File banners.php

1:	<?php
2:	/**
3:	* XOOPS banner management
4:	*
5:	* You may not change or alter any portion of this comment or credits
6:	* of supporting developers from this source code or any supporting source code
7:	* which is considered copyrighted (c) material of the original comment or credit authors.
8:	* This program is distributed in the hope that it will be useful,
9:	* but WITHOUT ANY WARRANTY; without even the implied warranty of
10:	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11:	*
12:	* @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
13:	* @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
14:	* @since 2.0.0
15:	* @author Kazumi Ono <webmaster@myweb.ne.jp>
16:	* @author Taiwen Jiang <phppp@users.sourceforge.net>
17:	* @author DuGris aka L. Jen <http://www.dugris.info>
18:	* @author Kris <kris@frxoops.org>
19:	*/
20:
21:	use Xmf\Request;
22:
23:	$xoopsOption['pagetype'] = 'banners';
24:	include __DIR__ . '/mainfile.php';
25:
26:	/**
27:	* Function to let your client login to see the stats
28:	* @return void
29:	*/
30:	function clientlogin()
31:	{
32:	global $xoopsDB, $xoopsLogger, $xoopsConfig;
33:	include __DIR__ . '/header.php';
34:	$GLOBALS['xoTheme']->addStylesheet(null, null, '
35:	#login_window {
36:	max-width: 480px;
37:	margin: 1em auto;
38:	background-color: #f8f8f8;
39:	color: inherit;
40:	border: 1px solid #000;
41:	}
42:	#login_window h2 {
43:	margin: .5em;
44:	padding: 130px 0 0;
45:	background: url( images/password.png) no-repeat center top;
46:	text-align: center;
47:	}
48:	.login_form .credentials {
49:	margin: .5em 1em;
50:	padding: 1em;
51:	background-color: #ccc;
52:	color: inherit;
53:	}
54:	.login_form .credentials label {
55:	display: inline-block;
56:	width: 33%;
57:	margin: 1px;
58:	}
59:	.login_form .credentials input {
60:	width: 50%;
61:	margin: 1px;
62:	padding: 1px;
63:	border: 1px solid #000;
64:	}
65:	.login_form .credentials input:focus {
66:	border: 1px solid #2266cc;
67:	}
68:	.login_form .actions {
69:	padding: 1.5em .5em .5em;
70:	text-align: center;
71:	}
72:	.login_info {
73:	margin: .5em 1em;
74:	text-align: center;
75:	}
76:	.content_title {
77:	font-size: 1.2em;
78:	}
79:	');
80:	echo "<div id='login_window'>
81:	<h2 class='content_title'>" . _BANNERS_LOGIN_TITLE . "</h2>
82:	<form method='post' action='banners.php' class='login_form'>
83:	<div class='credentials'>
84:	<label for='login_form-login'>" . _BANNERS_LOGIN_LOGIN . "</label>
85:	<input type='text' name='login' id='login_form-login' value='' /><br>
86:	<label for='login_form-password'>" . _BANNERS_LOGIN_PASS . "</label>
87:	<input type='password' name='pass' id='login_form-password' value='' /><br>
88:	</div>
89:	<div class='actions'><input type='hidden' name='op' value='Ok' /><button type='submit'>" . _BANNERS_LOGIN_OK . "</button></div>
90:	<div class='login_info'>" . _BANNERS_LOGIN_INFO . '</div>' . $GLOBALS['xoopsSecurity']->getTokenHTML('BANNER_LOGIN') . '
91:	</form></div>';
92:	include $GLOBALS['xoops']->path('footer.php');
93:	}
94:
95:	/**
96:	* Function to display the banners stats for each client
97:	* @return void
98:	*/
99:	function bannerstats()
100:	{
101:	global $xoopsDB, $xoopsConfig, $xoopsLogger, $myts;
102:	if ($_SESSION['banner_login'] == '' \|\| $_SESSION['banner_pass'] == '') {
103:	redirect_header('banners.php', 2, _BANNERS_NO_LOGIN_DATA);
104:	}
105:	$sql = sprintf('SELECT cid, name, passwd FROM %s WHERE login=%s', $xoopsDB->prefix('bannerclient'), $xoopsDB->quoteString($_SESSION['banner_login']));
106:	$result = $xoopsDB->query($sql);
107:	if (!$xoopsDB->isResultSet($result)) {
108:	throw new \RuntimeException(
109:	\sprintf(_DB_QUERY_ERROR, $sql) . $xoopsDB->error(), E_USER_ERROR
110:	);
111:	}
112:	list($cid, $name, $passwd) = $xoopsDB->fetchRow($result);
113:	if ($_SESSION['banner_pass'] == $passwd) {
114:	include $GLOBALS['xoops']->path('header.php');
115:	$cid = (int)$cid;
116:	$GLOBALS['xoTheme']->addStylesheet(null, null, '
117:	#bannerstats {}
118:	#bannerstats td {
119:	text-align: center;
120:	}
121:	');
122:	echo "<div id='bannerstats'>
123:	<h4 class='content_title'>" . sprintf(_BANNERS_TITLE, $name) . "</h4><hr />
124:	<table summary=''>
125:	<caption>" . sprintf(_BANNERS_TITLE, $name) . '</caption>
126:	<thead><tr>
127:	<td>ID</td>
128:	<td>' . _BANNERS_IMP_MADE . '</td>
129:	<td>' . _BANNERS_IMP_TOTAL . '</td>
130:	<td>' . _BANNERS_IMP_LEFT . '</td>
131:	<td>' . _BANNERS_CLICKS . '</td>
132:	<td>' . _BANNERS_PER_CLICKS . '</td>
133:	<td>' . _BANNERS_FUNCTIONS . "</td></tr></thead>
134:	<tfoot><tr><td colspan='7'></td></tr></tfoot>";
135:
136:	$sql = 'SELECT bid, imptotal, impmade, clicks, date FROM ' . $xoopsDB->prefix('banner') . " WHERE cid={$cid}";
137:	$result = $xoopsDB->query($sql);
138:	if (!$xoopsDB->isResultSet($result)) {
139:	throw new \RuntimeException(
140:	\sprintf(_DB_QUERY_ERROR, $sql) . $xoopsDB->error(), E_USER_ERROR
141:	);
142:	}
143:	$i = 0;
144:	while (false !== (list($bid, $imptotal, $impmade, $clicks, $date) = $xoopsDB->fetchRow($result))) {
145:	if ($impmade == 0) {
146:	$percent = 0;
147:	} else {
148:	$percent = substr(100 * $clicks / $impmade, 0, 5);
149:	}
150:	if ($imptotal == 0) {
151:	$left = _BANNERS_UNLIMITED;
152:	} else {
153:	$left = $imptotal - $impmade;
154:	}
155:	$class = ($i % 2 == 0) ? 'even' : 'odd';
156:	echo "<tbody><tr class='{$class}'>
157:	<td>{$bid}</td>
158:	<td>{$impmade}</td>
159:	<td>{$imptotal}</td>
160:	<td>{$left}</td>
161:	<td>{$clicks}</td>
162:	<td>{$percent}%</td>
163:	<td><a href='banners.php?op=EmailStats&cid={$cid}&bid={$bid}' title='" . _BANNERS_STATS . "'>" . _BANNERS_STATS . '</a></td></tr></tbody>';
164:	++$i;
165:	}
166:	echo "</table>
167:	<br><br>
168:	<h4 class='content_title'>" . _BANNERS_FOW_IN . htmlspecialchars($xoopsConfig['sitename'], ENT_QUOTES) . '</h4><hr />';
169:
170:	$sql = 'SELECT bid, imageurl, clickurl, htmlbanner, htmlcode FROM ' . $xoopsDB->prefix('banner') . " WHERE cid={$cid}";
171:	$result = $xoopsDB->query($sql);
172:	if (!$xoopsDB->isResultSet($result)) {
173:	throw new \RuntimeException(
174:	\sprintf(_DB_QUERY_ERROR, $sql) . $xoopsDB->error(), E_USER_ERROR
175:	);
176:	}
177:	while (false !== (list($bid, $imageurl, $clickurl, $htmlbanner, $htmlcode) = $xoopsDB->fetchRow($result))) {
178:	$numrows = $xoopsDB->getRowsNum($result);
179:	if ($numrows > 1) {
180:	echo '<br>';
181:	}
182:	if (!empty($htmlbanner) && !empty($htmlcode)) {
183:	echo $myts->displayTarea($htmlcode);
184:	} else {
185:	if (strtolower(substr($imageurl, strrpos($imageurl, '.'))) === '.swf') {
186:	echo "<object type='application/x-shockwave-flash' width='468' height='60' data='{$imageurl}'>";
187:	echo "<param name='movie' value='{$imageurl}' />";
188:	echo "<param name='quality' value='high' />";
189:	echo '</object>';
190:	} else {
191:	echo "<img src='{$imageurl}' alt='' />";
192:	}
193:	}
194:	echo '<br><strong>' . _BANNERS_ID . $bid . '</strong><br>' . sprintf(_BANNERS_SEND_STATS, 'banners.php?op=EmailStats&cid=' . $cid . '&bid=' . $bid) . '<br>';
195:	if (!$htmlbanner) {
196:	$clickurl = htmlspecialchars($clickurl, ENT_QUOTES);
197:	echo sprintf(_BANNERS_POINTS, $clickurl) . "<br>
198:	<form action='banners.php' method='post'>" . _BANNERS_URL . "
199:	<input type='text' name='url' size='50' maxlength='200' value='{$clickurl}' />
200:	<input type='hidden' name='bid' value='{$bid}' />
201:	<input type='hidden' name='cid' value='{$cid}' />
202:	<input type='submit' name='op' value='" . _BANNERS_CHANGE . "' />" . $GLOBALS['xoopsSecurity']->getTokenHTML('BANNER_EDIT') . '</form>';
203:	}
204:	}
205:
206:	/* Finnished Banners */
207:	echo '<br>';
208:	$sql = 'SELECT bid, impressions, clicks, datestart, dateend FROM ' . $xoopsDB->prefix('bannerfinish') . " WHERE cid={$cid}";
209:	$result = $xoopsDB->query($sql);
210:	if ($xoopsDB->isResultSet($result)) {
211:	echo "<h4 class='content_title'>" . sprintf(_BANNERS_FINISHED, $name) . "</h4><hr />
212:	<table summary=''>
213:	<caption>" . sprintf(_BANNERS_FINISHED, $name) . '</caption>
214:	<thead><tr>
215:	<td>ID</td>
216:	<td>' . _BANNERS_IMP_MADE . '</td>
217:	<td>' . _BANNERS_CLICKS . '</td>
218:	<td>' . _BANNERS_PER_CLICKS . '</td>
219:	<td>' . _BANNERS_STARTED . '</td>
220:	<td>' . _BANNERS_ENDED . "</td></tr></thead>
221:	<tfoot><tr><td colspan='6'></td></tr></tfoot>";
222:
223:	$i = 0;
224:	while (false !== (list($bid, $impressions, $clicks, $datestart, $dateend) = $xoopsDB->fetchRow($result))) {
225:	if ($impressions == 0) {
226:	$percent = 0;
227:	} else {
228:	$percent = substr(100 * $clicks / $impressions, 0, 5);
229:	}
230:	$class = ($i % 2 == 0) ? 'even' : 'odd';
231:	echo "<tbody><tr class='{$class}'>
232:	<td>{$bid}</td>
233:	<td>{$impressions}</td>
234:	<td>{$clicks}</td>
235:	<td>{$percent}%</td>
236:	<td>" . formatTimestamp($datestart) . '</td>
237:	<td>' . formatTimestamp($dateend) . '</td></tr></tbody>';
238:	}
239:	echo '</table></div>';
240:	}
241:	include $GLOBALS['xoops']->path('footer.php');
242:	} else {
243:	redirect_header('banners.php', 2);
244:	}
245:	}
246:
247:	/**
248:	* Function to let clients email their banner's stats
249:	* @param int\|string $cid
250:	* @param int\|string $bid
251:	* @return void
252:	*/
253:	function emailStats($cid, $bid)
254:	{
255:	global $xoopsDB, $xoopsConfig;
256:	if ($_SESSION['banner_login'] != '' && $_SESSION['banner_pass'] != '') {
257:	$cid = (int)$cid;
258:	$bid = (int)$bid;
259:	$sql = sprintf('SELECT name, email, passwd FROM %s WHERE cid=%u AND login=%s', $xoopsDB->prefix('bannerclient'), $cid, $xoopsDB->quoteString($_SESSION['banner_login']));
260:	$result2 = $xoopsDB->query($sql);
261:	if ($xoopsDB->isResultSet($result2)) {
262:	list($name, $email, $passwd) = $xoopsDB->fetchRow($result2);
263:	if ($_SESSION['banner_pass'] == $passwd) {
264:	if ($email == '') {
265:	redirect_header('banners.php', 3, sprintf(_BANNERS_MAIL_ERROR, $name));
266:	} else {
267:	$sql = 'SELECT bid, imptotal, impmade, clicks, imageurl, clickurl, date FROM ' . $xoopsDB->prefix('banner') . " WHERE bid={$bid} AND cid={$cid}";
268:	$result = $xoopsDB->query($sql);
269:	if ($xoopsDB->isResultSet($result)) {
270:	list($bid, $imptotal, $impmade, $clicks, $imageurl, $clickurl, $date) = $xoopsDB->fetchRow($result);
271:	if ($impmade == 0) {
272:	$percent = 0;
273:	} else {
274:	$percent = substr(100 * $clicks / $impmade, 0, 5);
275:	}
276:	if ($imptotal == 0) {
277:	$left = _BANNERS_UNLIMITED;
278:	$imptotal = _BANNERS_UNLIMITED;
279:	} else {
280:	$left = $imptotal - $impmade;
281:	}
282:	$fecha = date('F jS Y, h:iA.');
283:	$subject = sprintf(_BANNERS_MAIL_SUBJECT, $xoopsConfig['sitename']);
284:	$message = sprintf(_BANNERS_MAIL_MESSAGE, $xoopsConfig['sitename'], $name, $bid, $imageurl, $clickurl, $imptotal, $impmade, $left, $clicks, $percent, $fecha);
285:	$xoopsMailer = xoops_getMailer();
286:	$xoopsMailer->useMail();
287:	$xoopsMailer->setToEmails($email);
288:	$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
289:	$xoopsMailer->setFromName($xoopsConfig['sitename']);
290:	$xoopsMailer->setSubject($subject);
291:	$xoopsMailer->setBody($message);
292:	$xoopsMailer->send();
293:	redirect_header('banners.php?op=Ok', 3, _BANNERS_MAIL_OK);
294:	}
295:	}
296:	}
297:	}
298:	}
299:	redirect_header('banners.php', 2);
300:	}
301:
302:	/**
303:	* Function to let clients change their banner's URL
304:	* @param int\|string $cid
305:	* @param int\|string $bid
306:	* @param string $url
307:	* @return void
308:	*/
309:	function change_banner_url_by_client($cid, $bid, $url)
310:	{
311:	global $xoopsDB;
312:	if ($_SESSION['banner_login'] != '' && $_SESSION['banner_pass'] != '' && $url != '') {
313:	$cid = (int)$cid;
314:	$bid = (int)$bid;
315:	$sql = sprintf('SELECT passwd FROM %s WHERE cid=%u AND login=%s', $xoopsDB->prefix('bannerclient'), $cid, $xoopsDB->quoteString($_SESSION['banner_login']));
316:	$result = $xoopsDB->query($sql);
317:	if ($xoopsDB->isResultSet($result)) {
318:	list($passwd) = $xoopsDB->fetchRow($result);
319:	if ($_SESSION['banner_pass'] == $passwd) {
320:	$sql = sprintf('UPDATE %s SET clickurl=%s WHERE bid=%u AND cid=%u', $xoopsDB->prefix('banner'), $xoopsDB->quoteString($url), $bid, $cid);
321:	if ($xoopsDB->query($sql)) {
322:	redirect_header('banners.php?op=Ok', 3, _BANNERS_DBUPDATED);
323:	}
324:	}
325:	}
326:	}
327:	redirect_header('banners.php', 2);
328:	}
329:
330:	/**
331:	* @param int\|string $bid
332:	* @return void
333:	*/
334:	function clickbanner($bid)
335:	{
336:	global $xoopsDB;
337:	$bid = (int)$bid;
338:	if ($bid > 0) {
339:	$sql = 'SELECT clickurl FROM ' . $xoopsDB->prefix('banner') . " WHERE bid={$bid}";
340:	$result = $xoopsDB->query($sql);
341:	if (!$xoopsDB->isResultSet($result)) {
342:	throw new \RuntimeException(
343:	\sprintf(_DB_QUERY_ERROR, $sql) . $xoopsDB->error(), E_USER_ERROR
344:	);
345:	}
346:	list($clickurl) = $xoopsDB->fetchRow($result);
347:	if ($clickurl) {
348:	if ($GLOBALS['xoopsSecurity']->checkReferer()) {
349:	$xoopsDB->queryF('UPDATE ' . $xoopsDB->prefix('banner') . " SET clicks=clicks+1 WHERE bid=$bid");
350:	header('Location: ' . $clickurl);
351:	} else {
352:	//No valid referer found so some javascript error or direct access found
353:	echo _BANNERS_NO_REFERER;
354:	}
355:	exit();
356:	}
357:	}
358:	redirect_header(XOOPS_URL, 3, _BANNERS_NO_ID);
359:	}
360:
361:
362:	$op = '';
363:	$clean_bid = 0;
364:	$clean_cid = 0;
365:	$clean_login = '';
366:	$clean_pass = '';
367:	$clean_url = '';
368:	if (!empty($_POST['op'])) {
369:	// from $_POST we use keys: op, login, pass, url, pass, bid, cid
370:	$op = Request::getCmd('op', '', 'POST');
371:
372:	if (isset($_POST['login'])) {
373:	$clean_login = Request::getString('login', '', 'POST');
374:	}
375:
376:	if (isset($_POST['pass'])) {
377:	$clean_pass = Request::getString('pass', '', 'POST');
378:	}
379:
380:	if (isset($_POST['url'])) {
381:	$clean_url = Request::getUrl('url', '', 'POST');
382:	}
383:
384:	if (isset($_POST['bid'])) {
385:	$clean_bid = Request::getInt('bid', 0, 'POST');
386:	}
387:
388:	if (isset($_POST['cid'])) {
389:	$clean_cid = Request::getInt('cid', 0, 'POST');
390:	}
391:	} elseif (!empty($_GET['op'])) {
392:	// from $_GET we use keys: op, bid, cid
393:	$op = Request::getCmd('op', '', 'GET');
394:
395:	if (isset($_GET['bid'])) {
396:	$clean_bid = Request::getInt('bid', 0, 'GET');
397:	}
398:
399:	if (isset($_GET['cid'])) {
400:	$clean_cid = Request::getInt('cid', 0, 'GET');
401:	}
402:	}
403:
404:	switch ($op) {
405:	case 'click':
406:	$bid = $clean_bid;
407:	clickbanner($bid);
408:	break;
409:	case 'Ok':
410:	if ($_SERVER['REQUEST_METHOD'] === 'POST') {
411:	if (!$GLOBALS['xoopsSecurity']->check(true, false, 'BANNER_LOGIN')) {
412:	redirect_header('banners.php', 3, implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
413:	}
414:
415:	$_SESSION['banner_login'] = $clean_login;
416:	$_SESSION['banner_pass'] = $clean_pass;
417:	}
418:	bannerstats();
419:	break;
420:	case _BANNERS_CHANGE:
421:	if (!$GLOBALS['xoopsSecurity']->check(true, false, 'BANNER_EDIT')) {
422:	redirect_header('banners.php', 3, implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
423:	}
424:	$url = $clean_url;
425:	$bid = $clean_bid;
426:	$cid = $clean_cid;
427:	change_banner_url_by_client($cid, $bid, $url);
428:	break;
429:	case 'EmailStats':
430:	$bid = $clean_bid;
431:	$cid = $clean_cid;
432:	emailStats($cid, $bid);
433:	break;
434:	case 'login':
435:	default:
436:	clientlogin();
437:	break;
438:	}
439:

Namespaces

Classes

Interfaces

Exceptions

Functions