exported from svn

2013-10-07 14:46:08 +02:00 · 2013-10-07 14:46:08 +02:00 · 03995d3bc6
commit 03995d3bc6
85 changed files with 14765 additions and 0 deletions
--- a/admin/auth.php
+++ b/admin/auth.php
@ -0,0 +1,13 @@
+<?php
+ini_set("session.use_trans_sid", false);
+session_start();
+
+$hostname = $_SERVER['HTTP_HOST'];
+$path = dirname($_SERVER['SCRIPT_NAME']);
+
+if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
+    header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/login.php?url='.urlencode($_SERVER["REQUEST_URI"]));
+    exit;
+}
+
+// eof
--- a/admin/blog.func.php
+++ b/admin/blog.func.php
@ -0,0 +1,355 @@
+<?php
+// Untersuchen ob alles eingegeben wurde
+function check_input($form_input) {
+global $l;
+    if(strlen(trim($form_input['topic'])) < 1) $errors[] = $l['admin']['no_headline'];
+
+    // checking URL
+    if(strlen(trim($form_input['url'])) < 1) $errors[] = $l['admin']['no_url'];
+    elseif(!preg_match("/^[a-z0-9\-_\.\/,]+$/", $form_input['url'])) $errors[] = $l['admin']['false_url_letters'];
+    else {
+        $f = escape_for_mysql($form_input);
+        if(empty($f['date'])) $f['date'] = strftime("%Y-%m-%d %H:%M:%S");
+
+        list($date, $time) = explode(" ", $form_input["date"]);
+        list($year, $month, $day) = explode("-", $date);
+        list($hour, $minute, $second) = explode(":", $time);
+
+        # TODO: (jeena) diese Abfrage scheint noch falsch zu sein
+/*
+        if(
+            !checkdate((int)$month, (int)$day, (int)$year) OR
+            $hour < 0 OR $hour > 23 OR
+            $minute < 0 OR $minute > 59 OR
+            $second < 0 OR $second > 59
+        ) $errors[] = $l['admin']['false_date'];
+*/   
+        if($form_input['section'] == 'page') {
+            $sql = "SELECT id FROM ".JLOG_DB_CONTENT." WHERE url = '".$f['url']."';";
+        }
+        else {
+            $sql = "SELECT id FROM ".JLOG_DB_CONTENT." WHERE
+                        YEAR(date)  = ".date("Y", $f['date'])." AND
+                        MONTH(date) = ".date("m", $f['date'])." AND
+                        url         = '".$f['url']."';";
+        }
+    
+        $check_url = new Query($sql);
+
+        if($check_url->error()) {
+         echo "<pre>\n";
+         echo $check_url->getError();
+         echo "</pre>\n";
+         die();
+        }
+
+        if($check_url->numRows() > 0) {
+            $c = $check_url->fetch();
+            if($c['id'] != $form_input['id'] AND $form_input['section'] != 'page') $errors[] = $l['admin']['url_duplicate'];
+            elseif($c['id'] != $form_input['id'] AND $form_input['section'] == 'page') $errors[] = $l['admin']['url_duplicate_page'];
+        }
+    }
+    
+     if(strlen(trim($form_input['teaserpic']) > 0) AND !is_file(JLOG_BASEPATH.'img'.DIRECTORY_SEPARATOR."t_".$form_input['teaserpic'])) {
+      	$errors[] = $l['admin']['false_teaserpic'];
+      }
+
+     if($form_input['teaserpiconblog'] == "1" AND strlen(trim($form_input['teaserpic'])) == 0) $errors[] = $l['admin']['no_teaserpic_uploaded'];
+    
+    if(strlen(trim($form_input['teaser'])) < 1) $errors[] = $l['admin']['no_teaser'];
+    if(strlen(trim($form_input['content'])) < 1) $errors[] = $l['admin']['no_content'];
+    
+ return $errors;
+}
+
+// Eingabeformular
+function form_output($form_input) {
+ $form_input = array_htmlspecialchars($form_input);
+global $l, $categories, $plugins;
+
+     if($form_input['teaserpiconblog'] == 1) $form_input['teaserpiconblog_check'] = "checked='checked'";
+     if($form_input['section'] == 'page') $page = " checked='checked'";
+     else $weblog = " checked='checked'";
+     if($form_input['allowcomments'] === '0') $form_input['comments_check'] = "checked='checked'";
+     if($form_input['allowpingback'] === '0') $form_input['pingback_check'] = "checked='checked'";
+
+ $o = "
+   <form method='post' id='entryform' action='".$_SERVER['SCRIPT_NAME']."' accept-charset='UTF-8'>
+    <fieldset><legend>".$l['admin']['metadata']."</legend>
+     <p><label>".$l['admin']['section']."</label><br />
+        <input id='weblog' name='section' type='radio' value='weblog'".$weblog." /><label for='weblog' class='nobreak'>".$l['admin']['section_weblog']."</label>&nbsp;
+        <input id='page' name='section' type='radio' value='page'".$page." /><label for='page' class='nobreak'>".$l['admin']['section_page']."</label></p>
+     <p><label for='topic'>".$l['admin']['headline']."</label><br />
+        <input id='topic' name='topic' class='long' type='text' maxlength='255' size='60' value='".$form_input['topic']."' /></p>
+     <p><label for='url'>".$l['admin']['url']."</label><br />
+        <input id='url' name='url' class='long' type='text' maxlength='200' size='60' value='".$form_input['url']."' /></p>
+     <p><label for='teaser'>".$l['admin']['teaser']."</label><br />
+        <textarea id='teaser' name='teaser' class='small' rows='2' cols='60' >".$form_input['teaser']."</textarea></p>
+     <p><label for='keywords'>".$l['admin']['keywords']."</label><br />
+        <input id='keywords' name='keywords' class='long' type='text' maxlength='255' size='60' value='".$form_input['keywords']."' /></p>
+".$categories->output_select($form_input['categories'])."
+      <p id='jlogteaserpic' style='display: none;'><label for='teaserpic'>".$l['admin']['pic_for_teaser']."</label><br />
+          <input id='teaserpic' name='teaserpic' class='short' type='text' size='6' value='".$form_input['teaserpic']."' />
+          <input id='teaserpiconblog' name='teaserpiconblog' type='checkbox' value='1' ".$form_input['teaserpiconblog_check']." /> <label for='teaserpiconblog'>".$l['admin']['show_tpic_on_archive']."</label>
+          <script type='text/javascript'>
+           document.write(\"<br /><input type='button' name='teaserupload' value='".$l['admin']['pic_upload']."' onclick='jlog_wopen(\\\"".add_session_id_to_url("media/upload-teaser.php")."\\\");' /><input type='button' name='teaserchose' value='".$l['admin']['pic_choose']."' onclick='jlog_wopen(\\\"".add_session_id_to_url("media/select-teaser.php")."\\\");' />\");
+          </script>
+         </p>
+     <p><input id='allowcomments' type='checkbox' name='allowcomments' value='0' ".$form_input['comments_check']." /><label for='allowcomments'>".$l['admin']['comments_closed']."</label><br />
+        <input id='allowpingback' type='checkbox' name='allowpingback' value='0' ".$form_input['pingback_check']." /><label for='allowpingback'>".$l['admin']['pingback_closed']."</label></p>
+
+    </fieldset>
+
+    <fieldset><legend>".$l['admin']['contentdata']."</legend>
+     <script type='text/javascript'>
+      document.write(\"<br /><label for='content'>".$l['admin']['contentpic_choose']."</label><br /><input name='imgupload' type='button' value='".$l['admin']['pic_upload']."' onclick='jlog_wopen(\\\"".add_session_id_to_url("media/upload-picture.php")."\\\");' /><input name='imgselect' type='button' value='".$l['admin']['pic_choose']."' onclick='jlog_wopen(\\\"".add_session_id_to_url("media/select-picture.php")."\\\");' />\");
+     </script>
+    <p><label for='content'>".$l['admin']['content']." (".$l['admin']['howto_bbcode'].")</label><br /><br id='bbcode' />
+       <textarea id='content' name='content' rows='15' cols='60' class='big'>".$form_input['content']."</textarea></p>
+
+    <p><input class='send' type='submit' name='form_submitted' value='".$l['admin']['preview']."' />
+       <input class='send' type='submit' name='form_submitted' value='".$l['admin']['publish']."' />
+       <input type='hidden' name='id' value='".$form_input['id']."' />
+       <input type='hidden' name='date' value='".$form_input['date']."' />
+       ".add_session_id_input_tag()."
+    </p>
+    </fieldset>
+   </form>
+   <script type='text/javascript'>
+    jlog_admin = true;
+    jlog_l_comments_bold = '".$l['admin']['content_bold']."';
+    jlog_l_comments_italic = '".$l['admin']['content_italic']."';
+    jlog_l_comments_quote = '".$l['admin']['content_quote']."';
+    jlog_l_comments_url = '".$l['admin']['content_url']."';
+    jlog_l_comments_plz_format_txt = '".$l['admin']['content_plz_format_txt']."';
+    jlog_l_comments_input_on_pos = '".$l['admin']['content_input_on_pos']."';
+    jlog_l_comments_url_href = '".$l['admin']['content_url_href']."';
+    jlog_l_comments_url_node = '".$l['admin']['content_url_node']."';
+    jlog_l_list = '".$l['admin']['content_list']."';
+    jlog_l_headline = '".$l['admin']['content_headline']."';
+   </script>
+ ";
+
+   ### Plugin Hook
+   $o = $plugins->callHook('adminForm', $o, $form_input);
+  
+ return $o;
+}
+
+function preview_output($form_input) {
+global $l, $bbcode, $categories;
+
+    // get data from _post
+    if(empty($form_input['date'])) $form_input['date'] = time();
+    $output =  "<h2 class='preview'>".$l['admin']['preview']."</h2>\n<div class='preview'>".do_entry($form_input, NULL, $section)."</div>";
+
+ return $output;
+}
+
+function insert_blog($form_input) {
+global $l, $plugins;
+
+    if($form_input['allowcomments'] != "0") $form_input['allowcomments'] = "1";
+    if($form_input['allowpingback'] != "0") $form_input['allowpingback'] = "1";
+
+     $form_input = escape_for_mysql($form_input);
+     $sql = "INSERT INTO ".JLOG_DB_CONTENT." (
+                    topic,
+                    url,
+                    section,
+                    date,
+                    teaser,
+                    teaserpic,
+                    teaserpiconblog,
+                    keywords,
+                    content,
+                    comments,
+                    allowpingback   )
+                VALUES (
+                '".$form_input['topic']."',
+                '".$form_input['url']."',
+                '".$form_input['section']."',
+                NOW(),
+                '".$form_input['teaser']."',
+                '".$form_input['teaserpic']."',
+                '".$form_input['teaserpiconblog']."',
+                '".$form_input['keywords']."',
+                '".$form_input['content']."',
+                '".$form_input['allowcomments']."',
+                '".$form_input['allowpingback']."'  );";
+
+    $writeblog = new Query($sql);
+    $id = mysql_insert_id();
+     if($writeblog->error()) {
+        echo "<pre>\n";
+        echo $writeblog->getError();
+        echo "</pre>\n";
+        die();
+     }
+     
+    if(is_array($form_input['categories']) AND $form_input['categories']['0'] != 'no_categories') {
+    $sql = "INSERT INTO ".JLOG_DB_CATASSIGN." ( cat_id, content_id )
+                VALUES \n";
+    foreach($form_input['categories'] AS $category) {
+            if(++$i > 1) $sql .= ",\n";
+            $sql .= "( '".$category."', '".$id."')";
+    }
+    $sql .= ";";
+    
+    $catassign = new Query($sql);
+     if($catassign->error()) {
+        echo "<pre>\n";
+        echo $catassign->getError();
+        echo "</pre>\n";
+        die();
+     }
+    }
+
+   ### Plugin Hook
+   $plugins->callHook('insertEntry', $id, $form_input);
+ return $id;
+}
+
+function get_blog($id) {
+global $l, $categories;
+
+    $sql = 'SELECT id, url, topic, UNIX_TIMESTAMP(date) AS date, ' .
+    		'teaser, teaserpic, teaserpiconblog, keywords, ' .
+		'content, comments, allowpingback, section FROM ' .
+    		JLOG_DB_CONTENT . ' WHERE id = \'' . $id .
+		'\' LIMIT 1;';
+
+    $blog = new Query($sql);
+     if($blog->error()) {
+        echo "<pre>\n";
+        echo $blog->getError();
+        echo "</pre>\n";
+        die();
+     }
+    $form_input = $blog->fetch();
+    
+   $form_input['categories'] = $categories->get_assigned_categories($form_input['id']);
+     
+ return $form_input;
+}
+
+function update_blog($form_input) {
+global $l, $plugins;
+
+    if($form_input['allowcomments'] != "0") $form_input['allowcomments'] = "1";
+    if($form_input['allowpingback'] != "0") $form_input['allowpingback'] = "1";
+
+     $form_input = escape_for_mysql($form_input);
+     $sql = "UPDATE ".JLOG_DB_CONTENT." SET
+                    topic              = '".$form_input['topic']."',
+                    url                 = '".$form_input['url']."',
+                    section             = '".$form_input['section']."',
+                    teaser             = '".$form_input['teaser']."',
+                    teaserpic           = '".$form_input['teaserpic']."',
+                    teaserpiconblog = '".$form_input['teaserpiconblog']."',
+                    keywords            = '".$form_input['keywords']."',
+                    content             = '".$form_input['content']."',
+                    comments          = '".$form_input['allowcomments']."',
+                    allowpingback     = '".$form_input['allowpingback']."'
+                WHERE id = '".$form_input['id']."' LIMIT 1;";
+
+
+    $updateblog = new Query($sql);
+     if($updateblog->error()) {
+        echo "<pre>\n";
+        echo $updateblog->getError();
+        echo "</pre>\n";
+        die();
+     }
+     
+    if(is_array($form_input['categories'])) {
+    $sql = "DELETE FROM ".JLOG_DB_CATASSIGN." WHERE content_id = '".$form_input['id']."';";
+    $trashcatassign = new Query($sql);
+     if($trashcatassign->error()) {
+        echo "<pre>\n";
+        echo $trashcatassign->getError();
+        echo "</pre>\n";
+        die();
+     }
+     
+    if(is_array($form_input['categories']) AND $form_input['categories']['0'] != 'no_categories') {
+        $sql = "INSERT INTO ".JLOG_DB_CATASSIGN." ( cat_id, content_id )
+                    VALUES \n";
+        foreach($form_input['categories'] AS $category) {
+            if(++$i > 1) $sql .= ",\n";
+            $sql .= "( '".$category."', '".$form_input['id']."')";
+        }
+        $sql .= ";";
+        
+        $catassign = new Query($sql);
+         if($catassign->error()) {
+            echo "<pre>\n";
+            echo $catassign->getError();
+            echo "</pre>\n";
+            die();
+         }
+    }
+    }
+
+   ### Plugin Hook
+   $plugins->callHook('updateEntry', $form_input['id'], $form_input);
+
+ return $l['admin']['data_updated'];
+}
+
+function trash_blog($id) {
+global $l;
+
+    $sql = "DELETE FROM ".JLOG_DB_CONTENT." WHERE id = '".escape_for_mysql($id)."' LIMIT 1";
+    
+    $trashblog = new Query($sql);
+   if($trashblog->error()) {
+        echo "<pre>\n";
+        echo $trashblog->getError();
+        echo "</pre>\n";
+        die();
+   }
+ return $l['admin']['postleted'];
+}
+
+/**
+ * add PHPSESSID GET parameter if cookies are not allowed
+ **/
+function add_session_id_to_url($url="") {
+	if(empty($_COOKIE[session_name()])) {
+	    if(strpos($url, "?") === false)  $url .= "?";
+	    else $url .= "&";
+	    $url .= session_name() . "=" . htmlspecialchars(session_id());
+	}
+	return $url;
+}
+
+/**
+ * add PHPSESSID <input>-Tag if cookies are not allowed
+ */
+function add_session_id_input_tag() {
+	if(empty($_COOKIE[session_name()])) {
+	    return "<input type='hidden' name='" . session_name() . "' value='" . htmlspecialchars(session_id()) . "' />";
+	}
+}
+
+// output the administration menu
+function output_admin_menu() {
+global $l, $plugins;
+        $o = '<p id="admin-menu">
+ <a href="'.add_session_id_to_url("./").'">'.$l['admin']['menu_home'].'</a> |
+ <a href="'.add_session_id_to_url("categories.php").'">'.$l['admin']['menu_categories'].'</a> |
+ <a href="'.add_session_id_to_url("comments.php").'">'.$l['admin']['menu_comments'].'</a> |
+ <a href="'.add_session_id_to_url("settings.php").'">'.$l['admin']['menu_settings'].'</a> |
+ <a href="'.add_session_id_to_url("plugin.php").'">'.$l['admin']['menu_plugins'].'</a> |
+ <a href="'.add_session_id_to_url("logout.php").'">'.$l['admin']['menu_logout'].'</a>
+</p>';
+
+	### Plugin Hook
+	$o = $plugins->callHook('adminMenu', $o);
+	
+ return $o;
+}
+
+
+// eof
--- a/admin/categories.php
+++ b/admin/categories.php
@ -0,0 +1,79 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $get = strip($_GET);
+ $form_input = strip($_POST);
+
+ $c['meta']['title'] = $l['admin']['cat_title'];
+ $c['main'] = output_admin_menu()."<h2>".$l['admin']['cat_title']."</h2>\n";
+ 
+	switch ($get['action']) {
+	
+		case 'new':
+			if(isset($form_input['form_submit'])) {
+				if(!is_array($errors = $categories->validate($form_input))) {
+					$categories->new_cat($form_input);
+					$categories->get_categories();
+					$c['main'] .= "<p><strong>&raquo;&raquo;</strong> <a href='".add_session_id_to_url("?action=new")."'>".$l['admin']['cat_new']."</a></p>
+									 ".$categories->output_whole_list_admin();
+				}
+				else {
+					$c['main'] .= error_output($errors);
+					$c['main'] .= $categories->output_form($form_input, 'new', $l['admin']['cat_new']);
+				}
+			}
+			else $c['main'] .= $categories->output_form('', 'new', $l['admin']['cat_new']);
+			break;
+
+		case 'change':
+			if(isset($form_input['form_submit'])) {
+				if(!is_array($errors = $categories->validate($form_input))) {
+					$categories->change_cat($form_input);
+					$categories->get_categories();
+					$c['main'] .= "<p>".$l['admin']['cat_new_ok']."</p>".$categories->output_whole_list_admin();
+				}
+				else {
+					$c['main'] .= error_output($errors);
+					$c['main'] .= $categories->output_form($form_input, 'new', $l['admin']['cat_new']);
+				}
+			}
+			else {
+				$form_input['name'] = $categories->get($get['id'], 'name');
+				$form_input['id'] = $get['id'];
+				$form_input['url'] = $categories->get($get['id'], 'url');
+				$form_input['description'] = $categories->get($get['id'], 'description');
+				
+				$c['main'] .= $categories->output_form($form_input, 'change', $l['admin']['cat_change']);
+			}
+		  	break;
+
+		case 'trash':
+			if($form_input['form_submit'] == $l['admin']['yes']) {
+				$categories->trash_cat($form_input['id']);
+				$categories->get_categories();
+				$c['main'] .= "<p>".$l['admin']['cat_trash_ok']."
+									 <a href='".add_session_id_to_url("categories.php")."'>".$l['admin']['cat_admincenter']."</a></p>";
+			}
+			else {
+				$c['main'] .= "<form action='?action=trash' method='POST' accept-charset='UTF-8'>
+				                <p>".$l['admin']['cat_really_trash']."</p>
+				                <h3>".$categories->link($get['id'])."</h3>
+				                <p><input type='submit' name='form_submit' value='".$l['admin']['yes']."' />
+				                   <input type='hidden' name='id' value='".$get['id']."' />
+				                   ".add_session_id_input_tag()."
+				                   <a href='".add_session_id_to_url("categories.php")."'>".$l['admin']['no']."</a></p>
+				               </form>";
+			}
+			break;
+		
+		default:
+			$c['main'] .= "<p><strong>&raquo;&raquo;</strong> <a href='".add_session_id_to_url("?action=new")."'>".$l['admin']['cat_new']."</a></p>
+							  ".$categories->output_whole_list_admin();
+	}
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+?>
--- a/admin/change.php
+++ b/admin/change.php
@ -0,0 +1,60 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+ 
+ $get = strip($_GET);
+ $post = strip($_POST);
+ 
+ $c['meta']['title'] = $l['admin']['change_headline'];
+ $c['main'] = output_admin_menu();
+ $c['main'] .= "<h2>".$l['admin']['change_headline']."</h2>";
+
+if($get['action'] == "trash" AND $post['trash'] == $l['admin']['yes']) {
+ $c['main'] .= "<p>".trash_blog($get['id'])."</p>";
+ include_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php');
+}
+elseif ($get['action'] == "trash" AND empty($post['trash'])) {
+ $c['main'] .= "
+   <form method='post' id='entryform' action='".$_SERVER['SCRIPT_NAME']."?id=".$get['id']."&amp;action=trash' accept-charset='UTF-8'>
+	 <p>".$l['admin']['rearly_delete']." <input class='send' type='submit' name='trash' value='".$l['admin']['yes']."' />
+	  ".add_session_id_input_tag()."
+	  <a href='".JLOG_PATH."/admin/'>".$l['admin']['no']."</a></p>
+   </form>";
+  $form_input = get_blog($get['id']);
+  $c['main'] .= preview_output($form_input);
+  $c['title'] = $l['admin']['delete_blogentry'];  
+}
+
+else {
+	if(isset($get['id'])) $form_input = get_blog($get['id']);
+	elseif (isset($_POST)) $form_input = $post;
+	else $c['main'] .= $l['admin']['error_occurred'];
+	
+	if($post['form_submitted'] == $l['admin']['preview']) {
+	 $c['main'] .= error_output(check_input($form_input));
+	 $c['main'] .= preview_output($form_input);
+	 $c['main'] .= form_output($form_input);
+	}
+	elseif($post['form_submitted'] == $l['admin']['publish']) {
+		// Put data to database
+		if(!check_input($form_input)) {
+		 $c['main'] .= "<p>".update_blog($form_input)."</p>";
+		 include_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php');
+		}
+		else {
+		 // show preview and form
+		 $c['main'] .= error_output(check_input($form_input));
+	 	 $c['main'] .= form_output($form_input);
+		}
+	}
+	else {
+		// show form
+	 	 $c['main'] .= form_output($form_input);
+	}
+}
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+?>
--- a/admin/comments.php
+++ b/admin/comments.php
@ -0,0 +1,217 @@
+<?php 
+include_once('.'.DIRECTORY_SEPARATOR.'auth.php'); 
+define("JLOG_ADMIN", true); 
+define("JLOG_COMMENTS", true); 
+require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+$get = strip($_GET); 
+$data = strip($_POST); 
+$mysql_id = escape_for_mysql($get['id']); 
+
+$c['meta']['title'] = $l['admin']['kill_c_topic']; 
+$c['main'] = output_admin_menu(); 
+
+if($get['action'] == 'trash' AND $data['trash'] == $l['admin']['yes']) { 
+
+    ### Plugin Hook
+    $get['id'] = $plugins->callHook('deleteComment', $get['id']); 
+
+    if( trash($get['id'], JLOG_DB_COMMENTS ) == true) { 
+      $c['main'] .= $l['admin']['kill_c_killed']; 
+      include_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php'); 
+    }
+}
+elseif ($get['action'] == 'trash' AND empty($data['trash'])) { 
+$c['main'] .= " 
+   <form method='post' id='entryform' action='comments.php?id=".$get['id']."&amp;action=trash' accept-charset='UTF-8'> 
+     <p>".$l['admin']['kill_c_sure']." 
+        <input class='send' type='submit' name='trash' value='".$l['admin']['yes']."' />
+        ".add_session_id_input_tag()."
+        <a href='".add_session_id_to_url("comments.php")."'>".$l['admin']['no']."</a></p> 
+   </form>"; 
+    
+    $sql = 'SELECT id, sid, name, city, email, homepage, content, ' .
+    	      'date, reference, mail_by_comment, type FROM ' .
+	      JLOG_DB_COMMENTS." 
+              WHERE id = ".$mysql_id." 
+              ORDER BY id DESC LIMIT 1;"; 
+
+    $comment = new Query($sql); 
+     if($comment->error()) { 
+        echo "<pre>\n"; 
+        echo $comment->getError(); 
+        echo "</pre>\n"; 
+        die(); 
+     }
+      
+   $daten = $comment->fetch(); 
+  $c['main'] .= "<ul class='comments'>".do_comment($daten, "x")."</ul>"; 
+
+}
+elseif($get['action'] == 'change' AND !empty($get['id'])) { 
+
+  $l["comments_comment_topic"]   = $l['admin']["comments_comment_topic"]; 
+  $l["comments_by"]              = $l['admin']["comments_by"]; 
+  $l["comments_name"]            = $l['admin']["comments_name"]; 
+  $l["comments_city"]            = $l['admin']["comments_city"]; 
+  $l["comments_email"]           = $l['admin']["comments_email"]; 
+  $l["comments_homepage"]        = $l['admin']["comments_homepage"]; 
+  $l["comments_bbcode"]          = $l['admin']["comments_bbcode"]; 
+  $l["comments_send"]            = $l['admin']["comments_send"]; 
+  $l["comments_preview"]         = $l['admin']["comments_preview"]; 
+  $l["comments_no_sid"]          = $l['admin']["comments_no_sid"]; 
+  $l["comments_false_mail"]      = $l['admin']["comments_false_mail"]; 
+  $l["comments_notext"]          = $l['admin']["comments_notext"]; 
+  $l["comments_false_hp"]        = $l['admin']["comments_false_hp"]; 
+  $l["comments_anonym"]          = $l['admin']["comments_anonym"]; 
+  $l["comments_permalink"]       = $l['admin']["comments_permalink"]; 
+  $l["comments_from"]            = $l['admin']["comments_from"]; 
+  $l["comments_posted"]          = $l['admin']["comments_posted"]; 
+  $l["comments_entryform"]       = $l['admin']["comments_entryform"]; 
+  $l["comments_mail_by_comment"] = $l['admin']["comments_mail_by_comment"]; 
+  $l["comments_thx"]             = $l['admin']["comments_thx"]; 
+  $l["comments_preview"]         = $l['admin']["comments_preview"]; 
+  $l["comments_send"]            = $l['admin']["comments_send"]; 
+  $l["comments_bold"]            = $l['admin']["comments_bold"]; 
+  $l["comments_italic"]          = $l['admin']["comments_italic"]; 
+  $l["comments_quote"]           = $l['admin']["comments_quote"]; 
+  $l["comments_url"]             = $l['admin']["comments_url"]; 
+  $l["comments_plz_format_txt"]  = $l['admin']["comments_plz_format_txt"]; 
+  $l["comments_url_href"]        = $l['admin']["comments_url_href"]; 
+  $l["comments_url_node"]        = $l['admin']["comments_url_node"]; 
+   
+    if($data['form_submitted'] == $l['comments_preview']) { 
+        $c['main'] .= "\n  <h2>".$l['admin']['comments_change_h']."</h2> 
+            <ul class='comments' id='preview'> 
+            ".do_comment($data, 1)." 
+            </ul>".com_form_output($data).com_javascript_variables(); 
+    }
+    elseif($data['form_submitted'] == $l['comments_send']) { 
+        if(count($errors = com_check_errors($data)) > 0) $c['main'] .= "\n  <h2>".$l['admin']['comments_change_h']."</h2>\n".error_output($error).com_form_output($data).com_javascript_variables(); 
+        else { 
+
+            $data = com_clean_data($data); 
+             
+### Plugin Hook
+            $data = $plugins->callHook('updateComment', $data); 
+             
+            $data = escape_for_mysql($data); 
+     
+            $sql = "UPDATE ".JLOG_DB_COMMENTS." 
+                SET 
+                name                    = '".$data['name']."', 
+                city                    = '".$data['city']."', 
+                email                   = '".$data['email']."', 
+                homepage                = '".$data['homepage']."', 
+                content                 = '".$data['content']."', 
+                mail_by_comment         = '".$data['mail_by_comment']."' 
+            WHERE id = '".$data['id']."' LIMIT 1;"; 
+     
+           $updatecomment = new Query($sql); 
+            if($updatecomment->error()) { 
+               echo "<pre>\n"; 
+               echo $updatecomment->getError(); 
+               echo "</pre>\n"; 
+               die(); 
+            }
+            $c['main'] .= "\n  <h2>".$l['admin']['comments_change_h']."</h2>\n".$l['admin']['comments_updated']." <a href='".add_session_id_to_url("comments.php")."'>".$l['admin']['comments_admin']."</a>"; 
+            include_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php'); 
+        }
+    }
+    else { 
+        $sql = 'SELECT id, sid, name, city, email, homepage, content, ' .
+		'UNIX_TIMESTAMP(date) AS date, reference, ' .
+		'mail_by_comment, type FROM '.JLOG_DB_COMMENTS." 
+              WHERE id = ".$mysql_id." 
+              ORDER BY id DESC LIMIT 1;"; 
+
+        $comment = new Query($sql); 
+        if($comment->error()) { 
+            echo "<pre>\n"; 
+            echo $comment->getError(); 
+            echo "</pre>\n"; 
+            die(); 
+        }
+      
+        $data = $comment->fetch(); 
+        if(empty($data['name'])) $data['name'] = $l['comments_name']; 
+        if(empty($data['city'])) $data['city'] = $l['comments_city']; 
+        if(empty($data['email'])) $data['email'] = $l['comments_email']; 
+        if(empty($data['homepage'])) $data['homepage'] = $l['comments_homepage']; 
+
+        $c['main'] .= "\n  <h2>".$l['admin']['comments_change_h']."</h2> 
+            <ul class='comments' id='preview'> 
+            ".do_comment($data, 1)." 
+            </ul>".com_form_output($data).com_javascript_variables(); 
+    }
+}
+else { 
+$yl = new Year_Links($get['y'], JLOG_START_YEAR, add_session_id_to_url(JLOG_PATH."/admin/comments.php"), $l['admin']); 
+
+  $c['main'] .= " 
+<h2>".$l['admin']['kill_c_topic']."</h2> 
+<p>".$l['admin']['kill_c_description']."</p> 
+<p>".$yl->get_admin_linklist()."</p> 
+  <table> 
+   <tr> 
+    <th>".$l['admin']['change']."</th><th>".$l['admin']['delete']."</th><th>ID</th><th>".$l['comments_name']."</th><th>".$l['comments_posted']."</th><th>".$l['admin']['kill_c_entry']."</th> 
+   </tr>"; 
+
+    $sql = "SELECT  
+                    ".JLOG_DB_COMMENTS.".id AS id, 
+                    ".JLOG_DB_CONTENT.".url AS url, 
+                    UNIX_TIMESTAMP(".JLOG_DB_CONTENT.".date) AS reference_date, 
+                    UNIX_TIMESTAMP(".JLOG_DB_COMMENTS.".date) AS date, 
+                    ".JLOG_DB_COMMENTS.".name AS name, 
+                    ".JLOG_DB_CONTENT.".topic AS topic, 
+                    ".JLOG_DB_COMMENTS.".email AS email,
+ 										".JLOG_DB_COMMENTS.".type AS type
+              FROM ".JLOG_DB_COMMENTS.", ".JLOG_DB_CONTENT." 
+              WHERE ".JLOG_DB_COMMENTS.".reference = ".JLOG_DB_CONTENT.".id 
+              AND YEAR(".JLOG_DB_COMMENTS.".date) = '".$yl->get_selected_year()."' 
+              ORDER BY id DESC;"; 
+
+    $comments = new Query($sql); 
+     if($comments->error()) { 
+        echo "<pre>\n"; 
+        echo $comments->getError(); 
+        echo "</pre>\n"; 
+        die(); 
+     }
+
+    while ($daten = $comments->fetch()) {
+			
+      if(empty($daten['name'])) $daten['name'] = $l['comments_anonym'];
+ 			elseif($daten['type'] != 'pingback') $daten['name'] = htmlspecialchars($daten['name'], ENT_QUOTES);
+
+      if(!empty($daten['email'])) { 
+        $email_a = "<a href='mailto:".$daten['email']."'>"; 
+        $email_b = "</a>"; 
+      }
+      else { 
+        $email_a = ""; 
+        $email_b = ""; 
+      }
+       $comment = " 
+      <tr> 
+       <td><a href='".add_session_id_to_url("?id=".$daten['id']."&amp;action=change")."'><img src='".JLOG_PATH."/img/JLOG_edit.png' alt='".$l['admin']['change']."' /></a></td> 
+       <td><a href='".add_session_id_to_url("?id=".$daten['id']."&amp;action=trash")."'><img src='".JLOG_PATH."/img/JLOG_trash.png' alt='".$l['admin']['delete']."' /></a></td> 
+       <td><a href='".blog($daten['reference_date'], $daten['url'])."#c".$daten['id']."'>".$daten['id']."</a></td> 
+       <td>".$email_a.$daten['name'].$email_b."</td> 
+       <td>".strftime(JLOG_DATE_COMMENT, $daten['date'])."</td> 
+       <td>".$daten['topic']."</td> 
+      </tr>"; 
+
+	 		### Plugin Hook
+	    $c['main'] .= $plugins->callHook('commentAdminList', $comment, $daten);
+
+    }
+     
+    $c['main'] .= " 
+    </table>"; 
+}
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php'); 
+echo $body; 
+?>
--- a/admin/export-rss2.php
+++ b/admin/export-rss2.php
@ -0,0 +1,13 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ define("JLOG_EXPORT_RSS2", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'update.php');
+ 
+ header('Content-type: application/xml');
+ header('Content-Disposition: attachment; filename="jlog-rss2.xml"');
+
+ echo $data['rss_full'];
+
+?>
--- a/admin/index.php
+++ b/admin/index.php
@ -0,0 +1,75 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $get = strip($_GET);
+ $yl = new Year_Links($get['y'], JLOG_START_YEAR, add_session_id_to_url(JLOG_PATH."/admin/"), $l['admin']);
+
+    if(isset($get['show']) AND $get['show'] == 'page') {
+        $show_section = "<a href='".add_session_id_to_url("?show=weblog")."'>".$l['admin']['section_weblog']."</a> | <strong>".$l['admin']['section_page']."</strong>";
+        $where = "section = 'page'";
+    }
+    else {
+        $show_section = "<strong>".$l['admin']['section_weblog']."</strong> | <a href='".add_session_id_to_url("?show=page")."'>".$l['admin']['section_page']."</a>";
+        $where = "YEAR(date) = '".escape_for_mysql($yl->get_selected_year())
+                  ."' AND section = 'weblog'";
+        $year_menu = "  <p>".$yl->get_admin_linklist()."</p>\n";
+
+    }
+
+ 
+
+ $c['meta']['title'] = $l['admin']['index_headline'];
+
+ $c['main'] .= output_admin_menu()." 
+ <h2>".$l['admin']['admin_headline']."</h2>
+  <p><strong>&raquo;&raquo;</strong> <a href='".add_session_id_to_url("new.php")."'>".$l['admin']['new_post']."</a></p>
+  <p>".$l['admin']['section_show'].": ".$show_section."</p>".$year_menu."
+  <table>
+   <tr>
+    <th>".$l['admin']['change']."</th>
+    <th>".$l['admin']['delete']."</th>
+    <th>".$l['admin']['date']."</th>
+    <th>".$l['admin']['headline']."</th>
+   </tr>";
+
+    $sql = "SELECT
+                    id,
+                    date as mysql_date,
+                    UNIX_TIMESTAMP(date) AS date,
+                    topic
+              FROM ".JLOG_DB_CONTENT."
+              WHERE ".$where."
+              ORDER BY mysql_date DESC;";
+
+    $blog = new Query($sql);
+     if($blog->error()) {
+        echo "<pre>\n";
+        echo $blog->getError();
+        echo "</pre>\n";
+        die();
+     }
+
+    while ($daten = $blog->fetch()) {
+     $list = "
+    <tr>
+     <td><a href='".add_session_id_to_url("change.php?id=".$daten['id'])."'><img src='".JLOG_PATH."/img/JLOG_edit.png' alt='".$l['admin']['change']."' /></a></td>
+     <td><a href='".add_session_id_to_url("change.php?id=".$daten['id'])."&amp;action=trash'><img src='".JLOG_PATH."/img/JLOG_trash.png' alt='".$l['admin']['delete']."' /></a></td>
+     <td>".strftime(JLOG_DATE_SUBCURRENT, $daten['date'])."</td>
+     <td>".htmlspecialchars($daten['topic'], ENT_QUOTES)."</td>
+    </tr>";
+
+		### Plugin Hook
+		$c['main'] .= $plugins->callHook('adminList', $list, $daten);
+    }
+    
+    $c['main'] .= "
+    </table>
+";
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+
+// eof
--- a/admin/login.php
+++ b/admin/login.php
@ -0,0 +1,76 @@
+<?php
+### Loginscript taken form <http://aktuell.de.selfhtml.org/tippstricks/php/loginsystem/>
+### autor: Benjamin Wilfing
+### email: benjamin.wilfing@selfhtml.org
+### homepage: <http://wilfing-home.de>
+###
+### adapted for Jlog by Jeena Paradies
+
+ini_set("session.use_trans_sid", false);
+
+define("JLOG_ADMIN", true);
+define("JLOG_LOGIN", true);
+require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+$false_password = "";
+$get = strip($_GET);
+$post = strip($_POST);
+
+### Plugin Hook
+$dispatch_login = $plugins->callHook('dispatchLogin', true);
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST' AND $dispatch_login) {
+	session_start();
+	$passwort = $post['password'];
+	$url      = !empty($post['url']) ? $post['url'] : '';
+	$hostname = $_SERVER['HTTP_HOST'];
+	$path     = dirname($_SERVER['SCRIPT_NAME']) . '/';
+	
+	if (strpos($url, "\n") !== false or strpos($url, "\r") !== false) {
+	    die('Somebody tried to hack Jlog with Response-Splitting.');
+	}
+	
+	if (md5($passwort) == JLOG_ADMIN_PASSWORD) {
+        $_SESSION['logged_in'] = true;
+		session_regenerate_id();	// neue SID
+    	
+    	if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.1') {
+      		if (php_sapi_name() == 'cgi') header('Status: 303 See Other');
+      		else header('HTTP/1.1 303 See Other');
+    	}
+    	
+		if ($path == $url) $url = $path . 'new.php';		
+		if (!empty($url)) $path = $url;
+		
+		header('Location: ' . add_session_id_to_url("http://".$hostname.$path));
+		exit;
+	}
+	else {
+		$false_password = "  <p class='error'>".$l['admin']['login_false_pw']."</p>\n";
+	}
+}
+else {
+    setcookie("cookieallowed", "true", time() + 180);
+}
+
+$c['meta']['title'] = $l['admin']['login_headline'];
+$c['main'] = '
+  <h2>'.$l['admin']['login_headline'].'</h2>
+  ' . $false_password . '
+  <form action="login.php" method="post" accept-charset="UTF-8">
+   <p><label for="password">' . $l['admin']['login_password'] . '</label>
+      <input class="userdata" id="password" type="password" name="password" />
+      <input style="display: none;" name="username" type="text" value="do-not-change" /></p>
+   <p><input type="hidden" name="url" value="' . htmlspecialchars(!empty($get['url']) ? $get['url'] : '') . '" />
+      <input type="submit" value="' . $l['admin']['login_send'] . '" /></p>
+  </form>
+';
+
+### Plugin Hook
+$c["main"] = $plugins->callHook('loginForm', $c["main"]);
+
+
+require_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+
--- a/admin/logout.php
+++ b/admin/logout.php
@ -0,0 +1,9 @@
+<?php
+     session_start();
+     session_destroy();
+
+     $hostname = $_SERVER['HTTP_HOST'];
+     $path = dirname(dirname($_SERVER['SCRIPT_NAME']));
+
+     header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/');
+?>
--- a/admin/media/select-picture.php
+++ b/admin/media/select-picture.php
@ -0,0 +1,54 @@
+<?php
+ include_once('..'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<title><?php echo $l['admin']['pic_choose_old'] ?></title>
+ <link rel="stylesheet" href="<?php echo JLOG_PATH ?>/personal/css/popup.css" type="text/css" media="screen" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <script type="text/javascript" src="<?php echo JLOG_PATH ?>/scripts/javascripts.js"></script>
+</head>
+<body>
+<h1><?php echo $l['admin']['pic_choose_old'] ?></h1> 
+<?php
+// Bildernamen für blog in ein Array schreiben
+$dir = JLOG_BASEPATH.'img'.DIRECTORY_SEPARATOR;
+
+if($_GET['p']) { ?>
+   	 <p><img src="<?php echo JLOG_PATH ?>/img/<?php echo $_GET['p']; ?>" alt="" border="1" height="100"></p>
+       <form onSubmit="jlog_bbcode_img('<?php echo htmlspecialchars($_GET['p']); ?>'); return false;" accept-charset="UTF-8">
+   	 <p><?php echo $l['admin']['pic_class'] ?><br />
+   	    <input id="class" type="text" size="20"></p>
+   	 <p><?php echo $l['admin']['pic_alt'] ?><br />
+   	    <input id="alt" type="text" size="20"></p>
+   	 <p><input type="submit" value="<?php echo $l['admin']['pic_insert'] ?>"></p>
+   	 </form>
+<?php
+}
+else {
+	$handle = opendir ($dir);
+	while (false !== ($filename = readdir ($handle))) {
+	 if ($filename != "." && $filename != ".." && substr($filename, 0, 2) != 't_' && substr($filename, 0, 5) != 'JLOG_') {
+		$ctime = filectime($dir.$filename);
+		$file[$filename] = $ctime;
+	 }
+	}
+	closedir($handle);
+	
+	if(is_array($file)) {
+	
+		asort($file);
+		reset($file);
+	
+		while ( list($filename, $ctime) = each($file)) {
+		 echo "<a href='?p=".$filename."' ><img height=\"50\" src=\"".JLOG_PATH."/img/".$filename."\"></a>\n";
+		}
+	}
+}
+?>
+</body>
+</html>
--- a/admin/media/select-teaser.php
+++ b/admin/media/select-teaser.php
@ -0,0 +1,43 @@
+<?php
+ include_once('..'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<title><?php echo $l['admin']['pic_choose_old_teaser'] ?></title>
+ <link rel="stylesheet" href="<?php echo JLOG_PATH ?>/personal/css/popup.css" type="text/css" media="screen" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h1><?php echo $l['admin']['pic_choose_old_teaser'] ?></h1> 
+<?php
+// Bildernamen für blog in ein Array schreiben
+$dir = JLOG_BASEPATH.'img'.DIRECTORY_SEPARATOR;
+$handle = opendir ($dir);
+while (false !== ($filename = readdir ($handle))) {
+ if (substr($filename, 0, 2) === 't_') {
+	$ctime = filectime($dir.$filename);
+	$file[$filename] = $ctime;
+ }
+}
+closedir($handle);
+
+if(is_array($file)) {
+
+	asort($file);
+	reset($file);
+
+	while ( list($filename, $ctime) = each($file)) {
+	 echo "<a href=\"#\"
+		 onclick=\"opener.document.forms['entryform'].elements['teaserpic'].value='';
+		 opener.document.forms['entryform'].elements['teaserpic'].value+='".substr($filename, 2, strlen($filename))."';
+		 window.close();\"><img height=\"50\" src=\"".JLOG_PATH."/img/".$filename."\"></a> ";
+	}
+}
+
+?>
+</body>
+</html>
--- a/admin/media/upload-picture.php
+++ b/admin/media/upload-picture.php
@ -0,0 +1,88 @@
+<?php
+ include_once('..'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require_once('..'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $max_file_size = 300000;
+ $up_dir = JLOG_BASEPATH.'img'.DIRECTORY_SEPARATOR;
+ $up_dir_img = JLOG_PATH."/img/";
+ 
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<title><?php echo $l['admin']['pic_upload_header'] ?></title>
+ <link rel="stylesheet" href="<?php echo JLOG_PATH ?>/personal/css/popup.css" type="text/css" media="screen" />
+ <script type="text/javascript" src="<?php echo JLOG_PATH ?>/scripts/javascripts.js"></script>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h1><?php echo $l['admin']['pic_upload_header'] ?></h1>
+<?php
+ if (isset($_FILES['probe']) && ! $_FILES['probe']['error']) // Alternativ: and $_FILES['probe']['size']
+  {
+   // Überprüfungen:
+   unset($errors);
+   $e = substr($_FILES['probe']['name'], -4);
+   if(!preg_match('~.jpg|jpeg|.gif|.png~i', $e)) $errors[] = $l['admin']['pic_bad_type']." (".$_FILES['probe']['type'].")";
+
+   if ($_FILES['probe']['size'] > $max_file_size) $errors[] = $l['admin']['pic_to_big']." (".number_format($_FILES['probe']['size']/1000,0,",","")." KB)";
+
+
+   if(empty($errors)) {
+     $nr = 0;
+     switch(true)
+      {
+       case preg_match('~.jpg|jpeg~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir.$nr.".jpg")) break; }
+        $filename = $nr.".jpg";
+       break;
+       case preg_match('~.gif~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir.$nr.".gif")) break; }
+        $filename = $nr.".gif";
+       break;
+       case preg_match('~.png~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir.$nr.".png")) break; }
+        $filename = $nr.".png";
+       break;
+      }
+
+    if(empty($errors)) {
+     if(!move_uploaded_file($_FILES['probe']['tmp_name'], $up_dir.$filename)) $errors[] = $l['admin']['pic_error'];
+     else chmod($up_dir.$filename, 0664);
+    }
+   }
+   if (empty($errors)) {
+     ?>
+     <p><?php echo $l['admin']['pic_uploaded'] ?></p>
+     <p><img src="<?php echo $up_dir_img.$filename; ?>" alt="" border="1" height="100"></p>
+       <form onSubmit="jlog_bbcode_img('<?php echo $filename; ?>'); return false;">
+     <p><?php echo $l['admin']['pic_class'] ?><br />
+        <input id="class" type="text" size="20"></p>
+     <p><?php echo $l['admin']['pic_alt'] ?><br />
+        <input id="alt" type="text" size="20"></p>
+     <p><input type="submit" value="<?php echo $l['admin']['pic_insert'] ?>"></p>
+     </form>
+    <?php
+   }
+  }
+  elseif($_FILES['probe']['error'] === 2) $errors[] = $l['admin']['pic_to_big'];
+  if(isset($errors)) echo error_output($errors);
+
+if (empty($_FILES['probe']) or isset($errors))
+ {
+ ?>
+ <p><?php echo $l['admin']['pic_instructions'] ?></p>
+ <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" enctype="multipart/form-data" accept-charset="UTF-8">
+  <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>">
+  <?php echo add_session_id_input_tag() ?>
+  <input type="file" name="probe" /><br><br>
+  <input type="submit" value="<?php echo $l['admin']['pic_upload'] ?>">
+ </form>
+ <?php
+ }
+?>
+</body>
+</html>
--- a/admin/media/upload-teaser.php
+++ b/admin/media/upload-teaser.php
@ -0,0 +1,92 @@
+<?php
+ include_once('..'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require_once('..'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $max_file_size = 60000;
+ $up_dir = JLOG_BASEPATH.'img'.DIRECTORY_SEPARATOR;
+ $up_dir_img = JLOG_PATH."/img/";
+ 
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<title><?php echo $l['admin']['pic_upload_teaser'] ?></title>
+ <link rel="stylesheet" href="<?php echo JLOG_PATH ?>/personal/css/popup.css" type="text/css" media="screen" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h1><?php echo $l['admin']['pic_upload_teaser'] ?></h1>
+<?php
+ if (isset($_FILES['probe']) && ! $_FILES['probe']['error']) // Alternativ: and $_FILES['probe']['size']
+  {
+   // Überprüfungen:
+   unset($errors);
+   $e = substr($_FILES['probe']['name'], -4);
+   if(!preg_match('~.jpg|jpeg|.gif|.png~i', substr($_FILES['probe']['name'],-4))) $errors[] = $l['admin']['pic_bad_type']." (".$e.")";
+
+   if ($_FILES['probe']['size'] > $max_file_size) $errors[] = $l['admin']['pic_to_big']." (".number_format($_FILES['probe']['size']/1000,0,",","")." KB)";
+
+   if(empty($errors)) {
+     $nr = 0;
+     switch(true)
+      {
+       case preg_match('~.jpg|jpeg~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir."t_".$nr.".jpg")) break; }
+        $filename = "t_".$nr.".jpg";
+       break;
+       case preg_match('~.gif~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir."t_".$nr.".gif")) break; }
+        $filename = "t_".$nr.".gif";
+       break;
+       case preg_match('~.png~i', $e):
+        for(;;) { $nr++; if (!file_exists($up_dir."t_".$nr.".png")) break; }
+        $filename = "t_".$nr.".png";
+       break;
+      }
+
+
+         $imginfo = getimagesize($_FILES['probe']['tmp_name']);
+
+         if($imginfo[1] > 150 AND $imginfo[0] > 150 ) {
+          $errors[] = $l['admin']['pic_height_widht'];
+         }
+         elseif($imginfo[0] > 150 ) {
+          $errors[] = $l['admin']['pic_width'];
+         }
+         elseif($imginfo[1] > 150 ) {
+          $errors[] = $l['admin']['pic_height'];
+         }
+    if(empty($errors)) {
+     if(!move_uploaded_file($_FILES['probe']['tmp_name'], $up_dir.$filename)) $errors[] = $l['admin']['pic_error'];
+     else chmod($up_dir.$filename, 0664);
+    }
+   }
+   if (empty($errors)) {
+     ?>
+     <p><?php echo $l['admin']['pic_uploaded'] ?></p>
+     <img src="<?php echo $up_dir_img.$filename; ?>" alt="" border="1" height="100">
+     <p><a href="#" onclick="opener.document.forms['entryform'].elements['teaserpic'].value='<?php echo str_replace('t_', '', $filename); ?>';window.close();"><em><?php echo $l['admin']['pic_insert'] ?></em></a></p>
+     <?php
+   }
+  }
+  elseif($_FILES['probe']['error'] === 2) $errors[] = $l['admin']['pic_to_big'];
+  if(isset($errors)) echo error_output($errors);
+
+if (empty($_FILES['probe']) or isset($errors))
+ {
+ ?>
+ <p><?php echo $l['admin']['pic_instr_teaser'] ?></p>
+ <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" enctype="multipart/form-data" accept-charset="UTF-8">
+  <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>">
+  <?php echo add_session_id_input_tag() ?>
+  <input type="file" name="probe" /><br><br>
+  <input type="submit" value="<?php echo $l['admin']['pic_upload'] ?>">
+ </form>
+ <?php
+ }
+?>
+</body>
+</html>
--- a/admin/new.php
+++ b/admin/new.php
@ -0,0 +1,103 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $c['meta']['title'] .= $l['admin']['new_post'];
+ $c['main'] = output_admin_menu();
+ $c['main'] .= "<h2>".$l['admin']['new_post']."</h2>";
+ $form_input = strip($_POST);
+ $form_input['date'] = strftime("%Y-%m-%d %H:%M:%s");
+
+if($_POST['form_submitted'] == $l['admin']['preview']) {
+     $c['main'] .= error_output(check_input($form_input));
+     $c['main'] .= preview_output($form_input);
+     $c['main'] .= form_output($form_input);
+}
+elseif($_POST['form_submitted'] == $l['admin']['publish']) {
+    // Put data to database
+    if(!check_input($form_input)) {
+        if($id = insert_blog($form_input)) {
+            $c['main'] .= "<p>".$l['admin']['entry_saved']."</p>";
+            include_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php');
+
+           // ping blog services and pingback
+          if($form_input['section'] == 'weblog') {
+              $blogservices = explode("\n", str_replace("\r", "\n", str_replace("\r\n", "\n", JLOG_BLOGSERVICES)));
+              foreach($blogservices as $blogservice) {
+                  if(strlen($blogservice) > 0) $pingresult[] = doPing(trim($blogservice));
+              }
+              // if(is_array($pingresult)) $c['main'] .= "\n<ul>".join($pingresult)."\n</ul>";
+
+              if($form_input['allowpingback'] != '0') {
+                  $blogentryForURL = get_blog($id);
+                  require_once(JLOG_BASEPATH.'xmlrpc.php');
+                  $pingback = new Jlog_SendPingback($bbcode->parse($form_input['content']), blog($blogentryForURL['date'], $blogentryForURL['url']), " -- Jlog v".JLOG_SOFTWARE_VERSION);
+
+                  $responces = array();
+                  $responces = $pingback->doPingbacks();
+
+/*                Die Ergebnisse der Pings verwirren den User nur habe ich mittlerweile festgestellt.
+
+                  if(count($responces) > 0) {
+                      $c['main'] .= " <ul>";
+                      foreach($responces as $responce) {
+                          $c['main'] .= "\n  <li>".$responce."</li>";
+                      }
+                      $c['main'] .= "\n </ul>";
+                  }
+*/
+
+              }
+          }
+        }
+    }
+    else {
+     // show preview and form
+     $c['main'] .= error_output(check_input($form_input));
+     $c['main'] .= form_output($form_input);
+    }
+}
+else {
+    // show form
+     $c['main'] .= form_output($form_input);
+}
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+
+// verschiedene Dienste anpingen bei neuem Eintrag
+
+function doPing($url) {
+  $blog_title = JLOG_WEBSITE;
+  $blog_url = JLOG_PATH;
+  $timeout = 30;         //Sekunden
+  $url = parse_url($url);
+  
+  $fp = @fsockopen($url['host'], 80, $errno, $errstr, $timeout);
+    if(!$fp) { 
+      $response = 'Fehler: '.$errstr.' ('.$errno.')<br />Es konnte keine Verbindung hergestellt werden';
+    } else {
+      $data_string = '<?xml version="1.0" encoding="iso-8859-1"?'.'>
+      <methodCall>
+       <methodName>weblogUpdates.ping</methodName>
+        <params>
+         <param><value>'.$blog_title.'</value></param>
+         <param><value>'.$blog_url.'</value></param>
+       </params>
+      </methodCall>';
+      $data_header = "POST ".$url['path']." HTTP/1.0\r\n".
+      "Host: $host\r\n".
+      "Content-Type: text/xml\r\n".
+      "User-Agent: qxm XML-RPC Client\r\n".
+      "Content-Length: ".strlen($data_string)."\r\n\r\n";
+      fputs($fp, $data_header);
+      fputs($fp, $data_string);
+      unset($response);
+      fclose($fp);
+    }
+  if(isset($response)) return '<li>'.$url['host'].' '.$response.'</li>';
+}
+
+// eof
--- a/admin/plugin.php
+++ b/admin/plugin.php
@ -0,0 +1,53 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+  $get = strip($_GET);
+  $c['main'] = output_admin_menu();
+
+    if(empty($get['jplug'])) {
+
+        $handle = "";
+        $file = "";
+        $plugindirectory = JLOG_BASEPATH.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR;
+
+        if(is_dir($plugindirectory)) {
+            $handle = opendir($plugindirectory);
+            while( false !== ( $file = readdir ($handle) ) ) {
+                if(substr($file, -10) === '.jplug.php') {
+                    $pluginName = substr($file, 0, -10);
+                    $availablePlugins .= "  <li><a href='".add_session_id_to_url("?jplug=".$pluginName)."'>".$pluginName."</a></li>\n";
+                }
+            }
+            closedir($handle);
+
+            if(!empty($availablePlugins)) {
+                $availablePlugins = " <ul>\n".$availablePlugins." </ul>\n";
+                $title = $l['admin']['plugins_headline'];
+            }
+
+            else {
+                $availablePlugins = "<p>".$l['admin']['plugins_not_avaliable']."</p>";
+                $title = $l['admin']['plugins_h_not_avaliable'];
+            }
+
+        }
+    }
+    else {
+        $title = $get['jplug'];
+        $availablePlugins = "<p>".$l['admin']['plugin_no_content']."</p>";
+    }
+
+
+
+  $c['meta']['title'] =  $title;
+  $c['main'] .= "<h2>".$title."</h2>\n";
+
+  $c['main'] .= $plugins->callHook('adminContent', $availablePlugins);
+
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+?>
--- a/admin/settings.php
+++ b/admin/settings.php
@ -0,0 +1,33 @@
+<?php
+ include_once('.'.DIRECTORY_SEPARATOR.'auth.php');
+ define("JLOG_ADMIN", true);
+ require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+ require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'url_syntax.php');
+ require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'settings.class.php');
+ require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php');
+
+ $c['meta']['title'] = $l['admin']['m_title'];
+ $c['main'] = output_admin_menu()."<h2>".$l['admin']['m_title']."</h2>";
+
+ $settings = new Settings($l);
+ if($_POST) {
+  $settings->importDataByArray(strip($_POST));
+  if(count($errors = $settings->validate()) == 0) {
+   if(count($errors = $settings->do_settings()) == 0) {
+    $c['main'] .= $l['admin']['m_settings_ok'];
+   }
+
+  }
+  if(count($errors) > 0) {
+   $c['main'] .= error_output($errors);
+   $c['main'] .= $settings->form_output();
+  }
+ }
+ else {
+  $settings->importDataByConstants();
+  $c['main'] .= $settings->form_output();
+ }
+require_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'update.php');
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+?>
--- a/admin/update.php
+++ b/admin/update.php
@ -0,0 +1,35 @@
+<?php 
+### update.php  Jlog 1.0.2 => Jlog 1.1.0
+
+  define("JLOG_ADMIN", true);
+  define("JLOG_UPDATE", true);
+  
+  // load prepend.inc.php
+  require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php');
+
+  include(JLOG_BASEPATH.'lang'.DIRECTORY_SEPARATOR.'lang.'.JLOG_LANGUAGE.'.inc.php');
+  include(JLOG_BASEPATH.'lang'.DIRECTORY_SEPARATOR.'lang-admin.'.JLOG_LANGUAGE.'.inc.php');
+  
+  // Rendering
+  $c['meta']['title'] = "Update";
+  //$c['main'] = sprintf("<h2>Update von <var>%s</var> auf <var>%s</var></h2>", JLOG_INSTALLED_VERSION, JLOG_SOFTWARE_VERSION);
+
+  require_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'JlogUpdater.php');
+  $updater = new JlogUpdater();
+  
+  if ($updater->isUp2Date()) {
+      $c['main'] = '<p>Das Update auf ' . JLOG_INSTALLED_VERSION . ' wurde bereits erfolgreich durchgeführt.</p>';
+  }
+  else if (!isset($_POST['update'])) {
+      $c['main'] = $updater->prepareForm($l);
+  }
+  else {
+      $c['main'] = $updater->performUpdate($l);
+      
+      // Ready :-)
+      require(JLOG_BASEPATH."scripts".DIRECTORY_SEPARATOR."update.php");
+  }
+
+require(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php');
+echo $body;
+?>