<?
ini_set('display_errors',0);
session_start();

$websitetype = "medword";

if (!isset($type))	$type = "medword";
if (!isset($title))	$title = "";
if (!isset($allowaccess)) $allowaccess = 0;
if (!isset($getkeywords)) $getkeywords = "";
if (!isset($_COOKIE['remember_email'])) $_COOKIE['remember_email'] = "";
if (!isset($error)) $error = "";
if (!isset($found)) $found = false;
if (!isset($indexes)) $indexes[-1][1] = 0;
if (!isset($description)) $description = "";
if (!isset($searchkeywords)) $searchkeywords = "";
if (!isset($freevisitscount)) $freevisitscount = 0;
if (!isset($i)) $i = 0;
if (!isset($wordl)) $wordl = "";
if (!isset($getwords)) $getwords = "";
if (!isset($counter)) $counter = 0;
if (!isset($pagedate)) $pagedate = "";
if (!isset($_SESSION["freevisitscount"])) $_SESSION["freevisitscount"] = 0;


function session_is_registered($key){ 
        return isset($_SESSION[$key]); 
    }

// Database Server
$serverhost = "localhost";

// Database Admin Username
$adminuser = "medword";

// Database Admin Password
$adminpass = "KyQQwqFdfWX4YCrb";

// Data Base
$db_pandora = "medword";
$db_medword = "medword";
$db_mw = "medworddb";

// Root Document
//$domain = "http://pandorawordbox.com";
$domain = "http://medword.net";
$rootfolder = $domain."/";

$domainmedword = "http://medword.net";
$medwordrootfolder = $domainmedword."/";

// base path
$base_path ="/home/ibisbirt/public_html/";

$id_con=mysql_connect($serverhost, $adminuser, $adminpass);
mysql_select_db($db_pandora, $id_con);

$style = "pandora"; // default style
if (isset($_GET["setstyle"]))
  $style=$_GET["setstyle"];
else
{
  if ($websitetype=="medword") {
    if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Medword Style'")))
      $style=$confi["value"];
  } else {
    if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Style'")))
      $style=$confi["value"];
  }
}

include_once("styles/".$style."/style.php");

// Language
if (isset($_GET["language"]) && file_exists($rootfolder."lang/".$_GET["lang"].".php"))
  $lang=$_GET["lang"];
else
  if (isset($_COOKIE["lang"]) && file_exists($rootfolder."lang/".$_COOKIE["lang"].".php"))
    $lang=$_COOKIE["lang"];
  else	
    if (($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Language'"))) && file_exists($rootfolder."lang/".$confi["value"].".php"))
      $lang=$confi["value"];
	else
	  $lang="english";  
	  
// Secure areas
$secure_views = "1";
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Secure Views'")))
  $secure_views=$confi["value"];
  
$secure_searches = "1";
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Secure Searches'")))
  $secure_searches=$confi["value"];
  
$secure_rosters = "1";
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Secure Rosters'")))
  $secure_rosters=$confi["value"];
  
$secure_others = "0";
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Secure Others'")))
  $secure_others=$confi["value"];

$freevisits = 5; // default free visits
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Free visits'")))
  $freevisits=$confi["value"];
  
$currentpoll = 1; // default poll
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current Poll'")))
  $currentpoll=$confi["value"];

// Current Pandora Overview
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current Overview'")))
{
  $query="SELECT * FROM overviews WHERE id='$confi[value]'";
  $res=mysql_query($query);
  if (mysql_num_rows($res) > 0)
  {
    $currentoverview=$confi["value"];
  } else
  {
    $query="SELECT * FROM overviews ORDER BY dateadded DESC LIMIT 1";
    $res=mysql_query($query);
    if ($overview=mysql_fetch_array($res))
      $currentoverview=$overview["id"];
  }  
}

// Current Aphorism
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current Aphorism'")))
{
  $query="SELECT * FROM aphorisms WHERE id='$confi[value]'";
  $res=mysql_query($query);
  if (mysql_num_rows($res) > 0)
  {
    $currentaphorism=$confi["value"];
  } else
  {
    $query="SELECT * FROM aphorisms ORDER BY dateadded DESC LIMIT 1";
    $res=mysql_query($query);
    if ($aphorism=mysql_fetch_array($res))
      $currentaphorism=$aphorism["id"];
  }  
}

// Current Image
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current Image'")))
{
  $query="SELECT * FROM images WHERE id='$confi[value]'";
  $res=mysql_query($query);
  if (mysql_num_rows($res) > 0)
  {
    $currentimage=$confi["value"];
  } else
  {
    $query="SELECT * FROM images ORDER BY dateadded DESC LIMIT 1";
    $res=mysql_query($query);
    if ($image=mysql_fetch_array($res))
      $currentimage=$image["id"];
  }  
}

// Current MedImage
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current MedImage'")))
{
  $query="SELECT * FROM images WHERE id='$confi[value]'";
  $res=mysql_query($query);
  if (mysql_num_rows($res) > 0)
  {
    $currentmedimage=$confi["value"];
  } else
  {
    $query="SELECT * FROM images ORDER BY dateadded DESC LIMIT 1";
    $res=mysql_query($query);
    if ($image=mysql_fetch_array($res))
      $currentmedimage=$image["id"];
  }  
}


// Current Medword Overview
if ($confi=mysql_fetch_array(mysql_query("SELECT * FROM config WHERE attribute = 'Current Medword'")))
{
  mysql_select_db($db_medword, $id_con);

  $query="SELECT * FROM medwords WHERE id='$confi[value]'";
  $res=mysql_query($query);
  if (mysql_num_rows($res) > 0)
  {
    $currentmedword=$confi["value"];
  } else
  {
    $query="SELECT * FROM medwords ORDER BY dateadded DESC LIMIT 1";
    $res=mysql_query($query);
    if ($medword=mysql_fetch_array($res))
      $currentmedword=$medword["id"];
  }  
}

// Select language
include("lang/".$lang.".php");

// Start session to access Global variables
?><?
  include_once("config.php");

// Defining languages and abbreviations used in Word Ideas flags and languages
$langflags = array("arab", "bulg", "eng", "fr", "gr", "ger", "heb", "hin", "ital", "lat", "lith", "pol", "port", "rus", "sp", "ukr");

$langflagsfull = array("Arabic", "Bulgarian", "English", "French", "Greek", "German", "Hebrew", "Hindi", "Italian", "Latin", "Lithuanian", "Polish", "Portuguese", "Russian", "Spanish", "Ukrainian");

$fontslist = array("Arial", "Arial Black", "Comic sans MS", "Courier", "Courier New", "Geneva", "Georgia", "Helvetica", "Impact", "Monospace", "Sans-serif", "Serif", "Tahoma", "Times", "Times New Roman", "Verdana");

// Put ',' every 3 digits in an integer
function groupby3($n)
{
  $s=$n.'';
  $res='';
  $j=0;
  $fppos=strlen($s)-1;
  for ($i=0; $i < strlen($s); $i++)
    if ($s[$i] == '.')
      $fppos=$i-1;
  for ($i=$fppos; $i>=0; $i--)
  {
    $res=$s[$i].$res;
    $j++;
    if (($j==3) && ($i!=0))
    {
      $j=0;
      $res=','.$res;
    }
  }
  for ($i=$fppos+1; $i < strlen($s); $i++)
    $res.=$s[$i];
  return $res;
}

// Convert bytes into Kbytes or Mbytes
function convertbytes($bytes)
{
  if ($bytes < 1024)
  {
    return $bytes.' Bytes';
  }
  if ($bytes < (1024*1024))
  {
    return ((($bytes*100)-(($bytes*100) % 1024))/102400).' KB';
  }
  return ((($bytes*100)-(($bytes*100) % (1024*1024)))/(1024*102400)).' MB';
}

// modify a variable value in a GET query of a URL
function updatequerystring($querystring, $param, $newvalue)
{
  $params=explode('&', $querystring);
  $res='';
  $i=0;
  $exists=false;
  while ((isset($params[$i])) && ($params[$i]!=''))
  {
    $paramvalue=explode('=', $params[$i]);
    $parameter=''; if (isset($paramvalue[0])) $parameter=$paramvalue[0];
    $value=''; if (isset($paramvalue[1])) $value=$paramvalue[1];
    if (strtoupper($parameter)==strtoupper($param))
    {
      $value=$newvalue;
      $exists=true;
    }
    if ($res!='') $res.='&';
    $res.=$parameter.'='.$value;
    $i++;
  }
  if (! $exists)
  {
    if ($res!='') $res.='&';
    $res.=$param.'='.$newvalue;
  }
  return $res;
}

// enhance text to fit into database table
function enhance($text)
{
  return trim(addslashes($text));
}

// remove a variable in a GET query of a URL
function removevarfromquerystring($querystring, $param)
{
  $params=explode('&', $querystring);
  $res='';
  $i=0;
  while ((isset($params[$i])) && ($params[$i]!=''))
  {
    $paramvalue=explode('=', $params[$i]);
    $parameter=''; if (isset($paramvalue[0])) $parameter=$paramvalue[0];
    $value=''; if (isset($paramvalue[1])) $value=$paramvalue[1];
    if (strtoupper($parameter)!=strtoupper($param))
    {
      if ($res!='') $res.='&';
      $res.=$parameter.'='.$value;
    }
    $i++;
  }
  return $res;
}

// Check for a validity of an email
function valid_email($email) {
  // First, we check that there's one @ symbol, and that the lengths are right
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
    return false;
  }
  // Split it into sections to make life easier
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
     if (!ereg("^(([A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~-][A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  }
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; // Not enough parts to domain
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
        return false;
      }
    }
  }
  return true;
}

// Get extention of file
function file_extention($file) {
    $fileExp = explode('.', $file); // make array off the periods
    $filetype = $fileExp[count($fileExp)-1]; // file extension will be last index in array, -1 for 0-based indexes
    return $filetype;
}


// Check if user is signed in
function signedin()
{
  global $serverhost;
  global $adminuser;
  global $adminpass;
  
  global $db_pandora;
  global $db_medword;
  
  if (isset($_SESSION["email"]) && isset($_SESSION["opassword"]))
  {
    $email = $_SESSION["email"];
    $opassword = $_SESSION["opassword"];
    if (!isset($_COOKIE["user_loggedin"])) 
      return false;

    $idcon=mysql_connect($serverhost, $adminuser, $adminpass);
    mysql_select_db($db_pandora, $idcon);

    $query="SELECT * FROM users WHERE Email='$email' AND Passphrase='$opassword'";
    $res=mysql_query($query);
    if (mysql_num_rows($res) > 0)
      return true;
  }
  return false;
}

function paid()
{
  global $serverhost;
  global $adminuser;
  global $adminpass;
  
  global $db_pandora;
  global $websitetype;

  global $email;

  if (signedin())
  {
    $idcon=mysql_connect($serverhost, $adminuser, $adminpass);
    mysql_select_db($db_pandora, $idcon);

    $query="SELECT * FROM users WHERE Email='$email'";
	$res=mysql_query($query);
	if ($p=mysql_fetch_array($res))
      if (($p["PaymentMade"] == "Y"))
	  {
        $lastpaymentdate = date('Y-m-d', strtotime('-'.$p["ActivationTime"].' day'));

        if ($websitetype == "medword")
          $query="SELECT * FROM payments WHERE UserID='$p[UserID]' AND PaymentDate > '$lastpaymentdate' AND ItemNumber LIKE 'MWD%'";
		else  
          $query="SELECT * FROM payments WHERE UserID='$p[UserID]' AND PaymentDate > '$lastpaymentdate' AND ItemNumber LIKE 'PWB%' OR ItemNumber LIKE 'MWD%'";

        if (mysql_num_rows(mysql_query($query)) > 0)
          return true;
	  } else
	  {
	    if (time() < strtotime($p["TempAccess"]))
		  return true;
	  }	  
  }

  return false;
}

// Check if the User is an Administrator
function is_admin()
{
  global $serverhost;
  global $adminuser;
  global $adminpass;

//  global $email;
//  global $opassword;

//  global $username;
//  global $password;

  global $db_pandora;

  if (signedin())
  {
    $email=$_SESSION['email'];
    $opassword=$_SESSION['opassword'];

    $idcon=mysql_connect($serverhost, $adminuser, $adminpass);
    mysql_select_db($db_pandora, $idcon);

  //  $query="SELECT * FROM users WHERE Email='$email' AND Passphrase='$opassword' AND admin='1'";
 $query="SELECT * FROM admin WHERE email='$email' AND password='$opassword'";
    $res=mysql_query($query);
    if (mysql_num_rows($res) > 0)
        return true;
  }

  return false;
}

// Open administrator session
function setadmin_login()
{
  if (is_admin())
  {
    $username=$_SESSION['email'];
    $password=$_SESSION['opassword'];
    SetCookie("username", $username);
    SetCookie("password", $password);
    $_COOKIE['username'] = $username;
    $_COOKIE['password'] = $password;
    return true;
  }
  else { return false; }
}

// Encode Password
function password($pw)
{
  global $serverhost;
  global $adminuser;
  global $adminpass;

  global $db_pandora;
  
  $idcon=mysql_connect($serverhost, $adminuser, $adminpass);
  mysql_select_db($db_pandora, $idcon);
  $query="UPDATE config SET value=OLD_PASSWORD('$pw') WHERE attribute='PWConvert'";
  mysql_query($query);
  $query="SELECT value FROM config WHERE attribute='PWConvert'";
  $res=mysql_query($query);
  $pwc=mysql_fetch_array($res);
  return $pwc["value"];
}

// Remove HTML tags
function removehtmltags($html)
{
  while (($i=strpos(" ".$html, "<")) > 0)
  {
    $j=strpos(" ".$html, ">", $i);
    if ($j==0) $j=strlen($html);
    $html=str_replace(substr($html, $i-1, $j-$i+1), "", $html);
  }
  
  $html = str_replace("&nbsp;", " ", $html);
  return $html;
}

// Check if HTML is blank
function is_blank($html)
{
  $html = removehtmltags($html);
  $html = str_replace(" ", "", $html);
  $html = str_replace("\n", "", $html);
  $html = str_replace("\r", "", $html);
  return ($html=="");
}

// Truncate a string by specifying the number of maximum words
function truncateByWords($str, $maxWords, $lineEnd)
{
   $stra = explode(" ", $str, $maxWords + 1);
   if (sizeof(explode(" ", $str)) > $maxWords)
      $stra[sizeof($stra)-1] = $lineEnd;
   return implode(" ", $stra);
}

// Truncate a string by specifying the number of minimum chars
function truncateString($str, $minChars)
{
  return substr($str, 0, strpos($str." ", " ", min($minChars, strlen($str)))) . ((strlen($str) > $minChars)?' ...':'');
}

function insertstring($str, $string)
{
  $pf = strpos($string, substr(strip_tags($string), 0, 3));
  return substr($string, 0, $pf).$str.substr($string, $pf);
}

function enhance_str($str)
{
	$str=str_replace(" \n", "\n", $str);
	$str=str_replace("\n ", "\n", $str);
	$str=str_replace("\n\n", "\n", $str);
	$str=str_replace(", , ", ", ", $str);
	$str=str_replace("\n, ", "\n", $str);
	$str=str_replace("#\n", "", "#".$str);
	$str=str_replace("#", "", $str);
	$str=str_replace("# ", "", "#".$str);
	$str=str_replace("#", "", $str);
	$str=str_replace("#,", "", "#".$str);
	$str=str_replace("#", "", $str);
	$str=str_replace("\n#", "", $str."#");
	$str=str_replace("#", "", $str);
	$str=str_replace(" #", "", $str."#");
	$str=str_replace("#", "", $str);
	$str=str_replace(",#", "", $str."#");
	$str=str_replace("#", "", $str);
	
	return $str;
}

function getfirstwords($str, $num_words)
{
  $str_a = explode(" ", $str, $num_words + 1);
  unset($str_a[$num_words]);
  return implode(" ", $str_a);
}

function encrypt_email($email)
{
  return md5(md5($email."1")."2");
}

?>