $iNavigatie) and id = $iBlockID; "; } } else { $strSQL = "select * from tblContent where actief = 1 and sleutel = '" . $strRegion . "' and (navigatie = 0 or navigatie = $iNavigatie) order by navigatie desc, id desc limit 1; "; } $arContent = sql1($strSQL); if ($arContent){ // if ($result){ $arClasses = array("wysiwyg-" . $arRegion['wysiwyg']); array_push($arClasses, (($arContent["actief"]==1) ? "wysiwyg-live" : "wysiwyg-draft")); $arJSsettings[$strRegion]["live"] = ($arContent["actief"]==1); $arJSsettings[$strRegion]["datum"] = $arContent["datum"]; $arJSsettings[$strRegion]["navigatie"] = $arContent["navigatie"]; $arJSsettings[$strRegion]["revision"] = $arContent["id"]; if ($bAdmin) { $strBlock = '
    ' . $arContent["html"] . '
    '; $strHTML = str_replace("[$strRegion]", $strBlock, $strHTML); }else { $strBlock = $arContent["html"]; /* ************* CONTACTFORMS ******************** */ $dom = new DOMDocument; $dom->loadHTML($strBlock); $strAntispam = getRandomCode(); $arFieldNames = array("website", "message", "name", "question", "firstname", "url", "pst_message"); $arHiddenFields = array( "pst_region" => $strRegion, "pst_cd" => md5($strAntispam), "pst_page" => $oNavigatie->getTitel() ); $bForm = false; foreach($dom->getElementsByTagName('input') as $oInput) { $bForm = true; $arFieldNames = array_diff($arFieldNames, array(strtolower($oInput->getAttribute('type')))); if (strtolower($oInput->getAttribute('type')) == "email") { $arHiddenFields["pst_mail"] = $oInput->getAttribute('name'); } } if ($bForm) { $arHiddenFields["pst_spm"] = $arFieldNames[0]; $strForm = '
    ' . '
    '; foreach ($arHiddenFields as $strKey => $strVal) $strForm .= ''; $strForm .= $strBlock . "
    "; $strBlock = $strForm; } /* ************* EXTERNE LINKS > _BLANK ******************** */ $dom = new DOMDocument; $dom->loadHTML($strBlock); foreach($dom->getElementsByTagName('a') as $oLink) { if (!strrpos($oLink->getAttribute("href"), "://") === false) { $oLink->setAttribute("target", "_blank"); } } $strBlock = getBody($dom->saveHTML()); /* ************* IMAGES SERVER RESIZE ******************** */ $dom = new DOMDocument; $dom->loadHTML($strBlock); foreach($dom->getElementsByTagName('img') as $oIMG) { if (strrpos($oIMG->getAttribute("src"), "://") === false) { $arIMG = explode("/", $oIMG->getAttribute("src")); $strIMG = $arIMG[count($arIMG)-1]; if (file_exists("upload/$strIMG")) { $oIMG->setAttribute("src", $strRoot . "images/" . intval($oIMG->getAttribute("width")) . "x" . intval($oIMG->getAttribute("height")) . "/$strIMG"); } } } $strBlock = getBody($dom->saveHTML()); $strHTML = str_replace("[$strRegion]", $strBlock, $strHTML); } } else { /* ************* GEEN CONTENT IN DE DATABASE VOOR DEZE PAGE / BLOCK ******************** */ if ($bAdmin) { $strBlock = '
    geen content gevonden
    '; $strHTML = str_replace("[$strRegion]", $strBlock, $strHTML); } else $strHTML = str_replace("[$strRegion]", "geen content gevonden", $strHTML); } } break; } } $strHeader = str_replace("[SETTINGS]", "var arSettings = " . JSencode($arJSsettings), $strHeader); $strHeader = str_replace("[ISLIVE]", "false", $strHeader); $strTitel = "Dierenarts Marianne Ottevaere Roeselare" . (($oNavigatie->getTitel() != "") ? " - ".$oNavigatie->getTitel() : "" ); $strHTML = str_replace("[titel]", $strTitel, $strHTML); $strHTML = str_replace("[header]", $strHeader, $strHTML); $strHTML = str_replace("[url]", "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]", $strHTML); $strHTML = str_replace("[http://root]", "http://$_SERVER[HTTP_HOST]/", $strHTML); if ($bAdmin) { $strMeldingen = ""; foreach($arMeldingen as $strMelding){ $strMeldingen .= "
  3. $strMelding
  4. "; } $arContactforms = array(); if ($handle = opendir('contact')) { while (false !== ($entry = readdir($handle))) { switch($entry) { case ".": case "..": break; default: $arContactforms[filemtime("contact/$entry")] = "
  5. " . "" . datum(filemtime("contact/$entry")) . "" . "
  6. "; } } closedir($handle); ksort($arContactforms); $strContactforms = ""; foreach ($arContactforms as $strContactFormLI) $strContactforms = $strContactFormLI . $strContactforms; } $strAdminMenu = "
    "; $strHTML = str_replace("", $strAdminMenu . "", $strHTML); } echo $strHTML; ?>