API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 26th, 2012
281
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 52.18 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('config.php');
  3. $app_name = "phpMyFB";
  4. function mySerialize($obj) {
  5.  return base64_encode(gzcompress(serialize($obj)));
  6. }
  7. function myUnserialize($txt) {
  8.  return unserialize(gzuncompress(base64_decode($txt)));
  9. }
  10. function login_form($showjs = false) {
  11.  global $app_name;
  12. ?>
  13. <html>
  14. <style>
  15. body,td,th {
  16.     font-family: Verdana, Arial, Helvetica, sans-serif;
  17.     font-size: 10px;
  18.     color: #000000;
  19. }
  20. </style>
  21. <?php
  22. if ($showjs == true) {
  23.  echo '<script>alert(\'Invalid Password Specified\');</script>';
  24. }
  25. ?>
  26. <center>
  27. <h2>Login to <?php echo $app_name; ?> Admin</h2><br/><br/>
  28. <form method="POST" action="admin.php">
  29. Password: <input type="password" name="adminpass"> <input type="submit" value="Login">
  30. </form>
  31. </center>
  32. </html>
  33. <?php
  34. }
  35. if (isset($_GET['logout'])) {
  36.  setcookie("devswift_admin",$_POST['adminpass'],time()-3600);
  37.  login_form();
  38.  exit;
  39. }
  40. if (isset($_POST['adminpass'])) {
  41.  if ($_POST['adminpass'] == $admin_pass) {
  42.   setcookie("devswift_admin",$_POST['adminpass'],time()+86400);
  43.   $_COOKIE['devswift_admin'] = $admin_pass;
  44.  }
  45.  else
  46.  {
  47.   login_form(true);
  48.   exit;
  49.  }
  50. }
  51. if (!isset($_COOKIE['devswift_admin'])) {
  52.  login_form();
  53.  exit;
  54. }
  55. else
  56. {
  57.  if ($_COOKIE['devswift_admin'] != $admin_pass) {
  58.   login_form();
  59.   exit;
  60.  }
  61. }
  62. //$lickey = $license_key;
  63. ?>
  64. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  65. <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
  66. <head>
  67. <title><?php echo $app_name; ?> Admin</title>
  68. <style>
  69. body {
  70.  font-family:"lucida grande", tahoma, verdana, arial, sans-serif;
  71.  font-size: 12px;
  72. }
  73. a {
  74.   color: #3b5998;
  75.   text-decoration: none;
  76. }
  77. a:hover {
  78.   text-decoration: underline;
  79. }
  80. a:visited {
  81.   color: #3b5998;
  82. }
  83. td {
  84.  padding-right: 12px;
  85. }
  86. </style>
  87. </head>
  88. <body>
  89. <center>
  90. <table>
  91. <tr><td colspan=2><h2><?php echo $app_name; ?> Admin Panel</h2></td></tr>
  92. <tr><td width=200 valign="top">
  93. <div style="border: 1px solid #3b5998; width: 200px; padding: 15px;">
  94. <center><font style="font-size: 16px;"><b>Admin Menu</b></font></center><br/>
  95. <img src="images/applications.png" align=ABSMIDDLE> <a href="?page=apps">Applications</a> (<a href="?page=addapp">Add</a>)<br/><br/>
  96. <img src="images/image_templates.png" align=ABSMIDDLE> <a href="?page=images">Image Templates</a> (<a href="?page=addimage">Add</a>)<br/><br/>
  97. <img src="images/domains.png" align=ABSMIDDLE> <a href="?page=domains">Manage Domains</a><br/><br/>
  98. <img src="images/stats.png" align=ABSMIDDLE> <a href="?page=stats">App Statistics</a><br/><br/>
  99. <img src="images/spin.png" align=ABSMIDDLE> <a href="?page=spin">App Spinners</a> (<a href="?page=addspin">Add</a>)
  100. </div></td><td valign="top" width=800 style="padding-left: 5px;">
  101. <div style="border: 1px solid #3b5998; width: 800px; padding: 15px;">
  102. <?php
  103. //$lickey = file_get_contents ("http://devswift.com/phpmyfb-license/checkkey.php?key=".$lickey);
  104. //if ($lickey != "valid") {
  105. // echo "Your license key appears to be invalid";
  106. // exit;
  107. //}
  108. if (!isset($_GET['page'])) {
  109.  $query = mysql_query("SELECT COUNT(*) FROM `domains`");
  110.  $row = mysql_fetch_assoc($query);
  111.  if ($row['COUNT(*)'] > 0) {
  112.   $query = mysql_query("SELECT COUNT(*) FROM `images`");
  113.   $row = mysql_fetch_assoc($query);
  114.   if ($row['COUNT(*)'] == 0) {
  115.    $_GET['page'] = "addimage";
  116.   }
  117.   else
  118.   {
  119.    $_GET['page'] = "apps";
  120.   }
  121.  }
  122.  else
  123.  {
  124.   $_GET['page'] = "domains";
  125.  }
  126. }
  127. if ($_GET['page'] == "images") {
  128.  if (isset($_GET['del'])) {
  129.   $query = mysql_query("SELECT `id`, `app_name` FROM `apps` WHERE `image` = '".addslashes($_GET['del'])."'");
  130.   if (mysql_affected_rows() < 1) {
  131.    mysql_query("DELETE FROM `images` WHERE `id` = '".addslashes($_GET['del'])."' LIMIT 1");
  132.   }
  133.   else
  134.   {
  135.    echo '<font color="red">Error: Image currently assigned to:<br/><br/>';
  136.    while ($row = mysql_fetch_assoc($query)) { echo stripslashes($row['app_name']).' (ID: '.$row['id'].')<br/>'; }
  137.    echo '<br/></font>';
  138.   }
  139.  }
  140.  echo '<b>Image Templates</b><br/>';
  141.  $query = mysql_query("SELECT * FROM `images`");
  142.  if (mysql_affected_rows() > 0) {
  143.   echo '<br/><table><tr><td><b>ID</b></td><td><b>Name</b></td><td><b>Image</b></td><td>&nbsp;</td></tr>';
  144.   while ($row = mysql_fetch_assoc($query)) {
  145.    echo '<tr><td>'.$row['id'].'</td><td>'.stripslashes($row['name']).'</td>';
  146.    echo '<td><a target="_blank" href="src_images/'.$row['file'].'">'.stripslashes($row['file']).'</a></td>';
  147.    echo '<td><a href="?page=editimage&id='.$row['id'].'"><img src="images/edit.png" border=0 alt="Edit"></a> &nbsp; <a href="?page=images&del='.$row['id'].'" onclick="return confirm(\'Are you sure you want to delete?\');"><img src="images/delete.png" border=0 alt="Delete"></a></td>';
  148.    echo '</tr>';
  149.   }
  150.   echo '</table><br/><br/>';
  151.  }
  152.  else
  153.  {
  154.   echo '<i>No images found in database.</i><br/><br/>';
  155.  }
  156. }
  157. if ($_GET['page'] == "addimage") {
  158.  if (isset($_POST['name'])) {
  159.   $error = "";
  160.   if ($_POST['name'] == "") { $error = "You must name the image template"; }
  161.   if ($_FILES['image']['tmp_name'] == "") {
  162.    $error = "Required fields are mark with an astrick (*).<br/>";
  163.   }
  164.   else
  165.   {
  166.    $ext = strrev($_FILES['image']['name']);
  167.    $ext = str_replace(strstr($ext,"."),"",$ext);
  168.    $ext = strtolower(strrev($ext));
  169.    $filename = time().".".$ext;
  170.    if ($ext != "jpg" && $ext != "jpeg") { $error .= "All image uploads must be in JPG format"; }
  171.    if (!(move_uploaded_file($_FILES['image']['tmp_name'],"src_images/".$filename))) { $error = "File would not upload, check src_images chmod settings (*).<br/>"; }
  172.   }
  173.   if ($error == "") {
  174.    mysql_query("INSERT INTO `images` VALUES(null,'".addslashes($_POST['name'])."','".$filename."');") or die(mysql_error());
  175.    echo 'Image successfully added.  <a href="admin.php?page=editimage&id='.mysql_insert_id().'">Click here</a> to continue...<br/><br/>';
  176.    echo '<script>top.location.href = "admin.php?page=editimage&id='.mysql_insert_id().'"</script>';
  177.    $hideform = true;
  178.   }
  179.   else
  180.   {
  181.    echo '<font color="red">'.$error.'</font><br/>';
  182.   }
  183.  }
  184.  if (!isset($hideform)) {
  185. ?>
  186. <b>Start by uploading an image...</b><br/><br/>
  187. <form method="POST" action="admin.php?page=addimage" enctype="multipart/form-data">
  188. <table>
  189. <tr><td>Name:</td><td><input type="text" name="name"></td></tr>
  190. <tr><td>Image JPG:</td><td><input type="file" name="image"></td></tr>
  191. </table>
  192. <input type="submit" value="Upload Image">
  193. </form>
  194. <?php
  195.  }
  196. }
  197. if ($_GET['page'] == "editimage") {
  198. ?>
  199. <script>
  200. function updateXY(type,x,y) {
  201.  if (type == "profilepic") {
  202.   document.getElementById('addppx').value = x;
  203.   document.getElementById('addppy').value = y;
  204.  }
  205.  if (type == "randfriend") {
  206.   document.getElementById('addfriendppx').value = x;
  207.   document.getElementById('addfriendppy').value = y;
  208.  }
  209.  if (type == "text") {
  210.   document.getElementById('randtxtx').value = x;
  211.   document.getElementById('randtxty').value = y;
  212.  }
  213. }
  214. </script>
  215. <b>Edit Image Actions</b><br/><br/>
  216. <script>
  217. function strstr(haystack, needle, bool) {
  218.     var pos = 0;
  219.  
  220.     haystack += "";
  221.     pos = haystack.indexOf(needle); if (pos == -1) {
  222.         return false;
  223.     } else {
  224.         if (bool) {
  225.             return haystack.substr(0, pos);
  226.         } else {
  227.             return haystack.slice(pos);
  228.         }
  229.     }
  230. }
  231. function selectCoords(type) {
  232.  if (type == "profilepic") {
  233.   var url = "getcoords.php?id=<?php echo $_GET['id']; ?>&type=profilepic";
  234.  } else if (type == "randfriend") {
  235.   var url = "getcoords.php?id=<?php echo $_GET['id']; ?>&type=randfriend";
  236.  } else if (type == "randtxt") {
  237.   var w = document.getElementById('randtxtalign').selectedIndex;
  238.   var selected_text = document.getElementById('randtxtalign').options[w].text;
  239.   var w = document.getElementById('randtxtfont').selectedIndex;
  240.   var font = document.getElementById('randtxtfont').options[w].text;
  241.   var url = "getcoords.php?id=<?php echo $_GET['id']; ?>&type=text&align=" + selected_text + "&color=" + document.getElementById('randtxtcolor').value;
  242.   url = url + "&font=" + font + "&fontsize=" + document.getElementById('randtxtsize').value;
  243.  } else {
  244.   var url = "getcoords.php?id=<?php echo $_GET['id']; ?>&type=text";
  245.  }
  246.  window.open(url, "", "resizable=1,HEIGHT=100,WIDTH=100");
  247. }
  248. </script>
  249.  
  250. <center>
  251. <table style="border: 1px solid #000000; margin-top: 5px;" width="90%">
  252. <tr><td colspan=3 style="text-align: center; padding: 5px; border-bottom: 1px solid #000;"><b>Add Active User's Profile Picture</b></td></tr>
  253. <tr>
  254. <td rowspan=2 width=300 style="padding-left: 30px;">
  255. This function copies 50x50 thumbnail of users profile picture over the image at the following coordinates:<br/><br/>
  256. <div style="float: left;"><a href="javascript:addAction('userPP');"><b>[Add New Action]</b></a></div><div style="float: right;"><a href="javascript:selectCoords('profilepic');">Select Coordinates</a></div></td>
  257. <td style="padding-left: 5px;">X:</td>
  258. <td style="padding-right: 30px;"><input type="text" size=3 name="addppx" id="addppx" value="<?php if (isset($_POST['addppx'])) { echo $_POST['addppx']; } ?>">
  259. </td>
  260. </tr>
  261. <tr>
  262. <td style="padding-left: 5px;">Y:</td>
  263. <td style="padding-right: 30px;"><input type="text" size=3 name="addppy" id="addppy" value="<?php if (isset($_POST['addppy'])) { echo $_POST['addppy']; } ?>"></td>
  264. </tr>
  265. <tr><td colspan=3 style="border-top: 1px solid #000; padding: 10px;">
  266. <div id="userPPdiv" style="text-align: center; width: 100%;"><i>Action list not loaded yet</i></div>
  267. </td></tr>
  268. </table></center><br/>
  269.  
  270. <script>
  271. function listUpdate(type) {
  272.     var ajaxRequest;   
  273.     try{
  274.         ajaxRequest = new XMLHttpRequest();
  275.     } catch (e){
  276.         try{
  277.             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  278.         } catch (e) {
  279.             try{
  280.                 ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
  281.             } catch (e){
  282.                 alert("Your browser broke!");
  283.                 return false;
  284.             }
  285.         }
  286.     }
  287.  
  288.     ajaxRequest.onreadystatechange = function(){
  289.         if(ajaxRequest.readyState == 4){
  290.             var responsee = ajaxRequest.responseText;
  291.             document.getElementById(type + 'div').innerHTML = responsee;
  292.         }
  293.     }
  294.  
  295.     var queryString = "admin-ajax-" + type + ".php?id=<?php echo $_GET['id']; ?>";
  296.     ajaxRequest.open("GET", queryString, true);
  297.     ajaxRequest.send(null);
  298. }
  299.  
  300. function delAction(id) {
  301.     if (!confirm("Are you sure you want to delete this action?")) {
  302.         return false;
  303.     }
  304.     var ajaxRequest;   
  305.     try{
  306.         ajaxRequest = new XMLHttpRequest();
  307.     } catch (e){
  308.         try{
  309.             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  310.         } catch (e) {
  311.             try{
  312.                 ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
  313.             } catch (e){
  314.                 alert("Your browser broke!");
  315.                 return false;
  316.             }
  317.         }
  318.     }
  319.  
  320.     ajaxRequest.onreadystatechange = function(){
  321.         if(ajaxRequest.readyState == 4){
  322.             var responsee = ajaxRequest.responseText;
  323.         }
  324.     }
  325.     var queryString = "admin-ajax-del-action.php?id=" + id;
  326.     ajaxRequest.open("GET", queryString, true);
  327.     ajaxRequest.send(null);
  328.     refreshLists();
  329. }
  330.  
  331. function showData(id) {
  332.     if (document.getElementById('dataDiv' + id).innerHTML != "") {
  333.         document.getElementById('dataDiv' + id).innerHTML = "";
  334.         document.getElementById('dataLink' + id).innerHTML = "Show Data";
  335.         return false;
  336.     }
  337.     else
  338.     {
  339.         document.getElementById('dataLink' + id).innerHTML = "Hide Data";
  340.     }
  341.     var ajaxRequest;   
  342.     try{
  343.         ajaxRequest = new XMLHttpRequest();
  344.     } catch (e){
  345.         try{
  346.             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  347.         } catch (e) {
  348.             try{
  349.                 ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
  350.             } catch (e){
  351.                 alert("Your browser broke!");
  352.                 return false;
  353.             }
  354.         }
  355.     }
  356.  
  357.     ajaxRequest.onreadystatechange = function(){
  358.         if(ajaxRequest.readyState == 4){
  359.             var responsee = ajaxRequest.responseText;
  360.             var jsObject = JSON.parse(responsee);
  361.             document.getElementById('dataDiv' + id).innerHTML = decode64(jsObject.data);
  362.         }
  363.     }
  364.     var queryString = "admin-ajax-getdata.php?id=" + id;
  365.     ajaxRequest.open("GET", queryString, true);
  366.     ajaxRequest.send(null);
  367. }
  368.  
  369. function refreshLists() {
  370.  listUpdate('userPP');
  371.  listUpdate('friendPP');
  372.  listUpdate('randtxt');
  373. }
  374.  
  375. function addAction(type) {
  376.     document.getElementById(type + 'div').innerHTML = '<img src="images/ajax.gif" align=ABSMIDDLE"> Processing your request...';
  377.     var ajaxRequest;   
  378.     try{
  379.         ajaxRequest = new XMLHttpRequest();
  380.     } catch (e){
  381.         try{
  382.             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  383.         } catch (e) {
  384.             try{
  385.                 ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
  386.             } catch (e){
  387.                 alert("Your browser broke!");
  388.                 return false;
  389.             }
  390.         }
  391.     }
  392.  
  393.     ajaxRequest.onreadystatechange = function(){
  394.         if(ajaxRequest.readyState == 4){
  395.             var responsee = ajaxRequest.responseText;
  396.             refreshLists();
  397.         }
  398.     }
  399.     var getString = "?id=<?php echo $_GET['id']; ?>";
  400.     if (type == "userPP") {
  401.         if (document.getElementById('addppx').value == "") {
  402.             alert("Missing X value");
  403.             refreshLists();
  404.             return false;
  405.         }
  406.         if (document.getElementById('addppy').value == "") {
  407.             alert("Missing Y value");
  408.             refreshLists();
  409.             return false;
  410.         }
  411.         getString = getString + "&x=" + document.getElementById('addppx').value;
  412.         getString = getString + "&y=" + document.getElementById('addppy').value;
  413.         document.getElementById('addppx').value = "";
  414.         document.getElementById('addppy').value = "";
  415.     }
  416.     if (type == "friendPP") {
  417.         if (document.getElementById('addfriendppx').value == "") {
  418.             alert("Missing X value");
  419.             refreshLists();
  420.             return false;
  421.         }
  422.         if (document.getElementById('addfriendppy').value == "") {
  423.             alert("Missing Y value");
  424.             refreshLists();
  425.             return false;
  426.         }
  427.         getString = getString + "&x=" + document.getElementById('addfriendppx').value;
  428.         getString = getString + "&y=" + document.getElementById('addfriendppy').value;
  429.         document.getElementById('addfriendppx').value = "";
  430.         document.getElementById('addfriendppy').value = "";
  431.     }
  432.     if (type == "randtxt") {
  433.         if (document.getElementById('randtxtx').value == "") {
  434.             alert("Missing X value");
  435.             refreshLists();
  436.             return false;
  437.         }
  438.         if (document.getElementById('randtxty').value == "") {
  439.             alert("Missing Y value");
  440.             refreshLists();
  441.             return false;
  442.         }
  443.         if (document.getElementById('randtxtarea').value == "") {
  444.             alert("Missing lines of random text");
  445.             refreshLists();
  446.             return false;
  447.         }
  448.         if (document.getElementById('randtxtsize').value == "") {
  449.             alert("Missing font size value");
  450.             refreshLists();
  451.             return false;
  452.         }
  453.     }
  454.     if (type == "randtxt") {
  455.         var postString = "id=<?php echo $_GET['id']; ?>&x=" + document.getElementById('randtxtx').value;
  456.         postString = postString + "&y=" +  document.getElementById('randtxty').value;
  457.         postString = postString + "&size=" +  document.getElementById('randtxtsize').value;
  458.         postString = postString + "&align=" +  document.getElementById('randtxtalign').value;
  459.         postString = postString + "&font=" +  document.getElementById('randtxtfont').value;
  460.         postString = postString + "&color=" +  document.getElementById('randtxtcolor').value;
  461.         postString = postString + "&width=" +  document.getElementById('randtxtwidth').value;
  462.         postString = postString + "&data=" +  document.getElementById('randtxtarea').value;
  463.         var queryString = "admin-ajax-add-" + type + ".php";
  464.         ajaxRequest.open("POST", queryString, true);
  465.         ajaxRequest.setRequestHeader("Content-type","application/x-www-form-urlencoded");
  466.         ajaxRequest.send(postString);
  467.     }
  468.     else
  469.     {
  470.         var queryString = "admin-ajax-add-" + type + ".php" + getString;
  471.         ajaxRequest.open("GET", queryString, true);
  472.         ajaxRequest.send(null);
  473.     }
  474.     document.getElementById('addppx').value = "";
  475.     document.getElementById('addppy').value = "";
  476.     document.getElementById('addfriendppx').value = "";
  477.     document.getElementById('addfriendppy').value = "";
  478.     document.getElementById('randtxty').value = "";
  479.     document.getElementById('randtxtx').value = "";
  480.     document.getElementById('randtxtwidth').value = "";
  481.     document.getElementById('randtxtarea').value = "";
  482.     refreshLists();
  483. }
  484. function editAction(id) {
  485.         if (!confirm("Are you sure you want to edit this action?  This function deletes the current action and prefills the create form with the action's values")) {
  486.         return false;
  487.     }
  488.     var ajaxRequest;   
  489.     try{
  490.         ajaxRequest = new XMLHttpRequest();
  491.     } catch (e){
  492.         try{
  493.             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
  494.         } catch (e) {
  495.             try{
  496.                 ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
  497.             } catch (e){
  498.                 alert("Your browser broke!");
  499.                 return false;
  500.             }
  501.         }
  502.     }
  503.  
  504.     ajaxRequest.onreadystatechange = function(){
  505.         if(ajaxRequest.readyState == 4){
  506.             var responsee = ajaxRequest.responseText;
  507.             var jsObject = JSON.parse(responsee);
  508.             document.getElementById('randtxtx').value = jsObject.x;
  509.             document.getElementById('randtxty').value = jsObject.y;
  510.             document.getElementById('randtxtcolor').value = jsObject.color;
  511.             document.getElementById('randtxtcolor').style.backgroundColor = "#" + jsObject.color;
  512.             document.getElementById('randtxtsize').value = jsObject.size;
  513.             document.getElementById('randtxtwidth').value = jsObject.width;
  514.             document.getElementById('randtxtarea').value = str_replace("<br/>","",decode64(jsObject.data),1);
  515.             var opts = document.getElementById('randtxtfont').getElementsByTagName('option');
  516.             for (var i=0;i<opts.length;i++){
  517.                 opts[i].selected = (opts[i].value == jsObject.font ? "selected" : "");
  518.             }
  519.             var opts = document.getElementById('randtxtalign').getElementsByTagName('option');
  520.             for (var i=0;i<opts.length;i++){
  521.                 opts[i].selected = (opts[i].value == jsObject.align ? "selected" : "");
  522.             }           var opts = document.getElementById('randtxtfont').getElementsByTagName('option');
  523.  
  524.             delAction(id);
  525.             refreshLists();
  526.         }
  527.     }
  528.  
  529.     var queryString = "admin-ajax-getdata.php?id=" + id;
  530.     ajaxRequest.open("GET", queryString, true);
  531.     ajaxRequest.send(null);
  532. }
  533.  
  534. function decode64(data) {
  535.     var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
  536.     var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
  537.         ac = 0,
  538.         dec = "",
  539.         tmp_arr = [];
  540.  
  541.     if (!data) {
  542.         return data;
  543.     }
  544.  
  545.     data += '';
  546.  
  547.     do { // unpack four hexets into three octets using index points in b64
  548.         h1 = b64.indexOf(data.charAt(i++));
  549.         h2 = b64.indexOf(data.charAt(i++));
  550.         h3 = b64.indexOf(data.charAt(i++));
  551.         h4 = b64.indexOf(data.charAt(i++));
  552.  
  553.         bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
  554.  
  555.         o1 = bits >> 16 & 0xff;
  556.         o2 = bits >> 8 & 0xff;
  557.         o3 = bits & 0xff;
  558.  
  559.         if (h3 == 64) {
  560.             tmp_arr[ac++] = String.fromCharCode(o1);
  561.         } else if (h4 == 64) {
  562.             tmp_arr[ac++] = String.fromCharCode(o1, o2);
  563.         } else {
  564.             tmp_arr[ac++] = String.fromCharCode(o1, o2, o3);
  565.         }
  566.     } while (i < data.length);
  567.  
  568.     dec = tmp_arr.join('');
  569.     dec = this.utf8_decode(dec);
  570.  
  571.     return dec;
  572. }
  573.  
  574. function utf8_decode (str_data) {
  575.     var tmp_arr = [],
  576.         i = 0,
  577.         ac = 0,
  578.         c1 = 0,
  579.         c2 = 0,
  580.         c3 = 0;
  581.  
  582.     str_data += '';
  583.  
  584.     while (i < str_data.length) {
  585.         c1 = str_data.charCodeAt(i);
  586.         if (c1 < 128) {
  587.             tmp_arr[ac++] = String.fromCharCode(c1);
  588.             i++;
  589.         } else if (c1 > 191 && c1 < 224) {
  590.             c2 = str_data.charCodeAt(i + 1);
  591.             tmp_arr[ac++] = String.fromCharCode(((c1 & 31) << 6) | (c2 & 63));
  592.             i += 2;
  593.         } else {
  594.             c2 = str_data.charCodeAt(i + 1);
  595.             c3 = str_data.charCodeAt(i + 2);
  596.             tmp_arr[ac++] = String.fromCharCode(((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
  597.             i += 3;
  598.         }
  599.     }
  600.  
  601.     return tmp_arr.join('');
  602. }
  603.  
  604. function str_replace (search, replace, subject, count) {
  605.     var i = 0,
  606.         j = 0,
  607.         temp = '',
  608.         repl = '',
  609.         sl = 0,
  610.         fl = 0,
  611.         f = [].concat(search),
  612.         r = [].concat(replace),
  613.         s = subject,
  614.         ra = Object.prototype.toString.call(r) === '[object Array]',
  615.         sa = Object.prototype.toString.call(s) === '[object Array]';
  616.     s = [].concat(s);
  617.     if (count) {
  618.         this.window[count] = 0;
  619.     }
  620.  
  621.     for (i = 0, sl = s.length; i < sl; i++) {
  622.         if (s[i] === '') {
  623.             continue;
  624.         }
  625.         for (j = 0, fl = f.length; j < fl; j++) {
  626.             temp = s[i] + '';
  627.             repl = ra ? (r[j] !== undefined ? r[j] : '') : r[0];
  628.             s[i] = (temp).split(f[j]).join(repl);
  629.             if (count && s[i] !== temp) {
  630.                 this.window[count] += (temp.length - s[i].length) / f[j].length;
  631.             }
  632.         }
  633.     }
  634.     return sa ? s : s[0];
  635. }
  636. refreshLists();
  637. </script>
  638. <script type="text/javascript" src="jscolor/jscolor.js"></script>
  639. <center>
  640. <table style="border: 1px solid #000000; margin-top: 5px;" width="90%">
  641. <tr><td colspan=3 style="text-align: center; padding: 5px; border-bottom: 1px solid #000;"><b>Add Random Friend's Profile Pic (and Name)</b></td></tr>
  642. <tr>
  643. <td rowspan=2 width=300 style="padding-left: 30px;">
  644. This function copies 50x50 thumbnail of a random friend's profile pic and stores the friend's name in a dynamic tag for use in Random Text function below:<br/><br/>
  645. <div style="float: left;"><a href="javascript:addAction('friendPP');"><b>[Add New Action]</b></a></div><div style="float: right;"><a href="javascript:selectCoords('randfriend');">Select Coordinates</a></div></td>
  646. <td style="padding-left: 5px;">X:</td>
  647. <td style="padding-right: 30px;"><input type="text" size=3 name="addfriendppx" id="addfriendppx"></td>
  648. </tr>
  649. <tr>
  650. <td style="padding-left: 5px;">Y:</td>
  651. <td style="padding-right: 30px;"><input type="text" size=3 name="addfriendppy" id="addfriendppy"></td>
  652. </tr>
  653. <tr><td colspan=3 style="border-top: 1px solid #000; padding: 10px;">
  654. <div id="friendPPdiv" style="text-align: center; width: 100%;"><i>Action list not loaded yet</i></div>
  655. </td></tr>
  656. </table></center><br/>
  657.  
  658. <center>
  659. <table style="border: 1px solid #000000; margin-top: 5px;" width="90%">
  660. <tr><td colspan=7 style="text-align: center; padding: 5px; border-bottom: 1px solid #000;"><b>Add Text (randomly picked by line)</b></td></tr>
  661. <tr><td colspan=7 style="text-align: center;">This function selects a random line from inputted text and copies it onto image:</td></tr>
  662. <tr>
  663. <td style="padding-left: 5px;">X:</td><td style="padding-right: 15px;"><input type="text" size=3 name="randtxtx" id="randtxtx"></td>
  664. <td nowrap="nowrap">Text Align:</td><td><select name="randtxtalign" id="randtxtalign"><option value="left">Left</option><option value="center">Center</option><option value="right">Right</option></select></td>
  665. <td>Font:</td><td style="padding-right: 15px;"><select name="randtxtfont" id="randtxtfont"><?php
  666. if ($handle = opendir('fonts')) {
  667.     while (false !== ($entry = readdir($handle))) {
  668.         if ($entry != "." && $entry != ".." && strstr($entry,".ttf")) {
  669.         $entry = str_replace(".ttf","",$entry);
  670.             echo '<option value="'.$entry.'">'.$entry.'</option>';
  671.         }
  672.     }
  673.     closedir($handle);
  674. }
  675. ?></select></td>
  676. <td rowspan=2>
  677. Color:<br/>
  678. <input type="text" class="color" name="randtxtcolor" id="randtxtcolor" size=4 value="000000">
  679. </td>
  680. </tr>
  681. <tr>
  682. <td style="padding-left: 5px;">Y:</td><td style="padding-right: 15px;"><input type="text" size=3 name="randtxty" id="randtxty"></td>
  683. <td>Wrap Width:</td><td style="padding-right: 15px;"><input type="text" size=3 name="randtxtwidth" id="randtxtwidth">px</td>
  684. <td nowrap="nowrap">Font Size:</td><td><input type="text" size=2 name="randtxtsize" id="randtxtsize" value="14">pt</td>
  685. </tr>
  686. <tr><td colspan=7 style="border-top: 1px solid #000; padding: 10px;">
  687. <center><textarea wrap="off" id="randtxtarea" style="width: 90%; height: 150px;" name="randtxtarea"></textarea><br/><br/>
  688. <a href="javascript:void(0);" onclick="javascript:selectCoords('randtxt');">Select Coordinates</a> -
  689. <a href="javascript:void(0);" onclick="javascript:window.open('dynamic_tags.php', 'myWindow', 'status = 1, height = 300, width = 300, resizable = 0');">Dynamic Tags & Functions</a> -
  690. <a href="javascript:void(0);" onclick="addAction('randtxt');"><b>[Add New Action]</b></a>
  691. </center>
  692. </td></tr>
  693. <td colspan=7 style="border-top: 1px solid #000; padding: 10px;">
  694. <div id="randtxtdiv" style="text-align: center; width: 100%;"><i>Action list not loaded yet</i></div>
  695. </td></tr>
  696. </table></center><br/>
  697. <?php
  698. }
  699.  
  700. if ($_GET['page'] == "apps") {
  701.  $query = mysql_query("SELECT COUNT(*) FROM `images`");
  702.  $row = mysql_fetch_assoc($query);
  703.  if ($row['COUNT(*)'] == 0) {
  704.   echo 'You must <a href="?page=addimage">add image</a> first.';
  705.   exit;
  706.  }
  707.  if (isset($_GET['del'])) {
  708.   mysql_query("DELETE FROM `apps` WHERE `id` = '".addslashes($_GET['del'])."' LIMIT 1");
  709.   mysql_query("DELETE FROM `template` WHERE `app_id` = '".addslashes($_GET['del'])."' LIMIT 1");
  710.  }
  711.  echo '<b>My Applications</b><br/>';
  712.  $query = mysql_query("SELECT * FROM `apps`");
  713.  if (mysql_affected_rows() > 0) {
  714.   echo '<br/><table><tr><td><b>Facebook ID</b></td><td><b>Application Name</b></td><td>&nbsp;</td></tr>';
  715.   while ($row = mysql_fetch_assoc($query)) {
  716.    echo '<tr><td><a target="_blank" href="https://developers.facebook.com/apps/'.$row['app_id'].'">'.$row['app_id'].'</a></td>';
  717.    echo '<td>'.stripslashes($row['app_name']).'</td>';
  718.    echo '<td><a href="?page=editapp&id='.$row['id'].'"><img src="images/edit.png" border=0 alt="Edit"></a> &nbsp; <a href="?page=template&id='.$row['app_id'].'"><img src="images/template.jpg" border=0 alt="Template"></a> &nbsp; <a href="https://www.facebook.com/dialog/pagetab?app_id='.$row['app_id'].'&next='.urlencode($callbackurl."admin.php").'"><img src="images/addfb.png" border=0 alt="Add to Fan Page"></a> &nbsp; <a href="?page=apps&del='.$row['id'].'" onclick="return confirm(\'Are you sure you want to delete?\');"><img src="images/delete.png" border=0 alt="Delete"></a></td>';
  719.    echo '</tr>';
  720.   }
  721.   echo '</table><br/><br/>';
  722. ?>
  723. <center>
  724. <b>Action Guide:</b><br/><br/>
  725. <div style="font-size: 10px;">
  726. <img src="images/edit.png" border=0 alt="Edit" align=ABSMIDDLE> Edit App Information &nbsp; &nbsp;
  727. <img src="images/template.jpg" border=0 alt="Template" align=ABSMIDDLE> Edit App Template<br/><br/>
  728. <img src="images/addfb.png" border=0 alt="Facebook" align=ABSMIDDLE> Add to Facebook Page &nbsp; &nbsp;
  729. <img src="images/delete.png" border=0 alt="Delete" align=ABSMIDDLE> Delete Application<br/>
  730. </div></center><br/>
  731. <?php
  732.  }
  733.  else
  734.  {
  735.   echo '<i>No applications found in database.</i><br/><br/>';
  736.  }
  737. }
  738.  
  739. if ($_GET['page'] == "addapp") {
  740.  $query = mysql_query("SELECT COUNT(*) FROM `images`");
  741.  $row = mysql_fetch_assoc($query);
  742.  if ($row['COUNT(*)'] == 0) {
  743.   echo 'You must <a href="?page=addimage">add an image template</a> first.';
  744.   exit;
  745.  }
  746.  $query = mysql_query("SELECT COUNT(*) FROM `domains`");
  747.  $row = mysql_fetch_assoc($query);
  748.  if ($row['COUNT(*)'] == 0) {
  749.   echo 'You must <a href="?page=domains">add a domain</a> first.';
  750.   exit;
  751.  }
  752.  if (isset($_POST['appid'])) {
  753.   $error = "";
  754.   if ($_POST['appid'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  755.   if ($_POST['appsecret'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  756.   if ($_POST['appname'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  757.   if ($error == "") {
  758.    $app_token = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=".$_POST['appid']."&client_secret=".$_POST['appsecret']."&grant_type=client_credentials");
  759.    if (!strstr(" ".$app_token,"access_token=")) {
  760.     $error = "It appears the application ID and secret key you entered are invalid (Could not grab app authroization token)<br/>";
  761.    }
  762.    else
  763.    {
  764.     $app_token = str_replace("access_token=","",$app_token);
  765.    }
  766.   }
  767.   if ($error == "") {
  768.     $facebook = new Facebook(array(
  769.      'appId'  => $_POST['appid'],
  770.      'secret' => $_POST['appsecret']
  771.     ));
  772.    if (!empty($_POST['likeland'])) { $likeland = 1; } else { $likeland = 0; }
  773.    if (!empty($_POST['userscrape'])) { $scrape = 1; } else { $scrape = 0; }
  774.    if (!empty($_POST['tagusers'])) { $tag = 1; } else { $tag = 0; }
  775.    if (!empty($_POST['redirectafter'])) { $redir = $_POST['redirecturl']; } else { $redir = 0; }
  776.    $data = array("publishing"=>$_POST['publishing'],"caption"=>addslashes($_POST['pmsg']),"likeland"=>$likeland,"userscrape"=>$scrape,"tagusers"=>$tag,"redirect"=>$redir);
  777.    mysql_query("INSERT INTO `apps` VALUES(null,'".addslashes($_POST['appid'])."','".addslashes($_POST['appsecret'])."','".addslashes($_POST['appnamespace'])."','".addslashes($_POST['appdomain'])."','".addslashes($_POST['appname'])."','".$_POST['image']."','".serialize($data)."');") or die(mysql_error());
  778.    $created_id = mysql_insert_id();
  779.    $domainq = mysql_query("SELECT * FROM `domains` WHERE `id` = '".addslashes($_POST['appdomain'])."' LIMIT 1");
  780.    $domain = mysql_fetch_assoc($domainq);
  781.    $properties['app_domains'] = array($domain['domain']);
  782.    $properties['canvas_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'canvas.php?id='.$created_id;
  783.    $properties['secure_canvas_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'canvas.php?id='.$created_id;
  784.    $properties['page_tab_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'tab.php?id='.$created_id;
  785.    $properties['secure_page_tab_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'tab.php?id='.$created_id;
  786.    $properties['privacy_policy_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'privacy.html';
  787.    $properties['canvas_fluid_height'] = false;
  788.    $properties['access_token'] = $app_token;
  789.    $properties['page_tab_default_name'] = $_POST['appname'];
  790.    $facebook->api('/'.$_POST['appid'],'post',$properties);
  791.    echo '<font color="green">Application successfully added.</font><br/><br/>';
  792.    $hideform = true;
  793.   }
  794.   else
  795.   {
  796.    echo '<font color="red">'.$error.'</font><br/>';
  797.   }
  798.  }
  799.  if (!isset($hideform)) {
  800. ?>
  801. <b>Create a Application</b> (<a href="https://developers.facebook.com/apps" target="_blank">Create ID & secret here</a>)<br/>
  802. <form method="POST" action="admin.php?page=addapp" enctype="multipart/form-data">
  803. <table>
  804. <tr><td>Application ID:</td><td><input type="text" name="appid" value="<?php if (isset($_POST['appid'])) { echo $_POST['appid']; } ?>"> *</td></tr>
  805. <tr><td>Application Secret:</td><td><input type="text" name="appsecret" value="<?php if (isset($_POST['appsecret'])) { echo $_POST['appsecret']; } ?>"> *</td></tr>
  806. <tr><td>Application Namespace:</td><td><input type="text" name="appnamespace" value="<?php if (isset($_POST['appnamespace'])) { echo $_POST['appnamespace']; } ?>"> *</td></tr>
  807. <tr><td>Domain:</td><td><select name="appdomain"><?php
  808. $query = mysql_query("SELECT * FROM `domains`");
  809. if (mysql_affected_rows() > 0) {
  810.  while ($row = mysql_fetch_assoc($query)) { echo '<option value="'.$row['id'].'">'.$row['domain'].'</option>'; }
  811. }
  812. ?></select></td></tr>
  813. <tr><td>Application Name:</td><td><input type="text" name="appname" value="<?php if (isset($_POST['appname'])) { echo $_POST['appname']; } ?>"> *</td></tr>
  814. <tr><td>Image Template:</td><td><select name="image">
  815. <?php
  816. $query = mysql_query("SELECT * FROM `images`");
  817. while ($irow = mysql_fetch_assoc($query)) {
  818.  echo '<option value="'.$irow['id'].'">'.stripslashes($irow['name']).' (ID: '.$irow['id'].')</option>';
  819. }
  820. ?>
  821. </select> *</td></tr>
  822. <tr><td>Photo Caption (<a href="javascript:void(0);" onclick="alert('Input a caption into the photo image submitted to wall.  This method is not recommended as it\'s against the Facebook Terms of Service to auto-fill photo captions without users generating/typing them manually in your app first.  This text is spinnable.');">?</a>):</td><td nowrap="nowrap"><input type="text" name="pmsg" value="<?php if (isset($_POST['pmsg'])) { echo $_POST['pmsg']; } ?>"> <i>(Not recommended)</i></td></tr>
  823. <tr><td>Publishing (<a href="javascript:void(0);" onclick="alert('Present the user with a link to publish image (Manual) or automatically publish image without presenting link (Auto).  Manual is recommended as it\s more friendly to the Facebook Terms of Service.');">?</a>):</td><td nowrap="nowrap"><input type="radio" name="publishing" value="manual" checked="checked" id="pubmanual"><label for="pubmanual">Manual <i>(Recommended)</i></label> &nbsp; &nbsp; <input type="radio" name="publishing" value="auto" id="pubauto"><label for="pubauto">Auto</label></td></tr>
  824. <tr><td colspan=2><input type="checkbox" name="likeland" id="likeland"> <label for="likeland">Enable Like Gateway (<a href="javascript:void(0);" onclick="alert('User must like a page before viewing image results');">?</a>)</label></td></tr>
  825. <tr><td colspan=2><input type="checkbox" name="userscrape" id="userscrape"> <label for="userscrape">Email permissions + scrape name, email, and Facebook ID (<a href="javascript:void(0);" onclick="alert('All data is added to user_info table in MySQL database.');">?</a>)</label></td></tr>
  826. <tr><td colspan=2><input type="checkbox" name="tagusers" id="tagusers"> <label for="tagusers">Tag friends that get randomly selected (<a href="javascript:void(0);" onclick="alert('This is not recommended.  It is against the Facebook Terms of Service.');">?</a>) <i>(Not Recommended)</i></label></td></tr>
  827. <tr><td colspan=2><input type="checkbox" name="redirectafter" id="redirectafter"> <label for="redirectafter">After publish, redirect user to: <input type="text" name="redirecturl" value="http://"></label></td></tr>
  828. </table><br/>
  829. <input type="submit" value="Create Application">
  830. </form>
  831. <?php
  832.  }
  833. }
  834. if ($_GET['page'] == "editapp") {
  835.  if (isset($_POST['appid'])) {
  836.   $error = "";
  837.   if ($_POST['appid'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  838.   if ($_POST['appsecret'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  839.   if ($_POST['appname'] == "") { $error = "Required fields are mark with an astrick (*).<br/>"; }
  840.   if ($error == "") {
  841.    $app_token = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=".$_POST['appid']."&client_secret=".$_POST['appsecret']."&grant_type=client_credentials");
  842.    if (!strstr(" ".$app_token,"access_token=")) {
  843.     $error = "It appears the application ID and secret key you entered are invalid (Could not grab app authroization token)<br/>";
  844.    }
  845.    else
  846.    {
  847.     $app_token = str_replace("access_token=","",$app_token);
  848.    }
  849.   }
  850.   if ($error == "") {
  851.    $facebook = new Facebook(array(
  852.     'appId'  => $_POST['appid'],
  853.     'secret' => $_POST['appsecret']
  854.    ));
  855.    $domainq = mysql_query("SELECT * FROM `domains` WHERE `id` = '".addslashes($_POST['appdomain'])."' LIMIT 1");
  856.    $domain = mysql_fetch_assoc($domainq);
  857.    if (!empty($_POST['likeland'])) { $likeland = 1; } else { $likeland = 0; }
  858.    if (!empty($_POST['userscrape'])) { $scrape = 1; } else { $scrape = 0; }
  859.    if (!empty($_POST['tagusers'])) { $tag = 1; } else { $tag = 0; }
  860.    if (!empty($_POST['redirectafter'])) { $redir = $_POST['redirecturl']; } else { $redir = 0; }
  861.    $data = array("publishing"=>$_POST['publishing'],"caption"=>addslashes($_POST['pmsg']),"likeland"=>$likeland,"userscrape"=>$scrape,"tagusers"=>$tag,"redirect"=>$redir);
  862.    mysql_query("UPDATE `apps` SET `app_id` = '".addslashes($_POST['appid'])."', `secret` = '".addslashes($_POST['appsecret'])."', `namespace` = '".addslashes($_POST['appnamespace'])."', `domain` = '".addslashes($_POST['appdomain'])."', `app_name` = '".addslashes($_POST['appname'])."', `image` = '".$_POST['image']."', `data` = '".serialize($data)."' WHERE `id` = '".$_GET['id']."' LIMIT 1") or die(mysql_error());
  863.    $created_id = $_GET['id'];
  864.    $properties['app_domains'] = array($domain['domain']);
  865.    $properties['canvas_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'canvas.php?id='.$created_id;
  866.    $properties['secure_canvas_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'canvas.php?id='.$created_id;
  867.    $properties['page_tab_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'tab.php?id='.$created_id;
  868.    $properties['secure_page_tab_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'tab.php?id='.$created_id;
  869.    $properties['privacy_policy_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'privacy.html';
  870.    $properties['canvas_fluid_height'] = false;
  871.    $properties['access_token'] = $app_token;
  872.    $properties['page_tab_default_name'] = $_POST['appname'];
  873.    $facebook->api('/'.$_POST['appid'],'post',$properties);
  874.    echo 'Application successfully updated.';
  875.    $hideform = true;
  876.   }
  877.   else
  878.   {
  879.    echo '<font color="red">'.$error.'</font><br/>';
  880.   }
  881.  }
  882.  $query = mysql_query("SELECT * FROM `apps` WHERE `id` = '".$_GET['id']."' LIMIT 1");
  883.  $row = mysql_fetch_assoc($query);
  884.  $data = unserialize($row['data']);
  885.  if (!isset($hideform)) {
  886. ?>
  887. <b>Edit App</b> (<a href="https://developers.facebook.com/apps" target="_blank">Create new ID & secret here</a>)<br/>
  888. <form method="POST" action="admin.php?page=editapp&id=<?php echo $_GET['id']; ?>" enctype="multipart/form-data">
  889. <table>
  890. <tr><td>Application ID:</td><td><input type="text" name="appid" value="<?php if (isset($_POST['appid'])) { echo $_POST['appid']; } else { echo $row['app_id']; } ?>"> *</td></tr>
  891. <tr><td>Application Secret:</td><td><input type="text" name="appsecret" value="<?php if (isset($_POST['appsecret'])) { echo $_POST['appsecret']; } else { echo $row['secret']; } ?>"> *</td></tr>
  892. <tr><td>Application Namespace:</td><td><input type="text" name="appnamespace" value="<?php if (isset($_POST['appnamespace'])) { echo $_POST['appnamespace']; } else { echo $row['namespace']; } ?>"> *</td></tr>
  893. <tr><td>Domain:</td><td><select name="appdomain"><?php
  894. $domainq = mysql_query("SELECT * FROM `domains`");
  895. if (mysql_affected_rows() > 0) {
  896.  while ($drow = mysql_fetch_assoc($domainq)) {
  897.   echo '<option value="'.$drow['id'].'"';
  898.   if ($row['domain'] == $drow['id']) { echo ' selected="selected"'; }
  899.   echo '>'.$drow['domain'].'</option>';
  900.  }
  901. }
  902. ?></select></td></tr>
  903. <tr><td>Application Name:</td><td><input type="text" name="appname" value="<?php if (isset($_POST['appname'])) { echo $_POST['appname']; } else { echo $row['app_name']; } ?>"> *</td></tr>
  904. <tr><td>Image:</td><td><select name="image">
  905. <?php
  906. $query = mysql_query("SELECT * FROM `images`");
  907. while ($irow = mysql_fetch_assoc($query)) {
  908.  echo '<option value="'.$irow['id'].'" ';
  909.  if ($irow['id'] == $row['image']) { echo 'SELECTED'; }
  910.  echo '>'.$irow['name'].' (ID: '.$irow['id'].')</option>';
  911. }
  912. ?>
  913. </select> *</td></tr>
  914. <tr><td>Photo Caption (<a href="javascript:void(0);" onclick="alert('Input a caption into the photo image submitted to wall.  This method is not recommended as it\'s against the Facebook Terms of Service to auto-fill photo captions without users generating/typing them manually in your app first.  This text is spinnable.');">?</a>):</td><td nowrap="nowrap"><input type="text" name="pmsg" value="<?php if (isset($_POST['pmsg'])) { echo $_POST['pmsg']; } else { echo stripslashes($data['caption']); } ?>"> <i>(Not recommended)</i></td></tr>
  915. <tr><td>Publishing (<a href="javascript:void(0);" onclick="alert('Present the user with a link to publish image (Manual) or automatically publish image without presenting link (Auto).  Manual is recommended as it\s more friendly to the Facebook Terms of Service.');">?</a>):</td><td nowrap="nowrap"><input type="radio" name="publishing" value="manual" <?php if ($data['publishing'] == "manual") { echo 'checked="checked"'; } ?> id="pubmanual"><label for="pubmanual">Manual <i>(Recommended)</i></label> &nbsp; &nbsp; <input type="radio" name="publishing" <?php if ($data['publishing'] == "auto") { echo 'checked="checked"'; } ?> value="auto" id="pubauto"><label for="pubauto">Auto</label></td></tr>
  916. <tr><td colspan=2><input type="checkbox" name="likeland" id="likeland" <?php if ($data['likeland'] == 1) { echo 'checked="checked"'; } ?>> <label for="likeland">Enable Like Gateway (<a href="javascript:void(0);" onclick="alert('User must like a page before viewing image results');">?</a>)</label></td></tr>
  917. <tr><td colspan=2><input type="checkbox" name="userscrape" id="userscrape" <?php if ($data['userscrape'] == 1) { echo 'checked="checked"'; } ?>> <label for="userscrape">Email permissions + scrape name, email, and Facebook ID (<a href="javascript:void(0);" onclick="alert('All data is added to user_info table in MySQL database.');">?</a>)</label></td></tr>
  918. <tr><td colspan=2><input type="checkbox" name="tagusers" id="tagusers" <?php if ($data['tagusers'] == 1) { echo 'checked="checked"'; } ?>> <label for="tagusers">Tag friends that get randomly selected (<a href="javascript:void(0);" onclick="alert('This is not recommended.  It is against the Facebook Terms of Service.');">?</a>) <i>(Not Recommended)</i></label></td></tr>
  919. <tr><td colspan=2><input type="checkbox" name="redirectafter" id="redirectafter" <?php if (isset($data['redirect']) && strlen($data['redirect']) > strlen("http://")) { echo 'checked="checked"'; } ?>> <label for="redirectafter">After publish, redirect user to: <input type="text" name="redirecturl" value="<?php if (isset($data['redirect']) && strlen($data['redirect']) > strlen("http://")) { echo $data['redirect']; } else { echo "http://"; } ?>"></label></td></tr>
  920. <tr><td colspan=2 style="text-align: center;"><input type="submit" value="Edit Application"></td></tr>
  921. </table>
  922. </form>
  923. <?php
  924.   //print_r($data);
  925.  }
  926. }
  927.  
  928. if ($_GET['page'] == "template") {
  929.  if (isset($_POST['tmpltxt'])) {
  930.   //echo "SELECT * FROM `template` WHERE `app_id` = '".$_GET['id']."' AND `type` = '".$_GET['type']."' LIMIT 1";
  931.   mysql_query("SELECT * FROM `template` WHERE `app_id` = '".$_GET['id']."' AND `type` = '".$_GET['type']."' LIMIT 1") or die(mysql_error());
  932.   if (mysql_affected_rows() > 0) {
  933.    mysql_query("UPDATE `template` SET `value` = '".addslashes($_POST['tmpltxt'])."' WHERE `app_id` = '".$_GET['id']."' AND `type` = '".$_GET['type']."' LIMIT 1");
  934.   }
  935.   else
  936.   {
  937.    mysql_query("INSERT INTO `template` VALUES('".$_GET['id']."','".$_GET['type']."','".addslashes($_POST['tmpltxt'])."');");
  938.   }
  939.  }
  940.  $types = array(array("name" => "Header HTML/CSS", "id" => "header"),array("name" => "Footer HTML/CSS", "id" => "footer"), array("name" => "Like Gateway (Fan Page)", "id" => "notliked"), array("name" => "Login Page (Fan Page)", "id" => "fan-login"));
  941.  if (!isset($_GET['type'])) { $_GET['type'] = "header"; }
  942.  $tmp = 0;
  943.  echo '<b>Editing:</b> ';
  944.  foreach ($types as $type) {
  945.   if ($tmp > 0) { echo ' | '; }
  946.   if ($_GET['type'] == $type['id']) {
  947.    $query = mysql_query("SELECT * FROM `template` WHERE `app_id` = '".$_GET['id']."' AND `type` = '".$type['id']."' LIMIT 1");
  948.    if (mysql_affected_rows() > 0) { $rrow = mysql_fetch_assoc($query); $rrow['value'] = stripslashes($rrow['value']); } else { $rrow['value'] = file_get_contents('default_tmpl/'.$type['id'].'.php'); $rrow['type'] = $type['id']; }
  949.    $rrow['value'] = str_replace("&","&amp;",$rrow['value']);
  950.    echo '<b>'.$type['name'].'</b>';
  951.   }
  952.   else
  953.   {
  954.    echo '<a href="?page=template&id='.$_GET['id'].'&type='.$type['id'].'">'.$type['name'].'</a>';
  955.   }
  956.   $tmp++;
  957.  }
  958. ?>
  959. <br/><br/>
  960. <form method="POST" action="admin.php?page=template&id=<?php echo $_GET['id']; ?>&type=<?php echo $rrow['type']; ?>">
  961. <input type="hidden" name="type" value="<?php echo $rrow['type']; ?>">
  962. <textarea name="tmpltxt" rows=10 cols=70>
  963. <?php echo stripslashes($rrow['value']); ?>
  964. </textarea><br/>
  965. <input type="submit" value="Update Template">
  966. </form>
  967. <?php
  968. }
  969.  
  970. if ($_GET['page'] == "stats") {
  971.  echo "<B>App Statistics</B><br/><br/>";
  972.  $query = mysql_query("SELECT * FROM `stats`");
  973.  if (mysql_affected_rows() > 0) {
  974.   echo '<table><tr><td><b><b>App Name</b></td><td><b>Today</b></td><td><b>Yesterday</b></td><td><b>This Week</b></td><td><b>This Month</b></td><td><b>Last Month</b></td></tr>';
  975.   while ($row = mysql_fetch_assoc($query)) {
  976.    $appq = mysql_query("SELECT * FROM `apps` WHERE `id` = '".$row['app_id']."' LIMIT 1");
  977.    $app = mysql_fetch_assoc($appq);
  978.    echo '<tr><td>'.stripslashes($app['app_name']).'</td><td>'.$row['today'].'</td><td>'.$row['yesterday'].'</td><td>'.$row['last_week'].'</td><td>'.$row['this_month'].'</td><td>'.$row['last_month'].'</td></tr>';
  979.   }
  980.   echo '</table>';
  981.  }
  982.  else
  983.  {
  984.   echo "No statistical information logged.";
  985.  }
  986.  echo '<br/><br/><i>* This feature tracks image publishes, not views</i>';
  987. }
  988.  
  989. if ($_GET['page'] == "domains") {
  990.  if (isset($_POST['domain'])) { mysql_query("INSERT INTO `domains` VALUES(null,'".addslashes($_POST['domain'])."');"); }
  991.  echo '<b>Domains</b><br/><br/>';
  992.  $query = mysql_query("SELECT * FROM `domains`");
  993.  if (mysql_affected_rows() > 0) {
  994.   echo '<table>';
  995.   while ($row = mysql_fetch_assoc($query)) {
  996.    echo '<tr><td>'.$row['domain'].'</td><td style="padding-left: 10px;"><a href="?page=deldomain&id='.$row['id'].'">[Delete & Move Apps]</a></td></tr>';
  997.   }
  998.   echo '</table>';
  999.  }
  1000.  else
  1001.  {
  1002.   echo '<i>No domains added yet</i>';
  1003.  }
  1004. ?>
  1005. <form method="POST" action="admin.php?page=domains">
  1006. <br/><br/><b>Add a Domain</b><br/><br/>
  1007. Domain: <input type="text" name="domain"> <input type="submit" value="Add Domain">
  1008. </form><br/><br/>
  1009. <i>* Base domain only!  Do not include www.  Subdomains allowed.</i>
  1010. <?php
  1011. }
  1012.  
  1013. if ($_GET['page'] == "deldomain") {
  1014.  echo '<b>Delete Domain & Move Apps</b><br/><br/>';
  1015.  if (isset($_POST['moveto'])) {
  1016.   $appsq = mysql_query("SELECT * FROM `apps` WHERE `domain` = '".$_POST['moveto']."' LIMIT 1");
  1017.   if (mysql_affected_rows() > 0) {
  1018.    while ($app = mysql_fetch_assoc($appsq)) {
  1019.     $app_token = file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=".$app['app_id']."&client_secret=".$app['secret']."&grant_type=client_credentials");
  1020.     if (!strstr(" ".$app_token,"access_token=")) {
  1021.      $error = "It appears the application ID and secret key you entered are invalid (Could not grab app authroization token)<br/>";
  1022.     }
  1023.     else
  1024.     {
  1025.      $app_token = str_replace("access_token=","",$app_token);
  1026.     }
  1027.     $facebook[$row['id']] = new Facebook(array(
  1028.      'appId'  => $_POST['appid'],
  1029.      'secret' => $_POST['appsecret']
  1030.     ));
  1031.     $domainq = mysql_query("SELECT * FROM `domains` WHERE `id` = '".addslashes($_POST['moveto'])."' LIMIT 1");
  1032.     $domain = mysql_fetch_assoc($domainq);
  1033.     mysql_query("UPDATE `apps` SET `domain` = '".addslashes($_POST['moveto'])."' WHERE `id` = '".$app['id']."' LIMIT 1") or die(mysql_error());
  1034.     $created_id = $_GET['id'];
  1035.     $properties['app_domains'] = array($domain['domain']);
  1036.     $properties['canvas_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'canvas.php?id='.$created_id;
  1037.     $properties['secure_canvas_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'canvas.php?id='.$created_id;
  1038.     $properties['page_tab_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'tab.php?id='.$created_id;
  1039.     $properties['secure_page_tab_url'] = str_replace("http://","https://",str_replace($base_domain,$domain['domain'],$callbackurl)).'tab.php?id='.$created_id;
  1040.     $properties['privacy_policy_url'] = str_replace($base_domain,$domain['domain'],$callbackurl).'privacy.html';
  1041.     $properties['access_token'] = $app_token;
  1042.     $facebook->api('/'.$app['app_id'],'post',$properties);
  1043.    }    
  1044.   }
  1045.   mysql_query("DELETE FROM `domains` WHERE `id` = '".$_GET['id']."' LIMIT 1");
  1046.  }
  1047.  else
  1048.  {
  1049.   $query = mysql_query("SELECT * FROM `domains` WHERE `id` != '".$_GET['id']."' LIMIT 1");
  1050.   if (mysql_affected_rows() < 1) {
  1051.    echo 'You must have at least one domain.  Please add another before deleting this one.';
  1052.     exit;
  1053.   }
  1054.   $query = mysql_query("SELECT * FROM `domains` WHERE `id` = '".$_GET['id']."' LIMIT 1");
  1055.   $row = mysql_fetch_assoc($query);
  1056. ?>
  1057. <form method="POST" action="admin.php?page=deldomain&id=<?php echo $row['id']; ?>">
  1058. <b>Deleting:</b> <?php echo $row['domain']; ?><br/><br/>
  1059. <b>Move apps to:</b> <select name="moveto"><?php
  1060. $domainq = mysql_query("SELECT * FROM `domains` WHERE `id` != '".$row['id']."'");
  1061. if (mysql_affected_rows() > 0) {
  1062.  while ($drow = mysql_fetch_assoc($query)) {
  1063.   echo '<option value="'.$drow['id'].'">'.$drow['domain'].'</option>';
  1064.  }
  1065. }
  1066. ?></select><br/><br/>
  1067. <input type="submit" value="Delete Domain">
  1068. </form>
  1069. <?php
  1070.  }
  1071. }
  1072.  
  1073. if ($_GET['page'] == "spin") {
  1074.  if (isset($_GET['del'])) {
  1075.   mysql_query("DELETE FROM `spinners` WHERE `id` = '".$_GET['del']."' LIMIT 1");
  1076.  }
  1077.  echo '<b>App Spinners</b><br/><br/>';
  1078.  $query = mysql_query("SELECT * FROM `spinners`");
  1079.  if (mysql_affected_rows() > 0) {
  1080.   echo '<table><tr><td><b>Spinner URL</b></td><td><b>App IDs to Spin</b></td><td>&nbsp;</td></tr>';
  1081.   while ($row = mysql_fetch_assoc($query)) {
  1082.    echo '<tr><td><a target="_blank" href="'.$callbackurl.$row['id'].'">'.$row['id'].'</a></td><td>';
  1083.    $appIDs = unserialize($row['data']);
  1084.    $idstr = "";
  1085.    foreach ($appIDs as $id => $val) {
  1086.     if ($idstr == "") { $idstr .= $id; } else { $idstr .= ", ".$id; }
  1087.    }
  1088.    echo $idstr.'</td><td><a href="?page=editspin&id='.$row['id'].'"><img src="images/edit.png" border=0></a> <a href="?page=spin&del='.$row['id'].'"><img src="images/delete.png" border=0></a></td></tr>';
  1089.   }
  1090.   echo '</table><br/><br/>';
  1091. ?>
  1092. <b>How it Works:</b><br/><br/>
  1093. <b>1)</b> Spinner URLs are automatically attached to photo captions with corresponding IDs<br/>
  1094. <b>2)</b> If more than one spinner is attached to the app, a spinner URL is selected randomly<br/>
  1095. <b>3)</b> If you have more than one domain added, domain will also be spun in URL<br/>
  1096. <?php
  1097.  }
  1098.  else
  1099.  {
  1100.   echo '<i>No spinners have been created yet</i>';
  1101.  }
  1102. }
  1103.  
  1104. if ($_GET['page'] == "addspin") {
  1105.  if (isset($_POST['submit'])) {
  1106.   $query = mysql_query("SELECT * FROM `apps`");
  1107.   while ($row = mysql_fetch_assoc($query)) {
  1108.    if (isset($_POST['app'.$row['id']]) && !empty($_POST['app'.$row['id']])) {
  1109.     $appIDs[$row['id']] = 1;
  1110.    }
  1111.   }
  1112.   if (isset($appIDs)) {
  1113.    $count = 1;
  1114.    while ($count > 0) {
  1115.     $randId = randString(6);
  1116.     $query = mysql_query("SELECT COUNT(*) FROM `spinners` WHERE `id` = '".$randId."' LIMIT 1");
  1117.     $count = mysql_fetch_assoc($query);
  1118.     $count = $count['COUNT(*)'];
  1119.    }
  1120.    mysql_query("INSERT INTO `spinners` VALUES('".$randId."','".serialize($appIDs)."');");
  1121.    $hideform = true;
  1122.    echo '<font color="green">Spinner generated successfully:</font><br/><br/><b>Your Spinner URL:</b> <a href="'.$callbackurl.$randId.'">'.$callbackurl.$randId.'</a>';
  1123.   }
  1124.  }
  1125.  if (!isset($hideform)) {
  1126.   echo '<form method="POST" action="admin.php?page=addspin"><b>Generate a Spinner URL</b><br/><br/>';
  1127.   $query = mysql_query("SELECT * FROM `apps`");
  1128.   if (mysql_affected_rows() > 0) {
  1129.    while ($row = mysql_fetch_assoc($query)) {
  1130.     echo '<input type="checkbox" name="app'.$row['id'].'" id="app'.$row['id'].'"> <label for="app'.$row['id'].'">'.stripslashes($row['app_name']).' (App ID: '.$row['id'].')</label><br/>';
  1131.    }
  1132.   }
  1133.   echo '<br/><input type="submit" name="submit" value="Generate"></form>';
  1134.  }
  1135. }
  1136.  
  1137. if ($_GET['page'] == "editspin") {
  1138.  if (isset($_POST['submit'])) {
  1139.   $query = mysql_query("SELECT * FROM `apps`");
  1140.   while ($row = mysql_fetch_assoc($query)) {
  1141.    if (isset($_POST['app'.$row['id']]) && !empty($_POST['app'.$row['id']])) {
  1142.     $appIDs[$row['id']] = 1;
  1143.    }
  1144.   }
  1145.   if (isset($appIDs)) {
  1146.    //print_r($appIDs);
  1147.    mysql_query("UPDATE `spinners` SET `data` = '".serialize($appIDs)."' WHERE `id` = '".$_GET['id']."'");
  1148.   }
  1149.  }
  1150.  $query = mysql_query("SELECT * FROM `spinners` WHERE `id` = '".$_GET['id']."' LIMIT 1");
  1151.  $spin = mysql_fetch_assoc($query);
  1152.  $spin = unserialize($spin['data']);
  1153.  if (!isset($hideform)) {
  1154.   echo '<form method="POST" action="admin.php?page=editspin&id='.$_GET['id'].'"><b>Edit a Spinner URL</b><br/><br/>';
  1155.   $query = mysql_query("SELECT * FROM `apps`");
  1156.   if (mysql_affected_rows() > 0) {
  1157.    while ($row = mysql_fetch_assoc($query)) {
  1158.     echo '<input type="checkbox" name="app'.$row['id'].'" id="app'.$row['id'].'" ';
  1159.     if (isset($spin[$row['id']])) { echo 'checked="checked"'; }
  1160.     echo '> <label for="app'.$row['id'].'">'.stripslashes($row['app_name']).' (App ID: '.$row['id'].')</label><br/>';
  1161.    }
  1162.   }
  1163.   echo '<br/><input type="submit" name="submit" value="Edit Spinner"></form>';
  1164.  }
  1165. }
  1166.  
  1167. function randString($length, $charset='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789') {
  1168.     $str = '';
  1169.     $count = strlen($charset);
  1170.     while ($length--) {
  1171.         $str .= $charset[mt_rand(0, $count-1)];
  1172.     }
  1173.     return $str;
  1174. }
  1175. ?>
  1176. </td></tr></table><br/><br/>Created by <a href="http://www.devswift.com/" target="_blank">DevSwift</a><br/><br/>
  1177. </body>
  1178. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!