Added initial files

.htaccess

@@ -0,0 +1,4 @@
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php?qs=$1 [L]

cms/cache/.dummy

@@ -0,0 +1 @@
+

cms/config/.htaccess

@@ -0,0 +1 @@
+deny from all

cms/config/db_settings.conf.php

@@ -0,0 +1,20 @@
+<?php
+$db_settings['type'] =                'sqlite';
+
+$db_settings['db_content_file'] =     'cms/data/content.sqlite';
+$db_settings['settings_table'] =      'phpsqlitecms_settings';
+$db_settings['pages_table'] =         'phpsqlitecms_pages';
+$db_settings['menu_table'] =          'phpsqlitecms_menus';
+$db_settings['gcb_table'] =           'phpsqlitecms_gcb';
+$db_settings['news_table'] =          'phpsqlitecms_news';
+$db_settings['notes_table'] =         'phpsqlitecms_notes';
+$db_settings['photo_table'] =         'phpsqlitecms_photos';
+$db_settings['banlists_table'] =      'phpsqlitecms_banlists';
+
+$db_settings['db_entry_file'] =       'cms/data/entries.sqlite';
+$db_settings['comment_table'] =       'phpsqlitecms_comments';
+$db_settings['newsletter_table'] =    'phpsqlitecms_newsletter';
+
+$db_settings['db_userdata_file'] =    'cms/data/userdata.sqlite';
+$db_settings['userdata_table'] =      'phpsqlitecms_userdata';
+?>

cms/config/page_types.conf.php

@@ -0,0 +1,90 @@
+<?php
+$page_types['default'] = array(
+'page_type_label' => 'page_type_default',
+'requires_parameter' => false
+);
+
+$page_types['commentable_page'] = array(
+'page_type' => 'commentable_page.php',
+'page_type_label' => 'page_type_commentable',
+'requires_parameter' => false
+);
+
+$page_types['overview'] = array(
+'page_type' => 'overview.php',
+'page_type_label' => 'page_type_overview',
+'requires_parameter' => false
+);
+
+$page_types['news'] = array(
+'page_type' => 'news.php',
+'page_type_label' => 'page_type_news',
+'requires_parameter' => false
+);
+
+$page_types['simple_news'] = array(
+'page_type' => 'simple_news.php',
+'page_type_label' => 'page_type_simple_news',
+'requires_parameter' => false
+);
+
+$page_types['gallery'] = array(
+'page_type' => 'gallery.php',
+'page_type_label' => 'page_type_gallery',
+'requires_parameter' => true
+);
+
+$page_types['formmailer'] = array(
+'page_type' => 'formmailer.php',
+'page_type_label' => 'page_type_formmailer',
+'requires_parameter' => true
+);
+
+$page_types['redirect'] = array(
+'page_type' => 'redirect.php',
+'page_type_label' => 'page_type_redirect',
+'requires_parameter' => true
+);
+
+$page_types['notes'] = array(
+'page_type' => 'notes.php',
+'page_type_label' => 'page_type_notes',
+'requires_parameter' => true
+);
+
+$page_types['newsletter'] = array(
+'page_type' => 'newsletter.php',
+'page_type_label' => 'page_type_newsletter',
+'requires_parameter' => false
+);
+
+$page_types['search'] = array(
+'page_type' => 'search.php',
+'page_type_label' => 'page_type_search',
+'requires_parameter' => false
+);
+
+$page_types['lang_redirect'] = array(
+'page_type' => 'language_redirect.php',
+'page_type_label' => 'page_type_language_redirect',
+'requires_parameter' => false
+);
+
+$page_types['rss'] = array(
+'page_type' => 'rss.php',
+'page_type_label' => 'page_type_rss_feed',
+'requires_parameter' => false
+);
+
+$page_types['notes_rss'] = array(
+'page_type' => 'notes_rss.php',
+'page_type_label' => 'page_type_notes_rss_feed',
+'requires_parameter' => true
+);
+
+$page_types['sitemap'] = array(
+'page_type' => 'sitemap.php',
+'page_type_label' => 'page_type_sitemap',
+'requires_parameter' => false
+);
+?>

cms/config/smilies.conf.php

@@ -0,0 +1,9 @@
+<?php
+$smilies = array(
+array(':-)', 'smile.png'),
+array(';-)', 'wink.png'),
+array(':-P', 'tongue.png'),
+array(':-D', 'big_smile.png'),
+array(':-|', 'neutral.png'),
+array(':-(', 'sad.png'),
+);

cms/config/sql/mysql.initial.sql

@@ -0,0 +1,102 @@
+CREATE TABLE phpsqlitecms_banlists (name varchar(255) NOT NULL default '', list text NOT NULL) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_gcb (id int(11) NOT NULL auto_increment, title varchar(255) NOT NULL default '', content text NOT NULL, content_formatting tinyint(4) default '0', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_menus (id int(11) NOT NULL auto_increment, menu varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', name varchar(255) NOT NULL default '', title varchar(255) NOT NULL default '', link varchar(255) NOT NULL default '', section varchar(255) NOT NULL default '', accesskey varchar(255) NOT NULL default '', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_news (id int(11) NOT NULL auto_increment, page_id int(11), time int(11), title varchar(255) NOT NULL, teaser TEXT, text TEXT, text_formatting tinyint(4), linkname varchar(255), PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_notes (id int(11) NOT NULL auto_increment, note_section varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', time int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', text TEXT NOT NULL, text_formatting tinyint(4) default '0', link varchar(255) NOT NULL default '', linkname varchar(255) NOT NULL default '', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_pages (id int(11) NOT NULL auto_increment, page varchar(255) NOT NULL default '', author int(11) NOT NULL default '0', type varchar(255) NOT NULL default '', type_addition varchar(255) NOT NULL default '', time int(11) NOT NULL default '0', display_time tinyint(4) default '0', last_modified int(11) NOT NULL default '0', last_modified_by int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', page_title varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', keywords varchar(255) NOT NULL default '', category varchar(255) NOT NULL default '', page_info varchar(255) NOT NULL default '', language_file varchar(255) NOT NULL default '', breadcrumbs varchar(255) NOT NULL default '', sections varchar(255) NOT NULL default '', include_page int(11) NOT NULL default '0', include_order int(11) NOT NULL default '0', include_rss int(11) NOT NULL default '0', include_sitemap int(11) NOT NULL default '0', link_name varchar(255) NOT NULL default '', menu_1 varchar(255) NOT NULL default '', menu_2 varchar(255) NOT NULL default '', menu_3 varchar(255) NOT NULL default '', gcb_1 int(11) NOT NULL default '0', gcb_2 int(11) NOT NULL default '0', gcb_3 int(11) NOT NULL default '0', template varchar(255) NOT NULL default '', content_type varchar(255) NOT NULL default '', charset varchar(255) NOT NULL default '', headline varchar(255) NOT NULL default '', teaser_headline varchar(255) NOT NULL default '', teaser TEXT, teaser_formatting tinyint(4) default '0', teaser_img varchar(255) NOT NULL default '', content TEXT, content_formatting tinyint(4) default '0', sidebar_1 TEXT, sidebar_1_formatting tinyint(4) default '0', sidebar_2 TEXT, sidebar_2_formatting tinyint(4) default '0', sidebar_3 TEXT, sidebar_3_formatting tinyint(4) default '0', page_notes TEXT, edit_permission varchar(255) NOT NULL default '', edit_permission_general tinyint(4) default '0', custom_values varchar(255) NOT NULL default '', status tinyint(4) default '2', views int(11) NOT NULL default '0', include_news int(11) NOT NULL default '0', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_photos (id int(11) NOT NULL auto_increment, gallery varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', photo_thumbnail varchar(255) NOT NULL default '', photo_normal varchar(255) NOT NULL default '', photo_large varchar(255) NOT NULL default '', photo_xlarge varchar(255) NOT NULL default '', width int(11) NOT NULL default '0', height int(11) NOT NULL default '0', large_width int(11) NOT NULL default '0', large_height int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', subtitle varchar(255) NOT NULL default '', description TEXT NOT NULL, description_formatting tinyint(4) default '0', template varchar(255) NOT NULL default '', photos_per_row tinyint(4) NOT NULL default '4', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_settings (name varchar(255) NOT NULL default '', value varchar(255) NOT NULL default '') CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_comments (id int(11) NOT NULL auto_increment, type tinyint(4) NOT NULL default '0', comment_id int(11) NOT NULL default '0', time int(11) NOT NULL default '0', ip varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', email_hp varchar(255) NOT NULL default '', comment text NOT NULL, PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_newsletter (id int(11) NOT NULL auto_increment, newsletter_id int(11) NOT NULL default '0', time int(11) NOT NULL default '0', ip varchar(255) NOT NULL default '', email varchar(255) NOT NULL default '', confirmed tinyint(4) default '0', confirmation_code varchar(255) NOT NULL default '', PRIMARY KEY (id))  CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_userdata (id int(11) NOT NULL auto_increment, name varchar(255) NOT NULL default '', type tinyint(4) NOT NULL default '0', pw varchar(255) NOT NULL default '', last_login int(11) NOT NULL default '0', wysiwyg tinyint(4) NOT NULL default '0', PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+
+INSERT INTO phpsqlitecms_banlists VALUES('user_agents', '');
+INSERT INTO phpsqlitecms_banlists VALUES('ips', '');
+INSERT INTO phpsqlitecms_banlists VALUES('words', '');
+
+INSERT INTO phpsqlitecms_menus VALUES(1, 'main_menu', 1, 'Home', 'Home', '', 'home', '0');
+
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(1, 'index', 1, 'default', '', 1230764400, 0, 1275487165, 1, 'Home', 'A simple &amp; lightweight CMS', 'phpSQLiteCMS - a simple and lightweight content management system based on php and SQLite', 'CMS, content management system, php, sqlite', '', '', '', 'home', 0, 0, 0, 0, 'more...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', '', '', '', 1, '', '<h1>Welcome to phpSQLiteCMS with MySQL!</h1>\r\n\r\n<p><em>phpSQLiteCMS</em> is a simple and lightweight open source web content management system (CMS) based on <a href="http://php.net/" class="extern">PHP</a> and <a href="http://www.sqlite.org/" class="extern">SQLite</a>. It''s licensed under the <a href="http://www.gnu.org/copyleft/gpl.html" class="extern">GNU General Public License</a>.</p>\r\n\r\n<p><em>phpSQLiteCMS</em> is good if you want to quickly set up a small website without needing to spend a lot of time studying, installing and configuring (as SQLite is file-based, it just runs "out of the box"). But note that it is no large scale content management system - it''s a tiny and simple one!</p>\r\n\r\n<h2>Features</h2>\r\n\r\n<ul>\r\n<li>Simple and lightweight</li>\r\n<li>Runs out of the box (no database setup required)</li>\r\n<li>Optional caching to save server performance</li>\r\n<li>Supports news, overview and commentable pages, photo galleries, search function, RSS feeds and XML sitemaps</li>\r\n</ul>\r\n\r\n<h2>Example websites</h2>\r\n\r\n<ul>\r\n<li><a href="http://mylittlehomepage.net/" class="extern">my little homepage</a> - as its name implies ;-)</li>\r\n<li><a href="http://mylittleforum.net/" class="extern">my little forum</a> - another project of the author of <em>phpSQLiteCMS</em></li>\r\n<li><a href="http://procosara.org/" class="extern">Pro Cosara</a> - an association dedicated to the conservation of Atlantic Forest in Paraguay</li>\r\n</ul>', 0, '<div class="sidebarbox">\r\n<h3>It works!</h3>\r\n<p>If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=users&amp;edit=1|change the password]] (the default username and password is <i>admin</i>).</p>\r\n</div>\r\n\r\n<div class="sidebarbox subbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><label for="searchfield">Search this website:</label><br />\r\n<input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, 'Here you can write down some notes. These notes will not be published. If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=user|change the password]] (the default username and password is <i>admin</i>). Then you can begin to [[cms/index.php?mode=edit&amp;id=1|edit this page]]. The other pages are examples to see what you can do with this CMS. Just play with them to learn about the functionality...', '', 0, '', 2, 0, 0);
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(2, '404', 1, 'default', '', 1230764400, 0, 1243521399, 1, 'Not Found', '404 Not Found', '', '', '', '', '', '', 0, 0, 0, 0, 'mehr...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', 'Not Found', '', '', 1, '', 'The requested URL was not found on this server.', 1, '<div class="sidebarbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, '', '', 0, '', 1, 0, 0);
+
+INSERT INTO phpsqlitecms_settings VALUES('index_page','index');
+INSERT INTO phpsqlitecms_settings VALUES('error_page','404');
+INSERT INTO phpsqlitecms_settings VALUES('comment_order','1');
+INSERT INTO phpsqlitecms_settings VALUES('comments_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('default_page_language_file','English.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('website_title','phpSQLiteCMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_subtitle','A simple & lightweight CMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_1','');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_2','&copy; 2011 &hellip;');
+INSERT INTO phpsqlitecms_settings VALUES('news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('email','me@example.com');
+INSERT INTO phpsqlitecms_settings VALUES('comment_notification','0');
+INSERT INTO phpsqlitecms_settings VALUES('comment_maxlength','1000');
+INSERT INTO phpsqlitecms_settings VALUES('word_maxlength','30');
+INSERT INTO phpsqlitecms_settings VALUES('name_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('email_hp_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('default_image_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_thumbnail_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_gallery_image_class','thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('image_classes','float-left, float-right, thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('photos_commentable','0');
+INSERT INTO phpsqlitecms_settings VALUES('count_views','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_template','default.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_photo_template','photo.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_slideshow_template','slideshow.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('location_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('admin_entries_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('resize','640');
+INSERT INTO phpsqlitecms_settings VALUES('resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('compression','80');
+INSERT INTO phpsqlitecms_settings VALUES('session_prefix','phpsqlitecms_');
+INSERT INTO phpsqlitecms_settings VALUES('default_menu','main_menu');
+INSERT INTO phpsqlitecms_settings VALUES('smiley_directory','images/smilies');
+INSERT INTO phpsqlitecms_settings VALUES('comment_smilies','1');
+INSERT INTO phpsqlitecms_settings VALUES('comment_auto_link','1');
+INSERT INTO phpsqlitecms_settings VALUES('content_smilies','0');
+INSERT INTO phpsqlitecms_settings VALUES('content_auto_link','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_description','');
+INSERT INTO phpsqlitecms_settings VALUES('default_keywords','');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_key','');
+INSERT INTO phpsqlitecms_settings VALUES('rss_maximum_items','20');
+INSERT INTO phpsqlitecms_settings VALUES('search_results_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('counter_last_resetted','1249183456');
+INSERT INTO phpsqlitecms_settings VALUES('notes_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('entries_show_email','0');
+INSERT INTO phpsqlitecms_settings VALUES('mail_parameter','');
+INSERT INTO phpsqlitecms_settings VALUES('base_url','');
+INSERT INTO phpsqlitecms_settings VALUES('default_photos_per_row','4');
+INSERT INTO phpsqlitecms_settings VALUES('version','2.0.2');
+INSERT INTO phpsqlitecms_settings VALUES('caching','0');
+INSERT INTO phpsqlitecms_settings VALUES('breadcrumbs','5');
+INSERT INTO phpsqlitecms_settings VALUES('slideshow','0');
+INSERT INTO phpsqlitecms_settings VALUES('base_path','');
+INSERT INTO phpsqlitecms_settings VALUES('admin_language_file','English.admin.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('default_formatting','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_entry_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_mail_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('prevent_repeated_posts_minutes','2');
+INSERT INTO phpsqlitecms_settings VALUES('comment_remove_blank_lines','1');
+INSERT INTO phpsqlitecms_settings VALUES('admin_auto_clear_cache','1');
+INSERT INTO phpsqlitecms_settings VALUES('check_access_permission','0');
+INSERT INTO phpsqlitecms_settings VALUES('wysiwyg_editor','1');
+INSERT INTO phpsqlitecms_settings VALUES('time_zone','');
+INSERT INTO phpsqlitecms_settings VALUES('simple_news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('global_content_blocks','1');
+INSERT INTO phpsqlitecms_settings VALUES('include_news_items','3');
+INSERT INTO phpsqlitecms_settings VALUES('content_functions','0');
+INSERT INTO phpsqlitecms_settings VALUES('rss_feed','rss');
+INSERT INTO phpsqlitecms_settings VALUES('email_subject_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('email_text_maxlength','10000');
+INSERT INTO phpsqlitecms_settings VALUES('enable_fullfeeds','1');
+INSERT INTO phpsqlitecms_settings VALUES('pingback_title_maxlength','60');
+INSERT INTO phpsqlitecms_settings VALUES('pingbacks_enabled','1');
+INSERT INTO phpsqlitecms_settings VALUES('lightbox_enabled','0');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_compression','70');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize','170');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_postfix','_thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_prefix','');
+
+INSERT INTO phpsqlitecms_userdata VALUES(1, 'admin', 1, '75470d05abd21fb5e84e735d2bc595e2f7ecc5c7a5e98ad0d7', 1230764400, 0);

cms/config/sql/postgresql.initial.sql

@@ -0,0 +1,102 @@
+CREATE TABLE phpsqlitecms_banlists (name varchar(255) NOT NULL default '', list text NOT NULL);
+CREATE TABLE phpsqlitecms_gcb (id SERIAL PRIMARY KEY, title varchar(255) NOT NULL default '', content text NOT NULL, content_formatting smallint default '0');
+CREATE TABLE phpsqlitecms_menus (id SERIAL PRIMARY KEY, menu varchar(255) NOT NULL default '', sequence integer NOT NULL default '1', name varchar(255) NOT NULL default '', title varchar(255) NOT NULL default '', link varchar(255) NOT NULL default '', section varchar(255) NOT NULL default '', accesskey varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_news (id SERIAL PRIMARY KEY, page_id integer, time integer, title varchar(255) NOT NULL, teaser TEXT, text TEXT, text_formatting smallint, linkname varchar(255));
+CREATE TABLE phpsqlitecms_notes (id SERIAL PRIMARY KEY, note_section varchar(255) NOT NULL default '', sequence integer NOT NULL default '1', time integer NOT NULL default '0', title varchar(255) NOT NULL default '', text TEXT NOT NULL, text_formatting smallint default '0', link varchar(255) NOT NULL default '', linkname varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_pages (id SERIAL PRIMARY KEY, page varchar(255) NOT NULL default '', author integer NOT NULL default '0', type varchar(255) NOT NULL default '', type_addition varchar(255) NOT NULL default '', time integer NOT NULL default '0', display_time smallint default '0', last_modified integer NOT NULL default '0', last_modified_by integer NOT NULL default '0', title varchar(255) NOT NULL default '', page_title varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', keywords varchar(255) NOT NULL default '', category varchar(255) NOT NULL default '', page_info varchar(255) NOT NULL default '', language_file varchar(255) NOT NULL default '', breadcrumbs varchar(255) NOT NULL default '', sections varchar(255) NOT NULL default '', include_page integer NOT NULL default '0', include_order integer NOT NULL default '0', include_rss integer NOT NULL default '0', include_sitemap integer NOT NULL default '0', link_name varchar(255) NOT NULL default '', menu_1 varchar(255) NOT NULL default '', menu_2 varchar(255) NOT NULL default '', menu_3 varchar(255) NOT NULL default '', gcb_1 integer NOT NULL default '0', gcb_2 integer NOT NULL default '0', gcb_3 integer NOT NULL default '0', template varchar(255) NOT NULL default '', content_type varchar(255) NOT NULL default '', charset varchar(255) NOT NULL default '', headline varchar(255) NOT NULL default '', teaser_headline varchar(255) NOT NULL default '', teaser TEXT, teaser_formatting smallint default '0', teaser_img varchar(255) NOT NULL default '', content TEXT, content_formatting smallint default '0', sidebar_1 TEXT, sidebar_1_formatting smallint default '0', sidebar_2 TEXT, sidebar_2_formatting smallint default '0', sidebar_3 TEXT, sidebar_3_formatting smallint default '0', page_notes TEXT, edit_permission varchar(255) NOT NULL default '', edit_permission_general smallint default '0', custom_values varchar(255) NOT NULL default '', status smallint default '2', views integer NOT NULL default '0', include_news integer NOT NULL default '0');
+CREATE TABLE phpsqlitecms_photos (id SERIAL PRIMARY KEY, gallery varchar(255) NOT NULL default '', sequence integer NOT NULL default '1', photo_thumbnail varchar(255) NOT NULL default '', photo_normal varchar(255) NOT NULL default '', photo_large varchar(255) NOT NULL default '', photo_xlarge varchar(255) NOT NULL default '', width integer NOT NULL default '0', height integer NOT NULL default '0', large_width integer NOT NULL default '0', large_height integer NOT NULL default '0', title varchar(255) NOT NULL default '', subtitle varchar(255) NOT NULL default '', description TEXT NOT NULL, description_formatting smallint default '0', template varchar(255) NOT NULL default '', photos_per_row smallint NOT NULL default '4');
+CREATE TABLE phpsqlitecms_settings (name varchar(255) NOT NULL default '', value varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_comments (id SERIAL PRIMARY KEY, type smallint NOT NULL default '0', comment_id integer NOT NULL default '0', time integer NOT NULL default '0', ip varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', email_hp varchar(255) NOT NULL default '', comment text NOT NULL);
+CREATE TABLE phpsqlitecms_newsletter (id SERIAL PRIMARY KEY, newsletter_id integer NOT NULL default '0', time integer NOT NULL default '0', ip varchar(255) NOT NULL default '', email varchar(255) NOT NULL default '', confirmed smallint default '0', confirmation_code varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_userdata (id SERIAL PRIMARY KEY, name varchar(255) NOT NULL default '', type smallint NOT NULL default '0', pw varchar(255) NOT NULL default '', last_login integer NOT NULL default '0', wysiwyg smallint NOT NULL default '0');
+
+INSERT INTO phpsqlitecms_banlists VALUES('user_agents', '');
+INSERT INTO phpsqlitecms_banlists VALUES('ips', '');
+INSERT INTO phpsqlitecms_banlists VALUES('words', '');
+
+INSERT INTO phpsqlitecms_menus VALUES(1, 'main_menu', 1, 'Home', 'Home', '', 'home', '0');
+
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(1, 'index', 1, 'default', '', 1230764400, 0, 1275487165, 1, 'Home', 'A simple &amp; lightweight CMS', 'phpSQLiteCMS - a simple and lightweight content management system based on php and SQLite', 'CMS, content management system, php, sqlite', '', '', '', 'home', 0, 0, 0, 0, 'more...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', '', '', '', 1, '', '<h1>Welcome to phpSQLiteCMS with MySQL!</h1>\r\n\r\n<p><em>phpSQLiteCMS</em> is a simple and lightweight open source web content management system (CMS) based on <a href="http://php.net/" class="extern">PHP</a> and <a href="http://www.sqlite.org/" class="extern">SQLite</a>. It''s licensed under the <a href="http://www.gnu.org/copyleft/gpl.html" class="extern">GNU General Public License</a>.</p>\r\n\r\n<p><em>phpSQLiteCMS</em> is good if you want to quickly set up a small website without needing to spend a lot of time studying, installing and configuring (as SQLite is file-based, it just runs "out of the box"). But note that it is no large scale content management system - it''s a tiny and simple one!</p>\r\n\r\n<h2>Features</h2>\r\n\r\n<ul>\r\n<li>Simple and lightweight</li>\r\n<li>Runs out of the box (no database setup required)</li>\r\n<li>Optional caching to save server performance</li>\r\n<li>Supports news, overview and commentable pages, photo galleries, search function, RSS feeds and XML sitemaps</li>\r\n</ul>\r\n\r\n<h2>Example websites</h2>\r\n\r\n<ul>\r\n<li><a href="http://mylittlehomepage.net/" class="extern">my little homepage</a> - as its name implies ;-)</li>\r\n<li><a href="http://mylittleforum.net/" class="extern">my little forum</a> - another project of the author of <em>phpSQLiteCMS</em></li>\r\n<li><a href="http://procosara.org/" class="extern">Pro Cosara</a> - an association dedicated to the conservation of Atlantic Forest in Paraguay</li>\r\n</ul>', 0, '<div class="sidebarbox">\r\n<h3>It works!</h3>\r\n<p>If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=users&amp;edit=1|change the password]] (the default username and password is <i>admin</i>).</p>\r\n</div>\r\n\r\n<div class="sidebarbox subbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><label for="searchfield">Search this website:</label><br />\r\n<input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, 'Here you can write down some notes. These notes will not be published. If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=user|change the password]] (the default username and password is <i>admin</i>). Then you can begin to [[cms/index.php?mode=edit&amp;id=1|edit this page]]. The other pages are examples to see what you can do with this CMS. Just play with them to learn about the functionality...', '', 0, '', 2, 0, 0);
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(2, '404', 1, 'default', '', 1230764400, 0, 1243521399, 1, 'Not Found', '404 Not Found', '', '', '', '', '', '', 0, 0, 0, 0, 'mehr...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', 'Not Found', '', '', 1, '', 'The requested URL was not found on this server.', 1, '<div class="sidebarbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, '', '', 0, '', 1, 0, 0);
+
+INSERT INTO phpsqlitecms_settings VALUES('index_page','index');
+INSERT INTO phpsqlitecms_settings VALUES('error_page','404');
+INSERT INTO phpsqlitecms_settings VALUES('comment_order','1');
+INSERT INTO phpsqlitecms_settings VALUES('comments_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('default_page_language_file','English.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('website_title','phpSQLiteCMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_subtitle','A simple & lightweight CMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_1','');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_2','&copy; 2011 &hellip;');
+INSERT INTO phpsqlitecms_settings VALUES('news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('email','me@example.com');
+INSERT INTO phpsqlitecms_settings VALUES('comment_notification','0');
+INSERT INTO phpsqlitecms_settings VALUES('comment_maxlength','1000');
+INSERT INTO phpsqlitecms_settings VALUES('word_maxlength','30');
+INSERT INTO phpsqlitecms_settings VALUES('name_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('email_hp_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('default_image_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_thumbnail_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_gallery_image_class','thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('image_classes','float-left, float-right, thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('photos_commentable','0');
+INSERT INTO phpsqlitecms_settings VALUES('count_views','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_template','default.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_photo_template','photo.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_slideshow_template','slideshow.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('location_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('admin_entries_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('resize','640');
+INSERT INTO phpsqlitecms_settings VALUES('resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('compression','80');
+INSERT INTO phpsqlitecms_settings VALUES('session_prefix','phpsqlitecms_');
+INSERT INTO phpsqlitecms_settings VALUES('default_menu','main_menu');
+INSERT INTO phpsqlitecms_settings VALUES('smiley_directory','images/smilies');
+INSERT INTO phpsqlitecms_settings VALUES('comment_smilies','1');
+INSERT INTO phpsqlitecms_settings VALUES('comment_auto_link','1');
+INSERT INTO phpsqlitecms_settings VALUES('content_smilies','0');
+INSERT INTO phpsqlitecms_settings VALUES('content_auto_link','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_description','');
+INSERT INTO phpsqlitecms_settings VALUES('default_keywords','');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_key','');
+INSERT INTO phpsqlitecms_settings VALUES('rss_maximum_items','20');
+INSERT INTO phpsqlitecms_settings VALUES('search_results_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('counter_last_resetted','1249183456');
+INSERT INTO phpsqlitecms_settings VALUES('notes_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('entries_show_email','0');
+INSERT INTO phpsqlitecms_settings VALUES('mail_parameter','');
+INSERT INTO phpsqlitecms_settings VALUES('base_url','');
+INSERT INTO phpsqlitecms_settings VALUES('default_photos_per_row','4');
+INSERT INTO phpsqlitecms_settings VALUES('version','2.0.2');
+INSERT INTO phpsqlitecms_settings VALUES('caching','0');
+INSERT INTO phpsqlitecms_settings VALUES('breadcrumbs','5');
+INSERT INTO phpsqlitecms_settings VALUES('slideshow','0');
+INSERT INTO phpsqlitecms_settings VALUES('base_path','');
+INSERT INTO phpsqlitecms_settings VALUES('admin_language_file','English.admin.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('default_formatting','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_entry_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_mail_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('prevent_repeated_posts_minutes','2');
+INSERT INTO phpsqlitecms_settings VALUES('comment_remove_blank_lines','1');
+INSERT INTO phpsqlitecms_settings VALUES('admin_auto_clear_cache','1');
+INSERT INTO phpsqlitecms_settings VALUES('check_access_permission','0');
+INSERT INTO phpsqlitecms_settings VALUES('wysiwyg_editor','1');
+INSERT INTO phpsqlitecms_settings VALUES('time_zone','');
+INSERT INTO phpsqlitecms_settings VALUES('simple_news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('global_content_blocks','1');
+INSERT INTO phpsqlitecms_settings VALUES('include_news_items','3');
+INSERT INTO phpsqlitecms_settings VALUES('content_functions','0');
+INSERT INTO phpsqlitecms_settings VALUES('rss_feed','rss');
+INSERT INTO phpsqlitecms_settings VALUES('email_subject_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('email_text_maxlength','10000');
+INSERT INTO phpsqlitecms_settings VALUES('enable_fullfeeds','1');
+INSERT INTO phpsqlitecms_settings VALUES('pingback_title_maxlength','60');
+INSERT INTO phpsqlitecms_settings VALUES('pingbacks_enabled','1');
+INSERT INTO phpsqlitecms_settings VALUES('lightbox_enabled','0');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_compression','70');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize','170');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_postfix','_thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_prefix','');
+
+INSERT INTO phpsqlitecms_userdata VALUES(1, 'admin', 1, '75470d05abd21fb5e84e735d2bc595e2f7ecc5c7a5e98ad0d7', 1230764400, 0);

cms/config/sql/sqlite.initial.sql

@@ -0,0 +1,102 @@
+CREATE TABLE phpsqlitecms_banlists (name varchar(255) NOT NULL default '', list text NOT NULL);
+CREATE TABLE phpsqlitecms_gcb (id INTEGER PRIMARY KEY AUTOINCREMENT, title varchar(255) NOT NULL default '', content text NOT NULL, content_formatting tinyint(4) default '0');
+CREATE TABLE phpsqlitecms_menus (id INTEGER PRIMARY KEY AUTOINCREMENT, menu varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', name varchar(255) NOT NULL default '', title varchar(255) NOT NULL default '', link varchar(255) NOT NULL default '', section varchar(255) NOT NULL default '', accesskey varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_news (id INTEGER PRIMARY KEY AUTOINCREMENT, page_id int(11), time int(11), title varchar(255) NOT NULL, teaser TEXT, text TEXT, text_formatting tinyint(4), linkname varchar(255), PRIMARY KEY (id)) CHARSET=utf8 COLLATE=utf8_general_ci;
+CREATE TABLE phpsqlitecms_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, note_section varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', time int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', text TEXT NOT NULL, text_formatting tinyint(4) default '0', link varchar(255) NOT NULL default '', linkname varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_pages (id INTEGER PRIMARY KEY AUTOINCREMENT, page varchar(255) NOT NULL default '', author int(11) NOT NULL default '0', type varchar(255) NOT NULL default '', type_addition varchar(255) NOT NULL default '', time int(11) NOT NULL default '0', display_time tinyint(4) default '0', last_modified int(11) NOT NULL default '0', last_modified_by int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', page_title varchar(255) NOT NULL default '', description varchar(255) NOT NULL default '', keywords varchar(255) NOT NULL default '', category varchar(255) NOT NULL default '', page_info varchar(255) NOT NULL default '', language_file varchar(255) NOT NULL default '', breadcrumbs varchar(255) NOT NULL default '', sections varchar(255) NOT NULL default '', include_page int(11) NOT NULL default '0', include_order int(11) NOT NULL default '0', include_rss int(11) NOT NULL default '0', include_sitemap int(11) NOT NULL default '0', link_name varchar(255) NOT NULL default '', menu_1 varchar(255) NOT NULL default '', menu_2 varchar(255) NOT NULL default '', menu_3 varchar(255) NOT NULL default '', gcb_1 int(11) NOT NULL default '0', gcb_2 int(11) NOT NULL default '0', gcb_3 int(11) NOT NULL default '0', template varchar(255) NOT NULL default '', content_type varchar(255) NOT NULL default '', charset varchar(255) NOT NULL default '', headline varchar(255) NOT NULL default '', teaser_headline varchar(255) NOT NULL default '', teaser TEXT, teaser_formatting tinyint(4) default '0', teaser_img varchar(255) NOT NULL default '', content TEXT, content_formatting tinyint(4) default '0', sidebar_1 TEXT, sidebar_1_formatting tinyint(4) default '0', sidebar_2 TEXT, sidebar_2_formatting tinyint(4) default '0', sidebar_3 TEXT, sidebar_3_formatting tinyint(4) default '0', page_notes TEXT, edit_permission varchar(255) NOT NULL default '', edit_permission_general tinyint(4) default '0', custom_values varchar(255) NOT NULL default '', status tinyint(4) default '2', views int(11) NOT NULL default '0', include_news int(11) NOT NULL default '0');
+CREATE TABLE phpsqlitecms_photos (id INTEGER PRIMARY KEY AUTOINCREMENT, gallery varchar(255) NOT NULL default '', sequence int(11) NOT NULL default '1', photo_thumbnail varchar(255) NOT NULL default '', photo_normal varchar(255) NOT NULL default '', photo_large varchar(255) NOT NULL default '', photo_xlarge varchar(255) NOT NULL default '', width int(11) NOT NULL default '0', height int(11) NOT NULL default '0', large_width int(11) NOT NULL default '0', large_height int(11) NOT NULL default '0', title varchar(255) NOT NULL default '', subtitle varchar(255) NOT NULL default '', description TEXT NOT NULL, description_formatting tinyint(4) default '0', template varchar(255) NOT NULL default '', photos_per_row tinyint(4) NOT NULL default '4');
+CREATE TABLE phpsqlitecms_settings (name varchar(255) NOT NULL default '', value varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_comments (id INTEGER PRIMARY KEY AUTOINCREMENT, type tinyint(4) NOT NULL default '0', comment_id int(11) NOT NULL default '0', time int(11) NOT NULL default '0', ip varchar(255) NOT NULL default '', name varchar(255) NOT NULL default '', email_hp varchar(255) NOT NULL default '', comment text NOT NULL);
+CREATE TABLE phpsqlitecms_newsletter (id INTEGER PRIMARY KEY AUTOINCREMENT, newsletter_id int(11) NOT NULL default '0', time int(11) NOT NULL default '0', ip varchar(255) NOT NULL default '', varchar(255) NOT NULL default '', confirmed tinyint(4) default '0', confirmation_code varchar(255) NOT NULL default '');
+CREATE TABLE phpsqlitecms_userdata (id INTEGER PRIMARY KEY AUTOINCREMENT, name varchar(255) NOT NULL default '', type tinyint(4) NOT NULL default '0', pw varchar(255) NOT NULL default '', last_login int(11) NOT NULL default '0', wysiwyg tinyint(4) NOT NULL default '0');
+
+INSERT INTO phpsqlitecms_banlists VALUES('user_agents', '');
+INSERT INTO phpsqlitecms_banlists VALUES('ips', '');
+INSERT INTO phpsqlitecms_banlists VALUES('words', '');
+
+INSERT INTO phpsqlitecms_menus VALUES(1, 'main_menu', 1, 'Home', 'Home', '', 'home', '0');
+
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(1, 'index', 1, 'default', '', 1230764400, 0, 1275487165, 1, 'Home', 'A simple &amp; lightweight CMS', 'phpSQLiteCMS - a simple and lightweight content management system based on php and SQLite', 'CMS, content management system, php, sqlite', '', '', '', 'home', 0, 0, 0, 0, 'more...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', '', '', '', 1, '', '<h1>Welcome!</h1>\r\n\r\n<p><em>phpSQLiteCMS</em> is a simple and lightweight open source web content management system (CMS) based on <a href="http://php.net/" class="extern">PHP</a> and <a href="http://www.sqlite.org/" class="extern">SQLite</a>. It''s licensed under the <a href="http://www.gnu.org/copyleft/gpl.html" class="extern">GNU General Public License</a>.</p>\r\n\r\n<p><em>phpSQLiteCMS</em> is good if you want to quickly set up a small website without needing to spend a lot of time studying, installing and configuring (as SQLite is file-based, it just runs "out of the box"). But note that it is no large scale content management system - it''s a tiny and simple one!</p>\r\n\r\n<h2>Features</h2>\r\n\r\n<ul>\r\n<li>Simple and lightweight</li>\r\n<li>Runs out of the box (no database setup required)</li>\r\n<li>Optional caching to save server performance</li>\r\n<li>Supports news, overview and commentable pages, photo galleries, search function, RSS feeds and XML sitemaps</li>\r\n</ul>\r\n\r\n<h2>Example websites</h2>\r\n\r\n<ul>\r\n<li><a href="http://mylittlehomepage.net/" class="extern">my little homepage</a> - as its name implies ;-)</li>\r\n<li><a href="http://mylittleforum.net/" class="extern">my little forum</a> - another project of the author of <em>phpSQLiteCMS</em></li>\r\n<li><a href="http://procosara.org/" class="extern">Pro Cosara</a> - an association dedicated to the conservation of Atlantic Forest in Paraguay</li>\r\n</ul>', 0, '<div class="sidebarbox">\r\n<h3>It works!</h3>\r\n<p>If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=users&amp;edit=1|change the password]] (the default username and password is <i>admin</i>).</p>\r\n</div>\r\n\r\n<div class="sidebarbox subbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><label for="searchfield">Search this website:</label><br />\r\n<input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, 'Here you can write down some notes. These notes will not be published. If you see this, <em>phpSQLiteCMS</em> seems to work! First thing to do is [[cms/index.php|log in]] and [[cms/index.php?mode=user|change the password]] (the default username and password is <i>admin</i>). Then you can begin to [[cms/index.php?mode=edit&amp;id=1|edit this page]]. The other pages are examples to see what you can do with this CMS. Just play with them to learn about the functionality...', '', 0, '', 2, 0, 0);
+INSERT INTO phpsqlitecms_pages (id, page, author, type, type_addition, time, display_time, last_modified, last_modified_by, title, page_title, description, keywords, page_info, language_file, breadcrumbs, sections, include_page, include_order, include_rss, include_sitemap, link_name, menu_1, menu_2, menu_3, gcb_1, gcb_2, gcb_3, template, content_type, charset, headline, teaser_headline, teaser, teaser_formatting, teaser_img, content, content_formatting, sidebar_1, sidebar_1_formatting, sidebar_2, sidebar_2_formatting, sidebar_3, sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, custom_values, status, views, include_news) VALUES(2, '404', 1, 'default', '', 1230764400, 0, 1243521399, 1, 'Not Found', '404 Not Found', '', '', '', '', '', '', 0, 0, 0, 0, 'mehr...', 'main_menu', '', '', 0, 0, 0, 'default.tpl', '', '', 'Not Found', '', '', 1, '', 'The requested URL was not found on this server.', 1, '<div class="sidebarbox">\r\n<h3>Search</h3>\r\n<form id="search" action="search" method="post">\r\n<p><input id="searchfield" type="text" name="q" value="" size="22" maxlength="200" /> <input type="image" name="" src="templates/images/submit.png" alt="&raquo;" /></p>\r\n</form>\r\n</div>', 0, '', 0, '', 0, '', '', 0, '', 1, 0, 0);
+
+INSERT INTO phpsqlitecms_settings VALUES('index_page','index');
+INSERT INTO phpsqlitecms_settings VALUES('error_page','404');
+INSERT INTO phpsqlitecms_settings VALUES('comment_order','1');
+INSERT INTO phpsqlitecms_settings VALUES('comments_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('default_page_language_file','English.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('website_title','phpSQLiteCMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_subtitle','A simple & lightweight CMS');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_1','');
+INSERT INTO phpsqlitecms_settings VALUES('website_footnote_2','&copy; 2011 &hellip;');
+INSERT INTO phpsqlitecms_settings VALUES('news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('email','me@example.com');
+INSERT INTO phpsqlitecms_settings VALUES('comment_notification','0');
+INSERT INTO phpsqlitecms_settings VALUES('comment_maxlength','1000');
+INSERT INTO phpsqlitecms_settings VALUES('word_maxlength','30');
+INSERT INTO phpsqlitecms_settings VALUES('name_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('email_hp_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('default_image_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_thumbnail_class','teaser');
+INSERT INTO phpsqlitecms_settings VALUES('default_gallery_image_class','thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('image_classes','float-left, float-right, thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('photos_commentable','0');
+INSERT INTO phpsqlitecms_settings VALUES('count_views','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_template','default.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_photo_template','photo.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('default_slideshow_template','slideshow.tpl');
+INSERT INTO phpsqlitecms_settings VALUES('location_maxlength','50');
+INSERT INTO phpsqlitecms_settings VALUES('admin_entries_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('resize','640');
+INSERT INTO phpsqlitecms_settings VALUES('resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('compression','80');
+INSERT INTO phpsqlitecms_settings VALUES('session_prefix','phpsqlitecms_');
+INSERT INTO phpsqlitecms_settings VALUES('default_menu','main_menu');
+INSERT INTO phpsqlitecms_settings VALUES('smiley_directory','images/smilies');
+INSERT INTO phpsqlitecms_settings VALUES('comment_smilies','1');
+INSERT INTO phpsqlitecms_settings VALUES('comment_auto_link','1');
+INSERT INTO phpsqlitecms_settings VALUES('content_smilies','0');
+INSERT INTO phpsqlitecms_settings VALUES('content_auto_link','0');
+INSERT INTO phpsqlitecms_settings VALUES('default_description','');
+INSERT INTO phpsqlitecms_settings VALUES('default_keywords','');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_key','');
+INSERT INTO phpsqlitecms_settings VALUES('rss_maximum_items','20');
+INSERT INTO phpsqlitecms_settings VALUES('search_results_per_page','20');
+INSERT INTO phpsqlitecms_settings VALUES('counter_last_resetted','1249183456');
+INSERT INTO phpsqlitecms_settings VALUES('notes_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('entries_show_email','0');
+INSERT INTO phpsqlitecms_settings VALUES('mail_parameter','');
+INSERT INTO phpsqlitecms_settings VALUES('base_url','');
+INSERT INTO phpsqlitecms_settings VALUES('default_photos_per_row','4');
+INSERT INTO phpsqlitecms_settings VALUES('version','2.0.2');
+INSERT INTO phpsqlitecms_settings VALUES('caching','0');
+INSERT INTO phpsqlitecms_settings VALUES('breadcrumbs','5');
+INSERT INTO phpsqlitecms_settings VALUES('slideshow','0');
+INSERT INTO phpsqlitecms_settings VALUES('base_path','');
+INSERT INTO phpsqlitecms_settings VALUES('admin_language_file','English.admin.lang.php');
+INSERT INTO phpsqlitecms_settings VALUES('default_formatting','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_entry_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('akismet_mail_check','0');
+INSERT INTO phpsqlitecms_settings VALUES('prevent_repeated_posts_minutes','2');
+INSERT INTO phpsqlitecms_settings VALUES('comment_remove_blank_lines','1');
+INSERT INTO phpsqlitecms_settings VALUES('admin_auto_clear_cache','1');
+INSERT INTO phpsqlitecms_settings VALUES('check_access_permission','0');
+INSERT INTO phpsqlitecms_settings VALUES('wysiwyg_editor','1');
+INSERT INTO phpsqlitecms_settings VALUES('time_zone','');
+INSERT INTO phpsqlitecms_settings VALUES('simple_news_per_page','10');
+INSERT INTO phpsqlitecms_settings VALUES('global_content_blocks','1');
+INSERT INTO phpsqlitecms_settings VALUES('include_news_items','3');
+INSERT INTO phpsqlitecms_settings VALUES('content_functions','0');
+INSERT INTO phpsqlitecms_settings VALUES('rss_feed','rss');
+INSERT INTO phpsqlitecms_settings VALUES('email_subject_maxlength','100');
+INSERT INTO phpsqlitecms_settings VALUES('email_text_maxlength','10000');
+INSERT INTO phpsqlitecms_settings VALUES('enable_fullfeeds','1');
+INSERT INTO phpsqlitecms_settings VALUES('pingback_title_maxlength','60');
+INSERT INTO phpsqlitecms_settings VALUES('pingbacks_enabled','1');
+INSERT INTO phpsqlitecms_settings VALUES('lightbox_enabled','0');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize_xy','x');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_compression','70');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_resize','170');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_postfix','_thumbnail');
+INSERT INTO phpsqlitecms_settings VALUES('thumbnail_prefix','');
+
+INSERT INTO phpsqlitecms_userdata VALUES(1, 'admin', 1, '75470d05abd21fb5e84e735d2bc595e2f7ecc5c7a5e98ad0d7', 1230764400, 0);

cms/data/.htaccess

@@ -0,0 +1 @@
+deny from all

cms/includes/admin_index.inc.php

@@ -0,0 +1,10 @@
+<?php
+if(!defined('IN_INDEX') || empty($_SESSION[$settings['session_prefix'].'user_id'])) exit;
+
+if(isset($_GET['msg']))
+ {
+  $template->assign('msg',htmlspecialchars($_GET['msg']));
+ }
+
+$template->assign('subtemplate', 'admin_index.inc.tpl');
+?>

cms/includes/ajaxprocess.inc.php

@@ -0,0 +1,48 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_REQUEST['action']))
+   {
+    switch($_REQUEST['action'])
+     {
+      case 'reorder':
+       if(isset($_REQUEST['galleries']))
+        {
+         $table = Database::$db_settings['photo_table'];
+         $list = $_REQUEST['galleries'];
+        }
+       elseif(isset($_REQUEST['menus']))
+        {
+         $table = Database::$db_settings['menu_table'];
+         $list = $_REQUEST['menus'];
+        }
+       elseif(isset($_REQUEST['notes']))
+        {
+         $table = Database::$db_settings['notes_table'];
+         $list = $_REQUEST['notes'];
+        }
+       if(isset($list) && isset($table))
+        {
+         $list_items = explode(',', $list);
+         $sequence = 1;
+         $dbr = Database::$content->prepare("UPDATE ".$table." SET sequence=:sequence WHERE id=:id");
+         $dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
+         $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+         Database::$content->beginTransaction();
+         foreach($list_items as $id)
+          {
+           $dbr->execute();
+           ++$sequence;
+          }
+         Database::$content->commit();
+         if(isset($cache) && $cache->autoClear) $cache->clear();
+        } 
+      break;
+     }
+   }
+ }
+
+exit;
+?>

cms/includes/classes/Akismet.class.php

@@ -0,0 +1,388 @@
+<?php
+/**
+ * 01.07.2008 22:32:28est
+ *
+ * Akismet PHP4 class
+ *
+ * <b>Usage</b>
+ * <code>
+ *    $comment = array(
+ *           'author'    => 'viagra-test-123',
+ *           'email'     => 'test@example.com',
+ *           'website'   => 'http://www.example.com/',
+ *           'body'      => 'This is a test comment',
+ *           'permalink' => 'http://yourdomain.com/yourblogpost.url',
+ *        );
+ *
+ *    $akismet = new Akismet('http://www.yourdomain.com/', 'YOUR_WORDPRESS_API_KEY', $comment);
+ *
+ *    if($akismet->errorsExist()) {
+ *        echo"Couldn't connected to Akismet server!";
+ *    } else {
+ *        if($akismet->isSpam()) {
+ *            echo"Spam detected";
+ *        } else {
+ *            echo"yay, no spam!";
+ *        }
+ *    }
+ * </code>
+ *
+ * @author Bret Kuhns {@link www.miphp.net}
+ * @link http://www.miphp.net/blog/view/new_akismet_class/
+ * @version 0.3.4
+ * @license http://www.opensource.org/licenses/mit-license.php MIT License
+ */
+
+
+
+// Error constants
+define("AKISMET_SERVER_NOT_FOUND",	0);
+define("AKISMET_RESPONSE_FAILED",	1);
+define("AKISMET_INVALID_KEY",		2);
+
+
+
+// Base class to assist in error handling between Akismet classes
+class AkismetObject {
+	var $errors = array();
+
+
+	/**
+	 * Add a new error to the errors array in the object
+	 *
+	 * @param	String	$name	A name (array key) for the error
+	 * @param	String	$string	The error message
+	 * @return void
+	 */
+	// Set an error in the object
+	function setError($name, $message) {
+		$this->errors[$name] = $message;
+	}
+
+
+	/**
+	 * Return a specific error message from the errors array
+	 *
+	 * @param	String	$name	The name of the error you want
+	 * @return mixed	Returns a String if the error exists, a false boolean if it does not exist
+	 */
+	function getError($name) {
+		if($this->isError($name)) {
+			return $this->errors[$name];
+		} else {
+			return false;
+		}
+	}
+
+
+	/**
+	 * Return all errors in the object
+	 *
+	 * @return String[]
+	 */
+	function getErrors() {
+		return (array)$this->errors;
+	}
+
+
+	/**
+	 * Check if a certain error exists
+	 *
+	 * @param	String	$name	The name of the error you want
+	 * @return boolean
+	 */
+	function isError($name) {
+		return isset($this->errors[$name]);
+	}
+
+
+	/**
+	 * Check if any errors exist
+	 *
+	 * @return boolean
+	 */
+	function errorsExist() {
+		return (count($this->errors) > 0);
+	}
+
+
+}
+
+
+
+
+
+// Used by the Akismet class to communicate with the Akismet service
+class AkismetHttpClient extends AkismetObject {
+	var $akismetVersion = '1.1';
+	var $con;
+	var $host;
+	var $port;
+	var $apiKey;
+	var $blogUrl;
+	var $errors = array();
+
+
+	// Constructor
+	function AkismetHttpClient($host, $blogUrl, $apiKey, $port = 80) {
+		$this->host = $host;
+		$this->port = $port;
+		$this->blogUrl = $blogUrl;
+		$this->apiKey = $apiKey;
+	}
+
+
+	// Use the connection active in $con to get a response from the server and return that response
+	function getResponse($request, $path, $type = "post", $responseLength = 1160) {
+		$this->_connect();
+
+		if($this->con && !$this->isError(AKISMET_SERVER_NOT_FOUND)) {
+			$request  =
+					strToUpper($type)." /{$this->akismetVersion}/$path HTTP/1.0\r\n" .
+					"Host: ".((!empty($this->apiKey)) ? $this->apiKey."." : null)."{$this->host}\r\n" .
+					"Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n" .
+					"Content-Length: ".strlen($request)."\r\n" .
+					"User-Agent: Akismet PHP4 Class\r\n" .
+					"\r\n" .
+					$request
+				;
+			$response = "";
+
+			@fwrite($this->con, $request);
+
+			while(!feof($this->con)) {
+				$response .= @fgets($this->con, $responseLength);
+			}
+
+			$response = explode("\r\n\r\n", $response, 2);
+			return $response[1];
+		} else {
+			$this->setError(AKISMET_RESPONSE_FAILED, "The response could not be retrieved.");
+		}
+
+		$this->_disconnect();
+	}
+
+
+	// Connect to the Akismet server and store that connection in the instance variable $con
+	function _connect() {
+		if(!($this->con = @fsockopen($this->host, $this->port, $errno, $errstr, 25))) {
+			$this->setError(AKISMET_SERVER_NOT_FOUND, "Could not connect to akismet server.");
+		}
+	}
+
+
+	// Close the connection to the Akismet server
+	function _disconnect() {
+		@fclose($this->con);
+	}
+
+
+}
+
+
+
+
+
+// The controlling class. This is the ONLY class the user should instantiate in
+// order to use the Akismet service!
+class Akismet extends AkismetObject {
+	var $apiPort = 80;
+	var $akismetServer = 'rest.akismet.com';
+	var $akismetVersion = '1.1';
+	var $http;
+
+	var $ignore = array(
+			'HTTP_COOKIE',
+			'HTTP_X_FORWARDED_FOR',
+			'HTTP_X_FORWARDED_HOST',
+			'HTTP_MAX_FORWARDS',
+			'HTTP_X_FORWARDED_SERVER',
+			'REDIRECT_STATUS',
+			'SERVER_PORT',
+			'PATH',
+			'DOCUMENT_ROOT',
+			'SERVER_ADMIN',
+			'QUERY_STRING',
+			'PHP_SELF',
+			'argv'
+		);
+
+	var $blogUrl = "";
+	var $apiKey  = "";
+	var $comment = array();
+
+
+	/**
+	 * Constructor
+	 *
+	 * Set instance variables, connect to Akismet, and check API key
+	 *
+	 * @param	String	$blogUrl	The URL to your own blog
+	 * @param 	String	$apiKey		Your wordpress API key
+	 * @param 	String[]	$comment	A formatted comment array to be examined by the Akismet service
+	 * @return	Akismet
+	 */
+	function Akismet($blogUrl, $apiKey, $comment = array()) {
+		$this->blogUrl = $blogUrl;
+		$this->apiKey  = $apiKey;
+		$this->setComment($comment);
+
+		// Connect to the Akismet server and populate errors if they exist
+		$this->http = new AkismetHttpClient($this->akismetServer, $blogUrl, $apiKey);
+		if($this->http->errorsExist()) {
+			$this->errors = array_merge($this->errors, $this->http->getErrors());
+		}
+
+		// Check if the API key is valid
+		if(!$this->_isValidApiKey($apiKey)) {
+			$this->setError(AKISMET_INVALID_KEY, "Your Akismet API key is not valid.");
+		}
+	}
+
+
+	/**
+	 * Query the Akismet and determine if the comment is spam or not
+	 *
+	 * @return	boolean
+	 */
+	function isSpam() {
+		$response = $this->http->getResponse($this->_getQueryString(), 'comment-check');
+
+		return ($response == "true");
+	}
+
+
+	/**
+	 * Submit this comment as an unchecked spam to the Akismet server
+	 *
+	 * @return	void
+	 */
+	function submitSpam() {
+		$this->http->getResponse($this->_getQueryString(), 'submit-spam');
+	}
+
+
+	/**
+	 * Submit a false-positive comment as "ham" to the Akismet server
+	 *
+	 * @return	void
+	 */
+	function submitHam() {
+		$this->http->getResponse($this->_getQueryString(), 'submit-ham');
+	}
+
+
+	/**
+	 * Manually set the comment value of the instantiated object.
+	 *
+	 * @param	Array	$comment
+	 * @return	void
+	 */
+	function setComment($comment) {
+		$this->comment = $comment;
+		if(!empty($comment)) {
+			$this->_formatCommentArray();
+			$this->_fillCommentValues();
+		}
+	}
+
+
+	/**
+	 * Returns the current value of the object's comment array.
+	 *
+	 * @return	Array
+	 */
+	function getComment() {
+		return $this->comment;
+	}
+
+
+	/**
+	 * Check with the Akismet server to determine if the API key is valid
+	 *
+	 * @access	Protected
+	 * @param	String	$key	The Wordpress API key passed from the constructor argument
+	 * @return	boolean
+	 */
+	function _isValidApiKey($key) {
+		$keyCheck = $this->http->getResponse("key=".$this->apiKey."&blog=".$this->blogUrl, 'verify-key');
+
+		return ($keyCheck == "valid");
+	}
+
+
+	/**
+	 * Format the comment array in accordance to the Akismet API
+	 *
+	 * @access	Protected
+	 * @return	void
+	 */
+	function _formatCommentArray() {
+		$format = array(
+				'type' => 'comment_type',
+				'author' => 'comment_author',
+				'email' => 'comment_author_email',
+				'website' => 'comment_author_url',
+				'body' => 'comment_content'
+			);
+
+		foreach($format as $short => $long) {
+			if(isset($this->comment[$short])) {
+				$this->comment[$long] = $this->comment[$short];
+				unset($this->comment[$short]);
+			}
+		}
+	}
+
+
+	/**
+	 * Fill any values not provided by the developer with available values.
+	 *
+	 * @return	void
+	 */
+	function _fillCommentValues() {
+		if(!isset($this->comment['user_ip'])) {
+			$this->comment['user_ip'] = ($_SERVER['REMOTE_ADDR'] != getenv('SERVER_ADDR')) ? $_SERVER['REMOTE_ADDR'] : getenv('HTTP_X_FORWARDED_FOR');
+		}
+		if(!isset($this->comment['user_agent'])) {
+			$this->comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
+		}
+		if(!isset($this->comment['referrer'])) {
+			$this->comment['referrer'] = $_SERVER['HTTP_REFERER'];
+		}
+		if(!isset($this->comment['blog'])) {
+			$this->comment['blog'] = $this->blogUrl;
+		}
+	}
+
+
+	/**
+	 * Build a query string for use with HTTP requests
+	 *
+	 * @access	Protected
+	 * @return	String
+	 */
+	function _getQueryString() {
+		foreach($_SERVER as $key => $value) {
+			if(!in_array($key, $this->ignore)) {
+				if($key == 'REMOTE_ADDR') {
+					$this->comment[$key] = $this->comment['user_ip'];
+				} else {
+					$this->comment[$key] = $value;
+				}
+			}
+		}
+
+		$query_string = '';
+
+		foreach($this->comment as $key => $data) {
+			$query_string .= $key . '=' . urlencode(stripslashes($data)) . '&';
+		}
+
+		return $query_string;
+	}
+
+
+}
+?>

cms/includes/classes/Cache.class.php

@@ -0,0 +1,136 @@
+<?php
+class Cache
+ {
+  #const CLEAR_INCLUDE_PAGE = true;
+  public $doCaching = true;
+  public $autoClear = true;
+  public $cacheId = false;
+  private $_cacheDir;
+  private $_settings;
+
+  public function __construct($cacheDir, $settings)
+   {
+    $this->_cacheDir = $cacheDir;
+    $this->_settings = $settings;
+   }
+
+  public function createCacheContent($content, $content_type, $charset)
+   {
+    $cacheContent = '<?php
+header(\'Last-Modified: ' . gmdate("D, d M Y H:i:s",time()) . ' GMT\');
+header(\'Cache-Control: public\');
+if(isset($_SERVER[\'HTTP_IF_MODIFIED_SINCE\']) && '.time().' <= strtotime($_SERVER[\'HTTP_IF_MODIFIED_SINCE\']))
+{
+header(\'HTTP/1.1 304 Not Modified\');
+exit;
+}
+else
+{
+';
+    if(function_exists('xgzencode')) $cacheContent .= 'if(isset($_SERVER[\'HTTP_ACCEPT_ENCODING\']) && strpos($_SERVER[\'HTTP_ACCEPT_ENCODING\'], \'gzip\')!==false)
+{
+header(\'Content-Encoding: gzip\');
+header(\'Content-Type: '.$content_type.'; charset='.$charset.'\'); ?'.'>'.gzencode($content, 9).'<?php
+}
+else
+{
+header(\'Content-Type: '.$content_type.'; charset='.$charset.'\'); ?'.'>'.$content.'<?php
+}';
+    else $cacheContent .= 'header(\'Content-Type: '.$content_type.'; charset='.$charset.'\'); ?'.'>'.$content.'<?php
+';
+$cacheContent .= '}
+?>';
+    return $cacheContent;
+   }
+
+  public function createChacheFile($content)
+   {
+    if($this->cacheId && $this->doCaching)
+     {
+      #$cacheFile = $this->_cacheDir . str_replace('/','%',$this->cacheId).'.cache';
+      $cacheFile = $this->_cacheDir . rawurlencode(strtolower($this->cacheId)).'.cache';
+      if(!file_exists($cacheFile))
+       {
+        $content = str_replace('<?xml','<?php echo \'<?xml\'; ?>', $content);
+        $fp = @fopen($cacheFile, 'w');
+        @flock($fp, 2);
+        @fwrite($fp, $content);
+        @flock($fp, 3);
+        @fclose($fp);
+       }
+     }
+
+   if(!file_exists($this->_cacheDir.'settings.php'))
+    {
+     $this->_createCacheSettingsFile();
+    }
+   }
+
+  private function _createCacheSettingsFile()
+   {
+    $content  = "<?php\n";
+    $content .= '$settings[\'session_prefix\'] = \''.$this->_settings['session_prefix'].'\';'."\n";
+    $content .= '$settings[\'index_page\'] = \''.$this->_settings['index_page'].'\';'."\n";
+    #$content .= '$settings[\'caching\'] = '.$this->_settings['caching'].';'."\n";
+    $content .= '?'.'>';
+    $fp = @fopen($this->_cacheDir.'settings.php', 'w');
+    @flock($fp, 2);
+    @fwrite($fp, $content);
+    @flock($fp, 3);
+    @fclose($fp);
+   }
+
+  public function clear($page=false)
+   {
+    if(!$page)
+     {
+      // delete all cache files (settings.php and *.cache):
+      foreach(glob($this->_cacheDir.'{settings.php,*.cache}', GLOB_BRACE) as $cacheFile)
+       {
+        @unlink($cacheFile);
+       }
+     }
+    else
+     {
+      // delete cache files of a specifid page:
+      $page = rawurlencode(strtolower($page));
+      // select page.cache and page,*.cahe
+      foreach(glob($this->_cacheDir.'{'.$page.'.cache,'.$page.'%2C*.cache}', GLOB_BRACE) as $cacheFile) // "%2C" = ","
+       {
+        @unlink($cacheFile);
+       }
+     }
+   }
+
+  public function clearPhoto($id)
+   {
+    // select *,photo,[id].cache and *,photo,[id],*.cache
+    foreach(glob($this->_cacheDir.'{*%2C'.IMAGE_IDENTIFIER.'%2C'.$id.'.cache,*%2C'.IMAGE_IDENTIFIER.'%2C'.$id.'%2C*.cache}', GLOB_BRACE) as $cacheFile)
+     {
+      @unlink($cacheFile);
+     }
+   }
+
+  function clearRelated($page)
+   {
+    $dbr = Database::$content->prepare("SELECT include_page FROM ".Database::$db_settings['pages_table']." WHERE lower(page)=lower(:page) LIMIT 1");
+    $dbr->bindParam(':page', $page, PDO::PARAM_STR);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['include_page']))
+     {
+      $dbr2 = Database::$content->prepare("SELECT page, type FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
+      $dbr2->bindParam(':id', $data['include_page'], PDO::PARAM_INT);
+      $dbr2->execute();
+      $data2 = $dbr2->fetch();
+      if(isset($data2['page']))
+       {
+        #if($data2['type']=='news')
+        # {
+          $this->clear($data2['page']);
+        # }
+       }
+     }
+   }
+ }
+?>

cms/includes/classes/Comment.class.php

@@ -0,0 +1,624 @@
+<?php
+class Comment
+ {
+  public $comments_per_page = 10;
+  public $comment_order = 1;
+  public $name_maxlength = 100;
+  public $email_hp_maxlength = 100;
+  public $word_maxlength = 50;
+  public $comment_maxlength = 1000;
+  public $prevent_repeated_posts_minutes = 2;
+  public $akismet_key = '';
+  public $akismet_entry_check = 0;
+  public $remove_blank_lines = 1;
+  public $auto_link = 1;
+  public $smilies = 1;
+  public $comments_closed = false;
+
+  public $total_comments;
+  public $total_pages;
+  public $current_page = 1;
+  public $errors = false;
+  public $comments_info;
+  public $form_values;
+  public $edit_form = false;
+  public $type = 0;
+  public $page;
+  public $comment_id;
+  public $form_session = false;
+  public $form_session_data = false;
+  public $setings;
+  public $admin_mode = false;
+  private $_localization;
+  private $_form_session = 'comment_form_session';
+
+  public function __construct($page, $comment_id, $type=0)
+   {
+    $this->_localization = Localization::getInstance();
+    $this->type = $type;
+    $this->page = $page;
+    $this->comment_id = $comment_id;
+    $this->form_values['comment_text'] = isset($_POST['comment_text']) ? htmlspecialchars($_POST['comment_text']) : '';
+    $this->form_values['name'] = isset($_POST['name']) ? htmlspecialchars($_POST['name']) : '';
+    $this->form_values['email_hp'] = isset($_POST['email_hp']) ? htmlspecialchars($_POST['email_hp']) : '';
+    $this->_form_session = 'comment_form_session_'.$this->comment_id.'_'.$this->type;
+
+    if($this->type==1)
+     {
+      if(isset($_GET['get_5'])) $this->current_page = intval($_GET['get_5']); else $this->current_page = 1;
+     }
+    else
+     {
+      if(isset($_GET['get_1'])) $this->current_page = intval($_GET['get_1']); else $this->current_page = 1;
+     }
+
+    if($this->current_page==0) $this->current_page = 1;
+
+
+    if(isset($_SESSION[$this->_form_session]))
+     {
+      $this->form_session = $_SESSION[$this->_form_session];
+      $form_session_data['name'] = session_name();
+      $form_session_data['id'] = session_id();
+      $this->form_session_data = $form_session_data;
+     }
+   }
+
+  public function set_admin_mode()
+   {
+    $this->admin_mode = true;
+   }
+
+  public function get_comments($rss=false)
+   {
+    // count:
+    $this->total_comments = $this->count_comments($this->comment_id);
+
+    $this->total_pages = ceil($this->total_comments / $this->comments_per_page);
+    if($this->current_page>$this->total_pages) $this->current_page = $this->total_pages;
+
+    #$this->comment_page = $current_page;
+
+     if($this->total_comments > 0)
+      {
+       if($rss) $dbr = Database::$entries->prepare("SELECT id, time, name, email_hp, comment, ip FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id AND comment!='' ORDER BY id ASC LIMIT ".$this->comments_per_page);
+       else $dbr = Database::$entries->prepare("SELECT id, time, name, email_hp, comment, ip FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id AND comment!='' ORDER BY id DESC LIMIT ".$this->comments_per_page." OFFSET ".(intval($this->current_page)-1)*$this->comments_per_page);
+       $dbr->bindParam(':type', $this->type, PDO::PARAM_INT);
+       $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
+       $dbr->execute();
+
+       $nr = 1;
+       $i = 0;
+       while($data = $dbr->fetch())
+        {
+         #if ($data['name'] != "") $name = htmlspecialchars(stripslashes($data['name'])); else $name = $this->settings['anonym'];
+         if($data['email_hp']!='')
+          {
+           $email_hp = htmlspecialchars($data['email_hp']);
+           if(preg_match("/^[^@]+@.+\.\D{2,5}$/", $email_hp))
+            {
+             if($this->admin_mode)
+              {
+               $comments[$i]['email'] = $email_hp;
+              }
+            }
+           else
+            {
+             $comments[$i]['hp'] = add_http_if_no_protocol($email_hp);
+            }
+          }
+         $comments[$i]['id'] = $data['id'];
+         $comments[$i]['nr'] = $this->total_comments + 1 - ($nr + ($this->current_page-1) * $this->comments_per_page);
+         $comments[$i]['name'] = htmlspecialchars($data['name']);
+         $comments[$i]['time'] = $data['time'];
+         #$comments[$i]['formated_time'] = format_time(TIME_FORMAT_FULL,$data['time']);
+         $comments[$i]['comment'] = $this->format_comment($data['comment']);
+         $comments[$i]['ip'] = $data['ip'];
+
+         $this->_localization->bindId('comment_time', $data['id']);
+         $this->_localization->replacePlaceholderBound('time', $data['time'], 'comment_time', $data['id'], Localization::FORMAT_TIME);
+
+         ++$nr;
+         ++$i;
+        } // end foreach
+
+       // reverse array for ascending order:
+       if($this->comment_order == 1) $comments = array_reverse($comments);
+
+       $this->_localization->replacePlaceholder('total_comments', $this->total_comments, 'comments_pagination_info');
+       $this->_localization->replacePlaceholder('current_page', $this->current_page, 'comments_pagination_info');
+       $this->_localization->replacePlaceholder('total_pages', $this->total_pages, 'comments_pagination_info');
+
+       #$this->assign_lang_placeholder('total_comments', $this->total_comments, 'comments_pagination_info');
+       #$this->assign_lang_placeholder('current_page', $this->current_page, 'comments_pagination_info');
+       #$this->assign_lang_placeholder('total_pages', $this->total_pages, 'comments_pagination_info');
+
+      } // end if ($comment_count > 0)
+
+    $this->form_values = $this->get_form_values();
+
+    if(isset($comments))
+     {
+      return $comments;
+     }
+    return false;
+   }
+
+  public function get_pingbacks()
+   {
+    $dbr = Database::$entries->prepare("SELECT id, time, name, email_hp, comment, ip FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id AND comment='' ORDER BY id DESC");
+    $dbr->bindParam(':type', $this->type, PDO::PARAM_INT);
+    $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
+    $dbr->execute();
+
+       $nr = 1;
+       $i = 0;
+       while($data = $dbr->fetch())
+        {
+         $pingbacks[$i]['hp'] = $data['email_hp'];
+         $pingbacks[$i]['id'] = $data['id'];
+         $pingbacks[$i]['nr'] = $this->total_comments + 1 - ($nr + ($this->current_page-1) * $this->comments_per_page);
+         $pingbacks[$i]['name'] = htmlspecialchars($data['name']);
+         $pingbacks[$i]['time'] = $data['time'];
+         #$pingbacks[$i]['formated_time'] = format_time(TIME_FORMAT_FULL,$data['time']);
+         #$pingbacks[$i]['comment'] = $this->format_comment($data['comment']);
+         $pingbacks[$i]['ip'] = $data['ip'];
+
+         $this->_localization->bindId('comment_time', $data['id']);
+         $this->_localization->replacePlaceholderBound('time', $data['time'], 'comment_time', $data['id'], Localization::FORMAT_TIME);
+
+         ++$nr;
+         ++$i;
+        } // end foreach
+
+       // reverse array for ascending order:
+       if($this->comment_order == 1 && isset($pingbacks)) $pingbacks = array_reverse($pingbacks);
+
+
+    #$this->form_values = $this->get_form_values();
+
+    if(isset($pingbacks))
+     {
+      return $pingbacks;
+     }
+    return false;
+   }
+
+  public function save()
+   {
+    if(empty($_SESSION[$this->_form_session]))
+     {
+      #$this->preview();
+     }
+    else
+     {
+      // if comment entered::
+      $data['comment_text'] = isset($_POST['comment_text']) ? trim(filter_control_characters($_POST['comment_text'])) : '';
+      $data['name'] = isset($_POST['name']) ? trim(filter_control_characters($_POST['name'])) : '';
+      $data['email_hp'] = isset($_POST['email_hp']) ? trim(filter_control_characters($_POST['email_hp'])) : '';
+
+      // check posted data:
+      $this->check_data($data, true);
+
+      // save if no errors:
+      if($this->errors==false)
+       {
+        $dbr = Database::$entries->prepare("INSERT INTO ".Database::$db_settings['comment_table']." (type, comment_id, time, ip, name, email_hp, comment) VALUES (:type, :comment_id, :time, :ip, :name, :email_hp, :comment)");
+        $dbr->bindParam(':type', $this->type, PDO::PARAM_INT);
+        $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
+        $dbr->bindValue(':time', time(), PDO::PARAM_INT);
+        $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
+        $dbr->bindParam(':name', $data['name'], PDO::PARAM_STR);
+        $dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR);
+        $dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR);
+        $dbr->execute();
+        #$this->clear_cache();
+        #showme(Database::$entries->errorInfo());
+        #$this->form_values = array();
+
+        unset($_SESSION[$this->_form_session]);
+        $this->form_session=false;
+        $this->form_session_data=false;
+
+        // E-mail notification to admin:
+        if($this->settings['comment_notification'] && $this->settings['email'] != '')
+         {
+          $this->_localization->replacePlaceholder('page', PAGE, 'comment_notification_subject');
+          $name = $data['name'];
+          if($data['email_hp']) $name .= ' '.$data['email_hp'];
+          $this->_localization->replacePlaceholder('name', $name, 'comment_notification_message');
+          $this->_localization->replacePlaceholder('comment', $data['comment_text'], 'comment_notification_message');
+          $this->_localization->replacePlaceholder('link', BASE_URL.PAGE, 'comment_notification_message');
+          $mail = new Mail();
+          $mail->set_charset(CHARSET);
+          $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['comment_notification_subject'], Localization::$lang['comment_notification_message'], $this->settings['mail_parameter']);
+         }
+        return true;
+      }
+     }
+    $_SESSION[$this->_form_session] = time();
+    $this->form_session = $_SESSION[$this->_form_session];
+    return false;
+   }
+
+  public function preview()
+   {
+    $data['comment_text'] = isset($_POST['comment_text']) ? trim($_POST['comment_text']) : '';
+    $data['name'] = isset($_POST['name']) ? trim($_POST['name']) : '';
+    $data['email_hp'] = isset($_POST['email_hp']) ? trim($_POST['email_hp']) : '';
+
+    // check posted data:
+    $this->check_data($data);
+
+    $preview['name'] = htmlspecialchars($data['name']);
+    $preview['timestamp'] = time();
+    $preview['time'] = time();
+    #$preview['formated_time'] = format_time(TIME_FORMAT_FULL,time());
+    $preview['comment_text'] = $this->format_comment($data['comment_text']);
+    $email_hp = htmlspecialchars($data['email_hp']);
+    if(preg_match("/^[^@]+@.+\.\D{2,5}$/", $email_hp))
+     {
+      if($this->admin_mode)
+       {
+        $preview['email'] = $email_hp;
+       }
+     }
+    elseif($email_hp!='')
+     {
+      $preview['hp'] = add_http_if_no_protocol($email_hp);
+     }
+
+    $this->_localization->bindId('comment_time', 'preview');
+    $this->_localization->replacePlaceholderBound('time', $preview['time'], 'comment_time', 'preview', Localization::FORMAT_TIME);
+
+    $_SESSION[$this->_form_session] = time();
+    $this->form_session = $_SESSION[$this->_form_session];
+
+    if(isset($preview))
+     {
+      return $preview;
+     }
+    return false;
+   }
+
+  private function check_data($data, $save=false)
+   {
+    if($this->comments_closed!=false)
+     {
+      $this->errors[] = 'comment_error_closed';
+     }
+
+    if(empty($this->errors) && $save) // only if submitted in order to save
+     {
+      if(empty($_SESSION[$this->_form_session]))
+       {
+        $this->errors[] = 'comment_error_invalid_request';
+       }
+      else
+       {
+        if(time()-$_SESSION[$this->_form_session]<2)
+         {
+          $this->errors[] = 'comment_error_too_fast';
+         }
+       }
+     }
+
+    if(empty($this->errors))
+     {
+      // check for not accepted words:
+      $joined_message = mb_strtolower($data['name'].' '.$data['email_hp'].' '.$data['comment_text']);
+      $not_accepted_words = get_not_accepted_words($joined_message);
+      if($not_accepted_words!=false)
+       {
+        $not_accepted_words_listing = htmlspecialchars(implode(', ',$not_accepted_words));
+        if(count($not_accepted_words)==1)
+         {
+          $this->errors[] = 'error_not_accepted_word';
+          #$this->assign_lang_placeholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word');
+          $this->_localization->replacePlaceholder('not_accepted_word', $not_accepted_words_listing, 'error_not_accepted_word');
+         }
+        else
+         {
+          $this->errors[] = 'error_not_accepted_words';
+          #$this->assign_lang_placeholder('not_accepted_words', $not_accepted_words_listing, 'error_not_accepted_words');
+          $this->_localization->replacePlaceholder('not_accepted_words', $not_accepted_wordss_listing, 'error_not_accepted_words');
+         }
+       }
+      if(empty($data['name']))
+       {
+        $this->errors[] = 'comment_error_no_name';
+       }
+      if(empty($data['comment_text']))
+       {
+        $this->errors[] = 'comment_error_no_text';
+       }
+      if(mb_strlen($data['name']) > $this->name_maxlength)
+       {
+        $this->errors[] = 'comment_error_name_too_long';
+       }
+      if(mb_strlen($data['email_hp']) > $this->email_hp_maxlength)
+       {
+        $this->errors[] = 'comment_error_email_hp_too_long';
+       }
+      if(!empty($data['email_hp']) && strpos($data['email_hp'], '.')===false)
+       {
+        $this->errors[] = 'comment_error_email_hp_invalid';
+       }
+      if(mb_strlen($data['comment_text']) > $this->comment_maxlength)
+       {
+        $text_length = mb_strlen($data['comment_text']);
+        $this->errors[] = 'comment_error_text_too_long';
+        $this->_localization->replacePlaceholder('characters', $text_length, 'comment_error_text_too_long');
+        $this->_localization->replacePlaceholder('max_characters', $this->comment_maxlength, 'comment_error_text_too_long');
+       }
+     }
+
+    if(empty($this->errors))
+     {
+      if($too_long_words = too_long_words(strip_tags($this->format_comment($data['comment_text'])),$this->word_maxlength))
+       {
+        foreach($too_long_words as $too_long_word)
+         {
+          $stripped_too_long_words[] = htmlspecialchars(mb_substr($too_long_word,0,$this->word_maxlength)).'...';
+         }
+        $too_long_words_listing = implode(', ',$stripped_too_long_words);
+
+        if(count($too_long_words)==1)
+         {
+          $this->errors[] = 'comment_error_too_long_word';
+          #$this->assign_lang_placeholder('word', $too_long_words_listing, 'comment_error_too_long_word');
+          $this->_localization->replacePlaceholder('word', $too_long_word_listing, 'comment_error_too_long_word');
+         }
+        else
+         {
+          $this->errors[] = 'comment_error_too_long_words';
+          #$this->assign_lang_placeholder('words', $too_long_words_listing, 'comment_error_too_long_words');
+          $this->_localization->replacePlaceholder('words', $too_long_words_listing, 'comment_error_too_long_words');
+         }
+       }
+
+      // check for double and repeated entries:
+      $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE time>:time AND comment_id=:comment_id AND name=:name AND email_hp=:email_hp AND comment=:comment");
+      $time = time()-300; // last 5 minutes
+      $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+      $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
+      $dbr->bindParam(':name', $data['name'], PDO::PARAM_STR);
+      $dbr->bindParam(':email_hp', $data['email_hp'], PDO::PARAM_STR);
+      $dbr->bindParam(':comment', $data['comment_text'], PDO::PARAM_STR);
+      $dbr->execute();
+      if($dbr->fetchColumn()>0)
+       {
+        $this->errors[] = 'comment_error_entry_exists';
+       }
+      if($this->prevent_repeated_posts_minutes > 0)
+       {
+        $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE time>:time AND comment_id=:comment_id AND ip=:ip");
+        $time = time() - $this->prevent_repeated_posts_minutes * 60;
+        $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+        $dbr->bindParam(':comment_id', $this->comment_id, PDO::PARAM_INT);
+        $dbr->bindParam(':ip', $_SERVER["REMOTE_ADDR"], PDO::PARAM_STR);
+        $dbr->execute();
+        if($dbr->fetchColumn()>0)
+         {
+          $this->errors[] = 'comment_error_repeated_post';
+         }
+       }
+
+      if($save)
+       {
+        // Akismet spam check:
+        if($this->akismet_key!='' && $this->akismet_entry_check==1)
+         {
+          #require('./cms/modules/akismet/akismet.class.php');
+          $check_posting['author'] = $data['name'];
+          if($data['email_hp']!='')
+           {
+            if(preg_match("/^[^@]+@.+\.\D{2,5}$/", $email_hp))
+             {
+              $check_posting['email'] = $data['email_hp'];
+             }
+            else
+             {
+              $check_posting['website'] = $data['email_hp'];
+             }
+           }
+          $check_posting['body'] = $data['comment_text'];
+
+          $akismet = new Akismet(BASE_URL, $this->akismet_key, $check_posting);
+
+          // test for errors
+          if($akismet->errorsExist()) // returns true if any errors exist
+           {
+            if($akismet->isError(AKISMET_INVALID_KEY))
+             {
+              $this->errors[] = 'akismet_error_api_key';
+             }
+            elseif($akismet->isError(AKISMET_RESPONSE_FAILED))
+             {
+              $this->errors[] = 'akismet_error_connection';
+             }
+            elseif($akismet->isError(AKISMET_SERVER_NOT_FOUND))
+             {
+              $this->errors[] = 'akismet_error_connection';
+             }
+           }
+          else
+           {
+            // No errors, check for spam
+            if($akismet->isSpam())
+             {
+              $this->errors[] = 'akismet_spam_suspicion';
+             }
+           }
+         }
+       } // end if($save)
+     }
+   }
+
+  public function get_edit_data($id)
+   {
+    if($this->admin_mode)
+     {
+      $dbr = Database::$entries->prepare("SELECT id, name, email_hp, comment FROM ".Database::$db_settings['comment_table']." WHERE id=:id LIMIT 1");
+      $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['id']))
+       {
+        $this->edit_form['id'] = $data['id'];
+        $this->edit_form['name'] = htmlspecialchars($data['name']);
+        $this->edit_form['email_hp'] = htmlspecialchars($data['email_hp']);
+        $this->edit_form['comment'] = htmlspecialchars($data['comment']);
+        $this->edit_form['current_page'] = $this->current_page;
+        return $this->edit_form;
+       }
+      return false;
+     }
+   }
+
+  public function edit_save()
+   {
+    if($this->admin_mode)
+     {
+      $dbr = Database::$entries->prepare("UPDATE ".Database::$db_settings['comment_table']." SET name=:name, email_hp=:email_hp, comment=:comment WHERE id=:id");
+      $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+      $dbr->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
+      $dbr->bindParam(':email_hp', $_POST['email_hp'], PDO::PARAM_STR);
+      $dbr->bindParam(':comment', $_POST['comment_text'], PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($_POST['current_page']))
+       {
+        $this->current_page = intval($_POST['current_page']);
+       }
+     }
+   }
+
+  public function openclose($close=true)
+   {
+    if($this->admin_mode)
+     {
+      if($close) $new_type_addition = 'closed';
+      else $new_type_addition = '';
+      
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['pages_table']." SET type_addition=:type_addition WHERE page=:page");
+      $dbr->bindParam(':type_addition', $new_type_addition, PDO::PARAM_STR);
+      $dbr->bindValue(':page', PAGE, PDO::PARAM_STR);
+      $dbr->execute();
+     }
+   }
+
+
+  public function delete($id)
+   {
+    if($this->admin_mode)
+     {
+      $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+      $dbr->execute();
+      #$this->clear_cache();
+     }
+   }
+
+  /*
+  private function clear_cache()
+   {
+    if($this->settings['caching']==1)
+     {
+      if($this->type==1)
+       {
+        $cachefile = "../cache/".$this->page.".cache";
+        if(file_exists($cachefile)) @unlink($cachefile);
+        unset($cachefile);
+        $cachefile = "../cache/".$this->page.",photo,".$this->comment_id.".cache";
+        if(file_exists($cachefile)) @unlink($cachefile);
+        unset($cachefile);
+        foreach(glob("../cache/".$this->page.",photo,".$this->comment_id.",*.cache") as $cachefile)
+         {
+          @unlink($cachefile);
+         }
+       }
+      else
+       {
+        $cachefile = "../cache/".$this->page.".cache";
+        if(file_exists($cachefile)) @unlink($cachefile);
+        unset($cachefile);
+        foreach(glob("../cache/".$this->page.",*.cache") as $cachefile)
+         {
+          @unlink($cachefile);
+         }
+       }
+     }
+   }
+  */
+
+  private function format_comment($string)
+   {
+    $string = htmlspecialchars($string);
+    if($this->remove_blank_lines==1)
+     {
+      $string = preg_replace("/\015\012|\015|\012/", "\n", $string);
+      $string_array = explode("\n", $string);
+      $string = '';
+      foreach($string_array as $string_line)
+       {
+        $string_line = trim($string_line);
+        if($string_line!='')
+         {
+          $string .= $string_line."\n";
+         }
+       }
+     }
+    $string = nl2br($string);
+    if($this->auto_link==1)
+     {
+      $string = make_link($string);
+     }
+    if($this->smilies==1)
+     {
+      $string = smilies($string);
+     }
+    return $string;
+   }
+
+  /*
+  function make_link($string)
+   {
+    $string = ' ' . $string;
+    $string = preg_replace("#(^|[\n ])([\w]+?://.*?[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\">\\2</a>", $string);
+    $string = preg_replace("#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t\n\r<]*)?)#is", "\\1<a href=\"http://\\2\">\\2</a>", $string);
+    $string = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $string);
+    $string = substr($string, 1);
+    return $string;
+   }
+
+  function smilies($string)
+   {
+    global $this->settings;
+    require 'config/smilies.conf.php';
+    foreach($smilies as $smiley)
+     {
+      $string = str_replace($smiley[0], "<img src=\"".$this->settings['smiley_directory']."/".$smiley[1]."\" alt=\"".$smiley[0]."\" />", $string);
+     }
+    return $string;
+   }
+   */
+
+  public function count_comments($comment_id)
+   {
+    $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE comment_id=:comment_id AND type=:type AND comment!=''");
+    $dbr->bindParam(':comment_id', $comment_id, PDO::PARAM_INT);
+    $dbr->bindParam(':type', $this->type, PDO::PARAM_INT);
+    $dbr->execute();
+    $comment_count = $dbr->fetchColumn();
+    return $comment_count;
+   }
+
+  public function get_form_values()
+   {
+    $this->form_values['comment_text'] = isset($_POST['comment_text']) ? htmlspecialchars($_POST['comment_text']) : '';
+    $this->form_values['name'] = isset($_POST['name']) ? htmlspecialchars($_POST['name']) : '';
+    $this->form_values['email_hp'] = isset($_POST['email_hp']) ? htmlspecialchars($_POST['email_hp']) : '';
+    return $this->form_values;
+   }
+ }
+?>

cms/includes/classes/Database.class.php

@@ -0,0 +1,87 @@
+<?php
+class Database
+ {
+  const ADMIN = 1;
+  private static $_instance = null;
+  public static $db_settings;
+  public static $complete;
+  public static $content;
+  public static $entries;
+  public static $userdata;
+
+  public function __construct($mode=0)
+   {
+    self::$_instance = $this;
+    if($mode==0)
+     {
+      require('./cms/config/db_settings.conf.php');
+     }
+    else
+     {
+      require('./config/db_settings.conf.php');
+     }
+    self::$db_settings = $db_settings;
+
+    switch(self::$db_settings['type'])
+     {
+      case 'sqlite':
+       if($mode==0)
+        {
+         self::$content = new PDO('sqlite:'.self::$db_settings['db_content_file']);
+         self::$entries = new PDO('sqlite:'.self::$db_settings['db_entry_file']);
+         #self::$content = new PDO('sqlite:'.self::$db_settings['db_content_file'], NULL, NULL, array(PDO::ATTR_PERSISTENT => TRUE));
+         #self::$entries = new PDO('sqlite:'.self::$db_settings['db_entry_file'], NULL, NULL, array(PDO::ATTR_PERSISTENT => TRUE));
+         self::$content->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+         self::$entries->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        }
+       if($mode==1)
+        {
+         self::$content = new PDO('sqlite:../'.self::$db_settings['db_content_file']);
+         self::$entries = new PDO('sqlite:../'.self::$db_settings['db_entry_file']);
+         self::$userdata = new PDO('sqlite:../'.self::$db_settings['db_userdata_file']);
+         self::$content->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+         self::$entries->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+         self::$userdata->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+        }
+       break;
+      case 'sqlite2':
+       if($mode==0)
+        {
+         self::$content = new PDO('sqlite2:'.self::$db_settings['db_content_file']);
+         self::$entries = new PDO('sqlite2:'.self::$db_settings['db_entry_file']);
+        }
+       if($mode==1)
+        {
+         self::$content = new PDO('sqlite2:../'.self::$db_settings['db_content_file']);
+         self::$entries = new PDO('sqlite2:../'.self::$db_settings['db_entry_file']);
+         self::$userdata = new PDO('sqlite2:../'.self::$db_settings['db_userdata_file']);
+        }
+       break;
+      case 'mysql':
+       self::$complete = new PDO('mysql:host='.self::$db_settings['host'].';dbname='.self::$db_settings['database'], self::$db_settings['user'], self::$db_settings['password']);
+       self::$complete->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+       self::$complete->query("set names utf8");
+       self::$content =& self::$complete;
+       self::$entries =& self::$complete;
+       if($mode==1) self::$userdata =& self::$complete;
+       break;
+      case 'postgresql':
+       self::$complete = new PDO('pgsql:dbname='.self::$db_settings['database'].';host='.self::$db_settings['host'].';user='.self::$db_settings['user'].';password='.self::$db_settings['password']);
+       self::$complete->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+       #self::$complete->query("set names utf8");
+       self::$content =& self::$complete;
+       self::$entries =& self::$complete;
+       if($mode==1) self::$userdata =& self::$complete;
+       break;
+     default:
+      ?><p>Database type not supported.</p><?php
+      exit;
+     }
+   }
+
+  public static function getInstance()
+   {
+    return self::$_instance;
+   }
+ }
+?>

cms/includes/classes/FileUpload.class.php

@@ -0,0 +1,176 @@
+<?php
+/**
+ * file upload class
+ */
+
+class FileUpload 
+ {
+  public $upload;
+  public $uploadSize;
+  public $uploadInfo;
+  public $uploadFileName;
+  public $uploadDir;
+  public $tempFile = false;
+  public $maxAcceptedFilesize = 5000;
+  public $fileTooLarge = false;
+  public $isImage = false;
+  public $imageWidth;
+  public $imageHeight;
+  public $imageType;
+  public $error = false;
+  public $uploadError = false;
+  public $fileEmpty = false;
+  public $fileError = false;
+  public $invalidFileFormat = false;
+  public $fileNameInvalid = false;
+  public $fileExtensionInvalid = false;
+  public $fileExists = false; 
+  public $unableToCompress = false;
+  public $copyError = false;
+
+  public function __construct($upload, $uploadDir)
+   {
+    $this->upload = $upload;
+    $this->uploadDir = $uploadDir;
+    
+    if($upload['error']) 
+     {
+      $this->error = true;
+     }
+    elseif($upload['size']==0)
+     {
+      $this->error = true;
+      #$this->fileError = true;
+      $this->fileEmpty = true;
+     }
+    elseif($upload['size']>$this->maxAcceptedFilesize*1000)
+     {
+      $this->error = true;
+      #$this->fileError = true;
+      $this->fileTooLarge = true;
+     }
+    
+    if($image=getimagesize($upload['tmp_name']))
+     {
+      $this->isImage = true;
+      $this->imageWidth = $image[0];
+      $this->imageHeight = $image[1];
+      if($image[2]==1) $this->imageType = 'gif';
+      if($image[2]==2) $this->imageType = 'jpeg';
+      if($image[2]==3) $this->imageType = 'png';
+     }
+    
+    if(!preg_match('/^[a-zA-Z0-9._\-]+$/', $this->uploadFileName) || mb_substr($this->uploadFileName, 0, 1)=='_')
+       {
+        #$this->error = true;
+        #$this->fileError = true;
+        $this->fileNameInvalid = true;
+       }      
+      if(file_exists($this->uploadDir.$this->uploadFileName))
+       {
+        #$this->fileError = true;
+        $this->fileExists = true;
+       }
+    
+      if(!$this->fileError)
+       {
+        $tempFileName = uniqid(rand()).'.tmp';
+        if(move_uploaded_file($this->upload['tmp_name'],$this->uploadDir.$tempFileName))
+         {
+          $this->tempFile = $tempFileName;
+         }
+        else
+         {
+          $this->uploadError = true;
+         }
+       }
+   }
+   
+  /**
+   * saves the uploaded file
+   *
+   * @param ...
+   */
+  public function saveFile($filename='')
+   {
+    if(empty($filename))
+     {
+      if($this->fileNameInvalid) return false;
+      $filename = $this->uploadFileName;
+     }
+    if(copy($this->uploadDir.$this->tempFile, $this->uploadDir.$filename)) return true;
+    else return false;
+   } 
+
+  /**
+   * modifies and saves the uploaded image
+   *
+   * @param ...
+   */
+  public function saveModifiedImage($width, $height, $compression, $filename='')
+   {
+    if(empty($filename))
+     {
+      if($this->fileNameInvalid) return false;
+      $filename = $this->uploadFileName;
+     }
+    if($this->_resize_image($this->uploadDir.$this->tempFile, $this->uploadDir.$filename, $width, $height, $compression)) return true;
+    else return false;
+   } 
+
+/**
+ * resizes uploaded images 
+ * 
+ * @param string $uploaded_file : uploaded file
+ * @param string $file : destination file 
+ * @param int $new_width : new width
+ * @param int $new_height : new height
+ * @param int $compression : compression rate
+ * @return bool
+ */ 
+private function _resize_image($uploaded_file, $file, $new_width, $new_height, $compression=80)
+ {
+  if(file_exists($file))
+   {
+    #@chmod($file, 0777);
+    @unlink($file);
+   }
+  #$image_info = getimagesize($uploaded_file);
+  if(!$this->isImage || empty($this->imageType)) $error = true;
+  if(empty($error))
+  {
+  if($this->imageType=='gif')
+   {
+    $current_image = @imagecreatefromgif($uploaded_file) or $error = true;
+    if(empty($error)) $new_image = @imagecreate($new_width,$new_height) or $error = true;
+    if(empty($error)) @imagecopyresampled($new_image,$current_image,0,0,0,0,$new_width,$new_height,$this->imageWidth,$this->imageWidth) or $error=true;
+    if(empty($error)) @imagegif($new_image, $file) or $error = true;
+   }
+  elseif($this->imageType=='jpeg')
+   {
+    $current_image = @imagecreatefromjpeg($uploaded_file) or $error = true;
+    if(empty($error)) $new_image=@imagecreatetruecolor($new_width,$new_height) or $error = true;
+    if(empty($error)) @imagecopyresampled($new_image,$current_image,0,0,0,0,$new_width,$new_height,$this->imageWidth,$this->imageHeight) or $error = true;
+    if(empty($error)) @imagejpeg($new_image, $file, $compression) or $error = true;
+   }
+  elseif($this->imageType=='png')
+   {
+    $current_image = @imagecreatefrompng($uploaded_file) or $error = true;
+    if(empty($error)) $new_image=@imagecreatetruecolor($new_width,$new_height) or $error = true;
+    if(empty($error)) @imagecopyresampled($new_image,$current_image,0,0,0,0,$new_width,$new_height,$this->imageWidth,$this->imageHeight) or $error = true;
+    if(empty($error)) @imagepng($new_image, $file) or $error = $true;
+   }
+  }
+  if(empty($error)) return true;
+  else return false;
+ }
+
+  function __destruct()
+   {
+    if($this->tempFile)
+     {
+      unlink($this->uploadDir.$this->tempFile);
+     }
+   }
+ }
+?>

cms/includes/classes/Gallery.class.php

@@ -0,0 +1,56 @@
+<?php
+class Gallery
+ {
+  public $photos = false;
+  public $number_of_photos = 0;
+  public $photos_per_row = 4;
+  private $_localization;
+
+  public function __construct($gallery, $commentable=0)
+   {
+    $this->_localization = Localization::getInstance();
+
+    $dbr = Database::$content->prepare('SELECT id, photo_thumbnail, photo_normal, title, subtitle, description, photos_per_row FROM '.Database::$db_settings['photo_table'].' WHERE gallery=:gallery ORDER BY sequence ASC');
+    $dbr->bindParam(':gallery', $gallery, PDO::PARAM_STR);
+    $dbr->execute();
+
+    $i=0;
+    while($photo_data = $dbr->fetch())
+     {
+      if($commentable==1)
+       {
+        $count_result = Database::$entries->prepare('SELECT COUNT(*) AS comments FROM '.Database::$db_settings['comment_table'].' WHERE comment_id=:id AND type=1');
+        $count_result->bindValue(':id', $photo_data['id'], PDO::PARAM_INT);
+        $count_result->execute();
+        $count_data = $count_result->fetch();
+        $this->photos[$i]['comments'] = $count_data['comments'];
+        $this->_localization->bindId('number_of_comments', $photo_data['id']);
+        switch($count_data['comments'])
+         {
+          case 0:
+           $this->_localization->selectBoundVariant('number_of_comments', $photo_data['id'], 0);
+           break;
+          case 1:
+           $this->_localization->selectBoundVariant('number_of_comments', $photo_data['id'], 1);
+           break;
+          default:
+           $this->_localization->selectBoundVariant('number_of_comments', $photo_data['id'], 2);
+           $this->_localization->replacePlaceholderBound('comments', $count_data['comments'], 'number_of_comments', $photo_data['id']);
+         }
+       }
+      $this->photos[$i]['id'] = $photo_data['id'];
+      $this->photos[$i]['photo_thumbnail'] = $photo_data['photo_thumbnail'];
+      $this->photos[$i]['photo_normal'] = $photo_data['photo_normal'];
+      $this->photos[$i]['title'] = htmlspecialchars($photo_data['title']);
+      $this->photos[$i]['subtitle'] = htmlspecialchars($photo_data['subtitle']);
+      $this->photos[$i]['description'] = htmlspecialchars($photo_data['description']);
+      $thumbnail_info = getimagesize(MEDIA_DIR.$photo_data['photo_thumbnail']);
+      $this->photos[$i]['width'] = $thumbnail_info[0];
+      $this->photos[$i]['height'] = $thumbnail_info[1];
+      $this->photos_per_row = $photo_data['photos_per_row'];
+      $i++;
+     }
+    $this->number_of_photos = $i;
+   }
+ }
+?>

cms/includes/classes/Localization.class.php

@@ -0,0 +1,126 @@
+<?php
+class Localization
+ {
+  const FORMAT_TIME = true;
+  private static $_instance = null;
+  public static $lang;
+  private static $_lang;
+  private $replacement;
+
+  public function __construct($language_file)
+   {
+    self::$_instance = $this;
+
+    if($language_file)
+     {
+      require($language_file);
+      self::$lang = $lang;
+     }
+    else
+     {
+      die('No language file specifed!');
+     }
+   }
+
+  public function add_language_file($language_file)
+   {
+    require($language_file);
+    self::$lang = array_merge(self::$lang, $lang);
+   }
+
+  #private function __clone() {}
+
+  public static function getInstance()
+   {
+    #static $instance = null;
+    #if(isset($new_instance) && is_object($new_instance))
+    # {
+    #  self::$instance = $new_instance;
+    # }
+    return self::$_instance;
+   }
+
+
+  #public static function getInstance($language_file=false)
+  # {
+  #  if(self::$instance === NULL)
+  #   {
+  #    self::$instance = new self($language_file);
+  #   }
+  #  return self::$instance;
+  # }
+
+  public function assign($key, $val)
+   {
+    self::$lang[$key] = $val;
+   }
+
+  public function replacePlaceholder($placeholder, $replacement, $index, $format_time=false)
+   {
+    if($format_time)
+     {
+      $this->replacement = $replacement;
+      self::$lang[$index] = preg_replace_callback('/\['.$placeholder.'\|(.*?)\]/', array(&$this, '_callbackFormatTimeWrapper'), self::$lang[$index]);
+     }
+    else
+     {
+      self::$lang[$index] = str_replace('['.$placeholder.']', $replacement, self::$lang[$index]);
+     }
+   }
+
+  public function replacePlaceholderBound($placeholder, $replacement, $index, $id, $format_time=false)
+   {
+    if($format_time)
+     {
+      $this->replacement = $replacement;
+      self::$lang[$index][$id] = preg_replace_callback('/\['.$placeholder.'\|(.*?)\]/', array(&$this, '_callbackFormatTimeWrapper'), self::$lang[$index][$id]);
+     }
+    else
+     {
+      self::$lang[$index][$id] = str_replace('['.$placeholder.']', $replacement, self::$lang[$index][$id]);
+     }
+   }
+
+  public function bindId($index, $id)
+   {
+    if(empty(self::$_lang[$index]))
+     {
+      self::$_lang[$index] = self::$lang[$index];
+      unset(self::$lang[$index]);
+     }
+    self::$lang[$index][$id] = self::$_lang[$index];
+   }
+
+  public function bindReplacePlaceholder($id, $placeholder, $replacement, $index, $format_time=false)
+   {
+    $this->bindId($index, $id);
+    $this->replacePlaceholderBound($placeholder, $replacement, $index, $id, $format_time);
+   }
+
+  public function selectVariant($index, $i)
+   {
+    self::$lang[$index] = self::$lang[$index][$i];
+   }
+
+  public function selectBoundVariant($index, $id, $i)
+   {
+    self::$lang[$index][$id] = self::$lang[$index][$id][$i];
+   }
+
+  public function replaceLink($link, $index)
+   {
+    self::$lang[$index] = str_replace('[[', '<a href="'.$link.'">', self::$lang[$index]);
+    self::$lang[$index] = str_replace(']]', '</a>', self::$lang[$index]);
+   }
+
+  private function _callbackFormatTimeWrapper($matches)
+   {
+    return $this->_callbackFormatTime($matches[1], $this->replacement);
+   }
+
+  private function _callbackFormatTime($format, $timestamp)
+   {
+    return strftime($format, $timestamp);
+   }
+ }
+?>

cms/includes/classes/Mail.class.php

@@ -0,0 +1,195 @@
+<?php
+/**
+ * Mail class to send e-mails
+ *
+ * @author Mark Alexander Hoschek <alex at mylittlehomepage dot net>
+ * @copyright 2010 Mark Alexander Hoschek
+ */
+
+class Mail
+ {
+  const MAIL_HEADER_SEPARATOR = "\n"; // "\r\n" complies with RFC 2822 but might cause problems in some cases (see http://php.net/manual/en/function.mail.php)
+  const MAIL_HEADER_TRANSFER_ENCODING = 'Q'; // 'B' for Base64 or 'Q' for Quoted-Printable
+  private $charset = 'utf-8';
+
+  public function __construct()
+   {
+    mb_internal_encoding($this->charset);
+   }
+
+  /**
+   * Sets charset of the e-mail.
+   *
+   * @param string $charset
+   */
+  public function set_charset($charset)
+   {
+    $this->charset = $charset;
+    mb_internal_encoding($this->charset);
+   }
+
+  /**
+   * Checks whether an e-mail address is (syntactically) valid or not.
+   *
+   * @param string $email
+   * @return bool
+   */
+  public function is_valid_email($email)
+   {
+    if(preg_match("/^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/", $email))
+     {
+      return true;
+     }
+    return false;
+   }
+
+  /**
+   * escapes double-quotes and encloses display names in double-quotes if necessary
+   *
+   * @param string $display_name
+   * @return string
+   */
+  public function escape_display_name($display_name)
+   {
+    $display_name = str_replace('"', '\\"', $display_name);
+    if(preg_match("/(\.|\;|\")/", $display_name))
+     {
+      return '"'.mb_encode_mimeheader($display_name, $this->charset, self::MAIL_HEADER_TRANSFER_ENCODING, self::MAIL_HEADER_SEPARATOR).'"';
+     }
+    else
+     {
+      return mb_encode_mimeheader($display_name, $this->charset, self::MAIL_HEADER_TRANSFER_ENCODING, self::MAIL_HEADER_SEPARATOR);
+     }
+   }
+
+  /**
+   * puts together e-mail display and address (e.g. "Joe Q. Public" <john.q.public@example.com>)
+   *
+   * @param string $display_name
+   * @param string $email
+   * @return string
+   */
+  public function make_address($display_name, $email)
+   {
+    return $this->escape_display_name($display_name).' <'.$email.'>';
+   }
+
+  /**
+   * removes line breaks to avoid e-mail header injections
+   *
+   * @param string $string
+   * @return string
+   */
+  private function mail_header_filter($string)
+   {
+    #return preg_replace("/(\015\012|\015|\012|content-transfer-encoding:|mime-version:|content-type:|subject:|to:|cc:|bcc:|from:|reply-to:)/ims", '', $string);
+    #return preg_replace("/(\015\012|\015|\012|to:|cc:|bcc:|from:|reply-to:)/ims", '', $string);
+    return preg_replace("/(\015\012|\015|\012)/", '', $string);
+   }
+
+  /**
+   * Encode string to quoted-printable.
+   * Original written by Andy Prevost http://phpmailer.sourceforge.net
+   * and distributed under the Lesser General Public License (LGPL) http://www.gnu.org/copyleft/lesser.html
+   *
+   * @return string
+   */
+  private function my_quoted_printable_encode($input, $line_max=76, $space_conv = false )
+   {
+    $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F');
+    $lines = preg_split('/(?:\r\n|\r|\n)/', $input);
+    $eol = "\n";
+    $escape = '=';
+    $output = '';
+    while(list(, $line) = each($lines))
+     {
+      $linlen = strlen($line);
+      $newline = '';
+      for($i = 0; $i < $linlen; $i++)
+       {
+        $c = substr($line, $i, 1);
+        $dec = ord( $c );
+        if(($i == 0) && ($dec == 46)) // convert first point in the line into =2E
+         { 
+          $c = '=2E';
+         }
+        if($dec == 32)
+         {
+          if($i==($linlen-1)) // convert space at eol only
+           {
+            $c = '=20';
+           }
+          elseif($space_conv)
+           {
+            $c = '=20';
+           }
+          }
+         elseif(($dec == 61) || ($dec < 32) || ($dec > 126)) // always encode "\t", which is *not* required
+          { 
+           $h2 = floor($dec/16);
+           $h1 = floor($dec%16);
+           $c = $escape.$hex[$h2].$hex[$h1];
+          }
+         if((strlen($newline) + strlen($c)) >= $line_max) // CRLF is not counted
+          { 
+           $output .= $newline.$escape.$eol; //  soft line break; " =\r\n" is okay
+           $newline = '';
+           if($dec == 46) // check if newline first character will be point or not
+            {
+             $c = '=2E';
+            }
+          }
+         $newline .= $c;
+       } // end of for
+      $output .= $newline.$eol;
+     } // end of while
+    return $output;
+   }
+
+  /**
+  * sends an e-mail
+  *
+  * @param string $to
+  * @param string $subject
+  * @param string $message
+  * @param string $headers
+  * @return bool
+  */
+  public function send($to, $from, $subject, $message, $additional_parameters='')
+   {
+    $to = $this->mail_header_filter($to);
+    $subject = mb_encode_mimeheader($this->mail_header_filter($subject), $this->charset, self::MAIL_HEADER_TRANSFER_ENCODING, self::MAIL_HEADER_SEPARATOR);
+    $message = $this->my_quoted_printable_encode($message);
+
+    $headers  = "From: " . $this->mail_header_filter($from) . self::MAIL_HEADER_SEPARATOR;
+    $headers .= "MIME-Version: 1.0" . self::MAIL_HEADER_SEPARATOR;
+    $headers .= "X-Sender-IP: ".$_SERVER["REMOTE_ADDR"] . self::MAIL_HEADER_SEPARATOR;
+    #$headers .= "X-Mailer: " . BASE_URL . self::MAIL_HEADER_SEPARATOR;
+    $headers .= "Content-Type: text/plain; charset=" . $this->charset . self::MAIL_HEADER_SEPARATOR;
+    $headers .= "Content-Transfer-Encoding: quoted-printable";
+
+    if($additional_parameters)
+     {
+      if(@mail($to, $subject, $message, $headers, $additional_parameters))
+       {
+        return true;
+       }
+      else
+       {
+        return false;
+       }
+     }
+    else
+     {
+      if(@mail($to, $subject, $message, $headers))
+       {
+        return true;
+       }
+      else
+       {
+        return false;
+       }
+     }
+   }
+ }
+?>

cms/includes/classes/News.class.php

@@ -0,0 +1,241 @@
+<?php
+class News
+ {
+  #var $news = false;
+  public $total_pages;
+  public $current_page = 1;
+  public $news_per_page;
+  public $category='';
+  public $category_urlencoded='';
+  public $wfw=false;
+  private $id;
+  #private $pdo;
+  #private $db_settings;
+  private $current_time;
+  private $_localization;
+
+  public function __construct($id, $news_per_page)
+   {
+    $this->id = $id;
+    $this->news_per_page = $news_per_page;
+    $this->current_time = time();
+    $this->_localization = Localization::getInstance();
+
+    $category_identifier_length = strlen(CATEGORY_IDENTIFIER);
+    if(isset($_GET['get_1']) && substr($_GET['get_1'], 0, $category_identifier_length)==CATEGORY_IDENTIFIER) 
+     {
+      $this->category = str_replace(AMPERSAND_REPLACEMENT,'&',substr($_GET['get_1'],$category_identifier_length));
+      $this->category_urlencoded = str_replace('%26',AMPERSAND_REPLACEMENT,urlencode($this->category));
+     }
+
+    if(isset($_GET['get_2'])) $this->current_page = intval($_GET['get_2']); else $this->current_page = 1;
+    if($this->current_page==0) $this->current_page = 1;
+   }
+
+  public function get_news()
+   {
+    if($this->category)
+     {
+      $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page AND category=:category AND time<=:time AND status!=0");
+      $dbr->bindParam(':category', $this->category, PDO::PARAM_STR);
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page AND time<=:time AND status!=0");
+     }
+    $dbr->bindParam(':include_page', $this->id, PDO::PARAM_INT);
+    $dbr->bindParam(':time', $this->current_time, PDO::PARAM_INT);
+    $dbr->execute();
+    $news_count = $dbr->fetchColumn();
+    
+    if($this->category && $news_count==0)
+     {
+      header('Location: '.BASE_URL.PAGE);
+      exit;
+     }
+
+    $this->total_pages = ceil($news_count / $this->news_per_page);
+    if($this->current_page>$this->total_pages) $this->current_page = $this->total_pages;
+
+    $this->_localization->replacePlaceholder('current_page', $this->current_page, 'pagination');
+    $this->_localization->replacePlaceholder('total_pages', $this->total_pages, 'pagination');
+    
+    if($this->category)
+     {
+      $dbr = Database::$content->prepare("SELECT id, page, title, page_title, category, type, time, teaser_headline, teaser, teaser_formatting, teaser_img, link_name, headline, content, content_formatting FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page AND time<=:time AND category=:category AND status!=0 ORDER BY time DESC LIMIT ".(($this->current_page-1)*$this->news_per_page).", ".$this->news_per_page);
+      $dbr->bindParam(':category', $this->category, PDO::PARAM_STR);
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("SELECT id, page, title, page_title, category, type, time, teaser_headline, teaser, teaser_formatting, teaser_img, link_name, headline, content, content_formatting FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page AND time<=:time AND status!=0 ORDER BY time DESC LIMIT ".(($this->current_page-1)*$this->news_per_page).", ".$this->news_per_page);
+     } 
+    $dbr->bindParam(':include_page', $this->id, PDO::PARAM_INT);
+    $dbr->bindParam(':time', $this->current_time, PDO::PARAM_INT);
+    $dbr->execute();
+    $i=0;
+    while($news_data = $dbr->fetch())
+     {
+      if($news_data['type']=='commentable_page')
+       {
+        $dbr2 = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE type=0 AND comment_id=:comment_id");
+        $dbr2->bindParam(':comment_id', $news_data['id'], PDO::PARAM_INT);
+        $dbr2->execute();
+        #$comment_count = $dbr2->fetchColumn();
+        $news[$i]['comments'] = $dbr2->fetchColumn();
+        #$this->lang_replacements[$news_data['id']]['comments'] = $news[$i]['comments'];
+        $this->_localization->bindId('number_of_comments', $news_data['id']);
+        switch($news[$i]['comments'])
+         {
+          case 0:
+           $this->_localization->selectBoundVariant('number_of_comments', $news_data['id'], 0);
+           break;
+          case 1:
+           $this->_localization->selectBoundVariant('number_of_comments', $news_data['id'], 1);
+           break;
+          default:
+           $this->_localization->selectBoundVariant('number_of_comments', $news_data['id'], 2);
+           $this->_localization->replacePlaceholderBound('comments', $news[$i]['comments'], 'number_of_comments', $news_data['id']);
+         }
+       }
+
+      $news[$i]['id'] = $news_data['id'];
+      $news[$i]['category'] = $news_data['category'];
+      $news[$i]['category_urlencoded'] = str_replace('%26',AMPERSAND_REPLACEMENT,urlencode($news_data['category']));
+
+      $news[$i]['title'] = $news_data['title'];
+      if($news_data['teaser_headline']!='')
+       {
+        $news[$i]['teaser_headline'] = $news_data['teaser_headline'];
+       }
+      elseif($news_data['headline']!='')
+       {
+        $news[$i]['teaser_headline'] = $news_data['headline'];
+       }
+      elseif($news_data['title']!='')
+       {
+        $news[$i]['teaser_headline'] = $news_data['title'];
+       }
+      elseif($news_data['page_title']!='')
+       {
+        $news[$i]['teaser_headline'] = $news_data['page_title'];
+       }
+      else
+       {
+        $news[$i]['teaser_headline'] = $news_data['page'];
+       }
+      if($news_data['teaser']!='')
+       {
+        if($news_data['teaser_formatting']==1)
+         {
+          $news[$i]['teaser'] = auto_html($news_data['teaser']);
+         }
+        else
+         {
+          $news[$i]['teaser'] = $news_data['teaser'];
+         }
+        $news[$i]['more'] = true;
+       }
+      else
+       {
+        if($news_data['content_formatting']==1)
+         {
+          $news[$i]['teaser'] = auto_html($news_data['content']);
+         }
+        else
+         {
+          $news[$i]['teaser'] = $news_data['content'];
+         }
+        $news[$i]['teaser'] = parse_special_tags($news[$i]['teaser'], $news_data['page']);
+        $news[$i]['more'] = false;
+       }
+
+      #$this -> news[$i]['teaser'] = stripslashes($teaser);
+      $news[$i]['page'] = $news_data['page'];
+      $news[$i]['timestamp'] = $news_data['time'];
+      #$news[$i]['time'] = $news_data['time'];
+      #$news[$i]['formated_time'] = format_time(TIME_FORMAT_FULL, $news_data['time']);
+
+      #$this->lang_replacements[$news_data['id']]['time'] = $news_data['time'];
+
+      $this->_localization->bindReplacePlaceholder($news_data['id'], 'time', $news_data['time'], 'news_time', Localization::FORMAT_TIME);
+
+      #$loc->bind_id('news_time', $key);
+      #$loc->replace_placeholder_bound('time', $val['time'], 'news_time', $key, Localization::FORMAT_TIME);
+
+      if(trim($news_data['teaser_img']!=''))
+       {
+        $news[$i]['teaser_img'] = $news_data['teaser_img'];
+        $teaser_img_info = getimagesize(BASE_PATH.MEDIA_DIR.$news_data['teaser_img']);
+        $news[$i]['teaser_img_width'] = $teaser_img_info[0];
+        $news[$i]['teaser_img_height'] = $teaser_img_info[1];
+       }
+      $news[$i]['link_name'] = stripslashes($news_data['link_name']);
+      $i++;
+     }
+    if(isset($news)) return $news;
+    return false;
+   }
+  
+  public function get_feed($rss_maximum_items=20, $fullfeed=false)
+   {
+    $dbr = Database::$content->prepare("SELECT id, page, type, category, title, teaser, teaser_formatting, teaser_img, headline, content, content_formatting, time, last_modified FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page AND time<=:time AND status!=0 ORDER BY time DESC LIMIT ".$rss_maximum_items);
+    $dbr->bindParam(':include_page', $this->id, PDO::PARAM_INT);
+    $dbr->bindParam(':time', $this->current_time, PDO::PARAM_INT);
+    $dbr->execute();
+   
+    $i=0;
+    while($rss_data = $dbr->fetch())
+     {
+      $rss_items[$i]['category'] = htmlspecialchars($rss_data['category']);
+      $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+  
+      if($rss_data['headline'] && $fullfeed || empty($rss_data['teaser_headline'])) $rss_items[$i]['title'] = htmlspecialchars($rss_data['headline']);
+      elseif($rss_data['teaser_headline']) $rss_items[$i]['title'] = htmlspecialchars($rss_data['teaser_headline']);
+      else $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+  
+      if($fullfeed || $rss_data['teaser']=='')
+       {
+        if($rss_data['content_formatting']==1)
+         {
+          $rss_items[$i]['content'] = auto_html($rss_data['content']);
+         }
+        else
+         {
+          $rss_items[$i]['content'] = $rss_data['content'];
+         }
+        $rss_items[$i]['content'] = parse_special_tags($rss_items[$i]['content'], $parent_page=$rss_data['page'], $rss=true);
+       }
+      else
+       {
+        if($rss_data['teaser_formatting']==1)
+         {
+          $rss_items[$i]['content'] = auto_html($rss_data['teaser']);
+         }
+        else
+         {
+          $rss_items[$i]['content'] = $rss_data['teaser'];
+         }
+       }
+
+      if(!$fullfeed && $rss_data['teaser_img']) 
+       {
+        $rss_items[$i]['teaser_img'] = $rss_data['teaser_img'];
+        $teaser_img_info = getimagesize(BASE_PATH.MEDIA_DIR.$rss_data['teaser_img']);
+        $rss_items[$i]['teaser_img_width'] = $teaser_img_info[0];
+        $rss_items[$i]['teaser_img_height'] = $teaser_img_info[1];
+       }
+
+      $rss_items[$i]['link'] = BASE_URL.$rss_data['page'];
+      $rss_items[$i]['pubdate'] = gmdate('r',$rss_data['time']);
+      if($rss_data['type']=='commentable_page')
+       {
+        $this->wfw = true;
+        $rss_items[$i]['commentrss'] = BASE_URL.$rss_data['page'].',commentrss';
+       }
+      $i++;
+     }
+    if(isset($rss_items)) return $rss_items;
+    return false;    
+   }
+ }
+?>

cms/includes/classes/Pingback.class.php

@@ -0,0 +1,308 @@
+<?php
+class Pingback
+ {
+  public $pingback_title_maxlength = 100;
+  public $settings;
+  private $url;
+  private $_localization;
+
+  public function __construct()
+   {
+    $this->_localization = Localization::getInstance();
+   }
+   
+  public function get_pingback($id)
+   {
+    $postdata = file_get_contents("php://input");
+    if($postdata)
+     {
+      $xml = new SimpleXMLElement($postdata);
+      $pingback_sender_url = strval($xml->params->param[0]->value->string);
+      $pingback_receiver_url = strval($xml->params->param[1]->value->string);
+      
+      // get content:
+      if($pingback_sender_url)
+       {       
+        if($url_content = $this->_get_url_content($pingback_sender_url))
+         { 
+
+          if(strpos($url_content[1], BASE_URL.PAGE)!==false) // link found
+           {
+            
+            // get title:
+            preg_match("/<title>(.*)<\/title>/i", $url_content[1], $matches);
+            if(isset($matches[1]) && trim($matches[1])!='')
+             {
+              $pingback_title = trim(filter_control_characters($matches[1]));
+              if(mb_strlen($pingback_title) > $this->pingback_title_maxlength) $pingback_title = truncate($pingback_title, $this->pingback_title_maxlength);
+             }
+            else $pingback_error = true;
+
+            // get body:
+            preg_match("/<body[^>]*>(.*)<\/body>/smi", $url_content[1], $b_matches);
+            if(isset($b_matches[1]) && trim($b_matches[1])!='')
+             {
+              $body = strip_tags($b_matches[1]);
+              $body = preg_replace("/\015\012|\015|\012/", "\n", $body);
+              $body_lines = explode("\n", $body);
+              $cleared_body = '';
+              foreach($body_lines as $body_line)
+               {
+                if(trim($body_line)!='') $cleared_body .= trim($body_line).' ';
+               }
+              $cleared_body = trim(filter_control_characters($cleared_body));
+             }
+            else $pingback_error = true;
+
+            if(empty($pingback_error))
+             {
+              // not accepted words check:
+              $joined_message = mb_strtolower($pingback_title.' '.$pingback_sender_url.' '.$cleared_body);
+              $not_accepted_words = get_not_accepted_words($joined_message);
+              if($not_accepted_words) $pingback_error = true;
+             }             
+            
+            if(empty($pingback_error))
+             {
+              // Akismet spam check:
+              if($this->settings['akismet_key']!='' && $this->settings['akismet_entry_check']==1)
+               {
+                $check_posting['author'] = $pingback_title;
+                $check_posting['website'] = $pingback_sender_url;
+                $check_posting['body'] = truncate($cleared_body, 3000);
+
+                $akismet = new Akismet(BASE_URL, $this->settings['akismet_key'], $check_posting);
+
+                // test for errors
+                if($akismet->errorsExist()) // returns true if any errors exist
+                 {
+                  //$pingback_error = true;
+                  if($akismet->isError(AKISMET_INVALID_KEY))
+                   {
+                    $akismet_errors[] = 'akismet_error_api_key';
+                   }
+                  elseif($akismet->isError(AKISMET_RESPONSE_FAILED))
+                   {
+                    $akismet_errors[] = 'akismet_error_connection';
+                   }
+                  elseif($akismet->isError(AKISMET_SERVER_NOT_FOUND))
+                   {
+                    $akismet_errors[] = 'akismet_error_connection';
+                   }
+                 }
+                else
+                 {
+                  // No errors, check for spam
+                  if($akismet->isSpam())
+                   {
+                    // TODO:
+                    #$pingback_error = true;
+                    $akismet_spam = true;
+                   
+                    #$mail = new Mail();
+                    #$mail->send($this->settings['email'], $this->settings['email'], 'Pingback-Spam?', $check_posting['author']."\n".$check_posting['website']."\n".$check_posting['body'], $this->settings['mail_parameter']);                   
+                   
+                   }
+                 }
+               }             
+             }
+             
+            if(empty($pingback_error))            
+             {
+              // check if url was already posted: 
+              $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE comment_id=:comment_id AND type=0 AND comment='' AND email_hp=:email_hp");
+              $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
+              $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
+              $dbr->execute();
+              $comment_count = $dbr->fetchColumn();
+              if($comment_count>0) $pingback_error = true;
+             }
+             
+            if(empty($pingback_error))
+             {
+              $dbr = Database::$entries->prepare("INSERT INTO ".Database::$db_settings['comment_table']." (type, comment_id, time, ip, name, email_hp, comment) VALUES (0, :comment_id, :time, :ip, :name, :email_hp, '')");
+              $dbr->bindParam(':comment_id', $id, PDO::PARAM_INT);
+              $dbr->bindValue(':time', time(), PDO::PARAM_INT);
+              $dbr->bindParam(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
+              $dbr->bindParam(':name', $pingback_title, PDO::PARAM_STR);
+              $dbr->bindParam(':email_hp', $pingback_sender_url, PDO::PARAM_STR);
+              $dbr->execute();
+              
+              // E-mail notification to admin:
+              if($this->settings['comment_notification'] && $this->settings['email'])
+               {
+                $this->_localization->replacePlaceholder('page', PAGE, 'pingback_notification_subject');
+                $this->_localization->replacePlaceholder('title', $pingback_title, 'pingback_notification_message');
+                $this->_localization->replacePlaceholder('url', $pingback_sender_url, 'pingback_notification_message');
+                $this->_localization->replacePlaceholder('link', BASE_URL.PAGE, 'pingback_notification_message');
+                
+                // TODO:
+                if(isset($akismet_spam)) $add = "\n\nAkismet: SPAM!";
+                else $add = '';
+                
+                $mail = new Mail();
+                $mail->set_charset(CHARSET);
+                $mail->send($this->settings['email'], $this->settings['email'], Localization::$lang['pingback_notification_subject'], Localization::$lang['pingback_notification_message'].$add, $this->settings['mail_parameter']);
+               }
+              
+              $response = '<?xml version="1.0"?><methodResponse><params><param><value><string>OK</string></value></param></params></methodResponse>';
+              header('Content-Type: text/xml');
+              echo $response;
+              return true;
+             }
+            
+           }
+         }
+       }
+     }
+    
+    $response = '<?xml version="1.0"?><methodResponse><fault><value><struct><member><name>faultCode</name><value><int>0</int></value></member><member><name>faultString</name><value><string>FAIL</string></value></member></struct></value></fault></methodResponse>';
+    header('Content-Type: text/xml');
+    echo $response;
+    return false;
+   }
+
+  public function ping($url, $content)
+   {
+    $this->url = $url;
+    if($links = $this->_get_links($content))
+     {
+      foreach($links as $link)
+       {
+        if($pingback_url = $this->_get_pingback_url($link))
+         {
+          $this->_send_pingback($pingback_url, $link);
+         }
+       }
+     }
+   }
+
+  private function _get_links($content)
+   {
+    preg_match_all('#<a[^>]+href\s*=\s*("([^"]+)"|\'([^\']+)\')[^>]*>(.+)</a>#Ui', $content, $matches);
+    $links = array();
+    $links = array_unique(array_merge($matches[2], $matches[3]));
+    $count = count($links);
+    for($i = 0; $count > $i; $i++)
+     {
+      if(substr($links[$i], 0, 4) == "http" && strpos($links[$i], BASE_URL)===false)
+      if(strpos($links[$i], BASE_URL)===false)
+       {
+        $cleared_links[] = $links[$i];
+       }
+     }
+    if(isset($cleared_links)) return $cleared_links;
+    return false;
+   }
+
+  private function _get_pingback_url($link)
+   {
+    if($url_content = $this->_get_url_content($link))
+     {
+      if($header = $this->_import_header($url_content[0]))
+       {
+        if(isset($header['x-pingback'])) return $header['x-pingback'];
+        preg_match('<link rel="pingback" href="([^"]+)" ?/?>', $url_content[1], $matches);
+        if($matches[1]) return $matches[1];
+       }
+     }
+    return false;
+   }
+
+  private function _send_pingback($pingback_url, $link)
+   {
+    $url_parts = parse_url($pingback_url);
+    if(empty($url_parts['path'])) $url_parts['path'] = '/';
+    if(isset($url_parts['query'])) $url_parts['path'] .= '?'.$url_parts['query'];
+    if(isset($url_parts['fragment'])) $url_parts['path'] .= '#'.$url_parts['fragment'];
+    
+    $request = '<?xml version="1.0"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>'.$this->url.'</string></value></param><param><value><string>'.$link.'</string></value></param></params></methodCall>';
+    if($fp = @fsockopen($url_parts['host'], 80, $error_nr, $error, 3))
+     {
+      $http_request  = "POST " . $url_parts['path'] . " HTTP/1.0\r\n";
+      $http_request .= "Host: " . $url_parts['host'] . "\r\n";
+      #$http_request .= "Content-Type: text/xml; charset=utf-8\r\n";
+      $http_request .= "Content-Type: text/xml\r\n";
+      $http_request .= "User-Agent: phpSQLiteCMS\r\n";
+      $http_request .= "Content-Length: " . strlen($request) . "\r\n";
+      $http_request .= "\r\n";
+      $http_request .= $request;
+      $response = '';
+      fwrite($fp, $http_request);  
+      while(!feof($fp))
+       {
+        $response .= fgets($fp, 4096);
+       }
+      fclose($fp);
+      #echo '<pre>'.$response;
+      #exit;
+     }
+   }
+
+  private function _get_url_content($url)
+   { 
+    $url_parts = parse_url($url);
+    if(empty($url_parts['path'])) $url_parts['path'] = '/';
+    if(isset($url_parts['query'])) $url_parts['path'] .= '?'.$url_parts['query'];
+    if(isset($url_parts['fragment'])) $url_parts['path'] .= '#'.$url_parts['fragment'];
+      
+    if($fp = @fsockopen($url_parts['host'], 80, $error_nr, $error, 3))
+     {
+      $http_request  = "GET " . $url_parts['path'] . " HTTP/1.0\r\n";
+      $http_request .= "Host: " . $url_parts['host'] . "\r\n";
+      $http_request .= "User-Agent: phpSQLiteCMS\r\n";
+      #$http_request .= "Content-Type: text/plain; charset=utf-8\r\n";
+      #$http_request .= "Content-Length: " . strlen($request) . "\r\n";
+      $http_request .= "\r\n";
+      #$http_request .= $request;
+      $response = '';
+      fwrite($fp, $http_request);  
+      while(!feof($fp))
+       {
+        $response .= fgets($fp, 4096);
+       }
+      fclose($fp); 
+     }
+
+    if($response)
+     {      
+      // divide header/body:
+      $response = $response;
+      $response_parts = explode("\r\n\r\n", $response, 2);
+      if(isset($response_parts[0]) && isset($response_parts[1]))
+       {      
+        return $response_parts;
+       }      
+      else
+       {
+        return false;
+       } 
+     }
+    return false;
+   }
+   
+  private function _import_header($header)
+   {
+    $header = preg_replace("/\015\012|\015|\012/", "\n", $header);
+    $lines = explode("\n", $header);
+    foreach($lines as $line)
+     {
+      if(trim($line)!='')
+       {
+        unset($separator_pos);
+        #$parts = explode(': ', $line);
+        $separator_pos = strpos($line, ':');
+        if($separator_pos!==false)
+         {
+          $key = strtolower(trim(substr($line, 0,$separator_pos)));
+          $val = trim(substr($line, $separator_pos+1));
+          if($key && $val) $header_parts[$key] = $val;
+         }
+       }
+     }   
+    if(isset($header_parts)) return $header_parts;
+    else return false;
+   }
+  
+ }
+?>

cms/includes/classes/ShowPhoto.class.php

@@ -0,0 +1,143 @@
+<?php
+class ShowPhoto
+ {
+  var $photo_data;
+  var $show_comments = 0;
+  var $photo_nr;
+  var $photo_size = 0;
+
+  function ShowPhoto($photo_id)
+   {
+    #global $settings, $db_settings, $pdo;
+    #if(empty($qsp[2])) $qsp[2]=0;
+    if(isset($_GET['get_3']) && $_GET['get_3']!=0) $photo_size = 1;
+    else $photo_size = 0;
+
+    if(isset($_GET['get_4'])) $this->show_comments = 1;
+    else $this->show_comments = 0;
+
+    $photo_id = intval($photo_id);
+
+    $photo_result = Database::$content->prepare('SELECT id, gallery, sequence, photo_thumbnail, photo_normal, photo_large, width, height, large_height, large_width, title, subtitle, description, description_formatting, template FROM '.Database::$db_settings['photo_table'].' WHERE id=:id LIMIT 1');
+    $photo_result->bindValue(':id', $photo_id, PDO::PARAM_INT);
+    $photo_result->execute();
+    $photo_data = $photo_result->fetch();
+
+    if(isset($photo_data['id']))
+     {
+      // get ids of photos of current gallery:
+      $gallery_result = Database::$content->prepare('SELECT id FROM '.Database::$db_settings['photo_table'].' WHERE gallery=:gallery ORDER BY sequence ASC');
+      $gallery_result->bindValue(':gallery', $photo_data['gallery'], PDO::PARAM_STR);
+      $gallery_result->execute();
+      while($gallery_data = $gallery_result->fetch())
+       {
+        $gallery_items[] = $gallery_data['id'];
+       }
+      $total_photos = count($gallery_items);
+      $current_photo_key = array_search($photo_data['id'], $gallery_items);
+      // get id of first, last, next and previous photo:
+      $first_photo = $gallery_items[0];
+      $last_photo = $gallery_items[$total_photos-1];
+      if(isset($gallery_items[$current_photo_key+1]))
+       {
+        $next_photo = $gallery_items[$current_photo_key+1];
+       }
+      else
+       {
+        $next_photo = $first_photo;
+       }
+      if(isset($gallery_items[$current_photo_key-1]))
+       {
+        $previous_photo = $gallery_items[$current_photo_key-1];
+       }
+      else
+       {
+        $previous_photo = $last_photo;
+       }
+      if($previous_photo==$photo_id)
+       {
+        $previous_photo = 0;
+        $next_photo = 0;
+       }
+
+      $this->photo_data['id'] = $photo_id;
+      $this->photo_data['gallery'] = $photo_data['gallery'];
+      $this->photo_data['gallery_items'] = $gallery_items;
+      $this->photo_data['previous_photo'] = $previous_photo;
+      $this->photo_data['next_photo'] = $next_photo;
+      $this->photo_data['total_photos'] = $total_photos;
+      $this->photo_data['photo_number'] = $current_photo_key+1;
+
+      $this->photo_data['photo_size'] = $photo_size;
+      if($photo_data['photo_large']!='') $this->photo_data['photo_large_available'] = 1;
+
+      if($photo_size==1 && $photo_data['photo_large']!='') $this->photo_data['photo'] = $photo_data['photo_large'];
+      else $this->photo_data['photo'] = $photo_data['photo_normal'];
+      $this->photo_data['photo_large'] = $photo_data['photo_large'];
+      $this->photo_data['thumbnail'] = $photo_data['photo_thumbnail'];
+
+      $this->photo_data['title'] = $photo_data['title'];
+      $this->photo_data['subtitle'] = $photo_data['subtitle'];
+      if($photo_data['description_formatting']==1)
+       {
+        $this->photo_data['description'] = auto_html($photo_data['description']);
+       }
+      else
+       {
+        $this->photo_data['description'] = $photo_data['description'];
+       }
+
+
+      if(substr(strtolower($this->photo_data['photo']), -4) == '.swf')
+       {
+        $this->photo_data['type'] = 'flash';
+        if($this->photo_data['photo_size']==1)
+         {
+          $this->photo_data['width'] = intval($photo_data['large_width']);
+          $this->photo_data['height'] = intval($photo_data['large_height']);
+         }
+        else
+         {
+          $this->photo_data['width'] = intval($photo_data['width']);
+          $this->photo_data['height'] = intval($photo_data['height']);
+         }
+       }
+      elseif(substr(strtolower($this->photo_data['photo']), -4) == '.flv')
+       {
+        $this->photo_data['type'] = 'flv';
+        if($this->photo_data['photo_size']==1)
+         {
+          $this->photo_data['width'] = intval($photo_data['large_width']);
+          $this->photo_data['height'] = intval($photo_data['large_height']);
+         }
+        else
+         {
+          $this->photo_data['width'] = intval($photo_data['width']);
+          $this->photo_data['height'] = intval($photo_data['height']);
+         }
+       }
+      else
+       {
+        $this->photo_data['type'] = 'image';
+        $photo_info = getimagesize(BASE_PATH.MEDIA_DIR.$this -> photo_data['photo']);
+        $this->photo_data['width'] = $photo_info[0];
+        $this->photo_data['height'] = $photo_info[1];
+       }
+      $this->photo_data['template'] = $photo_data['template'];
+      #$this -> photo_data['language_file'] = $photo_data['language_file'];
+      #$this -> photo_data['language_file'] = $language_file;
+     }
+    #return $this->photo_data;
+   }
+
+  function get_photo_data()
+   {
+    return $this->photo_data;
+   }
+
+  function show_comments()
+  {
+   return $this->show_comments;
+  }
+ }
+?>

cms/includes/classes/Template.class.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * A very simple template class
+ *
+ * @author Mark Alexander Hoschek <alex at mylittlehomepage dot net>
+ * @copyright 2009 Mark Alexander Hoschek
+ */
+
+class Template
+ {
+  private $_templateVars = false;
+
+  /**
+  * assigns template vars
+  *
+  * @param string $name
+  * @param string $value
+  */
+  public function assign($name,$value)
+   {
+    $this->_templateVars[$name] = $value;
+   }
+
+  /**
+  * displays the template
+  *
+  * @param string $template
+  */
+  public function display($template)
+   {
+    if($this->_templateVars)
+     {
+      foreach($this->_templateVars as $__key => $__val)
+       {
+        $$__key = $__val;
+       }
+     }
+    include($template);
+   }
+
+  /**
+  * returns template content
+  *
+  * @param string $template
+  * @return string
+  */
+  public function fetch($template)
+   {
+    if($this->_templateVars)
+     {
+      foreach($this->_templateVars as $__key => $__val)
+       {
+        $$__key = $__val;
+       }
+     }
+    ob_start();
+    include($template);
+    $data = ob_get_contents();
+    ob_end_clean();
+    return $data;
+   }
+ }
+?>

cms/includes/comments.inc.php

@@ -0,0 +1,402 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+  $type = isset($_REQUEST['type']) && $_REQUEST['type']==1 ? 1 : 0; // 0 = page comments, 1 = photo comments
+  $template->assign('type', $type);
+
+  $page = isset($_REQUEST['page']) ? intval($_REQUEST['page']) : 1;
+  $template->assign('page', $page);
+
+  $comment_id = isset($_REQUEST['comment_id']) ? $_REQUEST['comment_id'] : 0;
+  $template->assign('comment_id', $comment_id);
+
+  if(isset($_GET['photos_commentable']))
+   {
+    $photos_commentable = $_GET['photos_commentable']==1 ? 1 : 0;
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name='photos_commentable'");
+    $dbr->bindParam(':value', $photos_commentable, PDO::PARAM_INT);
+    $dbr->execute();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type=1');
+    exit;
+   }
+
+  if(isset($_GET['edit']))
+   {
+    $dbr = Database::$entries->prepare("SELECT id, name, email_hp, comment FROM ".Database::$db_settings['comment_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['edit'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['id']))
+     {
+      $comment['id'] = $data['id'];
+      $comment['name'] = htmlspecialchars($data['name']);
+      $comment['email_hp'] = htmlspecialchars($data['email_hp']);
+      $comment['comment'] = htmlspecialchars($data['comment']);
+      $template->assign('comment', $comment);
+      $action = 'edit';
+     }
+    else
+     {
+      $action = 'invalid_request';
+     }
+   }
+
+  if(isset($_POST['edit_submit']))
+   {
+    $name = isset($_POST['name']) ? trim($_POST['name']) : '';
+    $email_hp = isset($_POST['email_hp']) ? trim($_POST['email_hp']) : '';
+    $comment = isset($_POST['comment']) ? trim($_POST['comment']) : '';
+    $id = isset($_POST['id']) ? intval($_POST['id']) : 0;
+    $dbr = Database::$entries->prepare("UPDATE ".Database::$db_settings['comment_table']." SET name=:name, email_hp=:email_hp, comment=:comment WHERE id=:id");
+    $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+    $dbr->bindParam(':name', $name, PDO::PARAM_STR);
+    $dbr->bindParam(':email_hp', $email_hp, PDO::PARAM_STR);
+    $dbr->bindParam(':comment', $comment, PDO::PARAM_STR);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type.'&comment_id='.$comment_id.'&page='.$page);
+    exit;
+   }
+
+  if(isset($_GET['delete']))
+   {
+    $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE id=:id");
+    $dbr->bindParam(':id', $_GET['delete'], PDO::PARAM_INT);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type.'&comment_id='.$comment_id.'&page='.$page);
+    exit;
+   }
+
+  if(isset($_GET['report_spam']))
+   {
+    $dbr = Database::$entries->prepare("SELECT id, time, name, comment FROM ".Database::$db_settings['comment_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['report_spam'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['id']))
+     {
+      $comment['id'] = $data['id'];
+      $comment['name'] = htmlspecialchars($data['name']);
+      $comment['time'] = $data['time'];
+      $comment['comment'] = htmlspecialchars($data['comment']);
+      $template->assign('comment', $comment);
+     }
+    $action = 'report_spam';
+   }
+
+  if(isset($_POST['report_as_spam']) || isset($_POST['report_as_spam_and_delete']))
+   {
+    if($settings['akismet_key']!='' && $settings['akismet_entry_check']==1)
+     {
+      $dbr = Database::$entries->prepare("SELECT id, name, email_hp, comment FROM ".Database::$db_settings['comment_table']." WHERE id=:id LIMIT 1");
+      $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['id']))
+       {
+        #$comment['id'] = $data['id'];
+        $comment['author'] = $data['name'];
+        if($data['email_hp'] != '')
+         {
+          if(preg_match("/^[^@]+@.+\.\D{2,5}$/", $data['email_hp']))
+           {
+            $comment['email'] = $data['email_hp'];
+           }
+          else
+           {
+            $comment['website'] = $data['email_hp'];
+           }
+         }
+        $comment['body'] = $data['comment'];
+        $akismet = new Akismet(BASE_URL, $settings['akismet_key'], $comment);
+        if(!$akismet->errorsExist())
+         {
+          $akismet->submitSpam();
+         }
+        if(isset($_POST['report_as_spam_and_delete']))
+         {
+          $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE id=:id");
+          $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+          $dbr->execute();
+          if(isset($cache) && $cache->autoClear) $cache->clear();
+         }
+       }
+     }
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type.'&comment_id='.$comment_id.'&page='.$page);
+    exit;
+   }
+
+  if(isset($_POST['delete_checked']))
+   {
+    if(isset($_POST['checked']) && is_array($_POST['checked']))
+     {
+      $dbr = Database::$entries->prepare("SELECT id, name, comment FROM ".Database::$db_settings['comment_table']." WHERE id=:id ORDER BY comment_id ASC");
+      $dbr->bindParam(':id', $checked_id, PDO::PARAM_INT);
+      $i=0;
+      #Database::$entries->beginTransaction();
+      foreach($_POST['checked'] as $checked_id)
+       {
+        $dbr->execute();
+        $data = $dbr->fetch();
+        $comments[$i]['id'] = $data['id'];
+        $comments[$i]['name'] = htmlspecialchars($data['name']);
+        $comments[$i]['comment'] = htmlspecialchars($data['comment']);
+        if(mb_strlen($comments[$i]['comment'],CHARSET) > 50) $comments[$i]['comment'] = mb_substr($comments[$i]['comment'],0,47,CHARSET).'...';
+        ++$i;
+       }
+      #Database::$entries->commit();
+
+      if(isset($comments))
+       {
+        $template->assign('comments',$comments);
+        $action = 'delete_checked';
+       }
+     }
+   }
+
+  if(isset($_POST['delete_all_comments']))
+   {
+    $action = 'delete_all_comments';
+   }
+
+  if(isset($_POST['delete_all_comments_page']))
+   {
+    if($comment_id>0)
+     {
+      $dbr = Database::$content->query("SELECT title FROM ".Database::$db_settings['pages_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $comment_id, PDO::PARAM_INT);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['title']))
+       { 
+        $template->assign('page', htmlspecialchars($data['title']));
+        $action = 'delete_all_comments_page';
+       }      
+     }
+   }
+
+  if(isset($_POST['delete_checked_confirmed']))
+   {
+    if(isset($_POST['checked_ids_confirmed']) && is_array($_POST['checked_ids_confirmed']))
+     {
+      $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $delete_id, PDO::PARAM_INT);
+      Database::$entries->beginTransaction();
+      foreach($_POST['checked_ids_confirmed'] as $delete_id)
+       {
+        $dbr->execute();
+       }
+      Database::$entries->commit();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+     }
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type.'&page='.$page);
+    exit;
+   }
+
+  if(isset($_POST['delete_all_comments_confirmed']))
+   {
+    $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE type=:type");
+    $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type);
+    exit;
+   }
+
+  if(isset($_POST['delete_all_comments_page_confirmed']))
+   {
+    $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id");
+    $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+    $dbr->bindParam(':comment_id', $_POST['comment_id'], PDO::PARAM_INT);
+    Database::$entries->beginTransaction();
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=comments&type='.$type);
+    exit;
+   }
+
+
+  switch($action)
+   {
+    case 'main':
+     // count comments:
+     if($comment_id==0)
+      {
+       $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE type=:type");
+       $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+       $dbr->execute();
+       $comment_count = $dbr->fetchColumn();
+      }
+     else
+      {
+       $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id");
+       $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+       $dbr->bindParam(':comment_id', $comment_id, PDO::PARAM_INT);
+       $dbr->execute();
+       $comment_count = $dbr->fetchColumn();
+       // no comments to item, switch to all items:
+       if($comment_count==0)
+        {
+         $comment_id=0;
+         $dbr = Database::$entries->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['comment_table']." WHERE type=:type");
+         $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+         $dbr->execute();
+         $comment_count = $dbr->fetchColumn();
+        }
+      }
+
+     // pages:
+     $pages = ceil($comment_count / $settings['admin_entries_per_page']);
+     if($page < 1) $page=1;
+     if($page > $pages && $page != 1) $page = $pages;
+     $template->assign('page', $page);
+
+     #$pagination = pagination($pages,$page,3,true);
+     $template->assign('pagination',pagination($pages,$page,3,true));
+
+     // get $comment_ids of all comments:
+     $dbr = Database::$entries->prepare("SELECT DISTINCT comment_id FROM ".Database::$db_settings['comment_table']." WHERE type=:type ORDER BY comment_id ASC");
+     $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+     $dbr->execute();
+     while($data = $dbr->fetch())
+      {
+       $comment_ids[] = $data['comment_id'];
+      }
+
+     // get ids, pages, titles etc. of commented items:
+     if(isset($comment_ids))
+      {
+       $comment_ids_list = implode(',',$comment_ids);
+       if($type==0)
+        {
+         $dbr = Database::$content->query("SELECT id, page, title FROM ".Database::$db_settings['pages_table']." WHERE id IN (".$comment_ids_list.")");
+         while($data = $dbr->fetch())
+          {
+           $items[$data['id']]['page'] = htmlspecialchars($data['page']);
+           $items[$data['id']]['title'] = htmlspecialchars($data['title']);
+          }
+        }
+       else
+        {
+         $dbr = Database::$content->query("SELECT id, photo_thumbnail, photo_normal, title FROM ".Database::$db_settings['photo_table']." WHERE id IN (".$comment_ids_list.")");
+         while($data = $dbr->fetch())
+          {
+           $items[$data['id']]['page'] = htmlspecialchars($data['title']);
+           $items[$data['id']]['title'] = htmlspecialchars($data['title']);
+           $items[$data['id']]['photo_thumbnail'] = htmlspecialchars($data['photo_thumbnail']);
+           $items[$data['id']]['photo_normal'] = htmlspecialchars($data['photo_normal']);
+          }
+        }
+      }
+
+     if(isset($items))
+      {
+       asort($items);
+       $template->assign('items', $items);
+      }
+
+     // get comments:
+     if($comment_id==0)
+      {
+       $dbr = Database::$entries->prepare("SELECT id, comment_id, time, name, email_hp, comment, ip FROM ".Database::$db_settings['comment_table']." WHERE type=:type ORDER BY id DESC LIMIT ".$settings['admin_entries_per_page']." OFFSET ".(($page-1)*$settings['admin_entries_per_page']));
+       $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+       $dbr->execute();
+      }
+     else
+      {
+       $dbr = Database::$entries->prepare("SELECT id, comment_id, time, name, email_hp, comment, ip FROM ".Database::$db_settings['comment_table']." WHERE type=:type AND comment_id=:comment_id ORDER BY id DESC LIMIT ".$settings['admin_entries_per_page']." OFFSET ".(($page-1)*$settings['admin_entries_per_page']));
+       $dbr->bindParam(':type', $type, PDO::PARAM_INT);
+       $dbr->bindParam(':comment_id', $comment_id, PDO::PARAM_INT);
+       $dbr->execute();
+      }
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       #$item_ids[] = $data['comment_id'];
+       $comments[$i]['id'] = $data['id'];
+       $comments[$i]['comment_id'] = $data['comment_id'];
+       $comments[$i]['time'] = $data['time'];
+       $comments[$i]['name'] = htmlspecialchars($data['name']);
+       
+       if($data['email_hp'])
+        {
+         if(preg_match("/^[^@]+@.+\.\D{2,5}$/", $data['email_hp']))
+          {
+           $comments[$i]['email_hp'] = 'mailto:'.htmlspecialchars($data['email_hp']);
+          }
+         else
+          {
+           $comments[$i]['email_hp'] = add_http_if_no_protocol(htmlspecialchars($data['email_hp']));
+          }
+        }
+       
+       $comments[$i]['comment'] = htmlspecialchars($data['comment']);
+       if($settings['comment_remove_blank_lines']==1)
+        {
+         $entry_array = explode("\n", $comments[$i]['comment']);
+         $comment = '';
+         foreach($entry_array as $entry_line)
+          {
+           $entry_line = trim($entry_line);
+           if($entry_line!='') $comment .= $entry_line."\n";
+          }
+         $comments[$i]['comment'] = $comment;
+        }
+       $comments[$i]['comment'] = nl2br($comments[$i]['comment']);
+       $comments[$i]['ip'] = htmlspecialchars($data['ip']);
+       ++$i;
+      }
+
+     if(isset($comments))
+      {
+       $template->assign('comments', $comments);
+      }
+
+     if(isset($item_titles))
+      {
+       asort($item_titles);
+       $template->assign('item_titles', $item_titles);
+      }
+
+     if($comment_id!=0)
+      {
+       if($type==0) $localization->replacePlaceholder('page', $items[$comment_id]['title'], 'delete_all_comments_page');
+       else $localization->replacePlaceholder('photo', $items[$comment_id]['title'], 'delete_all_comments_photo');
+      }
+     if($type==1)
+      {
+       if($settings['photos_commentable']==1) $localization->replaceLink('index.php?mode=comments&amp;type=1&amp;photos_commentable=0', 'photo_comments_enabled');
+       if($settings['photos_commentable']==0) $localization->replaceLink('index.php?mode=comments&amp;type=1&amp;photos_commentable=1', 'photo_comments_disabled');
+      }
+
+     $template->assign('subtitle', Localization::$lang['comments']);
+     $template->assign('subtemplate', 'comments.inc.tpl');
+    break;
+    case 'edit':
+     $template->assign('subtitle', Localization::$lang['edit_comment']);
+     $template->assign('subtemplate', 'comments_edit.inc.tpl');
+     break;
+    case 'delete_checked':
+     $template->assign('subtitle', Localization::$lang['delete_comments']);
+     $template->assign('subtemplate', 'comments_delete.inc.tpl');
+     break;
+    case 'delete_all_comments':
+     $template->assign('subtitle', Localization::$lang['delete_comments']);
+     $template->assign('subtemplate', 'comments_delete_all.inc.tpl');
+     break;
+    case 'delete_all_comments_page':
+     $template->assign('subtitle', Localization::$lang['delete_comments']);
+     $template->assign('subtemplate', 'comments_delete_all_page.inc.tpl');
+    break;
+    case 'report_spam':
+     $template->assign('subtitle', Localization::$lang['report_spam']);
+     $template->assign('subtemplate', 'comments_report_spam.inc.tpl');
+     break;
+   }
+ }
+?>

cms/includes/content.inc.php

@@ -0,0 +1,281 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+// menus:
+$template->assign('menus', get_menus());
+
+// global content blocks:
+if($settings['global_content_blocks']) $template->assign('gcb', get_global_content_blocks());
+
+// content:
+if(empty($data)) // might already be set if error page was loaded
+ {
+  if($data=get_content(PAGE))
+   {
+    // count views:
+    if($settings['count_views']==1)
+     {
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['pages_table']." SET views=views+1 WHERE id=:id");
+      $dbr->bindParam(':id', $data['id'], PDO::PARAM_INT);
+      $dbr->execute();
+     }
+   }
+  else
+   {
+    $no_cache = true;
+    if($data=get_content($settings['error_page']))
+     {
+      header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
+      header("Status: 404 Not Found");
+     }
+    else
+     {
+      raise_error('404');
+     }
+   }
+ }
+
+if($data['language']=='') $language_file = $settings['default_page_language'] . '.page.lang.php';
+else $language_file = $data['language'] . '.page.lang.php';
+
+#require('./cms/includes/classes/Localization.class.php');
+#$loc = new Localization('./cms/lang/'.$language_file);
+#$localization = Localization::getInstance(BASE_PATH.'cms/lang/'.$language_file);
+$localization = new Localization(BASE_PATH.'cms/lang/'.$language_file);
+
+mb_internal_encoding(Localization::$lang['charset']);
+
+#require('./cms/lang/'.$language_file);
+#$template->set_lang($lang);
+
+#$template->config_load($language_file);
+#$lang = $template->get_config_vars();
+setlocale(LC_ALL, Localization::$lang['locale']);
+#$template->assign('config_file', $language_file);
+define('CHARSET', Localization::$lang['charset']);
+#define('TIME_FORMAT', Localization::$lang['time_format']);
+#define('TIME_FORMAT_FULL', Localization::$lang['time_format_full']);
+
+// breadcrumbs:
+$template->assign('breadcrumbs', get_breadcrumbs($data['breadcrumbs']));
+
+$page = $data['page'];
+
+$content = $data['content'];
+if($settings['content_auto_link']==1) $content = make_link($content);
+#if($settings['content_smilies']==1) $content = smilies($content);
+if($data['content_formatting']==1) $content = auto_html($content);
+
+$content = parse_special_tags($content);
+
+$sidebar_1 = $data['sidebar_1'];
+if($settings['content_auto_link']==1) $sidebar_1 = make_link($sidebar_1);
+#if($settings['content_smilies']==1) $sidebar_1 = smilies($sidebar_1);
+if($data['sidebar_1_formatting']==1) $sidebar_1 = auto_html($sidebar_1);
+if($sidebar_1!='') $sidebar_1 = parse_special_tags($sidebar_1);
+
+$sidebar_2 = $data['sidebar_2'];
+if($settings['content_auto_link']==1) $sidebar_2 = make_link($sidebar_2);
+#if($settings['content_smilies']==1) $sidebar_2 = smilies($sidebar_2);
+if($data['sidebar_2_formatting']==1) $sidebar_2 = auto_html($sidebar_2);
+if($sidebar_2!='') $sidebar_2 = parse_special_tags($sidebar_2);
+
+$sidebar_3 = $data['sidebar_3'];
+if($settings['content_auto_link']==1) $sidebar_3 = make_link($sidebar_3);
+#if($settings['content_smilies']==1) $sidebar_3 = smilies($sidebar_3);
+if($data['sidebar_3_formatting']==1) $sidebar_3 = auto_html($sidebar_3);
+if($sidebar_3!='') $sidebar_3 = parse_special_tags($sidebar_3);
+
+$sections_array = explode(',',$data['sections']);
+foreach($sections_array as $section)
+ {
+  $sections[] = $section;
+ }
+$template->assign('section', $sections);
+
+$tv_array = explode(',', $data['tv']);
+foreach($tv_array as $tv_item)
+ {
+  if($tv_item)
+   {
+    $tv_item_parts = explode('=', $tv_item);
+    $tv[trim($tv_item_parts[0])] = isset($tv_item_parts[1]) ? trim($tv_item_parts[1]) : true;
+   }
+ }
+if(isset($tv)) $template->assign('tv', $tv);
+
+$page_id = $data['id'];
+
+
+// include news (simple news):
+if($data['include_news'])
+ {
+  $dbr = Database::$content->prepare("SELECT page, type FROM ".Database::$db_settings['pages_table']." WHERE id=:id");
+  $dbr->bindParam(':id', $data['include_news'], PDO::PARAM_INT);
+  $dbr->execute();
+  $include_news_page_data = $dbr->fetch();
+  if(isset($include_news_page_data['page']))
+   {
+    if($include_news_page_data['type']=='simple_news')
+     {
+      $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting, linkname FROM ".Database::$db_settings['news_table']." WHERE page_id=:page_id ORDER BY time DESC LIMIT ".$settings['include_news_items']);
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("SELECT id, time, teaser_headline, headline, title, page_title, page, teaser, teaser_formatting, content, content_formatting, link_name AS linkname FROM ".Database::$db_settings['pages_table']." WHERE include_page=:page_id ORDER BY time DESC LIMIT ".$settings['include_news_items']);
+     }
+    $dbr->bindParam(':page_id', $data['include_news'], PDO::PARAM_INT);
+    $dbr->execute();
+    $i=0;
+    while($include_news_data = $dbr->fetch())
+     {
+      $include_news[$i]['id'] = $include_news_data['id'];
+      $include_news[$i]['time'] = $include_news_data['time'];
+      $include_news[$i]['linkname'] = $include_news_data['linkname'];
+      $localization->bindReplacePlaceholder($include_news_data['id'], 'time', $include_news_data['time'], 'include_news_time', Localization::FORMAT_TIME);
+      
+      if($include_news_page_data['type']=='simple_news')
+       {
+        $include_news[$i]['title'] = $include_news_data['title'];
+        if($include_news_data['teaser'])
+         {
+          $include_news[$i]['teaser'] = $include_news_data['teaser'];
+         }
+        else
+         {
+          if($include_news_data['text_formatting']==1) $include_news[$i]['teaser'] = auto_html($include_news_data['text']);
+          else $include_news[$i]['teaser'] = $include_news_data['text'];
+         }
+        $include_news[$i]['link'] = BASE_URL.$include_news_page_data['page'].','.$include_news_data['id'];       
+       }
+      else
+       {
+        if($include_news_data['teaser_headline']!='')
+         {
+          $include_news[$i]['title'] = $include_news_data['teaser_headline'];
+         }
+        elseif($include_news_data['headline']!='')
+         {
+          $include_news[$i]['title'] = $include_news_data['headline'];
+         }
+        else
+         {
+          $include_news[$i]['title'] = $include_news_data['title'];
+         }
+        if($include_news_data['teaser']!='')
+         {
+          if($include_news_data['teaser_formatting']==1)
+           {
+            $include_news[$i]['teaser'] = auto_html($include_news_data['teaser']);
+           }
+          else
+           {
+            $include_news[$i]['teaser'] = $include_news_data['teaser'];
+           }
+         }
+        else
+         {
+          if($include_news_data['content_formatting']==1)
+           {
+            $include_news[$i]['teaser'] = auto_html($include_news_data['content']);
+           }
+          else
+           {
+            $include_news[$i]['teaser'] = $include_news_data['content'];
+           }
+         }      
+        $include_news[$i]['link'] = BASE_URL.$include_news_data['page'];              
+       }
+      
+      $i++;
+     }
+    if(isset($include_news))
+     {
+      $template->assign('include_news', $include_news);
+     }
+   }
+ }
+
+$template->assign('id', $data['id']);
+$template->assign('page', $page);
+$template->assign('settings', $settings);
+$template->assign('type', $data['type']);
+$template->assign('title', $data['title']);
+$template->assign('page_title', $data['page_title']);
+
+if($data['keywords']) $template->assign('keywords', $data['keywords']);
+elseif($settings['default_keywords']) $template->assign('keywords', $settings['default_keywords']);
+else $template->assign('keywords', '');
+
+if($data['description']) $template->assign('description', $data['description']);
+elseif($settings['default_description']) $template->assign('description', $settings['default_description']);
+else $template->assign('description', '');
+
+$template->assign('category', htmlspecialchars($data['category']));
+$template->assign('page_info', $data['page_info']);
+$template->assign('headline', $data['headline']);
+$template->assign('content', $content);
+$template->assign('sidebar_1', $sidebar_1);
+$template->assign('sidebar_2', $sidebar_2);
+$template->assign('sidebar_3', $sidebar_3);
+$template->assign('menu_1', $data['menu_1']);
+$template->assign('menu_2', $data['menu_2']);
+$template->assign('menu_3', $data['menu_3']);
+$template->assign('gcb_1', htmlspecialchars($data['gcb_1']));
+$template->assign('gcb_2', htmlspecialchars($data['gcb_2']));
+$template->assign('gcb_3', htmlspecialchars($data['gcb_3']));
+$template->assign('status', intval($data['status']));
+
+if($data['page']==$settings['index_page']) $template->assign('canonical', BASE_URL);
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']) && is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
+ {
+  $authorized_to_edit = true;
+ }
+else
+ {
+  $authorized_to_edit = false;
+ }
+$template->assign('authorized_to_edit', $authorized_to_edit);
+
+$template->assign('timestamp', $data['time']);
+
+#$template->assign('created', format_time($loc->lang['time_format'], $data['time']));
+#$template->assign('last_modified', format_time($loc->lang['time_format'], $data['last_modified']));
+
+if($data['display_time']==1)
+ {
+  $template->assign('display_time', true);
+  $localization->replacePlaceholder('time', $data['time'], 'page_time', Localization::FORMAT_TIME);
+ }
+else
+ {
+  $template->assign('display_time', false);
+ }
+
+$localization->replacePlaceholder('last_modified', $data['last_modified'], 'page_last_modified', Localization::FORMAT_TIME);
+$localization->replacePlaceholder('created', $data['time'], 'page_last_modified', Localization::FORMAT_TIME);
+
+
+#$template->assign('lang', $lang['lang']);
+
+$content_type = $data['content_type'] ? $data['content_type'] : 'text/html';
+#$charset = $data['charset'] ? $data['charset'] : $loc->lang['charset'];
+$template_file = $data['template'];
+
+if($data['type']!='default')
+ {
+  include(BASE_PATH.'cms/config/page_types.conf.php');
+  if(isset($page_types[$data['type']]['page_type']))
+   {
+    include(BASE_PATH.'cms/includes/page_types/'.$page_types[$data['type']]['page_type']);
+   }
+ }
+else
+ {
+  if(isset($cache) && empty($no_cache))
+   {
+    $cache->cacheId = PAGE;
+   }
+ }
+?>

cms/includes/edit.inc.php

@@ -0,0 +1,647 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+  if($settings['wysiwyg_editor'] && isset($_SESSION[$settings['session_prefix'].'wysiwyg']) && $_SESSION[$settings['session_prefix'].'wysiwyg']==1)
+   {
+    $wysiwyg_opt = true;
+    $wysiwyg = true;
+   }
+  elseif(!empty($settings['wysiwyg_editor']))
+   {
+    $wysiwyg_opt = true;
+    $wysiwyg = false;
+   }
+  else
+   {
+    $wysiwyg_opt = false;
+    $wysiwyg = false;
+   }
+
+  if($wysiwyg_opt && isset($_REQUEST['enable_wysiwyg']))
+   {
+    $wysiwyg = true;
+    $dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET wysiwyg=1 WHERE id=:id");
+    $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+    $dbr->execute();
+    $_SESSION[$settings['session_prefix'].'wysiwyg'] = 1;
+   }
+  if($wysiwyg_opt && isset($_REQUEST['disable_wysiwyg']))
+   {
+    $wysiwyg = false;
+    $dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET wysiwyg=0 WHERE id=:id");
+    $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+    $dbr->execute();
+    $_SESSION[$settings['session_prefix'].'wysiwyg'] = 0;
+   }
+
+  $template->assign('wysiwyg_opt',$wysiwyg_opt);
+  $template->assign('wysiwyg',$wysiwyg);
+
+  #if($wysiwyg) include('./modules/fckeditor/fckeditor.php');
+
+  include(BASE_PATH.'cms/config/page_types.conf.php');
+  $template->assign('page_types',$page_types);
+
+  // users:
+  $user_result = Database::$userdata->query("SELECT id, name FROM ".Database::$db_settings['userdata_table']." ORDER BY id ASC");
+  $i=0;
+  while($data = $user_result->fetch())
+   {
+    $users[$data['id']] = $data['name'];
+   }
+
+  // get data to edit and perform general checks:
+  if(isset($_GET['id']))
+   {
+    $dbr = Database::$content->prepare("SELECT id,page,author,type,type_addition,time,last_modified,display_time,title,page_title,description,keywords,category,page_info,breadcrumbs,sections,include_page,include_order,include_rss,include_sitemap,include_news,link_name,menu_1,menu_2,menu_3,gcb_1,gcb_2,gcb_3,template,language,content_type,charset,headline,teaser_headline,teaser,teaser_formatting,teaser_img,content,content_formatting,sidebar_1,sidebar_1_formatting,sidebar_2,sidebar_2_formatting,sidebar_3,sidebar_3_formatting, page_notes, edit_permission, edit_permission_general, tv, status FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_REQUEST['id'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(!isset($data['id']))
+     {
+      $action='page_doesnt_exist';
+     }
+    elseif(!is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
+     {
+      $action='no_authorization';
+     }
+    else
+     {
+      $page_data['id'] = intval($data['id']);
+      $page_data['page'] = htmlspecialchars($data['page']);
+      $page_data['author'] = intval($data['author']);
+      $page_data['type'] = htmlspecialchars($data['type']);
+      $page_data['type_addition'] = htmlspecialchars($data['type_addition']);
+      $page_data['time'] = date("Y-m-d H:i:s", $data['time']);
+      $page_data['last_modified'] = date("Y-m-d H:i:s");
+      $page_data['display_time'] = intval($data['display_time']);
+      $page_data['title'] = htmlspecialchars($data['title']);
+      $page_data['page_title'] = htmlspecialchars($data['page_title']);
+      $page_data['description'] = htmlspecialchars($data['description']);
+      $page_data['keywords'] = htmlspecialchars($data['keywords']);
+      $page_data['category'] = htmlspecialchars($data['category']);
+      $page_data['page_info'] = htmlspecialchars($data['page_info']);
+      $page_data['breadcrumbs'] = explode(',',htmlspecialchars($data['breadcrumbs']));
+      $page_data['sections'] = str_replace(',',', ',htmlspecialchars($data['sections']));
+      $page_data['include_page'] = intval($data['include_page']);
+      $page_data['include_order'] = intval($data['include_order']);
+      $page_data['include_rss'] = intval($data['include_rss']);
+      $page_data['include_sitemap'] = intval($data['include_sitemap']);
+      $page_data['include_news'] = intval($data['include_news']);
+      $page_data['link_name'] = htmlspecialchars($data['link_name']);
+      $page_data['menu_1'] = htmlspecialchars($data['menu_1']);
+      $page_data['menu_2'] = htmlspecialchars($data['menu_2']);
+      $page_data['menu_3'] = htmlspecialchars($data['menu_3']);
+      $page_data['gcb_1'] = htmlspecialchars($data['gcb_1']);
+      $page_data['gcb_2'] = htmlspecialchars($data['gcb_2']);
+      $page_data['gcb_3'] = htmlspecialchars($data['gcb_3']);
+      $page_data['template'] = htmlspecialchars($data['template']);
+      $page_data['language'] = htmlspecialchars($data['language']);
+      $page_data['content_type'] = htmlspecialchars($data['content_type']);
+      $page_data['charset'] = htmlspecialchars($data['charset']);
+      $page_data['headline'] = htmlspecialchars($data['headline']);
+      $page_data['teaser_headline'] = htmlspecialchars($data['teaser_headline']);
+      $page_data['teaser'] = htmlspecialchars($data['teaser']);
+      $page_data['teaser_formatting'] = intval($data['teaser_formatting']);
+      $page_data['teaser_img'] = htmlspecialchars($data['teaser_img']);
+      $page_data['content_formatting'] = intval($data['content_formatting']);
+      $page_data['sidebar_1'] = htmlspecialchars($data['sidebar_1']);
+      $page_data['sidebar_1_formatting'] = intval($data['sidebar_1_formatting']);
+      $page_data['sidebar_2'] = htmlspecialchars($data['sidebar_2']);
+      $page_data['sidebar_2_formatting'] = intval($data['sidebar_2_formatting']);
+      $page_data['sidebar_3'] = htmlspecialchars($data['sidebar_3']);
+      $page_data['sidebar_3_formatting'] = intval($data['sidebar_3_formatting']);
+      $page_data['page_notes'] = htmlspecialchars($data['page_notes']);
+      $page_data['edit_permission_general'] = intval($data['edit_permission_general']);
+      $page_data['tv'] = str_replace(',',', ',htmlspecialchars($data['tv']));
+      $page_data['status'] = intval($data['status']);
+      $page_data['content'] = htmlspecialchars($data['content']);
+
+      $edit_permission_array = explode(',',$data['edit_permission']);
+      foreach($edit_permission_array as $edit_permission)
+       {
+        $edit_permission = intval(trim($edit_permission));
+        if(isset($users[$edit_permission]))
+         {
+          $permitted_users[] = htmlspecialchars($users[$edit_permission]);
+         }
+       }
+      if(isset($permitted_users))
+       {
+        $page_data['edit_permission'] = implode(', ',$permitted_users);
+       }
+      else
+       {
+        $page_data['edit_permission'] = '';
+       }
+
+      $send_pingbacks = 0;
+      $action='main';
+     }
+   }
+  else
+   {
+    // set default values for new pages:
+    $page_data['time'] = date("Y-m-d H:i:s");
+    $page_data['last_modified'] = date("Y-m-d H:i:s");
+    $page_data['display_time'] = 0;
+    $page_data['teaser_formatting'] = 1;
+    $page_data['content_formatting'] = $settings['default_formatting'];
+    $page_data['sidebar_1_formatting'] = $settings['default_formatting'];
+    $page_data['sidebar_2_formatting'] = $settings['default_formatting'];
+    $page_data['sidebar_3_formatting'] = $settings['default_formatting'];
+    $page_data['include_page'] = 0;
+    $page_data['include_order'] = 0;
+    $page_data['include_rss'] = 0;
+    $page_data['include_sitemap'] = 0;
+    $page_data['include_news'] = 0;
+    $page_data['link_name'] = Localization::$lang['teaser_default_linkname'];
+    $page_data['template'] = $settings['default_template'];
+    $page_data['menu_1'] = $settings['default_menu'];
+    $page_data['edit_permission_general'] = 0;
+    $page_data['status'] = 2;
+    $send_pingbacks = $settings['pingbacks_enabled'] ? 1 : 0;
+   }
+
+  // edit submitted:
+  if(isset($_POST['content']))
+   {
+    if(isset($_POST['id']))
+     {
+      $dbr = Database::$content->prepare("SELECT id,author,edit_permission,edit_permission_general FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
+      $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(!isset($data['id']))
+       {
+        $errors[] = 'page_doesnt_exist';
+       }
+      elseif(!is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
+       {
+        $errors[] = 'no_authorization_edit';
+       }
+     }
+
+    if(empty($errors))
+     {
+      $_POST['page'] = isset($_POST['page']) ? trim($_POST['page']) : '';
+      $_POST['title'] = isset($_POST['title']) ? trim($_POST['title']) : '';
+
+      $_POST['gcb_1'] = isset($_POST['gcb_1']) ? trim($_POST['gcb_1']) : '';
+      $_POST['gcb_2'] = isset($_POST['gcb_2']) ? trim($_POST['gcb_2']) : '';
+      $_POST['gcb_3'] = isset($_POST['gcb_3']) ? trim($_POST['gcb_3']) : '';
+
+      $_POST['include_page'] = isset($_POST['include_page']) ? intval($_POST['include_page']) : 0;
+      $_POST['include_rss'] = isset($_POST['include_rss']) ? intval($_POST['include_rss']) : 0;
+      $_POST['include_sitemap'] = isset($_POST['include_sitemap']) ? intval($_POST['include_sitemap']) : 0;
+      $_POST['include_news'] = isset($_POST['include_news']) ? intval($_POST['include_news']) : 0;
+
+      if(empty($_POST['content_formatting'])) $_POST['content_formatting']= 0;
+      if(empty($_POST['teaser_formatting'])) $_POST['teaser_formatting']= 0;
+      if(empty($_POST['sidebar_1_formatting'])) $_POST['sidebar_1_formatting']= 0;
+      if(empty($_POST['sidebar_2_formatting'])) $_POST['sidebar_2_formatting']= 0;
+      if(empty($_POST['sidebar_3_formatting'])) $_POST['sidebar_3_formatting']= 0;
+      if(empty($_POST['rss'])) $_POST['rss'] = 0;
+      if(empty($_POST['sitemap'])) $_POST['sitemap'] = 0;
+      if(empty($_POST['content_type'])) $_POST['content_type'] = '';
+      if(empty($_POST['charset'])) $_POST['charset'] = '';
+      if(empty($_POST['edit_permission_general'])) $_POST['edit_permission_general'] = 0;
+      $_POST['status'] = isset($_POST['status']) ? intval($_POST['status']) : 0;
+      $_POST['display_time'] = isset($_POST['display_time']) && $_POST['display_time']==1 ? 1 : 0;
+      if($_POST['status']>2) $_POST['status'] = 2;
+      $send_pingbacks = isset($_POST['send_pingbacks']) && $_POST['send_pingbacks']==1 ? 1 : 0;
+      
+      // trim sections:
+      $sections_array = explode(',',$_POST['sections']);
+      foreach($sections_array as $item)
+       {
+        if(trim($item)!='')
+         {
+          $cleared_sections_array[] = trim($item);
+         }
+       }
+      $_POST['sections'] = '';
+      if(isset($cleared_sections_array))
+       {
+        $cleared_sections_array_count = count($cleared_sections_array);
+        $i=1;
+        foreach($cleared_sections_array as $section)
+         {
+          $_POST['sections'] .= $section;
+          if($i<$cleared_sections_array_count) $_POST['sections'] .= ',';
+          ++$i;
+         }
+       }
+
+      // trim custom values:
+      $tv_array = explode(',', $_POST['tv']);
+      foreach($tv_array as $item)
+       {
+        if(trim($item)!='')
+         {
+          $cleared_tv_array[] = trim($item);
+         }
+       }
+      if(isset($cleared_tv_array)) $_POST['tv'] = implode(',', $cleared_tv_array);
+      else $_POST['tv'] = '';
+
+      // generate breadcrumb list:
+      if(isset($_POST['breadcrumbs']) && is_array($_POST['breadcrumbs']))
+       {
+        foreach($_POST['breadcrumbs'] as $breadcrumb)
+         {
+          if(!empty($breadcrumb)) $cleared_breadcrumbs[] = intval($breadcrumb);
+         }
+        if(isset($cleared_breadcrumbs))
+         {
+          $breadcrumb_list = implode(',',$cleared_breadcrumbs);
+         }
+       }
+      if(empty($breadcrumb_list))
+       {
+        $breadcrumb_list = '';
+       }
+
+      // generate edit permission list:
+      $edit_permission_list = '';
+      $users_array = explode(',',$_POST['edit_permission']);
+      foreach($users_array as $current_user)
+       {
+        if(trim($current_user)!='' && in_array(strtolower(trim($current_user)),$users))
+         {
+          $cleared_users_array[] = strtolower(trim($current_user));
+         }
+        else
+         {
+          if(trim($current_user)!='')
+           {
+            $invalid_username = true;
+           }
+         }
+       }
+      if(isset($cleared_users_array))
+       {
+        $cleared_users_array_count = count($cleared_users_array);
+        $users_trans = array_flip($users);
+        $i=1;
+        foreach($cleared_users_array as $current_user)
+         {
+          $edit_permission_list .= $users_trans[$current_user];
+          if($i<$cleared_users_array_count) $edit_permission_list .= ',';
+          ++$i;
+         }
+       }
+      if(isset($invalid_username))
+       {
+        $errors[] = 'invalid_edit_auth_list';
+       }
+
+      #$page = trim($_POST['page']);
+      $type_addition = trim($_POST['type_addition']);
+      if(empty($_POST['page'])) $errors[] = 'error_page_name_empty';
+      elseif(!preg_match(VALID_URL_CHARACTERS, $_POST['page'])) $errors[] ='error_page_name_spec_chars';
+
+      #if(empty($_POST['title'])) $errors[] = 'error_no_title';
+
+      if($_POST['teaser_img']!='' && !file_exists(BASE_PATH.MEDIA_DIR.$_POST['teaser_img'])) $errors[] = 'err_teaser_img_doesnt_exist';
+
+      if(empty($page_types[$_POST['type']])) $errors[] = 'invalid_page_type';
+      if(isset($page_types[$_POST['type']]) && $page_types[$_POST['type']]['requires_parameter'] == true && trim($type_addition)=='') $errors[] = 'page_type_req_param';
+
+      if(($time = strtotime($_POST['time']))===false) $errors[] = 'time_invalid';
+      if(($last_modified = strtotime($_POST['last_modified']))===false) $errors[] = 'last_modified_invalid';
+
+     }
+
+    if(empty($errors))
+     {
+      $dbr = Database::$content->prepare("SELECT id, page FROM ".Database::$db_settings['pages_table']." WHERE lower(page)=:page LIMIT 1");
+      $dbr->bindValue(':page', strtolower($_POST['page']), PDO::PARAM_STR);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['id']))
+       {
+        #if(isset($_POST['id']) && intval($_POST['id'])==intval($data['id']) && empty($_POST['edit_mode']))
+        # {
+        #  // OK...
+        # }
+        if(!(isset($_POST['id']) && empty($_POST['edit_mode']) && intval($data['id'])==intval($_POST['id']))) $errors[] = 'error_page_name_alr_exists';
+       }
+     }
+
+    if(empty($errors))
+     {
+      #$time = mktime(intval($_POST['hour']),intval($_POST['minute']),0,intval($_POST['month']),intval($_POST['day']),intval($_POST['year']));
+      #$last_modified = mktime(intval($_POST['lm_hour']),intval($_POST['lm_minute']),0,intval($_POST['lm_month']),intval($_POST['lm_day']),intval($_POST['lm_year']));
+
+      if(isset($_POST['id']) && empty($_POST['edit_mode']))
+       {
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['pages_table']." SET page=?, type=?, type_addition=?, time=?, last_modified=?, display_time=?, last_modified_by=?, title=?, page_title=?, description=?, keywords=?, category=?, page_info=?, breadcrumbs=?, headline=?, teaser_headline=?, teaser=?, teaser_formatting=?, teaser_img=?, content=?, content_formatting=?, sidebar_1=?, sidebar_2=?, sidebar_3=?, sidebar_1_formatting=?, sidebar_2_formatting=?, sidebar_3_formatting=?, sections=?, include_page=?, include_order=?, include_rss=?, include_sitemap=?, include_news=?, link_name=?, menu_1=?, menu_2=?, menu_3=?, gcb_1=?, gcb_2=?, gcb_3=?, template=?, language=?, content_type=?, charset=?, page_notes=?, edit_permission=?, edit_permission_general=?, tv=?, status=? WHERE id=?");
+        $dbr->bindParam(1, $_POST['page'], PDO::PARAM_STR);
+        $dbr->bindParam(2, $_POST['type'], PDO::PARAM_STR);
+        $dbr->bindParam(3, $type_addition, PDO::PARAM_STR);
+        $dbr->bindParam(4, $time, PDO::PARAM_INT);
+        $dbr->bindParam(5, $last_modified, PDO::PARAM_INT);
+        $dbr->bindParam(6, $_POST['display_time'], PDO::PARAM_INT);
+        $dbr->bindParam(7, $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+        $dbr->bindParam(8, $_POST['title'], PDO::PARAM_STR);
+        $dbr->bindParam(9, $_POST['page_title'], PDO::PARAM_STR);
+        $dbr->bindParam(10, $_POST['description'], PDO::PARAM_STR);
+        $dbr->bindParam(11, $_POST['keywords'], PDO::PARAM_STR);
+        $dbr->bindParam(12, $_POST['category'], PDO::PARAM_STR);
+        $dbr->bindParam(13, $_POST['page_info'], PDO::PARAM_STR);
+        $dbr->bindParam(14, $breadcrumb_list, PDO::PARAM_STR);
+        $dbr->bindParam(15, $_POST['headline'], PDO::PARAM_STR);
+        $dbr->bindParam(16, $_POST['teaser_headline'], PDO::PARAM_STR);
+        $dbr->bindParam(17, $_POST['teaser'], PDO::PARAM_STR);
+        $dbr->bindParam(18, $_POST['teaser_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(19, $_POST['teaser_img'], PDO::PARAM_STR);
+        $dbr->bindParam(20, $_POST['content'], PDO::PARAM_STR);
+        $dbr->bindParam(21, $_POST['content_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(22, $_POST['sidebar_1'], PDO::PARAM_STR);
+        $dbr->bindParam(23, $_POST['sidebar_2'], PDO::PARAM_STR);
+        $dbr->bindParam(24, $_POST['sidebar_3'], PDO::PARAM_STR);
+        $dbr->bindParam(25, $_POST['sidebar_1_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(26, $_POST['sidebar_2_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(27, $_POST['sidebar_3_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(28, $_POST['sections'], PDO::PARAM_STR);
+        $dbr->bindParam(29, $_POST['include_page'], PDO::PARAM_INT);
+        $dbr->bindParam(30, $_POST['include_order'], PDO::PARAM_INT);
+        $dbr->bindParam(31, $_POST['include_rss'], PDO::PARAM_INT);
+        $dbr->bindParam(32, $_POST['include_sitemap'], PDO::PARAM_INT);
+        $dbr->bindParam(33, $_POST['include_news'], PDO::PARAM_INT);
+        $dbr->bindParam(34, $_POST['link_name'], PDO::PARAM_STR);
+        $dbr->bindParam(35, $_POST['menu_1'], PDO::PARAM_STR);
+        $dbr->bindParam(36, $_POST['menu_2'], PDO::PARAM_STR);
+        $dbr->bindParam(37, $_POST['menu_3'], PDO::PARAM_STR);
+        $dbr->bindParam(38, $_POST['gcb_1'], PDO::PARAM_STR);
+        $dbr->bindParam(39, $_POST['gcb_2'], PDO::PARAM_STR);
+        $dbr->bindParam(40, $_POST['gcb_3'], PDO::PARAM_STR);
+        $dbr->bindParam(41, $_POST['template'], PDO::PARAM_STR);
+        $dbr->bindParam(42, $_POST['language'], PDO::PARAM_STR);
+        $dbr->bindParam(43, $_POST['content_type'], PDO::PARAM_STR);
+        $dbr->bindParam(44, $_POST['charset'], PDO::PARAM_STR);
+        $dbr->bindParam(45, $_POST['page_notes'], PDO::PARAM_STR);
+        $dbr->bindParam(46, $edit_permission_list, PDO::PARAM_STR);
+        $dbr->bindParam(47, $_POST['edit_permission_general'], PDO::PARAM_INT);
+        $dbr->bindParam(48, $_POST['tv'], PDO::PARAM_STR);
+        $dbr->bindParam(49, $_POST['status'], PDO::PARAM_INT);
+        $dbr->bindParam(50, $_POST['id'], PDO::PARAM_INT);
+        $dbr->execute();
+        #print_r(Database::$content->errorInfo());
+       }
+      else
+       {
+        if(isset($_POST['edit_mode']))
+         {
+          $time = $last_modified;
+         }
+        $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['pages_table']." (page,type,type_addition,time,last_modified,display_time,last_modified_by,title,page_title,description,keywords,category,page_info,breadcrumbs,headline,teaser_headline,teaser,teaser_formatting,teaser_img,content,content_formatting,sidebar_1,sidebar_2,sidebar_3,sidebar_1_formatting,sidebar_2_formatting,sidebar_3_formatting,sections,include_page,include_order,include_rss,include_sitemap,include_news,link_name,menu_1,menu_2,menu_3,gcb_1,gcb_2,gcb_3,template,language,content_type,charset,page_notes,edit_permission,edit_permission_general,tv,status,author) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");
+        $dbr->bindParam(1, $_POST['page'], PDO::PARAM_STR);
+        $dbr->bindParam(2, $_POST['type'], PDO::PARAM_STR);
+        $dbr->bindParam(3, $type_addition, PDO::PARAM_STR);
+        $dbr->bindParam(4, $time, PDO::PARAM_INT);
+        $dbr->bindParam(5, $last_modified, PDO::PARAM_INT);
+        $dbr->bindParam(6, $_POST['display_time'], PDO::PARAM_INT);
+        $dbr->bindParam(7, $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+        $dbr->bindParam(8, $_POST['title'], PDO::PARAM_STR);
+        $dbr->bindParam(9, $_POST['page_title'], PDO::PARAM_STR);
+        $dbr->bindParam(10, $_POST['description'], PDO::PARAM_STR);
+        $dbr->bindParam(11, $_POST['keywords'], PDO::PARAM_STR);
+        $dbr->bindParam(12, $_POST['category'], PDO::PARAM_STR);
+        $dbr->bindParam(13, $_POST['page_info'], PDO::PARAM_STR);
+        $dbr->bindParam(14, $breadcrumb_list, PDO::PARAM_STR);
+        $dbr->bindParam(15, $_POST['headline'], PDO::PARAM_STR);
+        $dbr->bindParam(16, $_POST['teaser_headline'], PDO::PARAM_STR);
+        $dbr->bindParam(17, $_POST['teaser'], PDO::PARAM_STR);
+        $dbr->bindParam(18, $_POST['teaser_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(19, $_POST['teaser_img'], PDO::PARAM_STR);
+        $dbr->bindParam(20, $_POST['content'], PDO::PARAM_STR);
+        $dbr->bindParam(21, $_POST['content_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(22, $_POST['sidebar_1'], PDO::PARAM_STR);
+        $dbr->bindParam(23, $_POST['sidebar_2'], PDO::PARAM_STR);
+        $dbr->bindParam(24, $_POST['sidebar_3'], PDO::PARAM_STR);
+        $dbr->bindParam(25, $_POST['sidebar_1_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(26, $_POST['sidebar_2_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(27, $_POST['sidebar_3_formatting'], PDO::PARAM_INT);
+        $dbr->bindParam(28, $_POST['sections'], PDO::PARAM_STR);
+        $dbr->bindParam(29, $_POST['include_page'], PDO::PARAM_INT);
+        $dbr->bindParam(30, $_POST['include_order'], PDO::PARAM_INT);
+        $dbr->bindParam(31, $_POST['include_rss'], PDO::PARAM_INT);
+        $dbr->bindParam(32, $_POST['include_sitemap'], PDO::PARAM_INT);
+        $dbr->bindParam(33, $_POST['include_news'], PDO::PARAM_INT);
+        $dbr->bindParam(34, $_POST['link_name'], PDO::PARAM_STR);
+        $dbr->bindParam(35, $_POST['menu_1'], PDO::PARAM_STR);
+        $dbr->bindParam(36, $_POST['menu_2'], PDO::PARAM_STR);
+        $dbr->bindParam(37, $_POST['menu_3'], PDO::PARAM_STR);
+        $dbr->bindParam(38, $_POST['gcb_1'], PDO::PARAM_STR);
+        $dbr->bindParam(39, $_POST['gcb_2'], PDO::PARAM_STR);
+        $dbr->bindParam(40, $_POST['gcb_3'], PDO::PARAM_STR);
+        $dbr->bindParam(41, $_POST['template'], PDO::PARAM_STR);
+        $dbr->bindParam(42, $_POST['language'], PDO::PARAM_STR);
+        $dbr->bindParam(43, $_POST['content_type'], PDO::PARAM_STR);
+        $dbr->bindParam(44, $_POST['charset'], PDO::PARAM_STR);
+        $dbr->bindParam(45, $_POST['page_notes'], PDO::PARAM_STR);
+        $dbr->bindParam(46, $edit_permission_list, PDO::PARAM_STR);
+        $dbr->bindParam(47, $_POST['edit_permission_general'], PDO::PARAM_INT);
+        $dbr->bindParam(48, $_POST['tv'], PDO::PARAM_STR);
+        $dbr->bindParam(49, $_POST['status'], PDO::PARAM_INT);
+        $dbr->bindParam(50, $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+        $dbr->execute();
+       }
+
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      
+      if($settings['pingbacks_enabled'] && $send_pingbacks)
+       {
+        $page_content = $_POST['content'];
+        if($settings['content_auto_link']==1) $page_content = make_link($page_content);
+        $page_content = parse_special_tags($page_content);
+        $pingback = new Pingback();
+        $pingback->ping(BASE_URL.$_POST['page'], $page_content);
+       }
+      
+      if(intval($_POST['status'])==0)
+       {
+        header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=pages');
+        exit;
+       }
+      else
+       {
+        header('Location: '.BASE_URL.$_POST['page']);
+       }
+     }
+    else
+     {
+      $template->assign('errors',$errors);
+      if(isset($_POST['id'])) $page_data['id'] = intval($_POST['id']);
+      $page_data['edit_mode'] = isset($_POST['edit_mode']) ? intval($_POST['edit_mode']) : 0;
+      $page_data['page'] = isset($_POST['page']) ? htmlspecialchars($_POST['page']) : '';
+      $page_data['category'] = isset($_POST['category']) ? htmlspecialchars($_POST['category']) : '';
+      $page_data['page_info'] = isset($_POST['page_info']) ? htmlspecialchars($_POST['page_info']) : '';
+      $page_data['page_title'] = isset($_POST['page_title']) ? htmlspecialchars($_POST['page_title']) : '';
+      $page_data['description'] = isset($_POST['description']) ? htmlspecialchars($_POST['description']) : '';
+      $page_data['keywords'] = isset($_POST['keywords']) ? htmlspecialchars($_POST['keywords']) : '';
+      $page_data['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
+      $page_data['headline'] = isset($_POST['headline']) ? htmlspecialchars($_POST['headline']) : '';
+      $page_data['teaser'] = isset($_POST['teaser']) ? htmlspecialchars($_POST['teaser']) : '';
+      $page_data['teaser_headline'] = isset($_POST['teaser_headline']) ? htmlspecialchars($_POST['teaser_headline']) : '';
+      $page_data['teaser_img'] = isset($_POST['teaser_img']) ? htmlspecialchars($_POST['teaser_img']) : '';
+      $page_data['teaser_formatting'] = isset($_POST['teaser_formatting']) ? intval($_POST['teaser_formatting']) : 0;
+      $page_data['content_formatting'] = isset($_POST['content_formatting']) ? intval($_POST['content_formatting']) : 0;
+      $page_data['sidebar_1'] = isset($_POST['sidebar_1']) ? htmlspecialchars($_POST['sidebar_1']) : '';
+      $page_data['sidebar_2'] = isset($_POST['sidebar_2']) ? htmlspecialchars($_POST['sidebar_2']) : '';
+      $page_data['sidebar_3'] = isset($_POST['sidebar_3']) ? htmlspecialchars($_POST['sidebar_3']) : '';
+      $page_data['sidebar_1_formatting'] = isset($_POST['sidebar_1_formatting']) ? intval($_POST['sidebar_1_formatting']) : 0;
+      $page_data['sidebar_2_formatting'] = isset($_POST['sidebar_2_formatting']) ? intval($_POST['sidebar_2_formatting']) : 0;
+      $page_data['sidebar_3_formatting'] = isset($_POST['sidebar_3_formatting']) ? intval($_POST['sidebar_3_formatting']) : 0;
+      $page_data['type'] = isset($_POST['type']) ? htmlspecialchars($_POST['type']) : '';
+      $page_data['type_addition'] = isset($_POST['type_addition']) ? htmlspecialchars($_POST['type_addition']) : '';
+      $page_data['time'] = isset($_POST['time']) ? htmlspecialchars($_POST['time']) : '';
+      $page_data['last_modified'] = isset($_POST['last_modified']) ? htmlspecialchars($_POST['last_modified']) : '';
+      $page_data['display_time'] = isset($_POST['display_time']) && $_POST['display_time']==1 ? 1 : 0;
+      $page_data['include_page'] = isset($_POST['include_page']) ? intval($_POST['include_page']) : 0;
+      $page_data['include_order'] = isset($_POST['include_order']) ? intval($_POST['include_order']) : 0;
+      $page_data['include_rss'] = isset($_POST['include_rss']) ? intval($_POST['include_rss']) : 0;
+      $page_data['include_sitemap'] = isset($_POST['include_sitemap']) ? intval($_POST['include_sitemap']) : 0;
+      $page_data['include_news'] = isset($_POST['include_news']) ? intval($_POST['include_news']) : 0;
+      $page_data['link_name'] = isset($_POST['link_name']) ? htmlspecialchars($_POST['link_name']) : Localization::$lang['teaser_default_linkname'];
+      $page_data['template'] = isset($_POST['template']) ? htmlspecialchars($_POST['template']) : $settings['default_template'];
+      $page_data['language'] = isset($_POST['language']) ? htmlspecialchars($_POST['language']) : '';
+      $page_data['content_type'] = isset($_POST['content_type']) ? htmlspecialchars($_POST['content_type']) : '';
+      $page_data['charset'] = isset($_POST['charset']) ? htmlspecialchars($_POST['charset']) : '';
+      $page_data['menu_1'] = isset($_POST['menu_1']) ? htmlspecialchars($_POST['menu_1']) : $settings['default_menu'];;
+      $page_data['menu_2'] = isset($_POST['menu_2']) ? htmlspecialchars($_POST['menu_2']) : '';
+      $page_data['menu_3'] = isset($_POST['menu_3']) ? htmlspecialchars($_POST['menu_3']) : '';
+      $page_data['gcb_1'] = isset($_POST['gcb_1']) ? intval($_POST['gcb_1']) : '';
+      $page_data['gcb_2'] = isset($_POST['gcb_2']) ? intval($_POST['gcb_2']) : '';
+      $page_data['gcb_3'] = isset($_POST['gcb_3']) ? intval($_POST['gcb_3']) : '';
+      $page_data['page_notes'] = isset($_POST['page_notes']) ? htmlspecialchars($_POST['page_notes']) : '';
+      $page_data['sections'] = isset($_POST['sections']) ? htmlspecialchars($_POST['sections']) : '';
+      $page_data['tv'] = isset($_POST['tv']) ? htmlspecialchars($_POST['tv']) : '';
+      $page_data['edit_permission_general'] = isset($_POST['edit_permission_general']) ? intval($_POST['edit_permission_general']) : 0;
+      $page_data['status'] = isset($_POST['status']) ? intval($_POST['status']) : 0;
+
+      if(isset($_POST['breadcrumbs']) && is_array($_POST['breadcrumbs']))
+       {
+        foreach($_POST['breadcrumbs'] as $breadcrumb)
+         {
+          if(!empty($breadcrumb)) $page_data['breadcrumbs'][] = intval($breadcrumb);
+         }
+       }
+
+      $page_data['content'] = isset($_POST['content']) ? htmlspecialchars($_POST['content']) : '';
+
+      $edit_mode = isset($_POST['edit_mode']) && $_POST['edit_mode']==1 ? 1 : 0;
+     }
+   }
+  // end if(isset($_POST['content']))
+
+  switch($action)
+   {
+    case 'main':
+     // get available pages:
+     $dbr = Database::$content->query("SELECT id, page, type FROM ".Database::$db_settings['pages_table']." ORDER BY page ASC");
+     $i=0;
+     $ii=0;
+     while($pages_data = $dbr->fetch())
+      {
+       $pages[$i]['id'] = $pages_data['id'];
+       $pages[$i]['page'] = $pages_data['page'];
+       $pages[$i]['type'] = $pages_data['type'];
+
+       if($pages_data['type']=='news' || $pages_data['type']=='simple_news')
+        {
+         $simple_news_pages[$ii]['id'] = $pages_data['id'];
+         $simple_news_pages[$ii]['page'] = $pages_data['page'];
+         ++$ii;
+        }
+
+       ++$i;
+      }
+     if(isset($pages))
+      {
+       $template->assign('pages',$pages);
+      }
+     if(isset($simple_news_pages))
+      {
+       $template->assign('simple_news_pages',$simple_news_pages);
+      }
+
+     // get menus:
+     $menu_result = Database::$content->query("SELECT DISTINCT menu FROM ".Database::$db_settings['menu_table']." ORDER BY menu ASC");
+     while($menu_data = $menu_result->fetch())
+      {
+       $menus[] = $menu_data['menu'];
+      }
+     if(isset($menus))
+      {
+       $template->assign('menus',$menus);
+      }
+
+     // get global content blocks:
+     $gcb_result = Database::$content->query("SELECT id, identifier FROM ".Database::$db_settings['gcb_table']." ORDER BY id ASC");
+     $i=0;
+     while($gcb_data = $gcb_result->fetch())
+      {
+       $gcbs[$i]['id'] = $gcb_data['id'];
+       $gcbs[$i]['identifier'] = $gcb_data['identifier'];
+       $i++;
+      }
+     if(isset($gcbs))
+      {
+       $template->assign('gcbs',$gcbs);
+      }
+
+     // get available templates:
+     $handle=opendir(BASE_PATH.'cms/templates/');
+     while($file = readdir($handle))
+      {
+       if(preg_match('/\.tpl$/i', $file))
+        {
+         $template_file_array[] = $file;
+        }
+      }
+     closedir($handle);
+     natcasesort($template_file_array);
+     $i=0;
+     foreach($template_file_array as $file)
+      {
+       $template_files[$i] = $file;
+       #$template_files[$i]['name'] = htmlspecialchars($file);
+       $i++;
+      }
+     if(isset($template_files))
+      {
+       $template->assign('template_files',$template_files);
+      }
+
+     $template->assign('page_languages', get_languages());
+
+     if(empty($edit_mode))
+      {
+       $edit_mode=0;
+      }
+     $template->assign('edit_mode',$edit_mode);
+     if(isset($page_data))
+      {
+       $template->assign('page_data', $page_data);
+       $template->assign('send_pingbacks', $send_pingbacks);
+      }
+     $template->assign('subtemplate', 'edit.inc.tpl');
+     break;
+
+    case 'page_doesnt_exist':
+     $template->assign('invalid_request', 'page_doesnt_exist');
+     $template->assign('subtemplate', 'edit.inc.tpl');
+     break;
+    case 'no_authorization':
+     $template->assign('invalid_request', 'no_authorization_edit');
+     $template->assign('subtemplate', 'edit.inc.tpl');
+     break;
+ }
+}

cms/includes/exception.inc.php

@@ -0,0 +1,65 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$debug_mode = true;
+
+$website_title = isset($settings['website_title']) ? $settings['website_title'] : 'phpSQLiteCMS';
+$lang = isset($localization) ? Localization::$lang['lang'] : 'en';
+$charset = isset($localization) && isset(Localization::$lang['charset']) ? Localization::$lang['charset'] : 'utf-8';
+$exception_title = isset($localization) && isset(Localization::$lang['exception_title']) ? Localization::$lang['exception_title'] : 'Error';
+$exception_message = isset($localization) && isset(Localization::$lang['exception_message']) ? Localization::$lang['exception_message'] : 'An error occurred while processing this directive.';
+
+header($_SERVER['SERVER_PROTOCOL'] . " 503 Service Unavailable");
+header("Status: 503 Service Unavailable");
+header('Content-Type: text/html; charset='.$charset);
+
+?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>">
+<head>
+<title><?php echo $website_title; ?> - <?php echo $exception_title; ?></title>
+<meta http-equiv="content-type" content="text/html; charset=<?php echo $charset; ?>" />
+<style type="text/css">
+<!--
+body              { color:#000; background:#fff; margin:0; padding:0; font-family:verdana,arial,sans-serif; font-size:100.1%; }
+h1                { font-size:1.5em; }
+p,ul              { font-size:0.9em; line-height:1.5em; }
+#top              { margin:0; padding:0 20px 0 20px; height:4em; color:#000000; background:#d2ddea; border-bottom: 1px solid #bacbdf; line-height:4em; }
+#top h1           { font-size:2em; margin:0; padding:0; color:#000080; }
+#content          { padding:20px; }
+-->
+</style>
+</head>
+<body>
+<div id="top"><h1><?php echo $website_title; ?></h1></div>
+<div id="content">
+<h1><?php echo $exception_title; ?></h1>
+<p><?php echo $exception_message; ?></p>
+
+<?php if($debug_mode && isset($exception)): ?>
+<p>
+<strong>Message:</strong> <?php echo $exception->getMessage(); ?><br />
+<strong>Code:</strong> <?php echo $exception->getCode(); ?><br />
+<strong>File:</strong> <?php echo $exception->getFile(); ?><br />
+<strong>Line:</strong> <?php echo $exception->getLine(); ?><!--<br />
+<strong>Trace:</strong> <?php echo $exception->getTraceAsString(); ?>-->
+</p>
+
+<?php
+/*
+echo '<p>'.$exception->__toString().'</p>';
+echo '<pre>';
+print_r($exception);
+echo '</pre>';
+
+echo '<pre>';
+print_r($GLOBALS);
+echo '</pre>';
+*/
+?>
+
+<?php endif; ?>
+</p>
+
+</div>
+</body>
+</html>

cms/includes/filemanager.inc.php

@@ -0,0 +1,216 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$media_dir = 'media';
+$file_dir = 'files';
+
+$template->assign('media_dir', $media_dir);
+$template->assign('file_dir', $file_dir);
+
+$directory = isset($_REQUEST['directory']) && $_REQUEST['directory']==$file_dir ? $file_dir : $media_dir;
+$template->assign('directory', $directory);
+
+$path = BASE_PATH.'static/'.$directory.'/';
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+
+ // delete:
+ if(isset($_REQUEST['delete']))
+  {
+   if(isset($_REQUEST['confirmed']))
+    {
+     @chmod($path.$_REQUEST['delete'], 0777);
+     if(!@unlink($path.$_REQUEST['delete'])) $errors[] = Localization::$lang['delete_file_error'];
+     header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=filemanager&directory='.$directory);
+     exit;
+    }
+   else
+    {
+     $template->assign('file', htmlspecialchars($_REQUEST['delete']));
+     $action = 'delete';
+    }
+  }
+
+ if(isset($_POST['upload_file_submit']))
+  {
+   $file_name = isset($_POST['file_name']) ? trim($_POST['file_name']) : '';
+   $upload_mode = isset($_POST['upload_mode']) && $_POST['upload_mode']==2 ? 2 : 1;
+   $compression = isset($_POST['compression']) ? intval($_POST['compression']) : $settings['compression'];
+   $resize_xy = isset($_POST['resize_xy']) && $_POST['resize_xy']=='x' ? 'x' : 'y';
+   $resize = isset($_POST['resize']) ? intval($_POST['resize']) : $settings['resize'];
+   $thumbnail_compression = isset($_POST['thumbnail_compression']) ? intval($_POST['thumbnail_compression']) : $settings['thumbnail_compression'];
+   $thumbnail_resize_xy = isset($_POST['thumbnail_resize_xy']) && $_POST['thumbnail_resize_xy']=='x' ? 'x' : 'y';
+   $thumbnail_resize = isset($_POST['thumbnail_resize']) ? intval($_POST['thumbnail_resize']) : $settings['thumbnail_resize'];
+   
+   #if(empty($_FILES['probe']) || $_FILES['probe']['size'] == 0 || $_FILES['probe']['error']) $errors[] = Localization::$lang['error_no_file'];
+   if($compression < 1 || $compression > 100 || $thumbnail_compression < 1 || $thumbnail_compression > 100) $errors[] = 'invalid_compression_value';
+
+   if(empty($errors))
+    {
+     // filename already exists?
+     if($file_name=='') $file_name = basename($_FILES['file']['name']);
+     if(file_exists($path.$file_name) && empty($_POST['overwrite_file']))
+      {
+       #$file_name = '';
+       $errors[] = 'upload_file_exists';
+      }
+    }
+   if(empty($errors))
+    {
+     $upload = new FileUpload($_FILES['file'], $path);
+          
+     if($upload_mode==2 && $upload->isImage)
+      {
+       // its an image and it should be manipulated
+       //$upload = new FileUpload($_FILES['file'], BASE_PATH.$directory.'/');
+       if($resize_xy=='x')
+         {
+          $x = $resize;
+          $y = intval($upload->imageHeight*$x/$upload->imageWidth);
+         }
+       else
+         {
+          $y = $resize;
+          $x = intval($upload->imageWidth*$y/$upload->imageHeight);
+         }
+       if(!$upload->saveModifiedImage($x, $y, $compression, $file_name))
+        {
+         $errors[] = 'upload_error';
+        }
+      }
+     else
+      {
+       #move_uploaded_file($_FILES['file']['tmp_name'], BASE_PATH.$directory.'/'.$file_name); // or $errors[] = 'upload_error';
+       $upload->saveFile($file_name);
+      }
+     // create thumbnail:
+     if(isset($_POST['create_thumbnail']) && $upload->isImage)
+      {
+       
+       if($thumbnail_resize_xy=='x')
+        {
+         $thumbnail_x = $thumbnail_resize;
+         $thumbnail_y = intval($upload->imageHeight*$thumbnail_x/$upload->imageWidth);
+        }
+       else
+        {
+         $thumbnail_y = $thumbnail_resize;
+         $thumbnail_x = intval($upload->imageWidth*$thumbnail_y/$upload->imageHeight);
+        }
+       
+       
+       // set thumbnail name:
+       if($settings['thumbnail_prefix'])
+        {
+         $thumbnail_filename = $settings['thumbnail_prefix'].$file_name;
+        }
+       elseif($settings['thumbnail_postfix'])
+        {
+         $ext_pos = strrpos($file_name, '.');
+         $name = substr($file_name, 0, $ext_pos);
+         $ext = substr($file_name, $ext_pos);
+         $thumbnail_filename = $name.$settings['thumbnail_postfix'].$ext;
+        }
+       
+       if(!$upload->saveModifiedImage($thumbnail_x, $thumbnail_y, $thumbnail_compression, $thumbnail_filename))
+        {
+         // error...
+        }
+      }               
+    }
+   if(empty($errors))
+    {
+     @chmod($path.$file_name, 0644);
+     // save upload defaults:
+     Database::$content->beginTransaction();
+     $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name=:name");
+     $dbr->bindValue(':name', 'resize', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $resize, PDO::PARAM_STR);
+     $dbr->execute();
+     $dbr->bindValue(':name', 'resize_xy', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $resize_xy, PDO::PARAM_STR);
+     $dbr->execute();
+     $dbr->bindValue(':name', 'compression', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $compression, PDO::PARAM_STR);
+     $dbr->execute();
+     $dbr->bindValue(':name', 'thumbnail_resize', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $thumbnail_resize, PDO::PARAM_STR);
+     $dbr->execute();
+     $dbr->bindValue(':name', 'thumbnail_resize_xy', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $thumbnail_resize_xy, PDO::PARAM_STR);
+     $dbr->execute();
+     $dbr->bindValue(':name', 'thumbnail_compression', PDO::PARAM_STR);
+     $dbr->bindParam(':value', $thumbnail_compression, PDO::PARAM_STR);
+     $dbr->execute();
+
+     Database::$content->commit();
+     header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=filemanager&directory='.$directory.'&uploaded=true');
+     exit();
+    }
+   else
+    {
+     $template->assign('errors', $errors);
+     $action='upload';
+    }
+  }
+
+  if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
+  if(empty($action)) $action = 'main';
+
+  switch($action)
+   {
+    case 'main':
+     $fp=opendir($path);
+     while($file = readdir($fp))
+      {
+       #if($file!='.' && $file!='..')
+       if(is_file($path.$file))
+        {
+         $file_array[] = $file;
+        }
+      }
+     closedir($fp);
+
+     if(isset($file_array))
+      {
+       natcasesort($file_array);
+
+       if(function_exists('mime_content_type'))
+        {
+         $mime_content_type=true;
+         $template->assign('mime_content_type', $mime_content_type);
+        }
+
+       $i=0;
+       foreach($file_array as $file)
+        {
+         $files[$i]['filename'] = htmlspecialchars($file);
+         $files[$i]['size'] = number_format(filesize($path.$file)/1000,1,",",".");
+         $files[$i]['last_modified'] = strftime(Localization::$lang['time_format'], filectime($path.$file));
+         if(isset($mime_content_type))
+          {
+           $files[$i]['mime_content_type'] = mime_content_type($path.$file);
+          }
+         ++$i;
+        }
+       if(isset($files))
+        {
+         $template->assign('files', $files);
+        }
+      }
+     if(isset($_GET['uploaded'])) $template->assign('uploaded', true);
+     $template->assign('subtitle', Localization::$lang['filemanager']);
+     $template->assign('subtemplate', 'filemanager.inc.tpl');
+    break;
+    case 'upload';
+     $template->assign('subtitle', Localization::$lang['upload_file']);
+     $template->assign('subtemplate', 'filemanager_upload.inc.tpl');
+
+     break;
+    case 'delete':
+     $template->assign('subtitle', Localization::$lang['delete_file']);
+     $template->assign('subtemplate', 'filemanager_delete.inc.tpl');
+     break;
+   }
+ }

cms/includes/functions.admin.inc.php

@@ -0,0 +1,97 @@
+<?php
+/**
+ * generates password hash
+ *
+ * @param string $pw
+ * @return string
+ */
+function generate_pw_hash($pw)
+ {
+  $salt = random_string(10,'0123456789abcdef');
+  $salted_hash = sha1($pw.$salt);
+  $hash_with_salt = $salted_hash.$salt;
+  return $hash_with_salt;
+ }
+
+/**
+ * checks password comparing it with the hash
+ *
+ * @param string $pw
+ * @param string $hash
+ * @return bool
+ */
+function is_pw_correct($pw,$hash)
+ {
+  if(strlen($hash)==50) // salted sha1 hash with salt
+   {
+    $salted_hash = substr($hash,0,40);
+    $salt = substr($hash,40,10);
+    if(sha1($pw.$salt)==$salted_hash) return true;
+    else return false;
+   }
+  else return false;
+ }
+
+function move_up($item, $section, $table)
+ {
+  $dbr = Database::$content->prepare("SELECT ".$section.", sequence FROM ".$table." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $item, PDO::PARAM_INT);
+  $dbr->execute();
+  $data = $dbr->fetch();
+  if(isset($data['sequence']))
+   {
+    if($data['sequence'] > 1)
+     {
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".$table." SET sequence=:new_sequence WHERE ".$section."=:section AND sequence=:sequence");
+      $dbr->bindParam(':section', $data[$section], PDO::PARAM_STR);
+      $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+      $dbr->execute();
+      Database::$content->commit();
+     }
+    return $data[$section];
+   }
+  return false;;
+ }
+
+function move_down($item, $section, $table)
+ {
+  $dbr = Database::$content->prepare("SELECT ".$section.", sequence FROM ".$table." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $item, PDO::PARAM_INT);
+  $dbr->execute();
+  $data = $dbr->fetch();
+  if(isset($data['sequence']))
+   {
+    $dbr = Database::$content->prepare("SELECT sequence FROM ".$table." WHERE ".$section."=:section ORDER BY sequence DESC LIMIT 1");
+    $dbr->bindParam(':section', $data[$section], PDO::PARAM_STR);
+    $dbr->execute();
+    $last = $dbr->fetchColumn();
+    if($data['sequence'] < $last)
+     {
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".$table." SET sequence=:new_sequence WHERE ".$section."=:section AND sequence=:sequence");
+      $dbr->bindParam(':section', $data[$section], PDO::PARAM_STR);
+      $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence']+1, PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence']+1, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+      $dbr->execute();
+      Database::$content->commit();
+     }
+    return $data[$section];
+   }
+  return false;
+ }
+
+?>

cms/includes/functions.content.inc.php

@@ -0,0 +1,8 @@
+<?php
+
+function myFunction($x,$y)
+ {
+  return $x + $y;
+ }
+ 
+?>

cms/includes/functions.mb_replacements.inc.php

@@ -0,0 +1,45 @@
+<?php
+/*
+ * Replacement functions for the multibyte string functions.
+ * Only include this file if the multibyte string functionsa are not available!
+ */
+
+function mb_internal_encoding($charset='')
+ {
+ }
+
+function mb_strlen($str, $encoding='')
+ {
+  return strlen ($str);
+ }
+
+function mb_substr($str, $start, $length=0, $encoding='')
+ {
+  return substr($str, $start, $length);
+ }
+
+function mb_strpos($haystack, $needle, $offset=0, $encoding='')
+ {
+  return strpos($haystack, $needle, $offset);
+ }
+
+function mb_strrpos($haystack, $needle, $offset=0, $encoding='')
+ {
+  return strrpos($haystack, $needle, $offset);
+ }
+
+function mb_strtolower($str, $encoding='')
+ {
+  return strtolower($str);
+ }
+
+function mb_strtoupper($str, $encoding='')
+ {
+  return strtoupper($str);
+ }
+
+function mb_encode_mimeheader($str, $charset='utf-8', $transfer_encoding='', $linefeed='', $indent='')
+ {
+  return '=?'.$charset.'?B?'.base64_encode($str).'?=';
+ }
+?>

cms/includes/galleries.inc.php

@@ -0,0 +1,443 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_GET['edit']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, gallery, sequence, photo_normal, photo_thumbnail, title, subtitle, description, description_formatting FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery ORDER BY sequence ASC");
+    $dbr->bindParam(':gallery', $_GET['edit'], PDO::PARAM_STR);
+    $dbr->execute();
+    $i=0;
+    while($data = $dbr->fetch())
+     {
+      $items[$i]['id'] = $data['id'];
+      $items[$i]['gallery'] = $data['gallery'];
+      $items[$i]['sequence'] = $data['sequence'];
+      $items[$i]['photo_normal'] = $data['photo_normal'];
+      $items[$i]['photo_thumbnail'] = $data['photo_thumbnail'];
+      #$items[$i]['photo_large'] = $data['photo_large'];
+      $items[$i]['title'] = $data['title'];
+      $items[$i]['subtitle'] = $data['subtitle'];
+      $items[$i]['description'] = $data['description'];
+      #$items[$i]['description_formatting'] = $data['description_formatting'];
+      #if(mb_strlen($item['description'],CHARSET) > 300) $description = mb_substr($item['description'],0,297,CHARSET)."..."; else $description = $item['description'];
+      if($data['description_formatting']==1)
+       {
+        $items[$i]['description'] = auto_html($data['description']);
+       }
+      else
+       {
+        $items[$i]['description'] = $data['description'];
+       }
+      ++$i;
+     }
+    if(isset($items))
+     {
+      $template->assign('items',$items);
+     }
+    $template->assign('gallery',htmlspecialchars($_GET['edit']));
+    $action = 'edit';
+   }
+
+  if(isset($_GET['new_photo']))
+   {
+    $photo_data['gallery'] = htmlspecialchars($_GET['new_photo']);
+    $photo_data['description_formatting'] = 1;
+    $template->assign('photo_data',$photo_data);
+    $action = 'edit_photo';
+   }
+
+  if(isset($_GET['edit_photo']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, gallery, photo_thumbnail, photo_normal, width, height, large_width, large_height, title, subtitle, description, description_formatting FROM ".Database::$db_settings['photo_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['edit_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['id']))
+     {
+      $photo_data['id'] = intval($data['id']);
+      $photo_data['gallery'] = htmlspecialchars($data['gallery']);
+      $photo_data['photo_thumbnail'] = htmlspecialchars($data['photo_thumbnail']);
+      $photo_data['photo_normal'] = htmlspecialchars($data['photo_normal']);
+      #$photo_data['photo_large'] = htmlspecialchars($data['photo_large']);
+      $photo_data['width'] = $data['width']>0 ? $data['width'] : '';
+      $photo_data['height'] = $data['height']>0 ? $data['height'] : '';
+      $photo_data['large_width'] = $data['large_width']>0 ? $data['large_width'] : '';
+      $photo_data['large_height'] = $data['large_height']>0 ? $data['large_height'] : '';
+      $photo_data['title'] = htmlspecialchars($data['title']);
+      $photo_data['subtitle'] = htmlspecialchars($data['subtitle']);
+      $photo_data['description'] = htmlspecialchars($data['description']);
+      $photo_data['description_formatting'] = intval($data['description_formatting']);
+      $template->assign('photo_data', $photo_data);
+     }
+    else
+     {
+      $template->assign('invalid_photo', true);
+     }
+    $action = 'edit_photo';
+   }
+
+  if(isset($_REQUEST['delete_gallery']))
+   {
+    if(isset($_REQUEST['confirmed']))
+     {
+      // get photo ids:
+      $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery");
+      $dbr->bindValue(':gallery', trim($_REQUEST['delete_gallery']), PDO::PARAM_STR);
+      $dbr->execute();
+      // delete comments:
+      $dbr2 = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE comment_id=:id AND type=1");
+      $dbr2->bindParam(':id', $data['id'], PDO::PARAM_INT);
+      Database::$entries->beginTransaction();
+      while($data = $dbr->fetch())
+       {
+        $dbr2->execute();
+       }
+      Database::$entries->commit();
+      // delete gallery:
+      $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery");
+      $dbr->bindParam(':gallery', $_REQUEST['delete_gallery'], PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries');
+      exit;
+     }
+    else
+     {
+      $template->assign('gallery',htmlspecialchars($_REQUEST['delete_gallery']));
+      $action = 'delete_gallery';
+     }
+   }
+
+  if(isset($_POST['new_gallery_name']))
+   {
+    $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['photo_table']." WHERE lower(gallery)=:gallery");
+    $dbr->bindValue(':gallery', strtolower($_POST['new_gallery_name']), PDO::PARAM_STR);
+    $dbr->execute();
+    $gallery_count = $dbr-> fetchColumn();
+    if($gallery_count > 0)
+     {
+      $errors[] = 'gallery_name_alr_exists';
+     }
+    elseif(!preg_match(VALID_URL_CHARACTERS, $_POST['new_gallery_name']))
+     {
+      $errors[] = 'error_gallery_spec_chars';
+     }
+    if(empty($errors))
+     {
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.trim($_POST['new_gallery_name']));
+      exit;
+     }
+    else
+     {
+      $template->assign('errors', $errors);
+      $template->assign('new_gallery_name', htmlspecialchars($_POST['new_gallery_name']));
+      $action = 'new';
+     }
+   }
+
+  if(isset($_GET['move_up_photo']))
+   {
+    $dbr = Database::$content->prepare("SELECT gallery, sequence FROM ".Database::$db_settings['photo_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['move_up_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['sequence']) && $data['sequence'] > 1)
+     {
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET sequence=:new_sequence WHERE gallery=:gallery AND sequence=:sequence");
+      $dbr->bindParam(':gallery', $data['gallery'], PDO::PARAM_STR);
+      $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+      $dbr->execute();
+      Database::$content->commit();
+     }
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.$data['gallery']);
+    exit;
+   }
+
+  if(isset($_GET['move_down_photo']))
+   {
+    $dbr = Database::$content->prepare("SELECT gallery, sequence FROM ".Database::$db_settings['photo_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['move_down_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['sequence']))
+     {
+      $dbr = Database::$content->prepare("SELECT sequence FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery ORDER BY sequence DESC LIMIT 1");
+      $dbr->bindParam(':gallery', $data['gallery'], PDO::PARAM_STR);
+      $dbr->execute();
+      $last = $dbr->fetchColumn();
+      if($data['sequence'] < $last)
+       {
+        Database::$content->beginTransaction();
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET sequence=:new_sequence WHERE gallery=:gallery AND sequence=:sequence");
+        $dbr->bindParam(':gallery', $data['gallery'], PDO::PARAM_STR);
+        $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', $data['sequence']+1, PDO::PARAM_INT);
+        $dbr->execute();
+        $dbr->bindValue(':new_sequence', $data['sequence']+1, PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+        $dbr->execute();
+        $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+        $dbr->execute();
+        Database::$content->commit();
+       }
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.$data['gallery']);
+      exit;
+     }
+   }
+
+  if(isset($_REQUEST['reorder_photos']) && isset($_REQUEST['item']))
+   {
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET sequence=:sequence WHERE id=:id");
+    $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+    $dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
+    Database::$content->beginTransaction();
+    $sequence = 1;
+    foreach($_REQUEST['item'] as $id)
+     {
+      $dbr->execute();
+      ++$sequence;
+     }
+    Database::$content->commit();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    exit;
+   }
+
+  if(isset($_POST['edit_photo_submitted']))
+   {
+    // get posted data:
+    $gallery = isset($_POST['gallery']) ? trim($_POST['gallery']) : '';
+    $photo_thumbnail = isset($_POST['photo_thumbnail']) ? trim($_POST['photo_thumbnail']) : '';
+    $photo_normal = isset($_POST['photo_normal']) ? trim($_POST['photo_normal']) : '';
+    #$photo_large = isset($_POST['photo_large']) ? trim($_POST['photo_large']) : '';
+    $width = isset($_POST['width']) ? intval($_POST['width']) : 0;
+    $height = isset($_POST['height']) ? intval($_POST['height']) : 0;
+    $large_width = isset($_POST['large_width']) ? intval($_POST['large_width']) : 0;
+    $large_height = isset($_POST['large_height']) ? intval($_POST['large_height']) : 0;
+    $title = isset($_POST['title']) ? trim($_POST['title']) : '';
+    $subtitle = isset($_POST['subtitle']) ? trim($_POST['subtitle']) : '';
+    $description = isset($_POST['description']) ? trim($_POST['description']) : '';
+    $description_formatting = isset($_POST['description_formatting']) && $_POST['description_formatting']==1 ? 1 : 0;
+    #showme($description_formatting);
+    // check data:
+    if(empty($gallery)) $errors[] = 'error_no_gallery';
+    if(empty($photo_thumbnail)) $errors[] = 'error_no_thumbnail';
+    if(empty($photo_normal)) $errors[] = 'error_no_photo';
+    if(empty($title)) $errors[] = 'error_no_photo_title';
+
+    if(empty($errors))
+     {
+      if(!file_exists(BASE_PATH.MEDIA_DIR.$photo_thumbnail))
+       {
+        $errors[] = 'err_photo_t_doesnt_exist';
+       }
+      if(substr(strtolower($photo_thumbnail), -4) != '.jpg' && substr(strtolower($photo_thumbnail), -5)!= '.jpeg' && substr(strtolower($photo_thumbnail), -4)!= '.gif' && substr(strtolower($photo_thumbnail), -4)!= '.png')
+       {
+        $errors[] = 'err_image_type';
+       }
+      if(!file_exists(BASE_PATH.MEDIA_DIR.$photo_normal))
+       {
+        $errors[] = 'err_photo_n_doesnt_exist';
+       }
+      #if(trim($_POST['photo_large']) !='' && !file_exists(BASE_PATH.MEDIA_DIR.$photo_large))
+      # {
+      #  $errors[] = 'err_photo_l_doesnt_exist';
+      # }
+     }
+
+    if(empty($errors))
+     {
+      if(isset($_POST['id']))
+       {
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET photo_thumbnail=:photo_thumbnail, photo_normal=:photo_normal, width=:width, height=:height, large_width=:large_width, large_height=:large_height, title=:title, subtitle=:subtitle, description=:description, description_formatting=:description_formatting WHERE id=:id");
+        $dbr->bindParam(':photo_thumbnail', $photo_thumbnail, PDO::PARAM_STR);
+        $dbr->bindParam(':photo_normal', $photo_normal, PDO::PARAM_STR);
+        #$dbr->bindParam(':photo_large', $photo_large, PDO::PARAM_STR);
+        $dbr->bindParam(':width', $width, PDO::PARAM_INT);
+        $dbr->bindParam(':height', $height, PDO::PARAM_INT);
+        $dbr->bindParam(':large_width', $large_width, PDO::PARAM_INT);
+        $dbr->bindParam(':large_height', $large_height, PDO::PARAM_INT);
+        $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+        $dbr->bindParam(':subtitle', $subtitle, PDO::PARAM_STR);
+        $dbr->bindParam(':description', $description, PDO::PARAM_STR);
+        $dbr->bindParam(':description_formatting', $description_formatting, PDO::PARAM_INT);
+        $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+        $dbr->execute();
+       }
+      else
+       {
+        // get gallery info and latest order nr.:
+        $dbr = Database::$content->prepare("SELECT sequence,template,photos_per_row FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery ORDER BY sequence DESC LIMIT 1");
+        $dbr->bindParam(':gallery', $gallery, PDO::PARAM_STR);
+        $dbr->execute();
+        $data = $dbr->fetch();
+        if(isset($data['sequence']))
+         {
+          $new_sequence = intval($data['sequence'])+1;
+          $template = $data['template'];
+          $photos_per_row = $data['photos_per_row'];
+         }
+        else
+         {
+          $new_sequence = 1;
+          $template = $settings['default_photo_template'];
+          $photos_per_row = $settings['default_photos_per_row'];
+         }
+        // insert photo:
+        $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['photo_table']." (gallery,sequence,photo_thumbnail,photo_normal,width,height,large_width,large_height,title,subtitle,description,description_formatting,template,photos_per_row) VALUES (:gallery, :sequence, :photo_thumbnail, :photo_normal, :width, :height, :large_width, :large_height, :title, :subtitle, :description, :description_formatting, :template, :photos_per_row)");
+        $dbr->bindParam(':gallery', $gallery, PDO::PARAM_STR);
+        $dbr->bindParam(':sequence', $new_sequence, PDO::PARAM_INT);
+        $dbr->bindParam(':photo_thumbnail', $photo_thumbnail, PDO::PARAM_STR);
+        $dbr->bindParam(':photo_normal', $photo_normal, PDO::PARAM_STR);
+        #$dbr->bindParam(':photo_large', $photo_large, PDO::PARAM_STR);
+        $dbr->bindParam(':width', $width, PDO::PARAM_INT);
+        $dbr->bindParam(':height', $height, PDO::PARAM_INT);
+        $dbr->bindParam(':large_width', $large_width, PDO::PARAM_INT);
+        $dbr->bindParam(':large_height', $large_height, PDO::PARAM_INT);
+        $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+        $dbr->bindParam(':subtitle', $subtitle, PDO::PARAM_STR);
+        $dbr->bindParam(':description', $description, PDO::PARAM_STR);
+        $dbr->bindParam(':description_formatting', $description_formatting, PDO::PARAM_INT);
+        $dbr->bindParam(':template', $template, PDO::PARAM_STR);
+        $dbr->bindParam(':photos_per_row', $photos_per_row, PDO::PARAM_INT);
+        $dbr->execute();
+       }
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      $id = isset($_POST['id']) ? $_POST['id'] : Database::$content->lastInsertId();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.$gallery.'#id_'.$id);
+      exit;
+     }
+    else
+     {
+      if(isset($_POST['id'])) $photo_data['id'] = intval($_POST['id']);
+      $photo_data['gallery'] = isset($_POST['gallery']) ? htmlspecialchars($_POST['gallery']) : '';
+      $photo_data['photo_thumbnail'] = isset($_POST['photo_thumbnail']) ? htmlspecialchars($_POST['photo_thumbnail']) : '';
+      $photo_data['photo_normal'] = isset($_POST['photo_normal']) ? htmlspecialchars($_POST['photo_normal']) : '';
+      #$photo_data['photo_large'] = isset($_POST['photo_large']) ? htmlspecialchars($_POST['photo_large']) : '';
+      $photo_data['width'] = isset($_POST['width']) && $_POST['width'] > 0 ? intval($_POST['width']) : '';
+      $photo_data['height'] = isset($_POST['height'])  && $_POST['height'] > 0 ? intval($_POST['height']) : '';
+      $photo_data['large_width'] = isset($_POST['large_width'])  && $_POST['large_width'] > 0 ? intval($_POST['large_width']) : '';
+      $photo_data['large_height'] = isset($_POST['large_height']) && $_POST['large_height'] > 0 ? intval($_POST['large_height']) : '';
+      $photo_data['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
+      $photo_data['subtitle'] = isset($_POST['subtitle']) ? htmlspecialchars($_POST['subtitle']) : '';
+      $photo_data['description'] = isset($_POST['description']) ? htmlspecialchars($_POST['description']) : '';
+      $photo_data['description_formatting'] = isset($_POST['description_formatting']) && $_POST['description_formatting']==1 ? 1 : 0;
+      $template->assign('errors',$errors);
+      $template->assign('photo_data',$photo_data);
+      $action='edit_photo';
+     }
+   }
+
+  if(isset($_GET['delete_photo']))
+   {
+    // get gallery:
+    $dbr = Database::$content->prepare("SELECT gallery FROM ".Database::$db_settings['photo_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['delete_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    $gallery = $dbr->fetchColumn();
+    // delete photo:
+    $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['photo_table']." WHERE id=:id");
+    $dbr->bindParam(':id', $_GET['delete_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    // delete photo comments:
+    $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE type=1 AND comment_id=:id");
+    $dbr->bindParam(':id', $_GET['delete_photo'], PDO::PARAM_INT);
+    $dbr->execute();
+    // reorder photos:
+    $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery ORDER BY sequence ASC");
+    $dbr->bindParam(':gallery', $gallery, PDO::PARAM_STR);
+    $dbr->execute();
+    while($data = $dbr->fetch())
+     {
+      $ids[] = $data['id'];
+     }
+    if(isset($ids))
+     {
+      $new_sequence = 1;
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET sequence=:sequence where id=:id");
+      $dbr->bindParam(':sequence', $new_sequence, PDO::PARAM_INT);
+      $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+      foreach($ids as $id)
+       {
+        $dbr->execute();
+        ++$new_sequence;
+       }
+      Database::$content->commit();
+     }
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.$gallery);
+    exit;
+   }
+
+  if(isset($_POST['gallery_properties_submit']))
+   {
+    $template = isset($_POST['template']) ? trim($_POST['template']) : $settings['default_photo_template'];
+    $photos_per_row = isset($_POST['photos_per_row']) ? intval($_POST['photos_per_row']) : $settings['default_photos_per_row'];
+    $gallery = isset($_POST['gallery']) ? trim($_POST['gallery']) : '';
+    if(!empty($gallery))
+     {
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['photo_table']." SET template=:template, photos_per_row=:photos_per_row WHERE gallery=:gallery");
+      $dbr->bindParam(':template', $template, PDO::PARAM_STR);
+      $dbr->bindParam(':photos_per_row', $photos_per_row, PDO::PARAM_INT);
+      $dbr->bindParam(':gallery', $gallery, PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+     }
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=galleries&edit='.htmlspecialchars($_POST['gallery']));
+    exit;
+   }
+
+  if(isset($_GET['action'])) $action = $_GET['action'];
+  if(isset($_POST['action'])) $action = $_POST['action'];
+  if(empty($action)) $action='show_galleries';
+
+  switch($action)
+   {
+    case 'show_galleries':
+     $dbr = Database::$content->query("SELECT DISTINCT gallery FROM ".Database::$db_settings['photo_table']." ORDER BY gallery ASC");
+     while($data = $dbr->fetch())
+      {
+       $galleries[] = htmlspecialchars($data['gallery']);
+      }
+     if(isset($galleries))
+      {
+       $template->assign('galleries',$galleries);
+      }
+     $template->assign('subtitle', Localization::$lang['photo_galleries']);
+     $template->assign('subtemplate', 'galleries.inc.tpl');
+     break;
+    case 'edit':
+     $template->assign('subtitle', Localization::$lang['photo_galleries']);
+     $template->assign('subtemplate','galleries_edit.inc.tpl');
+    break;
+    case 'delete_gallery':
+     $template->assign('subtitle', Localization::$lang['delete_gallery']);
+     $template->assign('subtemplate','galleries_delete.inc.tpl');
+     break;
+    case 'new':
+     $template->assign('subtitle', Localization::$lang['photo_galleries']);
+     $template->assign('subtemplate','galleries_new.inc.tpl');
+    break;
+    case 'gallery_properties':
+     $template->assign('subtitle', Localization::$lang['photo_galleries']);
+     $template->assign('subtemplate','galleries_properties.inc.tpl');
+     break;
+    case 'edit_photo':
+     $template->assign('subtitle', Localization::$lang['photo_galleries']);
+     $template->assign('subtemplate','galleries_edit_photo.inc.tpl');
+     break;
+   }
+ }

cms/includes/gcb.inc.php

@@ -0,0 +1,154 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_GET['add_gcb']))
+   {
+    $content_auto_html = 1;
+    $action = 'edit_gcb';
+   }
+
+  if(isset($_POST['edit_gcb_submit']))
+   {
+    $identifier = isset($_POST['identifier']) ? trim($_POST['identifier']) : '';
+    $content = isset($_POST['content']) ? $_POST['content'] : '';
+
+    if(empty($identifier)) $errors[] = 'gcb_error_no_identifier';
+    elseif(!preg_match('/^[a-z0-9_]+$/', $identifier)) $errors[] = 'gcb_error_invalid_identifier';
+
+    if(isset($_POST['id']))
+     {
+      $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['gcb_table']." WHERE lower(identifier)=:identifier AND id!=:id");
+      $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['gcb_table']." WHERE lower(identifier)=:identifier");
+     }
+    $dbr->bindValue(':identifier', mb_strtolower($identifier, CHARSET), PDO::PARAM_STR);
+    $dbr->execute();
+    if($dbr->fetchColumn()!=0)
+     {
+      $errors[] = 'gcb_identifier_exists_error';
+     }
+
+    if(empty($errors))
+     {
+      if(isset($_POST['id']))
+       {
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['gcb_table']." SET identifier=:identifier, content=:content WHERE id=:id");
+        $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+       }
+      else
+       {
+        $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['gcb_table']." (identifier,content) VALUES (:identifier,:content)");
+       }
+      $dbr->bindParam(':identifier', $identifier, PDO::PARAM_STR);
+      $dbr->bindParam(':content', $content, PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=gcb');
+      exit;
+     }
+    else
+     {
+      if(isset($_POST['id'])) $gcb['id'] = $_POST['id'];
+      $gcb['identifier'] = isset($_POST['identifier']) ? htmlspecialchars($_POST['identifier']) : '';
+      $gcb['content'] = isset($_POST['content']) ? htmlspecialchars($_POST['content']) : '';
+      $template->assign('gcb', $gcb);
+      $template->assign('errors', $errors);
+      $action = 'edit_gcb';
+     }
+   }
+
+  if(isset($_GET['edit']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, identifier, content FROM ".Database::$db_settings['gcb_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['edit'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['id']))
+     {
+      $gcb['id'] = $data['id'];
+      $gcb['identifier'] = htmlspecialchars($data['identifier']);
+      $gcb['content'] = htmlspecialchars($data['content']);
+      $template->assign('gcb', $gcb);
+      $action = 'edit_gcb';
+     }
+    else
+     {
+      $action = 'invalid_request';
+     }
+   }
+
+  if(isset($_REQUEST['delete']))
+   {
+    if(isset($_REQUEST['confirmed']))
+     {
+      $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['gcb_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $_REQUEST['delete'], PDO::PARAM_INT);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=gcb');
+      exit;
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("SELECT id, identifier FROM ".Database::$db_settings['gcb_table']." WHERE id=:id LIMIT 1");
+      $dbr->bindParam(':id', $_GET['delete'], PDO::PARAM_INT);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['id']))
+       {
+        $gcb['id'] = $data['id'];
+        $gcb['identifier'] = htmlspecialchars($data['identifier']);
+        $template->assign('gcb', $gcb);
+        $action = 'delete_gcb';
+       }
+      else
+       {
+        $action = 'invalid_request';
+       }
+     }
+   }
+
+  if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
+  if(empty($action)) $action='main';
+
+  switch ($action)
+   {
+    case 'main':
+     $dbr = Database::$content->query("SELECT id, identifier, content FROM ".Database::$db_settings['gcb_table']." ORDER BY id ASC");
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       $gcbs[$i]['id'] = $data['id'];
+       $gcbs[$i]['identifier'] = htmlspecialchars($data['identifier']);
+       $gcbs[$i]['content'] = $data['content'];
+       ++$i;
+      }
+     if(isset($gcbs))
+      {
+       $template->assign('gcbs', $gcbs);
+      }
+     $template->assign('subtitle', Localization::$lang['gcb']);
+     $template->assign('subtemplate', 'gcb.inc.tpl');
+     break;
+    case 'edit_gcb':
+     if(isset($gcb['id']))
+      {
+       $template->assign('subtitle', Localization::$lang['edit_gcb']);
+      }
+     else
+      {
+       $template->assign('subtitle', Localization::$lang['add_gcb']);
+      }
+     $template->assign('subtemplate', 'gcb_edit.inc.tpl');
+     break;
+    case 'delete_gcb':
+     $template->assign('subtitle', Localization::$lang['delete_gcb']);
+     $template->assign('subtemplate', 'gcb_delete.inc.tpl');
+    break;
+   }
+ }

cms/includes/insert_gallery.inc.php

@@ -0,0 +1,17 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $dbr = Database::$content->query("SELECT DISTINCT gallery FROM ".Database::$db_settings['photo_table']." ORDER BY gallery ASC");
+   while($data = $dbr->fetch())
+    {
+     $galleries[] = htmlspecialchars($data['gallery']);
+    }
+   if(isset($galleries))
+    {
+     $template->assign('galleries',$galleries);
+    }
+ }
+$template_file = 'insert_gallery.tpl';
+?>

cms/includes/insert_image.inc.php

@@ -0,0 +1,55 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$img_path = BASE_PATH.MEDIA_DIR;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_REQUEST['form']))
+   {
+    $template->assign('form',htmlspecialchars($_REQUEST['form']));
+   }
+  if(isset($_REQUEST['field']))
+   {
+    $template->assign('field',htmlspecialchars($_REQUEST['field']));
+   }
+
+  $insert_mode = isset($_REQUEST['insert_mode']) && $_REQUEST['insert_mode']==1 ? 1 : 0;
+  $template->assign('insert_mode',$insert_mode);
+
+  $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+  switch($action)
+   {
+    case 'main':
+     $fp=opendir($img_path);
+     while($file = readdir($fp))
+      {
+       if(preg_match('/\.jpg$/i', $file) || preg_match('/\.jpeg$/i', $file) || preg_match('/\.png$/i', $file) || preg_match('/\.gif$/i', $file) || ($insert_mode==1 && preg_match('/\.swf$/i', $file)) || ($insert_mode==1 && preg_match('/\.flv$/i', $file)))
+        {
+         $images[] = $file;
+        }
+      }
+     closedir($fp);
+
+     if(isset($images))
+      {
+       // Sort filenames
+       natcasesort($images);
+       $template->assign('images', $images);
+
+       $image_classes_untrimmed = explode(',',$settings['image_classes']);
+       foreach($image_classes_untrimmed as $image_class)
+        {
+         $image_classes[] = trim($image_class);
+        }
+       if(isset($image_classes))
+        {
+         $template->assign('image_classes',$image_classes);
+        }
+      }
+   }
+
+  $template_file = 'insert_image.tpl';
+ }
+?>

cms/includes/insert_thumbnail.inc.php

@@ -0,0 +1,71 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_REQUEST['form']))
+   {
+    $template->assign('form',htmlspecialchars($_REQUEST['form']));
+   }
+  if(isset($_REQUEST['field']))
+   {
+    $template->assign('field',htmlspecialchars($_REQUEST['field']));
+   }
+
+  #if(isset($_GET['form'])) $form = $_GET['form'];
+  #if(isset($_GET['field'])) $field = $_GET['field'];
+  #if(isset($_GET['insert_mode'])) $insert_mode = intval($_GET['insert_mode']);
+  #if(isset($_POST['form'])) $form = $_POST['form'];
+  #if(isset($_POST['field'])) $field = $_POST['field'];
+  #if(isset($_POST['insert_mode'])) $insert_mode = intval($_POST['insert_mode']);
+  #if(empty($insert_mode)) $insert_mode = $insert_mode = 0;
+
+   if(isset($_POST['gallery']))
+    {
+     $dbr = Database::$content->prepare("SELECT id, title,	photo_thumbnail FROM ".Database::$db_settings['photo_table']." WHERE gallery=:gallery ORDER BY sequence ASC");
+     $dbr->bindParam(':gallery', $_POST['gallery'], PDO::PARAM_STR);
+     $dbr->execute();
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       $items[$i]['id'] = $data['id'];
+       $items[$i]['title'] = $data['title'];
+       $items[$i]['photo_thumbnail'] = $data['photo_thumbnail'];
+       ++$i;
+      }
+     if(isset($items))
+      {
+       $template->assign('items',$items);
+      }
+
+     $image_classes_untrimmed = explode(',',$settings['image_classes']);
+     foreach($image_classes_untrimmed as $image_class)
+      {
+       $image_classes[] = trim($image_class);
+      }
+     if(isset($image_classes))
+      {
+       $template->assign('image_classes',$image_classes);
+      }
+    }
+
+  if(empty($action)) $action = 'main';
+
+  switch ($action)
+   {
+    case 'main':
+     $dbr = Database::$content->query("SELECT DISTINCT gallery FROM ".Database::$db_settings['photo_table']." ORDER BY gallery ASC");
+     while($data = $dbr->fetch())
+      {
+       $galleries[] = htmlspecialchars($data['gallery']);
+      }
+     if(isset($galleries))
+      {
+       $template->assign('galleries',$galleries);
+      }
+     break;
+   }
+
+  $template_file = 'insert_thumbnail.tpl';
+ }
+?>

cms/includes/login.inc.php

@@ -0,0 +1,68 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']) && empty($action))
+ {
+  session_destroy();
+  header("Location: ../");
+ }
+elseif(empty($_SESSION[$settings['session_prefix'].'user_id']) && isset($_POST['username']) && isset($_POST['userpw']))
+ {
+  $username = $_POST['username'];
+  $userpw = $_POST['userpw'];
+  if(isset($_POST['username']) && trim($_POST['username']) != '' && isset($_POST['userpw']) && trim($_POST['userpw']) != '')
+   {
+    $dbr = Database::$userdata->prepare('SELECT id, name, pw, type, wysiwyg FROM '.Database::$db_settings['userdata_table'].' WHERE lower(name)=lower(:name) LIMIT 1');
+    #$dbr->bindValue(':name',mb_strtolower($_POST['username'],CHARSET), PDO::PARAM_STR);
+    $dbr->bindValue(':name',$_POST['username'], PDO::PARAM_STR);
+    $dbr->execute();
+    $row = $dbr->fetch();
+    if(isset($row['id']))
+     {
+      if(is_pw_correct($_POST['userpw'],$row['pw']))
+       {
+        $_SESSION[$settings['session_prefix'].'user_id'] = $row['id'];
+        $_SESSION[$settings['session_prefix'].'user_name'] = $row['name'];
+        $_SESSION[$settings['session_prefix'].'user_type'] = $row['type'];
+        $_SESSION[$settings['session_prefix'].'wysiwyg'] = $row['wysiwyg'];
+        
+        $dbr = Database::$userdata->prepare('UPDATE '.Database::$db_settings['userdata_table'].' SET last_login=:now WHERE id=:id');
+        $dbr->bindValue(':now', time(), PDO::PARAM_INT);
+        $dbr->bindValue(':id', $row['id'], PDO::PARAM_INT);
+        $dbr->execute();
+        header('Location: ../');
+        exit;
+       }
+      else
+       {
+        $login_failed = true;
+       }
+     }
+    else
+     {
+      $login_failed = true;
+     }
+   }
+  else
+   {
+    $login_failed = true;
+   }
+  if(isset($login_failed))
+   {
+    header('Location: index.php?msg=login_failed');
+    exit;
+   }
+ }
+elseif(empty($_SESSION[$settings['session_prefix'].'user_id']) && empty($action))
+ {
+  $action = "login";
+ }
+
+switch ($action)
+ {
+  case 'login':
+   $template->assign('subtitle', Localization::$lang['login']);
+   $template->assign('subtemplate', 'login.inc.tpl');
+  break;
+ }
+?>

cms/includes/menus.inc.php

@@ -0,0 +1,316 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix'].'user_type']==1)
+ {
+  if(isset($_GET['edit']))
+   {
+    $menu = $_GET['edit'];
+    $action = 'edit';
+   }
+
+  if(isset($_REQUEST['delete']))
+   {
+    if(isset($_REQUEST['confirmed']))
+     {
+      $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu");
+      $dbr->bindParam(':menu', $_REQUEST['delete'], PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus');
+      exit;
+     }
+    else
+     {
+      $template->assign('menu', htmlspecialchars($_REQUEST['delete']));
+      $action = 'delete';
+     }
+   }
+
+  if(isset($_GET['set_default']))
+   {
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name='default_menu'");
+    $dbr->bindValue(':value', trim($_GET['set_default']), PDO::PARAM_STR);
+    $dbr->execute();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus');
+    exit;
+   }
+
+  if(isset($_POST['new_menu_name']))
+   {
+    $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['menu_table']." WHERE lower(menu)=:menu");
+    $dbr->bindValue(':menu', trim(strtolower($_POST['new_menu_name'])), PDO::PARAM_STR);
+    $dbr->execute();
+    if($dbr->fetchColumn() > 0)
+     {
+      $errors[] = 'menu_already_exists';
+      $action = 'new';
+     }
+    elseif(!preg_match('/^[a-zA-Z0-9_\-]+$/', $_POST['new_menu_name']))
+     {
+      $errors[] = 'error_menu_spec_chars';
+      $action = 'new';
+     }
+    else
+     {
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$_POST['new_menu_name']);
+      exit;
+     }
+   }
+
+  if(isset($_POST['new_menu_item']))
+   {
+    $dbr = Database::$content->prepare("SELECT sequence FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu ORDER BY sequence DESC LIMIT 1");
+    $dbr->bindValue(':menu', trim($_POST['menu']), PDO::PARAM_STR);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(!isset($data['sequence']))
+     {
+      $new_sequence = 1;
+     }
+    else
+     {
+      $new_sequence = $data['sequence']+1;
+     }
+    $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['menu_table']." (menu,sequence,name,title,link,section,accesskey) VALUES (:menu,:sequence,:name,:title,:link,:section,:accesskey)");
+    $dbr->bindValue(':menu', trim($_POST['menu']), PDO::PARAM_STR);
+    $dbr->bindValue(':sequence', $new_sequence, PDO::PARAM_INT);
+    $dbr->bindValue(':name', trim($_POST['name']), PDO::PARAM_STR);
+    $dbr->bindValue(':title', trim($_POST['title']), PDO::PARAM_STR);
+    $dbr->bindValue(':link', trim($_POST['link']), PDO::PARAM_STR);
+    $dbr->bindValue(':section', trim($_POST['section']), PDO::PARAM_STR);
+    $dbr->bindValue(':accesskey', trim($_POST['accesskey']), PDO::PARAM_STR);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$_POST['menu']);
+    exit;
+   }
+
+  if(isset($_POST['edit_item']))
+   {
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['menu_table']." SET name=:name, title=:title, link=:link, section=:section, accesskey=:accesskey WHERE id=:id");
+    $dbr->bindValue(':name', trim($_POST['name']), PDO::PARAM_STR);
+    $dbr->bindValue(':title', trim($_POST['title']), PDO::PARAM_STR);
+    $dbr->bindValue(':link', trim($_POST['link']), PDO::PARAM_STR);
+    $dbr->bindValue(':section', trim($_POST['section']), PDO::PARAM_STR);
+    $dbr->bindValue(':accesskey', trim($_POST['accesskey']), PDO::PARAM_STR);
+    $dbr->bindParam(':id', $_POST['edit_item'], PDO::PARAM_INT);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$_POST['menu']);
+    exit;
+   }
+
+  if(isset($_GET['action'])) $action = $_GET['action'];
+  if(isset($_POST['action'])) $action = $_POST['action'];
+
+  if(empty($action)) $action='show_menus';
+
+  if(isset($_GET['move_up']))
+   {
+    $dbr = Database::$content->prepare("SELECT menu, sequence FROM ".Database::$db_settings['menu_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['move_up'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['sequence']) && $data['sequence'] > 1)
+     {
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['menu_table']." SET sequence=:new_sequence WHERE menu=:menu AND sequence=:sequence");
+      $dbr->bindParam(':menu', $data['menu'], PDO::PARAM_STR);
+      $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence']-1, PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->execute();
+      $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+      $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+      $dbr->execute();
+      Database::$content->commit();
+      }
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$data['menu']);
+    exit;
+   }
+
+  if(isset($_GET['move_down']))
+   {
+    $dbr = Database::$content->prepare("SELECT menu, sequence FROM ".Database::$db_settings['menu_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['move_down'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['sequence']))
+     {
+      $dbr = Database::$content->prepare("SELECT sequence FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu ORDER BY sequence DESC LIMIT 1");
+      $dbr->bindParam(':menu', $data['menu'], PDO::PARAM_STR);
+      $dbr->execute();
+      $last = $dbr->fetchColumn();
+      if($data['sequence'] < $last)
+       {
+        Database::$content->beginTransaction();
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['menu_table']." SET sequence=:new_sequence WHERE menu=:menu AND sequence=:sequence");
+        $dbr->bindParam(':menu', $data['menu'], PDO::PARAM_STR);
+        $dbr->bindValue(':new_sequence', 0, PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', $data['sequence']+1, PDO::PARAM_INT);
+        $dbr->execute();
+        $dbr->bindValue(':new_sequence', $data['sequence']+1, PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', $data['sequence'], PDO::PARAM_INT);
+        $dbr->execute();
+        $dbr->bindValue(':new_sequence', $data['sequence'], PDO::PARAM_INT);
+        $dbr->bindValue(':sequence', 0, PDO::PARAM_INT);
+        $dbr->execute();
+        Database::$content->commit();
+       }
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$data['menu']);
+      exit;
+     }
+   }
+
+  if(isset($_REQUEST['reorder_items']) && isset($_REQUEST['item']))
+   {
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['menu_table']." SET sequence=:sequence WHERE id=:id");
+    $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+    $dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
+    Database::$content->beginTransaction();
+    $sequence = 1;
+    foreach($_REQUEST['item'] as $id)
+     {
+      $dbr->execute();
+      ++$sequence;
+     }
+    Database::$content->commit();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    exit;
+   }
+
+  // first actions:
+  switch ($action)
+   {
+    case 'delete_menu_item':
+     {
+      // get menu:
+      $dbr = Database::$content->prepare("SELECT menu FROM ".Database::$db_settings['menu_table']." WHERE id=:id LIMIT 1");
+      $dbr->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
+      $dbr->execute();
+      $menu = $dbr->fetchColumn();
+      // delete menu item:
+      $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['menu_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
+      $dbr->execute();
+      // reorder items:
+      $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu ORDER BY sequence ASC");
+      $dbr->bindParam(':menu', $menu, PDO::PARAM_STR);
+      $dbr->execute();
+      while($data = $dbr->fetch())
+       {
+        $ids[] = $data['id'];
+       }
+      if(isset($ids))
+       {
+        $new_sequence = 1;
+        Database::$content->beginTransaction();
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['menu_table']." SET sequence=:sequence WHERE id=:id");
+        $dbr->bindParam(':sequence', $new_sequence, PDO::PARAM_INT);
+        $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+        foreach($ids as $id)
+         {
+          $dbr->execute();
+          ++$new_sequence;
+         }
+        Database::$content->commit();
+       }
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=menus&edit='.$menu);
+      exit;
+     }
+    break;
+   }
+
+  // second actions:
+  switch ($action)
+   {
+    case 'show_menus':
+     $menu_result = Database::$content->query("SELECT DISTINCT menu FROM ".Database::$db_settings['menu_table']." ORDER BY menu ASC");
+     while($menu_data = $menu_result->fetch())
+      {
+       $menus[] = $menu_data['menu'];
+      }
+     if(isset($menus))
+      {
+       $template->assign('menus', $menus);
+      }
+     $template->assign('subtitle', Localization::$lang['menus']);
+     $template->assign('subtemplate', 'menus.inc.tpl');
+     break;
+    case 'edit':
+     $template->assign('menu', htmlspecialchars($_GET['edit']));
+     $dbr = Database::$content->prepare("SELECT id, name, sequence, title, link, section, accesskey FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu ORDER BY sequence ASC");
+     $dbr->bindValue(':menu', trim($_GET['edit']), PDO::PARAM_STR);
+     $dbr->execute();
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       $items[$i]['id'] = intval($data['id']);
+       $items[$i]['name'] = htmlspecialchars($data['name']);
+       #$items[$i]['sequence'] = $data['sequence'];
+       $items[$i]['title'] = htmlspecialchars($data['title']);
+       $items[$i]['link'] = htmlspecialchars($data['link']);
+       $items[$i]['section'] = htmlspecialchars($data['section']);
+       $items[$i]['accesskey'] = htmlspecialchars($data['accesskey']);
+       ++$i;
+      }
+     if(isset($items))
+      {
+       $template->assign('items', $items);
+      }
+     $template->assign('subtitle', Localization::$lang['menus']);
+     $template->assign('subtemplate', 'menus_edit.inc.tpl');
+     break;
+    case 'edit_menu_item';
+     $dbr = Database::$content->prepare("SELECT menu FROM ".Database::$db_settings['menu_table']." WHERE id=:id LIMIT 1");
+     $dbr->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
+     $dbr->execute();
+     $menu_data = $dbr->fetch();
+     if(isset($menu_data['menu']))
+      {
+       $dbr = Database::$content->prepare("SELECT id, name, sequence, title, link, section, accesskey FROM ".Database::$db_settings['menu_table']." WHERE menu=:menu ORDER BY sequence ASC");
+       $dbr->bindParam(':menu', $menu_data['menu'], PDO::PARAM_STR);
+       $dbr->execute();
+       $i=0;
+       while($data = $dbr->fetch())
+        {
+         $items[$i]['id'] = intval($data['id']);
+         $items[$i]['name'] = htmlspecialchars($data['name']);
+         $items[$i]['title'] = htmlspecialchars($data['title']);
+         $items[$i]['link'] = htmlspecialchars($data['link']);
+         $items[$i]['section'] = htmlspecialchars($data['section']);
+         $items[$i]['accesskey'] = htmlspecialchars($data['accesskey']);
+         ++$i;
+        }
+       if(isset($items))
+        {
+         $template->assign('items', $items);
+        }
+       $template->assign('menu', htmlspecialchars($menu_data['menu']));
+       $template->assign('edit_item', intval($_GET['id']));
+       $template->assign('subtitle', Localization::$lang['menus']);
+       $template->assign('subtemplate', 'menus_edit.inc.tpl');
+      }
+     break;
+    case 'delete':
+     $template->assign('subtemplate', 'menus_delete.inc.tpl');
+     break;
+    case 'new':
+     if(isset($errors))
+      {
+       $template->assign('errors', $errors);
+      }
+     if(isset($_POST['new_menu_name']))
+      {
+       $template->assign('new_menu_name', htmlspecialchars($_POST['new_menu_name']));
+      }
+     $template->assign('subtemplate', 'menus_new.inc.tpl');
+     break;
+   }
+ }

cms/includes/modal.inc.php

@@ -0,0 +1,79 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_REQUEST['action']))
+ {
+  switch($_REQUEST['action'])
+   {
+    case 'insert_gallery':
+     $dbr = Database::$content->query("SELECT DISTINCT gallery FROM ".Database::$db_settings['photo_table']." ORDER BY gallery ASC");
+     while($data = $dbr->fetch())
+      {
+       $galleries[] = htmlspecialchars($data['gallery']);
+      }
+     if(isset($galleries))
+      {
+       $template->assign('galleries', $galleries);
+      }
+     
+     $template_file = 'subtemplates/modal_insert_gallery.tpl';
+     break;
+
+    case 'insert_thumbnail':
+     $dbr = Database::$content->query("SELECT id, title, gallery FROM ".Database::$db_settings['photo_table']." ORDER BY gallery ASC, sequence ASC");
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       $thumbnails[$i]['id'] = $data['id'];
+       $thumbnails[$i]['gallery'] = htmlspecialchars($data['gallery']);
+       $thumbnails[$i]['title'] = htmlspecialchars($data['title']);
+       ++$i;
+      }
+     if(isset($thumbnails))
+      {
+       $template->assign('thumbnails', $thumbnails);
+      }
+     
+     $template_file = 'subtemplates/modal_insert_thumbnail.tpl';
+     break;
+     
+    case 'insert_image':
+     $fp=opendir(BASE_PATH.MEDIA_DIR);
+     while($file = readdir($fp))
+      {
+       if(preg_match('/\.jpg$/i', $file) || preg_match('/\.jpeg$/i', $file) || preg_match('/\.png$/i', $file))
+        {
+         $images[] = $file;
+        }
+      }
+     closedir($fp);
+
+     if(isset($images))
+      {
+       natcasesort($images);
+       $template->assign('images', $images);
+      }   
+     $template_file = 'subtemplates/modal_insert_image.tpl';
+     break;
+    
+    case 'insert_raw_image':
+     $fp=opendir(BASE_PATH.MEDIA_DIR);
+     while($file = readdir($fp))
+      {
+       if(preg_match('/\.jpg$/i', $file) || preg_match('/\.jpeg$/i', $file) || preg_match('/\.png$/i', $file))
+        {
+         $images[] = $file;
+        }
+      }
+     closedir($fp);
+
+     if(isset($images))
+      {
+       natcasesort($images);
+       $template->assign('images', $images);
+      }   
+     $template_file = 'subtemplates/modal_insert_raw_image.tpl';
+     break;
+   }  
+ }
+?>

cms/includes/notes.inc.php

@@ -0,0 +1,341 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if (isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+  if(isset($_GET['edit']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, title, text, text_formatting, link, linkname FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence ASC");
+    $dbr->bindParam(':note_section', $_GET['edit'], PDO::PARAM_STR);
+    $dbr->execute();
+    $i=0;
+    while($data = $dbr->fetch())
+     {
+      $notes[$i]['id'] = $data['id'];
+      $notes[$i]['title'] = $data['title'];
+      #$notes[$i]['teaser'] = $data['teaser'];
+      if($data['text_formatting']==1)
+       {
+        $notes[$i]['text'] = auto_html($data['text']);
+       }
+      else
+       {
+        $notes[$i]['text'] = $data['text'];
+       }
+
+      if(substr($data['link'],0,7) != 'http://' && substr($data['link'],0,8) != 'https://')
+       {
+        $notes[$i]['link'] = '../'.$data['link'];
+       }
+      else
+       {
+        $notes[$i]['link'] = $data['link'];
+       }
+      #$notes[$i]['link'] = htmlspecialchars(stripslashes($data['link']));
+      $notes[$i]['linkname'] = $data['linkname'];
+      ++$i;
+     }
+    if(isset($notes))
+     {
+      $template->assign('notes', $notes);
+     }
+    #$note_section = htmlspecialchars(stripslashes($_GET['edit']));
+    $template->assign('note_section', htmlspecialchars($_GET['edit']));
+    $action = 'edit';
+   }
+
+  if(isset($_REQUEST['delete']))
+   {
+    if(isset($_REQUEST['confirmed']))
+     {
+      $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section");
+      $dbr->bindParam(':note_section', $_REQUEST['delete'], PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes');
+      exit;
+     }
+    else
+     {
+      $template->assign('note_section', htmlspecialchars($_REQUEST['delete']));
+      $action = 'delete';
+     }
+   }
+
+
+  if(isset($_GET['add_note']))
+   {
+    $note['note_section'] = htmlspecialchars($_GET['add_note']);
+    $note['time'] = date("Y-m-d H:i:s");
+    #$note['text_formatting'] = $settings['default_formatting'];
+    $note['text_formatting'] = 1;
+    $template->assign('note',$note);
+    $action = 'edit_note';
+   }
+
+  if(isset($_POST['new_note_section']))
+   {
+    $new_note_section = isset($_POST['new_note_section']) ? trim($_POST['new_note_section']) : '';
+
+    if(!preg_match('/^[a-zA-Z0-9_\-]+$/', $new_note_section))
+     {
+      $errors[] = 'error_note_sect_name_invalid';
+     }
+    if(empty($errors))
+     {
+      $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['notes_table']." WHERE lower(note_section)=:note_section");
+      $dbr->bindValue(':note_section', mb_strtolower($new_note_section,CHARSET), PDO::PARAM_STR);
+      $dbr->execute();
+      if($dbr->fetchColumn()!=0)
+       {
+        $errors[] = 'note_section_already_ex';
+       }
+     }
+    if(empty($errors))
+     {
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$new_note_section);
+     }
+    else
+     {
+      $template->assign('errors',$errors);
+      $template->assign('new_note_section',htmlspecialchars($new_note_section));
+      $action = 'new';
+     }
+   }
+
+  if(isset($_GET['edit_note']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, note_section, time, title, text, text_formatting, link, linkname FROM ".Database::$db_settings['notes_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['edit_note'], PDO::PARAM_STR);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['id']))
+     {
+      $note['note_section'] = htmlspecialchars($data['note_section']);
+      $note['id'] = $data['id'];
+      $note['title'] = htmlspecialchars($data['title']);
+      #$note['teaser'] = htmlspecialchars($data['teaser']);
+      $note['text'] = $data['text'];
+      $note['text_formatting'] = $data['text_formatting'];
+      $note['link'] = htmlspecialchars($data['link']);
+      $note['linkname'] = htmlspecialchars($data['linkname']);
+      $note['time'] = date("Y-m-d H:i:s", $data['time']);
+
+      $headline = $note['title'];
+
+      $template->assign('note',$note);
+      $action = 'edit_note';
+     }
+    else
+     {
+      $action = 'invalid_request';
+     }
+   }
+
+  if(isset($_GET['move_up']))
+   {
+    if($note_section = move_up($_GET['move_up'], 'note_section', Database::$db_settings['notes_table']))
+     {
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
+      exit;
+     }
+    else
+     {
+      $action = 'invalid_request';
+     }
+   }
+
+  if(isset($_GET['move_down']))
+   {
+    if($note_section = move_down($_GET['move_down'], 'note_section', Database::$db_settings['notes_table']))
+     {
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
+      exit;
+     }
+    else
+     {
+      $action = 'invalid_request';
+     }
+   }
+
+  if(isset($_REQUEST['reorder_notes']) && isset($_REQUEST['item']))
+   {
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET sequence=:sequence WHERE id=:id");
+    $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+    $dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
+    Database::$content->beginTransaction();
+    $sequence = 1;
+    foreach($_REQUEST['item'] as $id)
+     {
+      $dbr->execute();
+      ++$sequence;
+     }
+    Database::$content->commit();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    exit;
+   }
+
+  if(isset($_POST['edit_note_submit']))
+   {
+    $title = isset($_POST['title']) ? trim($_POST['title']) : '';
+    #$teaser = isset($_POST['teaser']) ? trim($_POST['teaser']) : '';
+    $text = isset($_POST['text']) ? trim($_POST['text']) : '';
+    $text_formatting = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
+    $link = isset($_POST['link']) ? trim($_POST['link']) : '';
+    $linkname = isset($_POST['linkname']) ? trim($_POST['linkname']) : '';
+    $time = isset($_POST['time']) ? trim($_POST['time']) : date("Y-m-d H:i:s");
+    $note_section = isset($_POST['note_section']) ? trim($_POST['note_section']) : '';
+
+    if(empty($title))
+     {
+      $errors[] = 'error_notes_no_title';
+     }
+    if(empty($text))
+     {
+      $errors[] = 'error_notes_no_text';
+     }
+    if(($time = strtotime($time))===false)
+     {
+      $errors[] = 'error_notes_time_invalid';
+     }
+    if(!preg_match('/^[a-zA-Z0-9_\-]+$/', $note_section))
+     {
+      $errors[] = 'error_note_sect_name_invalid';
+     }
+
+    if(empty($errors))
+     {
+      if(isset($_POST['id']))
+       {
+        $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET time=:time, title=:title, text=:text, text_formatting=:text_formatting, link=:link, linkname=:linkname WHERE id=:id");
+        $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+        $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+        $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+        #$dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
+        $dbr->bindParam(':text', $text, PDO::PARAM_STR);
+        $dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
+        $dbr->bindParam(':link', $link, PDO::PARAM_STR);
+        $dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
+        $dbr->execute();
+       }
+      else
+       {
+        $dbr = Database::$content->prepare("SELECT sequence FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence DESC LIMIT 1");
+        $dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
+        $dbr->execute();
+        $sequence = intval($dbr->fetchColumn())+1;
+        $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['notes_table']." (note_section,sequence,time,title,text,text_formatting,link,linkname) VALUES (:note_section,:sequence,:time,:title,:text,:text_formatting,:link,:linkname)");
+        $dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
+        $dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
+        $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+        $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+        #$dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
+        $dbr->bindParam(':text', $text, PDO::PARAM_STR);
+        $dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
+        $dbr->bindParam(':link', $link, PDO::PARAM_STR);
+        $dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
+        $dbr->execute();
+       }
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
+      exit;
+     }
+    else
+     {
+      if(isset($_POST['id'])) $note['id'] = intval($_POST['id']);
+      $note['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
+      #$note['teaser'] = isset($_POST['teaser']) ? htmlspecialchars($_POST['teaser']) : '';
+      $note['text'] = isset($_POST['text']) ? htmlspecialchars($_POST['text']) : '';
+      $note['text_formatting'] = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
+      $note['link'] = isset($_POST['link']) ? htmlspecialchars($_POST['link']) : '';
+      $note['linkname'] = isset($_POST['linkname']) ? htmlspecialchars($_POST['linkname']) : '';
+      $note['time'] = isset($_POST['time']) ? htmlspecialchars($_POST['time']) : date("Y-m-d H:i:s");
+      $note['note_section'] = isset($_POST['note_section']) ? htmlspecialchars($_POST['note_section']) : '';
+      $template->assign('note', $note);
+      $template->assign('errors', $errors);
+      $action = 'edit_note';
+     }
+   }
+
+  if(isset($_GET['delete_note']))
+   {
+    // get note section:
+    $dbr = Database::$content->prepare("SELECT note_section FROM ".Database::$db_settings['notes_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['delete_note'], PDO::PARAM_INT);
+    $dbr->execute();
+    $note_section = $dbr->fetchColumn();
+    // delete note:
+    $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['notes_table']." WHERE id=:id");
+    $dbr->bindParam(':id', $_GET['delete_note'], PDO::PARAM_INT);
+    $dbr->execute();
+    // reorder items:
+    $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence ASC");
+    $dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
+    $dbr->execute();
+    while($data = $dbr->fetch())
+     {
+      $ids[] = $data['id'];
+     }
+    if(isset($ids))
+     {
+      $new_sequence = 1;
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET sequence=:sequence WHERE id=:id");
+      $dbr->bindParam(':sequence', $new_sequence, PDO::PARAM_INT);
+      $dbr->bindParam(':id', $id, PDO::PARAM_INT);
+      foreach($ids as $id)
+       {
+        $dbr->execute();
+        ++$new_sequence;
+       }
+      Database::$content->commit();
+     }
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
+    exit;
+   }
+
+  switch($action)
+   {
+    case 'main':
+     $dbr = Database::$content->query("SELECT DISTINCT note_section FROM ".Database::$db_settings['notes_table']." ORDER BY note_section ASC");
+     while($notes_data = $dbr->fetch())
+      {
+       $note_sections[] = htmlspecialchars($notes_data['note_section']);
+      }
+     if(isset($note_sections))
+      {
+       $template->assign('note_sections', $note_sections);
+      }
+     $template->assign('subtitle', Localization::$lang['notes']);
+     $template->assign('subtemplate', 'notes.inc.tpl');
+     break;
+    case 'edit':
+     $template->assign('subtitle', htmlspecialchars($_GET['edit']));
+     $template->assign('subtemplate', 'notes_edit_section.inc.tpl');
+     break;
+    case 'edit_note':
+     if(isset($note['id']))
+      {
+       $template->assign('subtitle', Localization::$lang['edit_note']);
+      }
+     else
+      {
+       $template->assign('subtitle', Localization::$lang['add_note']);
+      }
+     $template->assign('subtemplate', 'notes_edit_note.inc.tpl');
+     break;
+    case 'delete':
+     $template->assign('subtitle', Localization::$lang['delete_note_section']);
+     $template->assign('subtemplate', 'notes_delete_section.inc.tpl');
+     break;
+    case 'new':
+     $template->assign('subtitle', Localization::$lang['create_note_section']);
+     $template->assign('subtemplate', 'notes_new_section.inc.tpl');
+     break;
+   }
+ }

cms/includes/page_types/commentable_page.php

@@ -0,0 +1,178 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if($settings['pingbacks_enabled']) $template->assign('pingback', BASE_URL.PAGE.',pingback');
+
+$comment = new Comment(PAGE, $data['id']);
+
+// settings:
+$comment->comments_per_page = $settings['comments_per_page'];
+$comment->comment_order = $settings['comment_order'];
+$comment->name_maxlength = $settings['name_maxlength'];
+$comment->email_hp_maxlength = $settings['email_hp_maxlength'];
+$comment->word_maxlength = $settings['word_maxlength'];
+$comment->comment_maxlength = $settings['comment_maxlength'];
+$comment->prevent_repeated_posts_minutes = $settings['prevent_repeated_posts_minutes'];
+$comment->akismet_key = $settings['akismet_key'];
+$comment->akismet_entry_check = $settings['akismet_entry_check'];
+$comment->remove_blank_lines = $settings['comment_remove_blank_lines'];
+$comment->auto_link = $settings['comment_auto_link'];
+$comment->smilies = $settings['comment_smilies'];
+$comment->settings = $settings;
+
+if(!empty($data['type_addition']))
+ {
+  $comment->comments_closed = true;
+  $template->assign('comments_closed', true);
+ }
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $comment->set_admin_mode();
+ }
+
+$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+if(isset($_GET['get_1']) && $_GET['get_1']=='commentrss')
+ {
+  $comment->comments_per_page = $settings['rss_maximum_items'];
+  $comments = $comment->get_comments(true);
+  
+  if($comments)
+   {
+    $i=0;
+    foreach($comments as $comment)
+     {
+      $rss_items[$i]['title'] = $comment['name'];
+      $rss_items[$i]['content'] = $comment['comment'];
+      $rss_items[$i]['link'] = BASE_URL.PAGE.'#comment-'.$comment['id'];
+      $rss_items[$i]['pubdate'] = gmdate('r',$comment['time']);
+      $i++;
+     } 
+   }
+  if(isset($rss_items)) $template->assign('rss_items', $rss_items);  
+  
+  $content_type = 'text/xml';
+  $template_file = 'rss.tpl';
+  $template_done = true;
+ }
+elseif(isset($_GET['get_1']) && $_GET['get_1']=='pingback' && $settings['pingbacks_enabled'] && empty($data['type_addition']))
+ {
+  // disable caching:
+  if($settings['caching']) $cache->doCaching = false;
+  $pingback = new Pingback();
+  $pingback->pingback_title_maxlength = $settings['pingback_title_maxlength'];
+  $pingback->settings = $settings;
+  if($pingback->get_pingback($data['id']))
+   {
+    if(isset($cache))
+     {
+      $cache->clear(PAGE);
+      $cache->clearRelated(PAGE);
+     }
+    exit;
+   }
+  else
+   {
+    exit;
+   }
+ }
+elseif(isset($_POST['preview']))
+ {
+  if($preview = $comment->preview())
+   {
+    $template->assign('preview', $preview);
+   }
+ }
+elseif(isset($_POST['save']))
+ {
+  if($comment->form_session==false)
+   {
+    if($preview = $comment->preview())
+     {
+      $template->assign('preview', $preview);
+     }
+   }
+  elseif($comment->save())
+   {
+    if(isset($cache))
+     {
+      $cache->clear(PAGE);
+      $cache->clearRelated(PAGE);
+     }
+    header('Location: '.BASE_URL.PAGE.'#comments');
+    exit;
+   }
+ }
+elseif(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_GET['get_2']) && $_GET['get_2']=='edit' && isset($_GET['get_3']))
+ {
+  $template->assign('edit_data', $comment->get_edit_data($_GET['get_3']));
+  $action = 'edit';
+ }
+elseif(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_GET['get_1']) && $_GET['get_1']=='openclose')
+ {
+  if($data['type_addition']=='') $close = true;
+  else $close = false;
+  $comment->openclose($close);
+  if(isset($cache))
+   {
+    $cache->clear(PAGE);
+   }  
+  header('Location: '.BASE_URL.PAGE.'#comments');
+  exit;
+ }
+elseif(isset($_POST['edit_save']))
+ {
+  $comment->edit_save();
+  if(isset($cache))
+   {
+    $cache->clear(PAGE);
+   }
+  header('Location: '.BASE_URL.PAGE.','.$comment->current_page.'#comments');
+  exit;
+ }
+elseif(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_GET['get_2']) && $_GET['get_2']=='delete' && isset($_GET['get_3']))
+ {
+  $comment->delete($_GET['get_3']);
+  if(isset($cache))
+   {
+    $cache->clear(PAGE);
+    $cache->clearRelated(PAGE);
+   }
+  header('Location: '.BASE_URL.PAGE.','.$comment->current_page.'#comments');
+  exit;
+ }
+
+if(empty($template_done))
+ {
+  $comments = $comment->get_comments();
+  $pingbacks = $comment->get_pingbacks();
+
+  $template->assign('comments', $comments);
+  $template->assign('pingbacks', $pingbacks);
+  $template->assign('pagination', pagination($comment->total_pages,$comment->current_page));
+  $template->assign('current_page', $comment->current_page);
+  $template->assign('errors', $comment->errors);
+  $template->assign('form_values', $comment->form_values);
+  $template->assign('form_session_data', $comment->form_session_data);
+  $template->assign('form_session', $comment->form_session);
+
+  $template->assign('subtemplate', 'comments.inc.tpl');
+ }
+
+if(isset($cache))
+ {
+  if(isset($_GET['get_1']) && $_GET['get_1']=='commentrss')
+   {
+    $cache->cacheId = PAGE . ',commentrss';
+   }
+  elseif($comment->current_page > 1)
+   {
+    $cache->cacheId = PAGE . ',' . $comment->current_page;
+   }
+  else
+   {
+    $cache->cacheId = PAGE;
+   }
+ }
+?>

cms/includes/page_types/formmailer.php

@@ -0,0 +1,109 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+
+$recipients_raw = explode(',',$data['type_addition']);
+foreach($recipients_raw as $item)
+ {
+  $recipients[] = trim($item);
+ }
+
+if(isset($_POST['send']))
+ {
+  // get posted data:
+  $email = isset($_POST['email']) ? trim($_POST['email']) : '';
+  $subject = isset($_POST['subject']) ? trim($_POST['subject']) : '';
+  //$subject = isset($_POST['subject']) && trim($_POST['subject'])!='' ? trim($_POST['subject']) : Localization::$lang['formmailer_no_subject'];
+  $message = isset($_POST['message']) ? trim($_POST['message']) : '';
+  // instantiate $mail object:
+  $mail = new Mail();
+  // check data:
+  if(!$mail->is_valid_email($email))
+   {
+    $errors[] = 'formmail_error_email_invalid';
+   }
+  if(empty($message))
+   {
+    $errors[] = 'formmail_error_no_message';
+   }
+  if(mb_strlen($message, CHARSET) > $settings['email_text_maxlength'])
+   {
+    $errors[] = 'formmail_error_text_too_long';
+   }
+  if(mb_strlen($subject, CHARSET) > $settings['email_subject_maxlength'])
+   {
+    $errors[] = 'formmail_error_subj_too_long';
+   }
+  if(empty($errors))
+   {
+        // Akismet spam check:
+        if($settings['akismet_key']!='' && $settings['akismet_mail_check']==1)
+         {
+          #require('./cms/modules/akismet/akismet.class.php');
+          $mail_parts = explode("@", $email);
+          $check_mail['author'] = $mail_parts[0];
+          $check_mail['email'] = $email;
+          $check_mail['body'] = $message;
+          $akismet = new Akismet(BASE_URL, $settings['akismet_key'], $check_mail);
+          // test for errors
+          if($akismet->errorsExist()) // returns true if any errors exist
+           {
+            if($akismet->isError(AKISMET_INVALID_KEY))
+             {
+              $errors[] = 'akismet_error_api_key';
+             }
+            elseif($akismet->isError(AKISMET_RESPONSE_FAILED))
+             {
+              $errors[] = 'akismet_error_connection';
+             }
+            elseif($akismet->isError(AKISMET_SERVER_NOT_FOUND))
+             {
+              $errors[] = 'akismet_error_connection';
+             }
+           }
+          else
+           {
+            // No errors, check for spam
+            if($akismet->isSpam())
+             {
+              $errors[] = 'akismet_spam_suspicion';
+             }
+           }
+         }
+       // End Akismet spam check:
+   }
+  if(empty($errors))
+   {
+    $mail->set_charset(CHARSET);
+    if(empty($subject)) $subject = Localization::$lang['formmailer_no_subject'];
+    foreach($recipients as $recipient)
+     {
+      if($mail->send($recipient, $email, $subject, $message, $settings['mail_parameter']))
+       {
+        $template->assign('mail_sent', true);
+        $template->assign('hide_content', true);
+       }
+      else
+       {
+        $errors[] = 'formmail_error_mailserver';
+        break;
+       }
+     }  
+   }
+ }
+
+if(isset($errors))
+ {
+  $template->assign('email', htmlspecialchars($email));
+  $template->assign('subject', htmlspecialchars($subject));
+  $template->assign('message', htmlspecialchars($message));
+  $template->assign('errors', $errors);
+ }
+
+$template->assign('subtemplate', 'formmailer.inc.tpl');
+
+if(isset($cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/gallery.php

@@ -0,0 +1,20 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$gallery = new Gallery($data['type_addition']);
+
+if($gallery->photos)
+ {
+  $template->assign('number_of_photos', $gallery->number_of_photos);
+  $template->assign('photos_per_row', $gallery->photos_per_row);
+  $template->assign('photos', $gallery->photos);
+ }
+
+$template->assign('contains_thumbnails', true);
+$template->assign('subtemplate', 'gallery.inc.tpl');
+
+if(isset($cache) && empty($no_cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/language_redirect.php

@@ -0,0 +1,110 @@
+<?php
+#unset($template_file);
+
+// page type e.g. 'en,index_en;es,index_es;de,index_de'
+
+/**
+ * determines the langauge settings of the browser, details see here:
+ * http://aktuell.de.selfhtml.org/artikel/php/httpsprache/
+ */
+function lang_getfrombrowser($allowed_languages, $default_language, $lang_variable = null, $strict_mode = true) {
+        // $_SERVER['HTTP_ACCEPT_LANGUAGE'] verwenden, wenn keine Sprachvariable mitgegeben wurde
+        if ($lang_variable === null && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+                $lang_variable = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
+        }
+
+        // wurde irgendwelche Information mitgeschickt?
+        if (empty($lang_variable)) {
+                // Nein? => Standardsprache zurückgeben
+                return $default_language;
+        }
+
+        // Den Header auftrennen
+        $accepted_languages = preg_split('/,\s*/', $lang_variable);
+
+        // Die Standardwerte einstellen
+        $current_lang = $default_language;
+        $current_q = 0;
+
+        // Nun alle mitgegebenen Sprachen abarbeiten
+        foreach ($accepted_languages as $accepted_language) {
+                // Alle Infos über diese Sprache rausholen
+                $res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)'.
+                                   '(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
+
+                // war die Syntax gültig?
+                if (!$res) {
+                        // Nein? Dann ignorieren
+                        continue;
+                }
+
+                // Sprachcode holen und dann sofort in die Einzelteile trennen
+                $lang_code = explode ('-', $matches[1]);
+
+                // Wurde eine Qualität mitgegeben?
+                if (isset($matches[2])) {
+                        // die Qualität benutzen
+                        $lang_quality = (float)$matches[2];
+                } else {
+                        // Kompabilitätsmodus: Qualität 1 annehmen
+                        $lang_quality = 1.0;
+                }
+
+                // Bis der Sprachcode leer ist...
+                while (count ($lang_code)) {
+                        // mal sehen, ob der Sprachcode angeboten wird
+                        if (in_array (strtolower (join ('-', $lang_code)), $allowed_languages)) {
+                                // Qualität anschauen
+                                if ($lang_quality > $current_q) {
+                                        // diese Sprache verwenden
+                                        $current_lang = strtolower (join ('-', $lang_code));
+                                        $current_q = $lang_quality;
+                                        // Hier die innere while-Schleife verlassen
+                                        break;
+                                }
+                        }
+                        // Wenn wir im strengen Modus sind, die Sprache nicht versuchen zu minimalisieren
+                        if ($strict_mode) {
+                                // innere While-Schleife aufbrechen
+                                break;
+                        }
+                        // den rechtesten Teil des Sprachcodes abschneiden
+                        array_pop ($lang_code);
+                }
+        }
+
+        // die gefundene Sprache zurückgeben
+        return $current_lang;
+}
+
+$lang_pages_parts = explode(';',$data['type_addition']);
+foreach($lang_pages_parts as $lang_pages)
+ {
+  $lang_parts = explode(',',$lang_pages);
+  $allowed_langs[] = trim($lang_parts[0]);
+  $lang_pages_array[trim($lang_parts[0])] = trim($lang_parts[1]);
+ }
+
+$lang = lang_getfrombrowser ($allowed_langs, $allowed_langs[0], null, false);
+
+if(isset($cache) && $cache->doCaching)
+ {
+  $cache->cacheId = PAGE;
+  $cache_content = "<?php\ndefine('BASE_URL', '".BASE_URL."');\n\$data['type_addition']='".$data['type_addition']."';\ninclude('".BASE_PATH."cms/includes/page_types/language_redirect.php');\n?>";
+  $cache->createChacheFile($cache_content);
+ }
+
+header($_SERVER['SERVER_PROTOCOL'] . ' 303 See Other');
+header('Location: '.BASE_URL.$lang_pages_array[$lang]);
+
+?><!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<meta http-equiv="refresh" content="0; <?php echo BASE_URL.$lang_pages_array[$lang]; ?>">
+<title>303 See Other</title>
+</head>
+<body>
+<a href="<?php echo BASE_URL.$lang_pages_array[$lang]; ?>"><?php echo BASE_URL.$lang_pages_array[$lang]; ?></a>
+</body>
+</html>

cms/includes/page_types/news.php

@@ -0,0 +1,49 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$news = new News($data['id'], $settings['news_per_page']);
+
+if(isset($_GET['get_1']) && ($_GET['get_1']=='rss' || $_GET['get_1']=='rss-fullfeed')) 
+ {
+  if($settings['enable_fullfeeds'] && $_GET['get_1']=='rss-fullfeed')
+   {
+    $template->assign('rss_items', $news->get_feed($settings['rss_maximum_items'], true));
+    if(isset($cache)) $cache->cacheId = PAGE . ',rss-fullfeed';
+   }
+  else
+   {
+    $template->assign('rss_items', $news->get_feed($settings['rss_maximum_items'], false));
+    if(isset($cache)) $cache->cacheId = PAGE . ',rss';    
+   }
+  $template->assign('wfw', $news->wfw);
+  $content_type = 'text/xml';
+  $template_file = 'rss.tpl';   
+ }
+else
+ {
+  $template->assign('news', $news->get_news());
+  $template->assign('current_category', htmlspecialchars($news->category));
+  $template->assign('current_category_urlencoded', $news->category_urlencoded);
+
+  $template->assign('subtemplate', 'news.inc.tpl');
+  $template->assign('pagination', pagination($news->total_pages,$news->current_page));
+
+  if(isset($cache))
+   {
+    if($news->category && $news->current_page == 1)
+     {
+      $cache->cacheId = PAGE . ',' . CATEGORY_IDENTIFIER . str_replace('&',AMPERSAND_REPLACEMENT,$news->category);
+     }
+    elseif($news->current_page > 1)
+     {
+      if($news->category) $category = CATEGORY_IDENTIFIER . str_replace('&',AMPERSAND_REPLACEMENT,$news->category);
+      else $category = '';
+      $cache->cacheId = PAGE . ',' . $category . ',' . $news->current_page;
+     }
+    else
+     {
+      $cache->cacheId = PAGE;
+    }
+   }
+ }
+?>

cms/includes/page_types/newsletter.php

@@ -0,0 +1,336 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+// clean up:
+$one_hour_ago = time()-3600;
+
+$dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['newsletter_table']." WHERE time < :one_hour_ago AND confirmed = 0");
+$dbr->bindParam(':one_hour_ago', $one_hour_ago, PDO::PARAM_INT);
+$dbr->execute();
+
+if(isset($_GET['get_1']) && $_GET['get_1']=='subscribe')
+ {
+  $no_cache = true;
+  if(empty($_GET['get_2']) || empty($_GET['get_3'])) $error = true;
+  if(empty($error))
+   {
+    if(trim($_GET['get_2'])=='' || trim($_GET['get_3'])=='') $error = true;
+   }
+  if(empty($error))
+   {
+    $dbr = Database::$entries->prepare("SELECT confirmation_code FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['get_2'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['confirmation_code']) && $_GET['get_3'] == $data['confirmation_code'])
+     {
+      $dbr = Database::$entries->prepare("UPDATE ".Database::$db_settings['newsletter_table']." SET confirmed=1, confirmation_code='' WHERE id=:id");
+      $dbr->bindParam(':id', $_GET['get_2'], PDO::PARAM_INT);
+      $dbr->execute();
+      $action = 'confirmation_ok';
+     }
+    else
+     {
+      $error = true;
+     }
+   }
+  if(isset($error)) $action = 'confirmation_failed';
+ }
+
+if(isset($_GET['get_1']) && $_GET['get_1']=='unsubscribe')
+ {
+  $no_cache = true;
+  if(empty($_GET['get_2']) || empty($_GET['get_3'])) $error = true;
+  if(empty($error))
+   {
+    if(trim($_GET['get_2'])=='' || trim($_GET['get_3'])=='') $error = true;
+   }
+  if(empty($error))
+   {
+    $dbr = Database::$entries->prepare("SELECT confirmation_code FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_GET['get_2'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['confirmation_code']) && $_GET['get_3'] == $data['confirmation_code'])
+     {
+      $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id");
+      $dbr->bindParam(':id', $_GET['get_2'], PDO::PARAM_INT);
+      $dbr->execute();
+      $action = 'delete_ok';
+     }
+    else $error = true;
+   }
+  if(isset($error)) $action = 'confirmation_failed';
+ }
+
+if((isset($_POST['delete_checked']) || isset($_GET['get_1']) && $_GET['get_1']=='delete') && isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_POST['checked'])) $checked_emails = $_POST['checked'];
+  elseif(isset($_GET['get_2'])) $checked_emails[] = $_GET['get_2'];
+
+  if(isset($checked_emails) && is_array($checked_emails))
+   {
+    $dbr = Database::$entries->prepare("SELECT id, email FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id ORDER BY email ASC LIMIT 1");
+    $dbr->bindParam(':id', $checked, PDO::PARAM_INT);
+    $i=0;
+    #Database::$entries->beginTransaction();
+    foreach($checked_emails as $checked)
+     {
+      $dbr->execute();
+      $data = $dbr->fetch();
+      $emails2delete[$i]['id'] = $data['id'];
+      $emails2delete[$i]['email'] = htmlspecialchars($data['email']);
+      ++$i;
+     }
+    #Database::$entries->commit();
+    if(isset($emails2delete))
+     {
+      $template->assign('emails2delete',$emails2delete);
+      $action = 'delete_checked';
+     }
+   }
+ }
+
+if(isset($_POST['delete_confirm']))
+ {
+  if(isset($_POST['checked']) && is_array($_POST['checked']))
+   {
+    $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id");
+    $dbr->bindParam(':id', $delete_id, PDO::PARAM_INT);
+    Database::$entries->beginTransaction();
+    foreach($_POST['checked'] as $delete_id)
+     {
+      $dbr->execute();
+     }
+    Database::$entries->commit();
+   }
+  header('Location: '.BASE_URL.PAGE);
+  exit;
+ }
+
+/*
+if(isset($_POST['delete_email']) && isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id");
+  $dbr->bindParam(':id', $_POST['email_id'], PDO::PARAM_INT);
+  $dbr->execute();
+  header('Location: '.BASE_URL.PAGE);
+  exit;
+ }
+*/
+
+if(isset($_POST['add_email']) && isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $mail = new Mail();
+  $mail->set_charset(CHARSET);
+  if(!$mail->is_valid_email($_POST['add_email']))
+  #if(trim($_POST['add_email'])=='' || !preg_match("/^[^@]+@.+\.\D{2,5}$/", $_POST['add_email']))
+   {
+    $template->assign('email', htmlspecialchars($_POST['add_email']));
+    $errors[] = 'newsletter_error_invalid_email';
+   }
+  if(empty($errors))
+   {
+    $dbr = Database::$entries->prepare("SELECT email FROM ".Database::$db_settings['newsletter_table']." WHERE lower(email)=:email LIMIT 1");
+    $dbr->bindValue(':email', mb_strtolower(trim($_POST['add_email']),CHARSET), PDO::PARAM_STR);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(isset($data['email']))
+     {
+      $errors[] = 'newsletter_error_email_exists';
+     }
+   }
+  if(empty($errors))
+   {
+    $dbr = Database::$entries->prepare("INSERT INTO ".Database::$db_settings['newsletter_table']." (newsletter_id, time, ip, email, confirmed, confirmation_code) VALUES (:newsletter_id, :time, :ip, :email, 1, '')");
+    $dbr->bindParam(':newsletter_id', $page_id, PDO::PARAM_INT);
+    $dbr->bindValue(':time', time(), PDO::PARAM_INT);
+    $dbr->bindParam(':ip', $_SERVER["REMOTE_ADDR"], PDO::PARAM_STR);
+    $dbr->bindParam(':email', $_POST['add_email'], PDO::PARAM_STR);
+    $dbr->execute();
+    header('Location: '.BASE_URL.PAGE);
+    exit;
+   }
+
+ }
+
+if(isset($_POST['email']) && trim($_POST['email'])!='' && isset($_POST['subscribe']))
+ {
+  $mail = new Mail();
+  $mail->set_charset(CHARSET);
+  $mail->set_sender_name($settings['website_title']);
+  if($settings['mail_parameter']) $mail->set_mail_parameter($settings['mail_parameter']);
+  if($_POST['subscribe']=='subscribe')
+   {
+    if(!$mail->is_valid_email($_POST['email']))
+    #if(trim($_POST['email'])=='' || !preg_match("/^[^@]+@.+\.\D{2,5}$/", $_POST['email']))
+     {
+      $template->assign('email', htmlspecialchars($_POST['email']));
+      $errors[] = 'newsletter_error_invalid_email';
+     }
+    if(empty($errors))
+     {
+      $dbr = Database::$entries->prepare("SELECT email FROM ".Database::$db_settings['newsletter_table']." WHERE lower(email)=:email LIMIT 1");
+      $dbr->bindValue(':email', mb_strtolower(trim($_POST['email']),CHARSET), PDO::PARAM_STR);
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['email']))
+       {
+        $template->assign('email', htmlspecialchars($_POST['email']));
+        $errors[] = 'newsletter_error_email_exists';
+       }
+     }
+    if(empty($errors))
+     {
+      $confirmation_code = md5(uniqid(rand()));
+      $dbr = Database::$entries->prepare("INSERT INTO ".Database::$db_settings['newsletter_table']." (newsletter_id, time, ip, email, confirmed, confirmation_code) VALUES (:newsletter_id, :time, :ip, :email, 0, :confirmation_code)");
+      $dbr->bindParam(':newsletter_id', $page_id, PDO::PARAM_INT);
+      $dbr->bindValue(':time', time(), PDO::PARAM_INT);
+      $dbr->bindParam(':ip', $_SERVER["REMOTE_ADDR"], PDO::PARAM_STR);
+      $dbr->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
+      $dbr->bindParam(':confirmation_code', $confirmation_code, PDO::PARAM_STR);
+      $dbr->execute();
+      // get ID:
+      $dbr = Database::$entries->prepare("SELECT id FROM ".Database::$db_settings['newsletter_table']." WHERE email=:email LIMIT 1");
+      $dbr->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
+      $dbr->execute();
+      $data = $dbr->fetch();
+
+      $confirm_link = BASE_URL.PAGE.',subscribe,'.$data['id'].','.$confirmation_code;
+
+      $email_text = str_replace("[link]",$confirm_link,Localization::$lang['newsletter_subscribe_text']);
+
+      if($mail->send($_POST['email'], $settings['email'], Localization::$lang['newsletter_subscribe_subj'], $email_text))
+       {
+        $action = 'confirm_mail_sent';
+       }
+      else
+       {
+        $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['newsletter_table']." WHERE id=:id");
+        $dbr->bindParam(':id', $data['id'], PDO::PARAM_INT);
+        $dbr->execute();
+        $errors[] = 'newsletter_error_mail';
+       }
+     }
+    if(isset($errors)) $action = 'main';
+   }
+  elseif($_POST['subscribe']=='unsubscribe')
+   {
+    $dbr = Database::$entries->prepare("SELECT id, email FROM ".Database::$db_settings['newsletter_table']." WHERE lower(email)=:email");
+    $dbr->bindValue(':email', mb_strtolower(trim($_POST['email']),CHARSET), PDO::PARAM_STR);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(empty($data['email']))
+     {
+      $errors[] = 'newsletter_error_email_not_exist';
+     }
+    if(empty($errors))
+     {
+      $confirmation_code = md5(uniqid(rand()));
+      $dbr = Database::$entries->prepare("UPDATE ".Database::$db_settings['newsletter_table']." SET confirmation_code=:confirmation_code WHERE id=:id");
+      $dbr->bindParam(':id', $data['id'], PDO::PARAM_INT);
+      $dbr->bindParam(':confirmation_code', $confirmation_code, PDO::PARAM_STR);
+      $dbr->execute();
+
+      $confirm_link = BASE_URL.PAGE.',unsubscribe,'.$data['id'].','.$confirmation_code;
+
+      $email_text = str_replace("[link]",$confirm_link,Localization::$lang['newsletter_unsubscribe_text']);
+
+      if($mail->send($_POST['email'], $settings['email'], Localization::$lang['newsletter_unsubscribe_subj'], $email_text))
+       {
+        $action = 'confirm_mail_sent';
+       }
+      else
+       {
+        $errors[] = 'newsletter_error_mail';
+       }
+     }
+    if(isset($errors)) $action = 'main';
+   }
+
+ }
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id'])) $action = 'admin';
+if(empty($action)) $action = 'main';
+
+switch($action)
+ {
+  case 'main':
+   $form['email'] = '';
+   #$template->assign('newsletterform', true);
+   $template->assign('form', $form);
+  break;
+  case 'confirm_mail_sent':
+   $template->assign('confirm_mail_sent', true);
+  break;
+  case 'confirmation_ok':
+   $template->assign('confirmation_ok', true);
+  break;
+  case 'delete_ok':
+   $template->assign('delete_ok', true);
+  break;
+  case 'confirmation_failed':
+   $template->assign('confirmation_failed', true);
+  break;
+  case 'admin':
+
+   $order = 'email ASC';
+   $order_qs = 'email-asc';
+   if(isset($_GET['get_1']))
+    {
+     switch($_GET['get_1'])
+      {
+       case 'email-asc':
+        $order = 'email ASC';
+        $order_qs = 'email-asc';
+       break;
+       case 'email-desc':
+        $order = 'email DESC';
+        $order_qs = 'email-desc';
+       break;
+       case 'time-asc':
+        $order = 'time ASC';
+        $order_qs = 'time-asc';
+       break;
+       case 'time-desc':
+        $order = 'time DESC';
+        $order_qs = 'time-desc';
+       break;
+       #default:
+       # $order = 'email ASC';
+      }
+    }
+
+   $dbr = Database::$entries->prepare("SELECT id, time, email FROM ".Database::$db_settings['newsletter_table']." WHERE newsletter_id=:page_id AND confirmed=1 ORDER BY ".$order);
+   $dbr->bindParam(':page_id', $page_id, PDO::PARAM_INT);
+   $dbr->execute();
+   $i=0;
+   while($data = $dbr->fetch())
+    {
+     $email_list[] = htmlspecialchars($data['email']);
+     $newsletter_data[$i]['id'] = $data['id'];
+     $newsletter_data[$i]['email'] = htmlspecialchars($data['email']);
+     $newsletter_data[$i]['domain'] = htmlspecialchars(mb_substr(mb_strstr($data['email'], '@'),1));
+     $localization->bindId('newsletter_subscribe_time_format', $data['id']);
+     $localization->replacePlaceholderBound('time', $data['time'], 'newsletter_subscribe_time_format', $data['id'], Localization::FORMAT_TIME);
+     ++$i;
+    }
+   if(isset($newsletter_data))
+    {
+     sort($email_list);
+     $template->assign('order', $order_qs);
+     $template->assign('email_count', $i);
+     $template->assign('email_list', implode(', ',$email_list));
+     $template->assign('newsletter_data', $newsletter_data);
+    }
+   $template->assign('admin', true);
+  break;
+ }
+if(isset($errors)) $template->assign('errors', $errors);
+$template->assign('subtemplate', 'newsletter.inc.tpl');
+
+if(isset($cache) && empty($no_cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/notes.php

@@ -0,0 +1,103 @@
+<?php
+if(isset($_GET['get_1'])) // note opened
+ {
+  $dbr = Database::$content->prepare("SELECT id, note_section, time, title, text, text_formatting FROM ".Database::$db_settings['notes_table']." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $_GET['get_1'], PDO::PARAM_STR);
+  $dbr->execute();
+  $note_data = $dbr->fetch();
+  if(isset($note_data['id']) && $note_data['note_section']==$data['type_addition'])
+   {
+    $note['note_section'] = htmlspecialchars($note_data['note_section']);
+    $note['id'] = $note_data['id'];
+    $note['title'] = htmlspecialchars($note_data['title']);
+    $note['text'] = htmlspecialchars($note_data['text']);
+    $note['text_formatting'] = $note_data['text_formatting'];
+    #$note['link'] = htmlspecialchars($note_data['link']);
+    #$note['linkname'] = htmlspecialchars($note_data['linkname']);
+    $note['time'] = date("Y-m-d H:i:s", $note_data['time']);
+
+    #echo $data['title'];
+
+  $template->assign('display_time', true);
+  $localization->replacePlaceholder('time', $note_data['time'], 'page_time', Localization::FORMAT_TIME);
+
+
+    $template->assign('headline', $note_data['title']);
+    #$template->assign('title', $note_data['title']);
+    
+    $template->assign('note',$note);
+    
+   }
+  else
+   {
+    $no_cache = true;
+    echo '404';
+    exit;
+   }
+ }
+else // overview
+ {
+  $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section");
+  $dbr->bindParam(':note_section', $data['type_addition'], PDO::PARAM_STR);
+  $dbr->execute();
+  $total_items = $dbr->fetchColumn();
+
+  $total_pages = ceil($total_items / $settings['notes_per_page']);
+
+  if(isset($_GET['get_2'])) $current_page = intval($_GET['get_2']); else $current_page = 1;
+  if($current_page<1) $current_page = 1;
+  if($current_page>$total_pages) $current_page = $total_pages;
+
+  $dbr = Database::$content->prepare("SELECT id, time, title, text, text_formatting, link, linkname FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence ASC LIMIT ".(($current_page-1)*$settings['notes_per_page']).", ".$settings['notes_per_page']);
+  $dbr->bindParam(':note_section', $data['type_addition'], PDO::PARAM_STR);
+  $dbr->execute();
+  $i=0;
+  while($notes_data = $dbr->fetch())
+   {
+    $notes[$i]['id'] = $notes_data['id'];
+    $notes[$i]['time'] = $notes_data['time'];
+    $notes[$i]['title'] = $notes_data['title'];
+    if($notes_data['text_formatting']==1) $notes[$i]['text'] = auto_html($notes_data['text']);
+    else $notes[$i]['text'] = $notes_data['text'];
+    #$notes[$i]['text'] = format_paragraph($notes_data['text']);
+    if($notes_data['link']=='')
+     {
+      $notes[$i]['link'] = BASE_URL.PAGE.','.$notes_data['id'];
+     }
+    elseif(mb_substr($notes_data['link'],0,7) != 'http://' && mb_substr($notes_data['link'],0,8) != 'https://' && mb_substr($notes_data['link'],0,6) != 'ftp://' && mb_substr($notes_data['link'],0,9) != 'gopher://' && mb_substr($notes_data['link'],0,7) != 'news://')
+     {
+      $notes[$i]['link'] = BASE_URL.$notes_data['link'];
+     }
+    else
+     {
+      $notes[$i]['link'] = $notes_data['link'];
+     }
+    $notes[$i]['linkname'] = $notes_data['linkname'];
+    $localization->bindReplacePlaceholder($notes_data['id'], 'time', $notes_data['time'], 'note_time', Localization::FORMAT_TIME);
+    $i++;
+   }
+  if(isset($notes))
+   {
+    $template->assign('notes', $notes);
+   }
+
+  $localization->replacePlaceholder('current_page', $current_page, 'pagination');
+  $localization->replacePlaceholder('total_pages', $total_pages, 'pagination');
+
+  $template->assign('pagination', pagination($total_pages,$current_page));
+ }
+
+$template->assign('subtemplate', 'notes.inc.tpl');
+
+if(isset($cache))
+ {
+  if($current_page > 1)
+   {
+    $cache->cacheId = PAGE . ',' . $current_page;
+   }
+  else
+   {
+    $cache->cacheId = PAGE;
+   }
+ }
+?>

cms/includes/page_types/notes_rss.php

@@ -0,0 +1,38 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$dbr = Database::$content->prepare("SELECT time, title, text, text_formatting, link FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY time DESC LIMIT ".$settings['rss_maximum_items']);
+$dbr->bindParam(':note_section', $data['type_addition'], PDO::PARAM_STR);
+$dbr->execute();
+
+$i=0;
+while($rss_data = $dbr->fetch())
+ {
+  $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+  if($rss_data['text_formatting']==1) $rss_items[$i]['content'] = auto_html($rss_data['text']);
+  else $rss_items[$i]['content'] = $rss_data['text'];
+  if(mb_substr($rss_data['link'],0,7) != 'http://' && mb_substr($rss_data['link'],0,8) != 'https://' && mb_substr($rss_data['link'],0,6) != 'ftp://' && mb_substr($rss_data['link'],0,9) != 'gopher://' && mb_substr($rss_data['link'],0,7) != 'news://')
+   {
+    $rss_items[$i]['link'] = BASE_URL.$rss_data['link'];
+   }
+  else
+   {
+    $rss_items[$i]['link'] = $rss_data['link'];
+   }
+  $rss_items[$i]['pubdate'] = gmdate('r',$rss_data['time']);
+  $i++;
+ }
+
+if(isset($rss_items))
+ {
+  $template->assign('rss_items',$rss_items);
+ }
+
+$content_type = 'text/xml';
+$template_file = 'rss.tpl';
+
+if(isset($cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/overview.php

@@ -0,0 +1,62 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$dbr = Database::$content->prepare("SELECT id, page, headline, content, content_formatting, teaser_headline, teaser, teaser_formatting, teaser_img, link_name FROM ".Database::$db_settings['pages_table']." WHERE include_page=:include_page ORDER BY include_order ASC");
+$dbr->bindParam(':include_page', $data['id'], PDO::PARAM_INT);
+$dbr->execute();
+$i=0;
+while($included_pages_data = $dbr->fetch())
+ {
+  if($included_pages_data['teaser_headline']=='')
+   {
+    $included_pages[$i]['teaser_headline'] = stripslashes($included_pages_data['headline']);
+   }
+  else
+   {
+    $included_pages[$i]['teaser_headline'] = stripslashes($included_pages_data['teaser_headline']);
+   }
+  if($included_pages_data['teaser']=='')
+   {
+    if($included_pages_data['content_formatting']==1)
+     {
+      $included_pages[$i]['teaser'] = nl2br(stripslashes($included_pages_data['content']));
+     }
+    else
+     {
+      $included_pages[$i]['teaser'] = stripslashes($included_pages_data['content']);
+     }
+   }
+  else
+   {
+    if($included_pages_data['teaser_formatting']==1)
+     {
+      $included_pages[$i]['teaser'] = nl2br(stripslashes($included_pages_data['teaser']));
+     }
+    else
+     {
+      $included_pages[$i]['teaser'] = stripslashes($included_pages_data['teaser']);
+     }
+   }
+  $included_pages[$i]['page'] = $included_pages_data['page'];
+  $included_pages[$i]['teaser_img'] = $included_pages_data['teaser_img'];
+  if(trim($included_pages_data['teaser_img']!=''))
+   {
+    $teaser_img_info = getimagesize(BASE_PATH.MEDIA_DIR.$included_pages_data['teaser_img']);
+    $included_pages[$i]['teaser_img_width'] = $teaser_img_info[0];
+    $included_pages[$i]['teaser_img_height'] = $teaser_img_info[1];
+   }
+  $included_pages[$i]['link_name'] = stripslashes($included_pages_data['link_name']);
+  $i++;
+ }
+if(isset($included_pages))
+ {
+  $template->assign('included_pages_number', count($included_pages));
+  $template->assign('included_pages', $included_pages);
+ }
+$template->assign('subtemplate', 'overview.inc.tpl');
+
+if(isset($cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/redirect.php

@@ -0,0 +1,13 @@
+<?php
+#unset($template_file);
+
+if(isset($cache) && $cache->doCaching)
+ {
+  $cache->cacheId = PAGE;
+  $cache_content = "<?php\nheader('".$_SERVER['SERVER_PROTOCOL']." 301 Moved Permanently');\nheader('Location: ".$data['type_addition']."');\n?>";
+  $cache->createChacheFile($cache_content);
+ }
+
+header($_SERVER['SERVER_PROTOCOL'] . ' 301 Moved Permanently');
+header('Location: '.$data['type_addition']);
+?>

cms/includes/page_types/rss.php

@@ -0,0 +1,88 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$current_time = time();
+
+$dbr = Database::$content->prepare("SELECT id, page, type, category, title, teaser, teaser_formatting, teaser_img, teaser_headline, content, content_formatting, time, last_modified FROM ".Database::$db_settings['pages_table']." WHERE include_rss=:include_rss AND time<=:time AND status!=0 ORDER BY time DESC LIMIT ".$settings['rss_maximum_items']);
+$dbr->bindParam(':include_rss', $page_id, PDO::PARAM_INT);
+$dbr->bindParam(':time', $current_time, PDO::PARAM_INT);
+$dbr->execute();
+
+if(isset($_GET['get_1']) && $_GET['get_1'] == 'fullfeed' && $settings['enable_fullfeeds']) $fullfeed=true;
+else $fullfeed=false; 
+
+$i=0;
+while($rss_data = $dbr->fetch())
+ {
+  $rss_items[$i]['category'] = htmlspecialchars($rss_data['category']);
+  $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+  
+  #if($rss_data['headline'] && $fullfeed || empty($rss_data['teaser_headline'])) $rss_items[$i]['title'] = htmlspecialchars($rss_data['headline']);
+  if($rss_data['teaser_headline']) $rss_items[$i]['title'] = htmlspecialchars($rss_data['teaser_headline']);
+  else $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+  
+  if($fullfeed || $rss_data['teaser']=='')
+   {
+    if($rss_data['content_formatting']==1)
+     {
+      $rss_items[$i]['content'] = auto_html($rss_data['content']);
+     }
+    else
+     {
+      $rss_items[$i]['content'] = $rss_data['content'];
+     }
+    $rss_items[$i]['content'] = parse_special_tags($rss_items[$i]['content'], $parent_page=$rss_data['page'], $rss=true);
+    #$rss_items[$i]['content'] = preg_replace_callback("#\[image:(.+?)\]#is", "create_image", $rss_items[$i]['content']);    
+    #$rss_items[$i]['content'] = preg_replace_callback("#\[thumbnail:(.+?)\]#is", "create_thumbnail_rss", $rss_items[$i]['content']);
+    #$rss_items[$i]['content'] = preg_replace_callback("#\[gallery:(.+?)\]#is", "create_gallery_rss", $rss_items[$i]['content']);
+    #$rss_items[$i]['content'] = preg_replace('/\[\[([^|\]]+?)(?:\|([^\]]+))?\]\]/e', "'<a href=\"\$1\">'.(('\$2')?'\$2':'\$1').'</a>'", $rss_items[$i]['content']);   
+   }
+  else
+   {
+    if($rss_data['teaser_formatting']==1)
+     {
+      $rss_items[$i]['content'] = auto_html($rss_data['teaser']);
+     }
+    else
+     {
+      $rss_items[$i]['content'] = $rss_data['teaser'];
+     }
+   }
+
+  if(!$fullfeed && $rss_data['teaser_img']) 
+   {
+    $rss_items[$i]['teaser_img'] = $rss_data['teaser_img'];
+    $teaser_img_info = getimagesize(BASE_PATH.MEDIA_DIR.$rss_data['teaser_img']);
+    $rss_items[$i]['teaser_img_width'] = $teaser_img_info[0];
+    $rss_items[$i]['teaser_img_height'] = $teaser_img_info[1];
+   }
+
+  $rss_items[$i]['link'] = BASE_URL.$rss_data['page'];
+  $rss_items[$i]['pubdate'] = gmdate('r',$rss_data['time']);
+  $wfw = false;
+  if($rss_data['type']=='commentable_page')
+   {
+    $wfw = true;
+    $rss_items[$i]['commentrss'] = BASE_URL.$rss_data['page'].',commentrss';
+   }
+  $i++;
+ }
+
+$template->assign('wfw', $wfw);
+if(isset($rss_items)) $template->assign('rss_items', $rss_items);
+
+$content_type = 'text/xml';
+$template_file = 'rss.tpl';
+
+if(isset($cache))
+ {
+  if($fullfeed)
+   {
+    $cache->cacheId = PAGE . ',full';
+   }
+  else
+   {
+    $cache->cacheId = PAGE;
+   }
+ }
+?>

cms/includes/page_types/search.php

@@ -0,0 +1,242 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+switch(Database::$db_settings['type'])
+ {
+  case 'sqlite':
+  case 'sqlite2':
+   $general_clause = "(page || title || page_title || content || keywords || description || sidebar_1 || sidebar_2 || sidebar_3) LIKE ?";
+   $special_clause = "(page || title || page_title || keywords || description) LIKE ?";
+   $photo_clause = "(title || subtitle || description) LIKE ?";
+   break;
+  default:
+   $general_clause = "CONCAT(page, title, page_title, content, keywords, description, sidebar_1, sidebar_2, sidebar_3) LIKE ?";
+   $special_clause = "CONCAT(page, title, page_title, keywords, description) LIKE ?";
+   $photo_clause = "CONCAT(title, subtitle, description) LIKE ?";
+ }
+
+if(isset($_POST['q']))
+ {
+  $q = str_replace(',','',$_POST['q']);
+  $q = urlencode($q);
+  #$q = str_replace('%','~',$q);
+  #header('Location: '.BASE_URL.$page.','.$q);
+  if(trim($q)!='') header('Location: '.BASE_URL.PAGE.',,'.$q);
+  else header('Location: '.BASE_URL.PAGE);
+  exit;
+ }
+#if(isset($_POST['q'])) $q = $_POST['q'];
+elseif(isset($_GET['get_2']))
+ {
+  $q = $_GET['get_2'];
+  #$q = str_replace('~','%',$q);
+  $q = urldecode($q);
+  $no_cache = true;
+ }
+
+if(isset($_GET['get_3'])) $current_page = intval($_GET['get_3']);
+else $current_page = 1;
+
+if(isset($q))
+ {
+  $q = trim($q);
+  $template->assign('q', htmlspecialchars($q));
+  #$template->assign('q_encoded', str_replace('%','~',urlencode(htmlspecialchars($q))));
+  #$q = stripslashes($q);
+  $q = mb_substr($q, 0, 255);
+  $q_encoded = urlencode(htmlspecialchars($q));
+  $template->assign('q_encoded', $q_encoded);
+
+  $cookie_data = $q_encoded.' '.$current_page;
+  setcookie($settings['session_prefix'].'search',$cookie_data);
+
+  $q = str_replace('"', '', $q);
+  #$q = sqlite_escape_string($q);
+  $q_array = explode(" ", $q);
+
+  $number_of_words = count($q_array);
+  // limitation to 3 words:
+  if($number_of_words > 3)
+   {
+    $number_of_words = 3;
+   }
+
+  $dbr = Database::$content->query("SELECT id,page,title,description FROM ".Database::$db_settings['pages_table']." WHERE status>1");
+  $dbr->execute();
+  while($data = $dbr->fetch())
+   {
+    $pages[$data['id']]['page']=$data['page'];
+    $pages[$data['id']]['title']=$data['title'];
+    $pages[$data['id']]['description']=$data['description'];
+   }
+
+  // search pages:
+  $general_search_clause = '';
+  $special_search_clause = '';
+  for($i=0;$i<$number_of_words;++$i)
+   {
+    $general_search_clause .= $general_clause;
+    $special_search_clause .= $special_clause;
+    if($i<$number_of_words-1)
+     {
+      $general_search_clause .= ' AND ';
+      $special_search_clause .= ' AND ';
+     }
+   }
+  // search all fields:
+
+  $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['pages_table']." WHERE status>1 AND ".$general_search_clause);
+  for($i=0;$i<$number_of_words;++$i)
+   {
+    $dbr->bindValue($i+1, '%'.$q_array[$i].'%', PDO::PARAM_STR);
+   }
+  #$dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['pages_table']." WHERE status>1 AND CONCAT(content, title) LIKE ?");
+  #$dbr->bindValue(1, '%'.$q_array[0].'%', PDO::PARAM_STR);
+
+  $dbr->execute();
+  while($data = $dbr->fetch())
+   {
+    $result_pages[$data['id']]['id'] = $data['id'];
+    $result_pages[$data['id']]['type'] = 0;
+    $result_pages[$data['id']]['relevance'] = 0;
+    $result_pages[$data['id']]['page'] = $pages[$data['id']]['page'];
+    $result_pages[$data['id']]['title'] = $pages[$data['id']]['title'];
+    $result_pages[$data['id']]['description'] = $pages[$data['id']]['description'];
+   }
+  if(isset($pages))
+   {
+    // search in special fields:
+    $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['pages_table']." WHERE status>1 AND ".$special_search_clause);
+    for($i=0;$i<$number_of_words;++$i)
+     {
+      $dbr->bindValue($i+1, '%'.$q_array[$i].'%', PDO::PARAM_STR);
+     }
+    $dbr->execute();
+    while($data = $dbr->fetch())
+     {
+      // enhance relevace if word found in special fields:
+      if(isset($pages[$data['id']]))
+       {
+        ++$result_pages[$data['id']]['relevance'];
+       }
+     }
+   }
+
+  // search notes:
+  /*
+  $notes_search_string = "linkname || headline || text LIKE '%".implode("%' AND linkname || headline || text LIKE '%",$q_array)."%'";
+  $notes_search_result = @sqlite_query($db_content, "SELECT note_section, order_id FROM ".Database::$db_settings['notes_table']." WHERE ".$notes_search_string." ORDER BY order_id DESC");
+  while($row_n1 = sqlite_fetch_array($notes_search_result))
+   {
+    $notes_pages_result = @sqlite_query($db_content, "SELECT id FROM ".Database::$db_settings['pages_table']." WHERE type='notes' AND type_addition='".$row_n1['note_section']."'");
+    while($row_n2 = sqlite_fetch_array($notes_pages_result))
+     {
+      // discard notes result if page is already in page results:
+      if(empty($found_ids) || isset($found_ids) && !in_array($row_n2['id'],$found_ids))
+       {
+        $found_ids_notes[] = $row_n2['id'];
+        // page nr of notes page
+        $found_page_nr[$row_n2['id']] = ceil($row_n1['order_id'] / $settings['notes_per_page']);
+       }
+     }
+   }
+  */
+
+  // search photos:
+  /*
+  $photo_search_clause = '';
+  for($i=0;$i<$number_of_words;++$i)
+   {
+    $photo_search_clause .= $photo_clause;
+    if($i<$number_of_words-1)
+     {
+      $photo_search_clause .= ' AND ';
+     }
+   }
+  $dbr = Database::$content->prepare("SELECT id,title,subtitle,description FROM ".Database::$db_settings['photo_table']." WHERE ".$photo_search_clause);
+  for($i=0;$i<$number_of_words;++$i)
+   {
+    $dbr->bindValue($i+1, '%'.$q_array[$i].'%', PDO::PARAM_STR);
+   }
+  $dbr->execute();
+  while($data = $dbr->fetch())
+   {
+    $result_photos[$data['id']]['id'] = $data['id'];
+    $result_photos[$data['id']]['type'] = 1;
+    $result_photos[$data['id']]['relevance'] = 0;
+    $result_photos[$data['id']]['page'] = PAGE.','.IMAGE_IDENTIFIER.','.$data['id'];
+    $result_photos[$data['id']]['title'] = $data['title'];
+    $result_photos[$data['id']]['description'] = '';
+   }
+  */
+  // merge results:
+  if(isset($result_pages))
+   {
+    foreach($result_pages as $result_page)
+     {
+      $results[] = $result_page;
+     }
+   }
+  if(isset($result_photos))
+   {
+    foreach($result_photos as $result_photo)
+     {
+      $results[] = $result_photo;
+     }
+   }
+  
+  
+  if(isset($results))
+   {
+    // sort by relevance:
+    foreach($results as $key => $val)
+     {
+      $relevance[$key] = $val['relevance'];
+     }
+    array_multisort($relevance, SORT_DESC, $results);
+
+    $result_count = count($results);
+
+    $total_pages = ceil($result_count / $settings['search_results_per_page']);
+    if($current_page>$total_pages) $curret_page = $total_pages;
+    if($current_page<1) $current_page=1;
+
+    #$displayed_count = 0;
+    for($i=($current_page-1)*$settings['search_results_per_page'];$i<$current_page*$settings['search_results_per_page'];++$i)
+     {
+      if(isset($results[$i]))
+       {
+        $displayed_results[] = $results[$i];
+        #$displayed_count++;
+       }
+     }
+
+    $template->assign('pagination', pagination($total_pages,$current_page));
+
+    $template->assign('results', $displayed_results);
+
+    switch($result_count)
+     {
+      case 0:
+       $localization->selectVariant('search_number_of_results', 0);
+       break;
+      case 1:
+       $localization->selectVariant('search_number_of_results', 1);
+       break;
+      default:
+       $localization->selectVariant('search_number_of_results', 2);
+       $localization->replacePlaceholder('pages', $result_count, 'search_number_of_results');
+     }
+    #$loc->select_variant('search_number_of_results', 0);
+    $localization->replacePlaceholder('current_page', $current_page, 'pagination');
+    $localization->replacePlaceholder('total_pages', $total_pages, 'pagination');
+   }
+ }
+
+$template->assign('subtemplate', 'search.inc.tpl');
+
+if(isset($cache) && empty($no_cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/page_types/simple_news.php

@@ -0,0 +1,332 @@
+<?php
+if($authorized_to_edit && isset($_GET['get_1']) && isset($_GET['get_2']) && $_GET['get_2']=='delete' && isset($_GET['get_3']) && $_GET['get_3']=='confirmed')
+ {
+  $delete_id = $_GET['get_1'];
+ }
+elseif($authorized_to_edit && isset($_POST['delete']) && isset($_POST['confirmed']))
+ {
+  $delete_id = $_POST['delete'];
+ }
+if($authorized_to_edit && isset($delete_id))
+ {  
+  $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['news_table']." WHERE id=:id");
+  $dbr->bindParam(':id', $delete_id, PDO::PARAM_INT);
+  $dbr->execute();
+  #if(isset($cache)) $cache->clear(PAGE);
+  if(isset($cache)) $cache->clear();
+  header('Location: '.BASE_URL.PAGE);
+  exit;
+ }
+
+if($authorized_to_edit && isset($_POST['text']))
+ {
+  $title = isset($_POST['title']) ? trim($_POST['title']) : '';
+  $teaser = isset($_POST['teaser']) ? trim($_POST['teaser']) : '';
+  $text = isset($_POST['text']) ? trim($_POST['text']) : '';
+  $text_formatting = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
+  $linkname = isset($_POST['linkname']) ? trim($_POST['linkname']) : '';
+  $time = isset($_POST['time']) && trim($_POST['time'])!='' ? trim($_POST['time']) : date("Y-m-d H:i:s");
+
+  if(empty($title))
+   {
+    $errors[] = 'error_news_no_title';
+   }
+  if(empty($text))
+   {
+    $errors[] = 'error_news_no_text';
+   }
+  if(($time = strtotime($time))===false)
+   {
+    $errors[] = 'error_news_time_invalid';
+   }
+
+  if(empty($errors))
+   {
+    if(isset($_POST['id']))
+     {
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['news_table']." SET time=:time, title=:title, teaser=:teaser, text=:text, text_formatting=:text_formatting, linkname=:linkname WHERE id=:id");
+      $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+      $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+      $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+      $dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
+      $dbr->bindParam(':text', $text, PDO::PARAM_STR);
+      $dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
+      $dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
+      $dbr->execute();
+      $id = $_POST['id'];
+     }
+    else
+     {
+      $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['news_table']." (page_id,time,title,teaser,text,text_formatting,linkname) VALUES (:page_id,:time,:title,:teaser,:text,:text_formatting,:linkname)");
+      $dbr->bindParam(':page_id', $data['id'], PDO::PARAM_INT);
+      $dbr->bindParam(':time', $time, PDO::PARAM_INT);
+      $dbr->bindParam(':title', $title, PDO::PARAM_STR);
+      $dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
+      $dbr->bindParam(':text', $text, PDO::PARAM_STR);
+      $dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
+      $dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
+      $dbr->execute();
+      #$id = $dbr->lastInsertId(); 
+      // get last insert ID:
+      $dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['news_table']." ORDER BY id DESC LIMIT 1");
+      $dbr->execute();
+      $last_insert_data = $dbr->fetch();
+      if(isset($last_insert_data['id'])) $id = $last_insert_data['id'];
+     }
+    #if(isset($cache)) $cache->clear(PAGE);
+    if(isset($cache)) $cache->clear();
+    if(isset($id)) header('Location: '.BASE_URL.PAGE.','.$id);
+    else header('Location: '.BASE_URL.PAGE);
+    exit;
+   }
+  else
+   {
+    if(isset($_POST['id']))
+     {
+      $edit_news['id'] = intval($_POST['id']);
+      $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+      $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+      if(!empty($_POST['title'])) $breadcrumbs[] = array('page'=>PAGE.','.$edit_news['id'], 'title'=>htmlspecialchars($_POST['title']));
+      else $breadcrumbs[] = array('page'=>PAGE.','.$edit_news['id'], 'title'=>'???');
+      $template->assign('breadcrumbs', $breadcrumbs);    
+      $template->assign('title', Localization::$lang['simple_news_edit_item']);
+      $template->assign('headline', '');
+     }
+    else
+     {
+      $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+      $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+      $template->assign('breadcrumbs', $breadcrumbs);    
+      $template->assign('title', Localization::$lang['simple_news_add_item']);
+      #$template->assign('headline', Localization::$lang['simple_news_add_item']);
+      $template->assign('headline', '');
+     }
+    $edit_news['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
+    $edit_news['teaser'] = isset($_POST['teaser']) ? htmlspecialchars($_POST['teaser']) : '';
+    $edit_news['text'] = isset($_POST['text']) ? htmlspecialchars($_POST['text']) : '';
+    $edit_news['text_formatting'] = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
+    $edit_news['link'] = isset($_POST['link']) ? htmlspecialchars($_POST['link']) : '';
+    $edit_news['linkname'] = isset($_POST['linkname']) ? htmlspecialchars($_POST['linkname']) : '';
+    $edit_news['time'] = isset($_POST['time']) ? htmlspecialchars($_POST['time']) : date("Y-m-d H:i:s");
+    $edit_news['note_section'] = isset($_POST['note_section']) ? htmlspecialchars($_POST['note_section']) : '';
+    $template->assign('edit_news', $edit_news);
+    $template->assign('errors', $errors);
+    $template->assign('edit_news', $edit_news);
+    if($settings['wysiwyg_editor'] && isset($_SESSION[$settings['session_prefix'].'wysiwyg']) && $_SESSION[$settings['session_prefix'].'wysiwyg']==1) $template->assign('wysiwyg', true);
+    $template->assign('hide_content', true);
+   }
+ }
+
+if($authorized_to_edit && isset($_GET['get_1']) && $_GET['get_1']=='add_item')
+ {
+  $edit_news['text_formatting'] = $settings['default_formatting'];
+  $edit_news['text_formatting'] = 1;
+  $edit_news['linkname'] = Localization::$lang['simple_news_default_linkname'];
+  $edit_news['time'] = date("Y-m-d H:i:s", time());   
+  if($settings['wysiwyg_editor'] && isset($_SESSION[$settings['session_prefix'].'wysiwyg']) && $_SESSION[$settings['session_prefix'].'wysiwyg']==1) $template->assign('wysiwyg', true);
+
+  $template->assign('hide_content', true);
+  $template->assign('title', Localization::$lang['simple_news_add_item']);
+
+  $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+  $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+  #$breadcrumbs[] = array('page'=>PAGE.','.$edit_news_item_data['id'], 'title'=>htmlspecialchars($edit_news_item_data['title']));
+  $template->assign('breadcrumbs', $breadcrumbs);    
+
+  #$template->assign('headline', Localization::$lang['simple_news_add_item']);
+  $template->assign('headline', '');
+  $template->assign('edit_news', $edit_news);
+ }
+elseif($authorized_to_edit && isset($_GET['get_1']) && isset($_GET['get_2']) && $_GET['get_2']=='edit')
+ {
+  $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting, linkname FROM ".Database::$db_settings['news_table']." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $_GET['get_1'], PDO::PARAM_STR);
+  $dbr->execute();
+  $edit_news_item_data = $dbr->fetch();
+  if(isset($edit_news_item_data['id']))
+   {
+    $edit_news['id'] = $edit_news_item_data['id'];
+    $edit_news['title'] = htmlspecialchars($edit_news_item_data['title']);
+    $edit_news['teaser'] = htmlspecialchars($edit_news_item_data['teaser']);
+    $edit_news['text'] = htmlspecialchars($edit_news_item_data['text']);
+    $edit_news['text_formatting'] = $edit_news_item_data['text_formatting'];
+    $edit_news['linkname'] = htmlspecialchars($edit_news_item_data['linkname']);
+    $edit_news['time'] = date("Y-m-d H:i:s", $edit_news_item_data['time']);   
+    $template->assign('edit_news', $edit_news);
+    if($settings['wysiwyg_editor'] && isset($_SESSION[$settings['session_prefix'].'wysiwyg']) && $_SESSION[$settings['session_prefix'].'wysiwyg']==1) $template->assign('wysiwyg', true);
+
+    $template->assign('hide_content', true);
+    $template->assign('title', Localization::$lang['simple_news_edit_item']);
+
+    $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+    $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+    $breadcrumbs[] = array('page'=>PAGE.','.$edit_news_item_data['id'], 'title'=>htmlspecialchars($edit_news_item_data['title']));
+    $template->assign('breadcrumbs', $breadcrumbs);    
+
+    #$template->assign('headline', Localization::$lang['simple_news_edit_item']);
+    $template->assign('headline', '');
+   }
+  else
+   {
+    #$no_cache = true;
+    header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
+    header("Status: 404 Not Found");
+    header('Location: '.BASE_URL.PAGE);
+    exit;
+   }
+ }
+elseif($authorized_to_edit && isset($_GET['get_1']) && isset($_GET['get_2']) && $_GET['get_2']=='delete')
+ {
+  $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting, linkname FROM ".Database::$db_settings['news_table']." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $_GET['get_1'], PDO::PARAM_STR);
+  $dbr->execute();
+  $delete_news_item_data = $dbr->fetch();
+  if(isset($delete_news_item_data['id']))
+   {
+    $delete_news['id'] = $delete_news_item_data['id'];
+    $delete_news['title'] = htmlspecialchars($delete_news_item_data['title']);
+
+    $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+    $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+    $template->assign('breadcrumbs', $breadcrumbs);    
+
+    $template->assign('title', Localization::$lang['delete_news_title']);
+    $template->assign('headline', Localization::$lang['delete_news_title']);
+    $template->assign('delete_news', $delete_news);
+    $template->assign('hide_content', true);
+   }
+ }
+elseif(isset($_GET['get_1']) && $_GET['get_1']=='rss')
+ {
+  $rss = true;
+  $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting, linkname FROM ".Database::$db_settings['news_table']." WHERE page_id=:page_id AND time<=:now ORDER BY time DESC LIMIT ".$settings['rss_maximum_items']);
+  $dbr->bindParam(':page_id', $data['id'], PDO::PARAM_STR);
+  $dbr->bindValue(':now', time(), PDO::PARAM_STR);
+  $dbr->execute();
+  $i=0;
+  while($rss_data = $dbr->fetch())
+   {
+    $rss_items[$i]['title'] = htmlspecialchars($rss_data['title']);
+    if($rss_data['teaser'] && $settings['enable_fullfeeds']==0)
+     {
+      $rss_items[$i]['content'] = $rss_data['teaser'];
+     }
+    else
+     {
+      if($rss_data['text_formatting']==1) $rss_items[$i]['content'] = auto_html($rss_data['text']);
+      else $rss_items[$i]['content'] = $rss_data['text'];
+     }
+    $rss_items[$i]['linkname'] = htmlspecialchars($rss_data['linkname']);
+    $rss_items[$i]['link'] = BASE_URL.PAGE.','.$rss_data['id'];
+    $rss_items[$i]['pubdate'] = gmdate('r',$rss_data['time']);
+    $i++;
+   }
+  if(isset($rss_items)) $template->assign('rss_items', $rss_items);
+  $content_type = 'text/xml';
+  $template_file = 'rss.tpl';
+
+ }
+elseif(isset($_GET['get_1']) && intval($_GET['get_1'])>0) // item opened
+ {
+  $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting FROM ".Database::$db_settings['news_table']." WHERE id=:id LIMIT 1");
+  $dbr->bindParam(':id', $_GET['get_1'], PDO::PARAM_STR);
+  $dbr->execute();
+  $note_data = $dbr->fetch();
+  if(isset($note_data['id']))
+   {
+    $news_item['id'] = $note_data['id'];
+    $news_item['title'] = htmlspecialchars($note_data['title']);
+    $news_item['teaser'] = htmlspecialchars($note_data['teaser']);
+    if($note_data['text_formatting']==1) $news_item['text'] = auto_html($note_data['text']);
+    else $news_item['text'] = $note_data['text'];
+    $news_item['time'] = date("Y-m-d H:i:s", $note_data['time']);
+    $template->assign('display_time', true);
+    $localization->replacePlaceholder('time', $note_data['time'], 'page_time', Localization::FORMAT_TIME);
+
+    $template->assign('hide_content', true);
+    $template->assign('title', $note_data['title']);
+    $template->assign('headline', $note_data['title']);
+    $template->assign('news_item',$news_item);
+
+    $breadcrumbs = get_breadcrumbs($data['breadcrumbs']);
+    $breadcrumbs[] = array('page'=>PAGE, 'title'=>$data['title']);
+    $template->assign('breadcrumbs', $breadcrumbs);    
+
+    $template->assign('keywords', '');
+    $template->assign('description', '');
+
+    $news_item_id = $note_data['id'];
+   }
+  else
+   {
+    #$no_cache = true;
+    header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
+    header("Status: 404 Not Found");
+    header('Location: '.BASE_URL.PAGE);
+    exit;
+   }
+ }
+else // overview
+ {
+  $dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['news_table']." WHERE page_id=:page_id"); // AND time<=:now
+  $dbr->bindParam(':page_id', $data['id'], PDO::PARAM_STR);
+  //$dbr->bindValue(':now', time(), PDO::PARAM_STR);
+  $dbr->execute();
+  $total_items = $dbr->fetchColumn();
+
+  $total_pages = ceil($total_items / $settings['simple_news_per_page']);
+
+  if(isset($_GET['get_2'])) $current_page = intval($_GET['get_2']); else $current_page = 1;
+  if($current_page<1) $current_page = 1;
+  if($current_page>$total_pages) $current_page = $total_pages;
+
+  $dbr = Database::$content->prepare("SELECT id, time, title, teaser, text, text_formatting, linkname FROM ".Database::$db_settings['news_table']." WHERE page_id=:page_id ORDER BY time DESC LIMIT ".(($current_page-1)*$settings['simple_news_per_page']).", ".$settings['simple_news_per_page']); // AND time<=:now
+  $dbr->bindParam(':page_id', $data['id'], PDO::PARAM_STR);
+  //$dbr->bindValue(':now', time(), PDO::PARAM_STR);
+  $dbr->execute();
+  $i=0;
+  while($news_data = $dbr->fetch())
+   {
+    $news[$i]['id'] = $news_data['id'];
+    $news[$i]['time'] = $news_data['time'];
+    $news[$i]['title'] = $news_data['title'];
+    $news[$i]['teaser'] = $news_data['teaser'];
+    if($news_data['text_formatting']==1) $news[$i]['text'] = auto_html($news_data['text']);
+    else $news[$i]['text'] = $news_data['text'];
+    $news[$i]['linkname'] = $news_data['linkname'];
+    $localization->bindReplacePlaceholder($news_data['id'], 'time', $news_data['time'], 'simple_news_time', Localization::FORMAT_TIME);
+    $i++;
+   }
+  if(isset($news))
+   {
+    $template->assign('news', $news);
+   }
+
+  $localization->replacePlaceholder('current_page', $current_page, 'pagination');
+  $localization->replacePlaceholder('total_pages', $total_pages, 'pagination');
+
+  $template->assign('pagination', pagination($total_pages,$current_page));
+ }
+
+if(empty($rss)) $template->assign('subtemplate', 'simple_news.inc.tpl');
+
+if(isset($cache))
+ {
+  if(isset($rss))
+   {
+    $cache->cacheId = PAGE . ',rss';
+   }
+  elseif(isset($news_item_id))
+   {
+    $cache->cacheId = PAGE . ',' . $news_item_id;
+   }
+  elseif(isset($current_page) && $current_page > 1)
+   {
+    $cache->cacheId = PAGE . ',,' . $current_page;
+   }
+  else
+   {
+    $cache->cacheId = PAGE;
+   }
+ }
+?>

cms/includes/page_types/sitemap.php

@@ -0,0 +1,32 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$current_time = time();
+
+$dbr = Database::$content->prepare("SELECT id, page, title, teaser, time, last_modified FROM ".Database::$db_settings['pages_table']." WHERE include_sitemap=:include_sitemap AND time<=:time AND status!=0 ORDER BY last_modified DESC");
+$dbr->bindParam(':include_sitemap', $page_id, PDO::PARAM_INT);
+$dbr->bindParam(':time', $current_time, PDO::PARAM_INT);
+$dbr->execute();
+$i=0;
+while($data = $dbr->fetch())
+ {
+  if($data['page']==$settings['index_page']) $sitemap_items[$i]['loc'] = addslashes(BASE_URL);
+  else $sitemap_items[$i]['loc'] = addslashes(BASE_URL.$data['page']);
+  $sitemap_items[$i]['lastmod'] = date('Y-m-d',$data['last_modified']);
+  $i++;
+ }
+
+if(isset($sitemap_items))
+ {
+  $template->assign('sitemap_items',$sitemap_items);
+ }
+
+#$localization->assign('charset', 'utf-8');
+$content_type = 'text/xml';
+$template_file = 'sitemap.tpl';
+
+if(isset($cache))
+ {
+  $cache->cacheId = PAGE;
+ }
+?>

cms/includes/pages.inc.php

@@ -0,0 +1,163 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+{
+ #$admin_sub_menu = '<a href="'.basename($_SERVER['PHP_SELF']).'?mode=edit">'.$lang['create_new_page'].'</a>';
+
+  // delete page:
+  if(isset($_REQUEST['delete_page']))
+   {
+    $dbr = Database::$content->prepare("SELECT id, page, title, author, edit_permission, edit_permission_general FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
+    $dbr->bindParam(':id', $_REQUEST['delete_page'], PDO::PARAM_INT);
+    $dbr->execute();
+    $data = $dbr->fetch();
+    if(!isset($data['id']))
+     {
+      $action='invalid_page';
+     }
+    elseif(!is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
+     {
+      $action='no_authorization';
+     }
+    else
+     {
+      if(isset($_REQUEST['confirmed']))
+       {
+        // delete page:
+        $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['pages_table']." WHERE id=:id");
+        $dbr->bindParam(':id', $_REQUEST['delete_page'], PDO::PARAM_INT);
+        $dbr->execute();
+        // delete comments:
+        $dbr = Database::$entries->prepare("DELETE FROM ".Database::$db_settings['comment_table']." WHERE comment_id=:id AND type=0");
+        $dbr->bindParam(':id', $_REQUEST['delete_page'], PDO::PARAM_INT);
+        $dbr->execute();
+        // delete news entries:
+        $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['news_table']." WHERE page_id=:id");
+        $dbr->bindParam(':id', $_REQUEST['delete_page'], PDO::PARAM_INT);
+        $dbr->execute();
+        if(isset($cache) && $cache->autoClear) $cache->clear();
+        header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=pages');
+        exit;
+       }
+      else $action='delete_page';
+     }
+   }
+
+  if(isset($_GET['reset_views']) && $_SESSION[$settings['session_prefix'].'user_type']==1)
+   {
+    $timestamp_now = time();
+    $dbr = Database::$content->query("UPDATE ".Database::$db_settings['pages_table']." SET views=0");
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name='counter_last_resetted'");
+    $dbr->bindParam(':value', $timestamp_now, PDO::PARAM_INT);
+    $dbr->execute();
+    $settings['counter_last_resetted'] = $timestamp_now;
+    $action='main';
+   }
+
+  if(isset($_GET['action'])) $action = $_GET['action'];
+  if(isset($_POST['action'])) $action = $_POST['action'];
+  if(empty($action)) $action = 'main';
+
+ switch($action)
+  {
+   case 'main':
+     if(isset($_GET['order']))
+      {
+       switch($_GET['order'])
+        {
+         case 'title':
+          $order='title';
+         break;
+         case 'time':
+          $order='time';
+         break;
+         case 'last_modified':
+          $order='last_modified';
+         break;
+         case 'views':
+          $order='views';
+         break;
+         default:
+          $order = 'page';
+        }
+      }
+     else
+      {
+       $order = 'page';
+      }
+
+     if(isset($_GET['descasc']) && $_GET['descasc']=='DESC') $descasc = 'DESC'; else $descasc = 'ASC';
+
+     if(empty($order)) $order="id";
+     if(empty($descasc)) $descasc="ASC";
+
+     $template->assign('order',$order);
+     $template->assign('descasc',$descasc);
+
+     // user names:
+     $user_result = Database::$userdata->query("SELECT id, name FROM ".Database::$db_settings['userdata_table']);
+     while($userdata = $user_result->fetch())
+      {
+       $users[$userdata['id']] = htmlspecialchars($userdata['name']);
+      }
+     if(isset($users))
+      {
+       $template->assign('users',$users);
+      }
+
+     #$dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['pages_table']." ORDER BY :order :descasc");
+     #$dbr->bindParam(':order', $order, PDO::PARAM_STR);
+     #$dbr->bindParam(':descasc', $descasc, PDO::PARAM_STR);
+     #$dbr->execute();
+     #$total_pages = $dbr-> fetchColumn();
+
+     $dbr = Database::$content->query("SELECT id, page, author, title, time, last_modified, last_modified_by, status, views, edit_permission, edit_permission_general FROM ".Database::$db_settings['pages_table']." ORDER BY ".$order." ".$descasc);
+     #print_r(Database::$content->errorInfo());
+     #$dbr->bindParam(':order', $order, PDO::PARAM_STR);
+     #$dbr->bindParam(':descasc', $descasc, PDO::PARAM_STR);
+     #$dbr->execute();
+     $i=0;
+     while($row = $dbr->fetch())
+      {
+       $pages_data[$i]['id'] = $row['id'];
+       $pages_data[$i]['page'] = $row['page'];
+       $pages_data[$i]['author'] = $row['author'];
+       $pages_data[$i]['title'] = $row['title'];
+       $pages_data[$i]['time'] = $row['time'];
+       $pages_data[$i]['last_modified'] = $row['last_modified'];
+       $pages_data[$i]['last_modified_by'] = $row['last_modified_by'];
+       $pages_data[$i]['status'] = $row['status'];
+       $pages_data[$i]['views'] = $row['views'];
+       #$pages_data[$i]['edit_permission'] = $row['edit_permission'];
+       #$pages_data[$i]['edit_permission_general'] = $row['edit_permission_general'];
+       if(is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$row['author'],$row['edit_permission'],$row['edit_permission_general']))
+        {
+         $pages_data[$i]['edit_permission'] = true;
+        }
+       else
+        {
+         $pages_data[$i]['edit_permission'] = false;
+        }
+       ++$i;
+      }
+
+     if(isset($pages_data))
+      {
+       $template->assign('pages',$pages_data);
+       $template->assign('subtemplate', 'pages.inc.tpl');
+      }
+     break;
+    case 'delete_page':
+     $template->assign('page',$data);
+     $template->assign('subtemplate', 'delete_page.inc.tpl');
+     break;
+    case 'invalid_page':
+     $template->assign('error_message',Localization::$lang['page_doesnt_exist']);
+     break;
+    case 'no_authorization':
+     $template->assign('error_message',Localization::$lang['no_authorization_edit']);
+     break;
+   }
+
+ }

cms/includes/photo.inc.php

@@ -0,0 +1,106 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+$content_query = 'SELECT id, page, title, type, type_addition, language, content FROM '.Database::$db_settings['pages_table'].' WHERE lower(page)=:page AND status!=0 LIMIT 1';
+$dbr = Database::$content->prepare($content_query);
+$dbr->bindValue(':page', PAGE, PDO::PARAM_STR);
+$dbr->execute();
+$data = $dbr->fetch();
+if(empty($data['id']))
+ {
+  $no_cache = true;
+  if($data=get_content($settings['error_page']))
+   {
+    header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
+    header("Status: 404 Not Found");
+    include(BASE_PATH.'cms/includes/content.inc.php');
+   }
+  else
+   {
+    raise_error('404');
+   }
+ }
+else
+ {
+  $photo = new ShowPhoto($_GET['get_2']);
+  $photo_data = $photo->get_photo_data();
+  if(isset($photo_data['id']) && $photo_page_check = is_vailid_photo_page($data['content'], $data['type'], $data['type_addition'], $photo_data['gallery'], $photo_data['gallery_items']))
+   {
+    if(empty($data['language'])) $language_file = $settings['default_page_language'].'.page.lang.php';
+    else $language_file = $data['language'].'.page.lang.php';
+
+    #require('./cms/includes/classes/Localization.class.php');
+    #$loc = new Localization('./cms/lang/'.$language_file);
+    $localization = new Localization(BASE_PATH.'cms/lang/'.$language_file);
+
+    mb_internal_encoding(Localization::$lang['charset']);
+
+    #require('./cms/lang/'.$language_file);
+    #$template->set_lang($lang);
+
+    setlocale(LC_ALL, Localization::$lang['locale']);
+    define('CHARSET', Localization::$lang['charset']);
+    #define('TIME_FORMAT', Localization::$lang['time_format']);
+    #define('TIME_FORMAT_FULL', Localization::$lang['time_format_full']);
+    $localization->replacePlaceholder('page', $data['title'], 'back_title');
+
+    $template->assign('website_title', $settings['website_title']);
+    $template->assign('photo_data', $photo_data);
+    $template->assign('page', $data['page']);
+    $template->assign('title', $data['title']);
+
+    $template->assign('settings', $settings);
+    if(isset($_SESSION[$settings['session_prefix'].'user_id'])) $template->assign('admin', true);
+
+    // photo comments:
+    if($settings['photos_commentable'] == 1)
+     {
+      $show_comments = $photo -> show_comments();
+      $template->assign('show_comments', $show_comments);
+      include(BASE_PATH.'cms/includes/photo_comment.inc.php');
+     }
+    #header('Content-Type: text/html; charset='.$lang['charset']);
+    #$template->display('./templates/'.$photo_data['template']);
+
+    $content_type = 'text/html';
+    $charset = Localization::$lang['charset'];
+    $template_file = $photo_data['template'];
+
+    if($photo_page_check==1)
+     {
+      if(isset($_COOKIE[$settings['session_prefix'].'search']))
+       {
+        $cookie_parts = explode(' ', $_COOKIE[$settings['session_prefix'].'search']);
+        $page_addition = ',,'.htmlspecialchars($cookie_parts[0]);
+        if(isset($cookie_parts[1]) && intval($cookie_parts[1])>1)
+         {
+          $page_addition .= ','.intval($cookie_parts[1]);
+         }
+        $template->assign('page_addition', $page_addition);
+       }
+     }
+    elseif($photo_page_check==2 && isset($cache))
+     {
+      $page_addition = ','.IMAGE_IDENTIFIER.','.$photo->photo_data['id'];
+      if($photo->photo_data['photo_size'] > 0) $page_addition .= ',1';
+      elseif($photo->show_comments > 0) $page_addition .= ',0,1';
+      if(isset($photo_comment->comment_page) && $photo_comment->comment_page > 1) $page_addition .= ','.$photo_comment->comment_page;
+      $cache->cacheId = PAGE . $page_addition;
+     }
+   }
+  else
+   {
+    $no_cache = true;
+    if($data=get_content($settings['error_page']))
+     {
+      header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
+      header("Status: 404 Not Found");
+      include('./cms/includes/content.inc.php');
+     }
+    else
+     {
+      raise_error('404');
+     }
+   }
+ }
+?>

cms/includes/photo_comment.inc.php

@@ -0,0 +1,95 @@
+<?php
+$comment = new Comment(PAGE, $photo_data['id'], 1);
+
+// settings:
+$comment->comments_per_page = $settings['comments_per_page'];
+$comment->comment_order = $settings['comment_order'];
+$comment->name_maxlength = $settings['name_maxlength'];
+$comment->email_hp_maxlength = $settings['email_hp_maxlength'];
+$comment->word_maxlength = $settings['word_maxlength'];
+$comment->comment_maxlength = $settings['comment_maxlength'];
+$comment->prevent_repeated_posts_minutes = $settings['prevent_repeated_posts_minutes'];
+$comment->akismet_key = $settings['akismet_key'];
+$comment->akismet_entry_check = $settings['akismet_entry_check'];
+$comment->remove_blank_lines = $settings['comment_remove_blank_lines'];
+$comment->auto_link = $settings['comment_auto_link'];
+$comment->smilies = $settings['comment_smilies'];
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  $comment->set_admin_mode();
+ }
+
+#$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
+
+if(isset($_POST['preview']))
+ {
+  if($preview = $comment->preview())
+    {
+     $template->assign('preview', $preview);
+    }
+  #$action = 'preview';
+ }
+elseif(isset($_POST['save']))
+ {
+  if($comment->form_session==false)
+   {
+    if($preview = $comment->preview())
+     {
+      $template->assign('preview', $preview);
+     }
+   }
+  elseif($comment->save())
+   {
+    if(isset($cache)) $cache->clearPhoto($photo_data['id']);
+    header('Location: '.BASE_URL.PAGE.','.IMAGE_IDENTIFIER.','.$photo_data['id'].',0,1#comments');
+    exit;
+   }
+ }
+elseif(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_GET['get_3']) && $_GET['get_3']=='edit' && isset($_GET['get_4']))
+ {
+  $template->assign('edit_data', $comment->get_edit_data($_GET['get_4']));
+  #$action = 'edit';
+ }
+elseif(isset($_POST['edit_save']))
+ {
+  $comment->edit_save();
+  if(isset($cache)) $cache->clearPhoto($photo_data['id']);
+  header('Location: '.BASE_URL.PAGE.','.IMAGE_IDENTIFIER.','.$photo_data['id'].',0,1,'.$comment->current_page.'#comments');
+ }
+elseif(isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_GET['get_3']) && $_GET['get_3']=='delete' && isset($_GET['get_4']))
+ {
+  $comment->delete($_GET['get_4']);
+  if(isset($cache)) $cache->clearPhoto($photo_data['id']);
+  header('Location: '.BASE_URL.PAGE.','.IMAGE_IDENTIFIER.','.$photo_data['id'].',0,1,'.$comment->current_page.'#comments');
+ }
+
+$template->assign('comments', $comment->get_comments());
+$template->assign('total_comments', $comment->total_comments);
+
+switch($comment->total_comments)
+ {
+  case 0:
+   $localization->selectVariant('number_of_comments', 0);
+   break;
+  case 1:
+   $localization->selectVariant('number_of_comments', 1);
+   break;
+  default:
+   $localization->selectVariant('number_of_comments', 2);
+   $localization->replacePlaceholder('comments', $comment->total_comments, 'number_of_comments');
+ }
+
+
+$template->assign('pagination', pagination($comment->total_pages,$comment->current_page));
+$template->assign('current_page', $comment->current_page);
+$template->assign('errors', $comment->errors);
+
+#if($comment->errors) showme($comment->errors);
+
+#$template->assign('pagination', $comment->get_pagination());
+$template->assign('form_values', $comment->form_values);
+$template->assign('form_session_data', $comment->form_session_data);
+$template->assign('form_session', $comment->form_session);
+
+?>

cms/includes/settings.inc.php

@@ -0,0 +1,114 @@
+<?php
+if(!defined('IN_INDEX') || empty($_SESSION[$settings['session_prefix'].'user_id'])) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_type']) && $_SESSION[$settings['session_prefix'].'user_type']==1)
+ {
+  if(isset($_POST['settings_submitted']))
+   {
+    if(empty($_POST['caching'])) $_POST['caching'] = 0;
+    if(empty($_POST['wysiwyg_editor'])) $_POST['wysiwyg_editor'] = 0;
+    Database::$content->beginTransaction();
+    $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name=:name");
+    $dbr->bindParam(':value', $val, PDO::PARAM_STR);
+    $dbr->bindParam(':name', $key, PDO::PARAM_STR);
+    while(list($key, $val) = each($_POST))
+     {
+      if($key!='settings_submitted' && $key!='clear_cache')
+       {
+        $dbr->execute();
+       }
+     }
+    Database::$content->commit();
+    if(isset($cache) && ($cache->autoClear || isset($_POST['clear_cache'])))
+     {
+      $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=settings&saved=true&cache_cleared=true');
+     }
+    else  
+     {
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=settings&saved=true');
+     }
+    #header('Location: '.BASE_URL.ADMIN_DIR.'index.php?msg=settings_saved');
+    exit;
+   }
+
+  if(isset($_GET['delete']))
+   {
+    $dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['settings_table']." WHERE name=:name");
+    $dbr->bindParam(':name', $_GET['delete'], PDO::PARAM_STR);
+    $dbr->execute();
+    if(isset($cache) && $cache->autoClear) $cache->clear();
+    header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=settings&action=advanced_settings');
+    exit;
+   }
+
+  if(isset($_POST['new_var_submitted']))
+   {
+    if(!preg_match('/^[a-zA-Z0-9_\-]+$/', $_POST['name']))
+     {
+      $errors[] = 'error_settings_spec_chars';
+      $action = 'advanced_settings';
+     }
+    if(empty($errors))
+     {
+      $dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['settings_table']." (name,value) VALUES (:name, :value)");
+      $dbr->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
+      $dbr->bindParam(':value', $_POST['value'], PDO::PARAM_STR);
+      $dbr->execute();
+      if(isset($cache) && $cache->autoClear) $cache->clear();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=settings&action=advanced_settings');
+      exit;
+     }
+    else
+     {
+      $template->assign('errors', $errors);
+     }
+   }
+
+  if(isset($_GET['action'])) $action = $_GET['action'];
+  if(empty($action)) $action = 'main_settings';
+
+  if(isset($_GET['saved'])) $template->assign('saved', true);
+  if(isset($_GET['cache_cleared'])) $template->assign('cache_cleared', true);
+   
+
+  switch($action)
+   {
+    case 'main_settings':
+     // get available pages:
+     $dbr = Database::$content->query("SELECT id, page FROM ".Database::$db_settings['pages_table']." ORDER BY page ASC");
+     $i=0;
+     while($pages_data = $dbr->fetch())
+      {
+       $pages[$i]['id'] = $pages_data['id'];
+       $pages[$i]['page'] = $pages_data['page'];
+       ++$i;
+      }
+     if(isset($pages))
+      {
+       $template->assign('pages',$pages);
+      }
+
+     $template->assign('page_languages', get_languages());
+     $template->assign('admin_languages', get_languages(true));
+
+     $template->assign('subtitle', Localization::$lang['settings']);
+     $template->assign('subtemplate', 'settings.inc.tpl');
+
+     // WYSIWYG editor available?
+     if(file_exists(BASE_PATH.WYSIWYG_EDITOR))
+      {
+       $template->assign('wysiwyg_editor_available', true);
+      }
+
+    break;
+    case 'advanced_settings';
+     $settings_sorted = array_map('htmlspecialchars', $settings);
+     ksort($settings_sorted);
+     $template->assign('settings_sorted', $settings_sorted);
+     $template->assign('subtitle', Localization::$lang['advanced_settings']);
+     $template->assign('subtemplate', 'settings_advanced.inc.tpl');
+    break;
+   }
+ }
+?>

cms/includes/spam_protection.inc.php

@@ -0,0 +1,130 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix'].'user_type']==1)
+ {
+  if(isset($_POST['spam_protection_submit']))
+   {
+    // banists:
+    if(isset($_POST['banned_ips']) && trim($_POST['banned_ips']) != '')
+     {
+      $banned_ips_array = preg_split('/\015\012|\015|\012/',$_POST['banned_ips']);
+      foreach($banned_ips_array as $banned_ip)
+       {
+        if(trim($banned_ip)!='') $banned_ips_array_checked[] = trim($banned_ip);
+       }
+      natcasesort($banned_ips_array_checked);
+      $banned_ips = implode("\n", $banned_ips_array_checked);
+      if(is_ip_banned($_SERVER['REMOTE_ADDR'], $banned_ips_array_checked)) $errors[] = 'error_own_ip_banned';
+     }
+    else $banned_ips = '';
+
+    if(isset($_POST['banned_user_agents']) && trim($_POST['banned_user_agents']) != '')
+     {
+      $banned_user_agents_array = preg_split('/\015\012|\015|\012/',$_POST['banned_user_agents']);
+      foreach($banned_user_agents_array as $banned_user_agent)
+       {
+        if(trim($banned_user_agent)!='') $banned_user_agents_array_checked[] = trim($banned_user_agent);
+       }
+      natcasesort($banned_user_agents_array_checked);
+      $banned_user_agents = implode("\n", $banned_user_agents_array_checked);
+      if(is_user_agent_banned($_SERVER['HTTP_USER_AGENT'], $banned_user_agents_array_checked)) $errors[] = 'error_own_user_agent_banned';
+     }
+    else $banned_user_agents = '';
+
+    if(isset($_POST['not_accepted_words']) && trim($_POST['not_accepted_words']) != '')
+     {
+      $not_accepted_words_array = preg_split('/\015\012|\015|\012/',$_POST['not_accepted_words']);
+      foreach($not_accepted_words_array as $not_accepted_word)
+       {
+        if(trim($not_accepted_word)!='') $not_accepted_words_array_checked[] = trim($not_accepted_word);
+       }
+      natcasesort($not_accepted_words_array_checked);
+      $not_accepted_words = implode("\n", $not_accepted_words_array_checked);
+     }
+    else $not_accepted_words = '';
+
+    $akismet_key = !empty($_POST['akismet_key']) ? $_POST['akismet_key'] : '';
+    $akismet_entry_check = isset($_POST['akismet_entry_check']) ? 1 : 0;
+    $akismet_mail_check = isset($_POST['akismet_mail_check']) ? 1 : 0;
+
+    if(trim($banned_ips=='') && trim($banned_user_agents=='')) $check_access_permission = 0;
+    else $check_access_permission = 1;
+
+    if(empty($errors))
+     {
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['banlists_table']." SET list=:list WHERE name=:name");
+      $dbr->bindValue(':name', 'ips', PDO::PARAM_STR);
+      $dbr->bindParam(':list', $banned_ips, PDO::PARAM_STR);
+      $dbr->execute();
+      $dbr->bindValue(':name', 'user_agents', PDO::PARAM_STR);
+      $dbr->bindParam(':list', $banned_user_agents, PDO::PARAM_STR);
+      $dbr->execute();
+      $dbr->bindValue(':name', 'words', PDO::PARAM_STR);
+      $dbr->bindParam(':list', $not_accepted_words, PDO::PARAM_STR);
+      $dbr->execute();
+      Database::$content->commit();
+
+      Database::$content->beginTransaction();
+      $dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['settings_table']." SET value=:value WHERE name=:name");
+      $dbr->bindValue(':name', 'akismet_key', PDO::PARAM_STR);
+      $dbr->bindParam(':value', $akismet_key, PDO::PARAM_STR);
+      $dbr->execute();
+      $dbr->bindValue(':name', 'akismet_entry_check', PDO::PARAM_STR);
+      $dbr->bindParam(':value', $akismet_entry_check, PDO::PARAM_STR);
+      $dbr->execute();
+      $dbr->bindValue(':name', 'akismet_mail_check', PDO::PARAM_STR);
+      $dbr->bindParam(':value', $akismet_mail_check, PDO::PARAM_STR);
+      $dbr->execute();
+      $dbr->bindValue(':name', 'check_access_permission', PDO::PARAM_STR);
+      $dbr->bindParam(':value', $check_access_permission, PDO::PARAM_STR);
+      $dbr->execute();
+      Database::$content->commit();
+
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=spam_protection&saved=true');
+      exit;
+     }
+
+    if(isset($errors))
+     {
+      $template->assign('errors',$errors);
+      if(isset($_POST['banned_ips'])) $template->assign('banned_ips',htmlspecialchars(stripslashes($_POST['banned_ips'])));
+      if(isset($_POST['banned_user_agents'])) $template->assign('banned_user_agents',htmlspecialchars(stripslashes($_POST['banned_user_agents'])));
+      if(isset($_POST['not_accepted_words'])) $template->assign('not_accepted_words',htmlspecialchars(stripslashes($_POST['not_accepted_words'])));
+      if(isset($_POST['akismet_key'])) $template->assign('akismet_key',htmlspecialchars(stripslashes($_POST['akismet_key'])));
+      if(isset($_POST['akismet_entry_check'])) $template->assign('akismet_entry_check',intval($_POST['akismet_entry_check']));
+      if(isset($_POST['akismet_mail_check'])) $template->assign('akismet_mail_check',intval($_POST['akismet_mail_check']));
+
+     }
+
+   }
+  else
+   {
+    $dbr = Database::$content->query("SELECT name, list FROM ".Database::$db_settings['banlists_table']);
+    while($data = $dbr->fetch())
+     {
+      switch($data['name'])
+       {
+        case 'ips':
+         $template->assign('banned_ips',htmlspecialchars(stripslashes($data['list'])));
+         break;
+        case 'user_agents':
+         $template->assign('banned_user_agents',htmlspecialchars(stripslashes($data['list'])));
+         break;
+        case 'words':
+         $template->assign('not_accepted_words',htmlspecialchars(stripslashes($data['list'])));
+         break;
+       }
+     }
+    $template->assign('akismet_key',htmlspecialchars(stripslashes($settings['akismet_key'])));
+    $template->assign('akismet_entry_check',intval($settings['akismet_entry_check']));
+    $template->assign('akismet_mail_check',intval($settings['akismet_mail_check']));
+   }
+  if(isset($_GET['saved']))
+   {
+    $template->assign('saved',true);
+   }
+  $template->assign('subtitle',Localization::$lang['spam_protection']);
+  $template->assign('subtemplate','spam_protection.inc.tpl');
+ }

cms/includes/users.inc.php

@@ -0,0 +1,270 @@
+<?php
+if(!defined('IN_INDEX')) exit;
+
+if(isset($_SESSION[$settings['session_prefix'].'user_id']))
+ {
+  if(isset($_POST['new_user_submitted']) && $_SESSION[$settings['session_prefix'].'user_type']==1)
+   {
+    if(trim($_POST['name'])=='' || trim($_POST['pw'])=='' || trim($_POST['pw_r'])=='')
+     {
+      $errors[] = 'error_form_uncomplete';
+     }
+    if(empty($errors))
+     {
+      if(mb_strpos($_POST['name'],',',0,CHARSET)!==false)
+       {
+        $errors[] = 'error_username_special_chars';
+       }
+      if($_POST['pw']!==$_POST['pw_r'])
+       {
+        $errors[] = 'error_pw_doesnt_comply';
+       }
+     }
+    if(empty($errors))
+     {
+      $dbr = Database::$userdata->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['userdata_table']." WHERE lower(name)=:name");
+      $dbr->bindValue(':name', mb_strtolower(trim($_POST['name']),CHARSET), PDO::PARAM_STR);
+      $dbr->execute();
+      if($dbr->fetchColumn()!=0)
+       {
+        $errors[] = 'error_username_alr_exists';
+       }
+     }
+    if(empty($errors))
+     {
+      $pw_hash = generate_pw_hash($_POST['pw']);
+      $dbr = Database::$userdata->prepare("INSERT INTO ".Database::$db_settings['userdata_table']." (name,type,pw,last_login) VALUES (:name,0,:pw,0)");
+      $dbr->bindValue(':name', trim($_POST['name']), PDO::PARAM_STR);
+      $dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR);
+      $dbr->execute();
+      header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=users');
+      exit;
+     }
+    if(isset($errors))
+     {
+      $template->assign('errors',$errors);
+     }
+    $action='new';
+   }
+
+  if(isset($_REQUEST['delete']))
+   {
+    if($_SESSION[$settings['session_prefix'].'user_id']==intval($_REQUEST['delete']))
+     {
+      $errors[] = 'del_yourself_imposs';
+      $template->assign('errors',$errors);
+      $action = 'main';
+     }
+    if(empty($errors))
+     {
+      if(isset($_REQUEST['confirmed']))
+       {
+        $dbr = Database::$userdata->prepare("DELETE FROM ".Database::$db_settings['userdata_table']." WHERE id=:id");
+        $dbr->bindParam(':id', $_REQUEST['delete'], PDO::PARAM_INT);
+        $dbr->execute();
+        header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=users');
+        exit;
+       }
+      else
+       {
+        $dbr = Database::$userdata->prepare("SELECT id, name FROM ".Database::$db_settings['userdata_table']." WHERE id=:id LIMIT 1");
+        $dbr->bindParam(':id', $_REQUEST['delete'], PDO::PARAM_INT);
+        $dbr->execute();
+        $data = $dbr->fetch();
+        if(isset($data['id']))
+         {
+          $userdata['id'] = $data['id'];
+          $userdata['name'] = htmlspecialchars($data['name']);
+          $template->assign('userdata',$userdata);
+         }
+        $action = 'delete_user';
+       }
+     }
+   }
+
+  if(isset($_GET['edit']))
+   {
+    if($_SESSION[$settings['session_prefix'].'user_type']==1)
+     {
+      $dbr = Database::$userdata->prepare("SELECT id, type, name FROM ".Database::$db_settings['userdata_table']." WHERE id=:id LIMIT 1");
+      #if($_SESSION[$settings['session_prefix'].'user_type']==0)
+      # {
+      #  $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+      # }
+      #else
+      # {
+        $dbr->bindParam(':id', $_GET['edit'], PDO::PARAM_INT);
+      # }
+      $dbr->execute();
+      $data = $dbr->fetch();
+      if(isset($data['id']))
+       {
+        $userdata['id'] = $data['id'];
+        $userdata['type'] = $data['type'];
+        $userdata['name'] = htmlspecialchars($data['name']);
+        $template->assign('userdata',$userdata);
+       }
+     }
+    $action = 'edit_user';
+   }
+
+  if(isset($_POST['edit_user_submitted']))
+   {
+    if($_SESSION[$settings['session_prefix'].'user_type']==1)
+     {
+      $name=trim($_POST['name']);
+      $new_pw = $_POST['new_pw'];
+      $new_pw_r = $_POST['new_pw_r'];
+      $type = intval($_POST['type']);
+
+      if(empty($_POST['id']) || trim($_POST['name'])=='')
+       {
+        $errors[] = 'error_form_uncomplete';
+       }
+      if(empty($errors))
+       {
+        $dbr = Database::$userdata->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['userdata_table']." WHERE lower(name)=:name AND id!=:id LIMIT 1");
+        $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+        $dbr->bindValue(':name', mb_strtolower(trim($_POST['name']), CHARSET), PDO::PARAM_INT);
+        $dbr->execute();
+        if($dbr->fetchColumn()!=0)
+         {
+          $errors[] = 'error_username_alr_exists';
+         }
+       }
+      if(empty($errors))
+       {
+        if(!empty($_POST['new_pw']) && $_POST['new_pw'] != $_POST['new_pw_r'])
+         {
+          $errors[] = 'error_pw_doesnt_comply';
+         }
+        if(intval($_POST['type'])!=0 && intval($_POST['type'])!=1)
+         {
+          $errors[] = 'invalid_user_type';
+         }
+        if($_SESSION[$settings['session_prefix'].'user_id']==intval($_POST['id']) && intval($_POST['type'])==0)
+         {
+          $errors[] = 'rights_limitation_imposs';
+         }
+       }
+      if(empty($errors))
+       {
+        if($_POST['new_pw']!='')
+         {
+          $pw_hash = generate_pw_hash($_POST['new_pw']);
+          $dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET name=:name, type=:type, pw=:pw WHERE id=:id");
+          $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+          $dbr->bindParam(':type', $_POST['type'], PDO::PARAM_INT);
+          $dbr->bindValue(':name', trim($_POST['name']), PDO::PARAM_STR);
+          $dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR);
+          $dbr->execute();
+         }
+        else
+         {
+          $dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET name=:name, type=:type WHERE id=:id");
+          $dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
+          $dbr->bindParam(':type', $_POST['type'], PDO::PARAM_INT);
+          $dbr->bindValue(':name', trim($_POST['name']), PDO::PARAM_STR);
+          $dbr->execute();
+         }
+       }
+      if(empty($errors))
+       {
+        header('location: '.BASE_URL.ADMIN_DIR.'index.php?mode=users');
+        exit;
+       }
+     }
+    elseif($_SESSION[$settings['session_prefix'].'user_type']==0)
+     {
+      if(empty($_POST['old_pw']) || empty($_POST['new_pw']) || empty($_POST['new_pw_r']))
+       {
+        $errors[] = 'error_form_uncomplete';
+       }
+      if(empty($errors))
+       {
+        $dbr = Database::$userdata->prepare("SELECT pw FROM ".Database::$db_settings['userdata_table']." WHERE id=:id LIMIT 1");
+        $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+        $dbr->execute();
+        $data = $dbr->fetch();
+        if(!is_pw_correct($_POST['old_pw'], $data['pw']))
+         {
+          $errors[] = 'error_pw_wrong';
+         }
+        if($_POST['new_pw']!==$_POST['new_pw_r'])
+         {
+          $errors[] = 'error_pw_doesnt_comply';
+         }
+       }
+      if(empty($errors))
+       {
+        $pw_hash = generate_pw_hash($_POST['new_pw']);
+        $dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET pw=:pw WHERE id=:id");
+        $dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR);
+        $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
+        $dbr->execute();
+       }
+      if(empty($errors))
+       {
+        header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=users&edit='.$_SESSION[$settings['session_prefix'].'user_id'].'&saved=true');
+        exit;
+       }
+     }
+    if(isset($errors))
+     {
+      $template->assign('errors',$errors);
+      if(isset($_POST['id'])) $userdata['id'] = intval($_POST['id']);
+      if(isset($_POST['type'])) $userdata['type'] = intval($_POST['type']);
+      if(isset($_POST['name'])) $userdata['name'] = htmlspecialchars($_POST['name']);
+      if(isset($userdata)) $template->assign('userdata', $userdata);
+      $action='edit_user';
+     }
+   }
+
+  if(isset($_GET['action'])) $action = $_GET['action'];
+  if(isset($_POST['action'])) $action = $_POST['action'];
+  if(empty($action)) $action = 'main';
+
+  if($_SESSION[$settings['session_prefix'].'user_type']==0 && $action == 'main')
+   {
+    header('location: '.BASE_URL.ADMIN_DIR.'index.php?mode=users&edit='.$_SESSION[$settings['session_prefix'].'user_id']);
+    exit;
+   }
+
+  #if($action!='main' && $_SESSION[$settings['session_prefix'].'user_type']==1) $admin_sub_menu = '<a href="'.basename($_SERVER['PHP_SELF']).'?mode=user">&laquo; '.$lang['user_overview'].'</a>';
+
+  switch($action)
+   {
+    case 'main':
+     $dbr = Database::$userdata->query("SELECT id, name, type, last_login FROM ".Database::$db_settings['userdata_table']." ORDER BY id ASC");
+     $dbr->execute();
+     $i=0;
+     while($data = $dbr->fetch())
+      {
+       $users[$i]['id'] = intval($data['id']);
+       $users[$i]['name'] = htmlspecialchars($data['name']);
+       $users[$i]['type'] = intval($data['type']);
+       $users[$i]['last_login'] = intval($data['last_login']);
+       ++$i;
+      }
+     if(isset($users))
+      {
+       $template->assign('users', $users);
+      }
+     $template->assign('subtitle', Localization::$lang['users']);
+     $template->assign('subtemplate', 'users.inc.tpl');
+     break;
+    case 'new':
+     $template->assign('subtitle', Localization::$lang['create_user_account']);
+     $template->assign('subtemplate', 'users_new.inc.tpl');
+     break;
+    case 'delete_user':
+     $template->assign('subtitle', Localization::$lang['delete_user']);
+     $template->assign('subtemplate', 'users_delete.inc.tpl');
+   break;
+   case 'edit_user':
+    if(isset($_GET['saved'])) $template->assign('saved', true);
+    $template->assign('subtitle', Localization::$lang['edit_userdata']);
+    $template->assign('subtemplate', 'users_edit.inc.tpl');
+    break;
+  }
+ }

cms/index.php

@@ -0,0 +1,147 @@
+<?php
+/**
+ * phpSQLiteCMS - a simple and lightweight PHP web content management system
+ * based on PHP and SQLite
+ *
+ * @author Mark Alexander Hoschek <alex at phpsqlitecms dot net>
+ * @copyright 2006-2010 Mark Alexander Hoschek
+ * @version 2.0.5
+ * @link http://phpsqlitecms.net/
+ * @package phpSQLiteCMS
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+try
+ {
+  session_start();
+  define('IN_INDEX', TRUE);
+  #include('./config/db_settings.conf.php');
+  require('./includes/functions.inc.php');
+  require('./includes/functions.admin.inc.php');
+
+  // load replacement functions for the multibyte string functions
+  // if they are not available:
+  if(!defined('MB_CASE_LOWER')) require('./includes/functions.mb_replacements.inc.php');
+
+  require('./includes/classes/Database.class.php');
+  $database = new Database(Database::ADMIN);
+
+  $settings = get_settings();
+
+  // access permission check for not registered users:
+  if($settings['check_access_permission']==1 && !isset($_SESSION[$settings['session_prefix'].'user_id']))
+   {
+    if(is_access_denied()) raise_error('403');
+   }
+
+  define('VALID_URL_CHARACTERS', '/^[a-zA-Z0-9._\-\/]+$/');
+  #define('VALID_URL_CHARACTERS', '/.*/');
+  #define('VALID_URL_CHARACTERS', '/^[\p{Cyrillic}a-zA-Z0-9._\-\/]+$/u');
+
+  define('ADMIN_DIR', 'cms/');
+  define('MEDIA_DIR', 'static/media/');
+  define('CACHE_DIR', 'cms/cache/');
+  define('IMAGE_IDENTIFIER', 'photo');
+  define('BASE_URL',get_base_url(ADMIN_DIR));
+  define('STATIC_URL', BASE_URL.'static/');
+  define('BASE_PATH',get_base_path(ADMIN_DIR));
+
+  define('WYSIWYG_EDITOR', 'cms/modules/tiny_mce/tiny_mce.js');
+  define('WYSIWYG_EDITOR_INIT', 'js/wysiwyg_init.js');
+
+  if($settings['caching'])
+   {
+    $cache = new Cache(BASE_PATH.CACHE_DIR, $settings);
+    if(empty($settings['admin_auto_clear_cache'])) $cache->autoClear=false;
+   }
+
+  if(isset($cache) && isset($_GET['clear_cache']) && isset($_SESSION[$settings['session_prefix'].'user_id']))
+   {
+    $cache->clear();
+    header('Location: index.php?msg=cache_cleared');
+    exit;
+   }
+
+  // set timezone:
+  if($settings['time_zone']) date_default_timezone_set($settings['time_zone']);
+
+  #require('./lang/'.$settings['admin_language_file']);
+  $localization = new Localization(BASE_PATH.'cms/lang/'.$settings['admin_language'].'.admin.lang.php');
+  define('CHARSET', Localization::$lang['charset']);
+
+  require('./includes/classes/Template.class.php');
+  $template = new Template();
+  $template->assign('settings', $settings);
+  #$template->set_settings($settings);
+
+  // set local language settings:
+  setlocale(LC_ALL, Localization::$lang['locale']);
+
+  $mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : 'admin_index';
+
+  // go to login if not logged in:
+  if(empty($_SESSION[$settings['session_prefix'].'user_id']))
+   {
+    $mode = 'login';
+    $template->assign('admin',false);
+   }
+  else
+   {
+    $template->assign('admin', true);
+    $template->assign('user_id', $_SESSION[$settings['session_prefix'].'user_id']);
+    $template->assign('user_type', $_SESSION[$settings['session_prefix'].'user_type']);
+   }
+
+  // include required file for mode:
+  switch($mode)
+   {
+    #case 'index': include('./includes/admin_index.inc.php'); break;
+    case 'login': include('./includes/login.inc.php'); break;
+    case 'logout': include('./includes/login.inc.php'); break;
+    case 'edit': include('./includes/edit.inc.php'); break;
+    case 'pages': include('./includes/pages.inc.php'); break;
+    case 'galleries': include('./includes/galleries.inc.php'); break;
+    case 'gcb': include('./includes/gcb.inc.php'); break;
+    case 'notes': include('./includes/notes.inc.php'); break;
+    case 'comments': include('./includes/comments.inc.php'); break;
+    case 'filemanager': include('./includes/filemanager.inc.php'); break;
+    case 'spam_protection': include('./includes/spam_protection.inc.php'); break;
+    case 'users': include('./includes/users.inc.php'); break;
+    case 'settings': include('./includes/settings.inc.php'); break;
+    case 'menus': include('./includes/menus.inc.php'); break;
+    case 'image': include('./includes/insert_image.inc.php'); break;
+    case 'modal': include('./includes/modal.inc.php'); break;
+    case 'thumbnail': include('./includes/insert_thumbnail.inc.php'); break;
+    case 'ajaxprocess': include('./includes/ajaxprocess.inc.php'); break;
+    default: include('./includes/admin_index.inc.php');
+   }
+
+  $template->assign('mode',$mode);
+  $template->assign('lang',Localization::$lang);
+  #$template->set_lang($lang);
+
+  header('Content-Type: text/html; charset='.Localization::$lang['charset']);
+  if(empty($template_file))
+   {
+    $template_file = 'main.tpl';
+   }
+  $template->display(BASE_PATH.'cms/templates/admin/'.$template_file);
+ } // end try
+
+catch(Exception $exception)
+ {
+  include('./includes/exception.inc.php');
+ }
+?>

cms/lang/english.admin.lang.php

@@ -0,0 +1,491 @@
+<?php
+$lang['lang'] =                          'en';
+$lang['charset'] =                       'utf-8';
+$lang['locale'] =                        array('en_US.utf8','en','eng');
+$lang['time_format'] =                   '%Y-%m-%d, %H:%M';
+$lang['time_format_full'] =              '%A, %B %d, %Y, %H:%M';
+$lang['dir'] =                           'ltr';
+
+# admin menu
+$lang['admin_menu_home'] =               'Home';
+$lang['admin_menu_admin'] =              'Administration';
+$lang['admin_menu_page_overview'] =      'Page overview';
+$lang['admin_menu_new_page'] =           'Create new page';
+$lang['admin_menu_logout'] =             'Log out';
+$lang['admin_menu_act_page_actions'] =   'This page:';
+$lang['admin_menu_edit_page'] =          'Edit';
+$lang['admin_menu_delete_page'] =        'Delete';
+$lang['cancel'] =                        'Cancel';
+$lang['admin_menu_delete_page_conf'] =   'Delete this page?';
+
+$lang['administration'] =                'Administration';
+
+$lang['submit_button_ok'] =              '&nbsp;OK&nbsp;';
+$lang['submit_button_delete'] =          'Delete!';
+$lang['edit'] =                          'edit';
+$lang['delete'] =                        'delete';
+$lang['drag_and_drop'] =                 'drag and drop';
+$lang['move_up'] =                       'move up';
+$lang['move_down'] =                     'move down';
+$lang['database_error'] =                'No connection to the database - please try again later!';
+$lang['error_headline'] =                'Error!';
+$lang['caution'] =                       'Caution!';
+$lang['invalid_request'] =               'Invalid request!';
+$lang['cache_cleared'] =                 'cache cleared';
+
+# main
+$lang['admin_menu_page_overview'] =      'Page overview';
+$lang['admin_menu_create_page'] =        'Create new page';
+$lang['admin_menu_edit_menus'] =         'Menus';
+$lang['admin_menu_edit_galleries'] =     'Photo galleries';
+$lang['admin_menu_edit_notes'] =         'Notes';
+$lang['admin_menu_edit_gcb'] =           'Global content blocks';
+$lang['admin_menu_edit_comments'] =      'Comments';
+$lang['admin_menu_filemanager'] =        'Filemanager';
+$lang['admin_menu_spam_protection'] =    'Spam protection';
+$lang['admin_menu_user_administr'] =     'User administration';
+$lang['admin_menu_clear_cache'] =        'clear cache';
+$lang['admin_menu_edit_userdata'] =      'Edit user data';
+$lang['admin_menu_settings'] =           'Settings';
+
+# login
+$lang['login'] =                         'Log in';
+$lang['login_failed'] =                  'User unknown or password wrong';
+$lang['login_username'] =                'Name:';
+$lang['login_password'] =                'Password:';
+$lang['login_submit'] =                  'log in';
+
+# content
+$lang['edit_wysiwyg_mode'] =             'WYSIWYG mode';
+$lang['edit_non_wysiwyg_mode'] =         'Text mode';
+$lang['change_edit_mode_notice'] =       'Caution! Current changes will not be saved when switching edit mode!';
+$lang['values_comma_separated'] =        'several values separated by comma';
+$lang['page_overview'] =                 'Page overview';
+$lang['create_new_page'] =               'Create new page';
+$lang['create_new_page_headline'] =      'Create new page';
+$lang['edit_page_headline'] =            'Edit page: [page]';
+
+$lang['invalid_page_type'] =             'Invalid page type';
+$lang['time_invalid'] =                  'Invalid created time';
+$lang['last_modified_invalid'] =         'Invalid last modified time';
+$lang['error_page_name_empty'] =         'No address specified';
+$lang['error_page_name_spec_chars'] =    'Page name contains special characters';
+$lang['error_page_name_alr_exists'] =    'Page name already exists';
+$lang['error_no_title'] =                'No title specified';
+
+$lang['page_name_marking'] =             'Page name';
+$lang['title_marking'] =                 'Title';
+$lang['no_pages'] =                      'No pages available.';
+$lang['content_marking'] =               'Content';
+$lang['sidebars_marking'] =              'Sidebars';
+$lang['properties_marking'] =            'Properties';
+$lang['include_marking'] =               'Include';
+$lang['page_notes_marking'] =            'Notes';
+$lang['help_marking'] =                  'Help';
+$lang['edit_page_name_marking'] =        'Address:';
+$lang['edit_page_title_marking'] =       'Page&nbsp;title:';
+$lang['edit_title_marking'] =            'Title:';
+$lang['edit_headline_marking'] =         'Headline:';
+$lang['edit_content_marking'] =          'Content:';
+$lang['edit_formatting'] =               'auto formatting';
+$lang['edit_sidebar_1_marking'] =        'Sidebar 1:';
+$lang['edit_sidebar_2_marking'] =        'Sidebar 2:';
+$lang['edit_sidebar_3_marking'] =        'Sidebar 3:';
+$lang['breadcrumbs'] =                   'Breadcrumbs:';
+$lang['edit_time_marking'] =             'Created:';
+$lang['edit_last_modified_marking'] =    'Last modified:';
+$lang['edit_time_format'] =              'YYYY-MM-DD HH:MM:SS';
+$lang['edit_display_time'] =             'Display time:';
+$lang['edit_display_time_label'] =       'display time on page';
+$lang['edit_description_marking'] =      'Description:';
+$lang['edit_keywords_marking'] =         'Keywords:';
+$lang['edit_sections_marking'] =         'Sections:';
+$lang['edit_category_marking'] =         'Category:';
+$lang['edit_page_info_marking'] =        'Page info:';
+$lang['edit_type_marking'] =             'Type:';
+$lang['edit_type_addition_marking'] =    'type parameter';
+$lang['edit_menus_marking'] =            'Menus:';
+$lang['edit_gcb_marking'] =              'Global content blocks:';
+$lang['edit_include_news'] =             'Include news:';
+$lang['edit_template_marking'] =         'Template:';
+$lang['page_type_default'] =             'Normal page';
+$lang['page_type_commentable'] =         'Commentable page';
+$lang['page_type_overview'] =            'Overview page';
+$lang['page_type_news'] =                'News page';
+$lang['page_type_simple_news'] =         'Simple news page';
+$lang['page_type_gallery'] =             'Photo gallery:';
+$lang['page_type_formmailer'] =          'Formmailer:';
+$lang['page_type_guestbook'] =           'Guestbook';
+$lang['page_type_redirect'] =            'Redirect:';
+$lang['page_type_language_redirect'] =   'Language redirect:';
+$lang['page_type_notes'] =               'Notes page:';
+$lang['page_type_newsletter'] =          'Newsletter subscription';
+$lang['page_type_search'] =              'Search';
+$lang['page_type_rss_feed'] =            'RSS Feed';
+$lang['page_type_notes_rss_feed'] =      'Notes RSS Feed:';
+$lang['page_type_sitemap'] =             'XML Sitemap';
+$lang['edit_include_in_marking'] =       'Include in:';
+$lang['edit_include_page_marking'] =     'Page:';
+$lang['edit_include_rss_marking'] =      'RSS Feed:';
+$lang['edit_include_sitemap_marking'] =  'XML Sitemap:';
+$lang['edit_order_number_marking'] =     'Order nr.:';
+$lang['edit_teaser_headline_marking'] =  'Teaser Headline:';
+$lang['edit_teaser_marking'] =           'Teaser:';
+$lang['edit_include_link'] =             'Linkname:';
+$lang['edit_teaser_img_marking'] =       'Teaser Image:';
+$lang['edit_page_notes_marking'] =       'Notes:';
+$lang['edit_page_mode_edit'] =           'edit page';
+$lang['edit_page_mode_save_as_new'] =    'save as new page';
+$lang['edit_page_send_pingbacks'] =      'Send pingbacks';
+$lang['edit_page_submit'] =              'Save';
+$lang['delete_page_headline'] =          'Delete page';
+$lang['delete_page_confirm'] =           'Do you really want to delete the page [page]?';
+$lang['delete_page_submit'] =            'OK - Delete';
+$lang['comments'] =                      'Edit Comments';
+$lang['page_doesnt_exist'] =             'Page doesn\'t exist!';
+$lang['no_authorization_edit'] =         'You are not authorized to edit or delete this page!';
+$lang['err_teaser_img_doesnt_exist'] =   'Teaser Image doesn\'t exist';
+$lang['thumbnail_button'] =              'Thumb.';
+$lang['thumbnail_title'] =               'Insert thumbnail';
+$lang['image_button'] =                  'Image';
+$lang['image_title'] =                   'Insert image';
+$lang['insert_html'] =                   'Insert HTML';
+$lang['bold_button'] =                   'bold';
+$lang['bold_button_title'] =             'Format bold';
+$lang['italic_button'] =                 'italic';
+$lang['italic_button_title'] =           'Format italic';
+$lang['link_button'] =                   'Link';
+$lang['link_button_title'] =             'Insert link';
+$lang['link_target_m'] =                 'Link target (page or URL):';
+$lang['link_text_m'] =                   'Link text (optional):';
+$lang['teaser_default_linkname'] =       'more...';
+$lang['created_marking'] =               'Created';
+$lang['last_modified_marking'] =         'Last modified';
+$lang['views_marking'] =                 'Views';
+$lang['total_views'] =                   'Total views since [time]:';
+$lang['reset_views'] =                   'reset';
+$lang['page_type_req_param'] =           'Page type requires parameter';
+$lang['page_language'] =                 'Language:';
+$lang['page_language_default'] =         'default';
+$lang['page_content_type'] =             'Content-Type:';
+$lang['page_content_type_exp'] =         'empty = text/html';
+$lang['page_charset'] =                  'Charset:';
+$lang['page_charset_exp'] =              'empty = [default_charset]';
+$lang['template_variables'] =            'Template variables (TV):';
+$lang['edit_permission'] =               'Authorized editors:';
+$lang['edit_permission_general'] =       'all editors are authorized to edit this page';
+$lang['invalid_edit_auth_list'] =        'please check the edit authorization list - it had to be cleared due to inexistent users';
+$lang['status'] =                        'Status:';
+$lang['status_puplished_searchable'] =   'puplished and searchable';
+$lang['status_puplished'] =              'puplished';
+$lang['status_draft'] =                  'draft';
+$lang['optional'] =                      '(optional)';
+
+# menus
+$lang['menus'] =                         'Menus';
+$lang['default_menu'] =                  'default menu';
+$lang['set_default_menu'] =              'set as default menu';
+$lang['menu_already_exists'] =           'Menu name already exists';
+$lang['error_menu_spec_chars'] =         'Menu name contains special characters';
+$lang['menu'] =                          'Menu';
+$lang['no_menu'] =                       'There\'s no no menu.';
+$lang['create_menu'] =                   'Create menu';
+$lang['menu_overview'] =                 'Menu overview';
+$lang['new_menu_hl'] =                   'New menu';
+$lang['new_menu_name'] =                 'New Menu:';
+$lang['edit_menu_hl'] =                  '[menu]';
+$lang['menu_item_name'] =                'Name';
+$lang['menu_item_title'] =               'Title';
+$lang['menu_item_link'] =                'Link';
+$lang['menu_item_section'] =             'Section';
+$lang['menu_item_accesskey'] =           'Accesskey';
+$lang['add_menu_item_submit'] =          'Add item';
+$lang['no_menu_item'] =                  'There\'s no menu item.';
+$lang['insert_menu_item'] =              'Add menu item:';
+$lang['menu_item_doesnt_exist'] =        'Menu item doesn\'t exist';
+$lang['edit_menu_item'] =                'Edit item';
+$lang['delete_menu_headline'] =          'Delete menu';
+$lang['delete_menu_confirm'] =           'Delete this menu?';
+$lang['delete_menu_name'] =              'Menu:';
+$lang['delete_menu_submit'] =            'OK - Delete';
+
+# gcb
+$lang['gcb'] =                           'Global content blocks';
+$lang['gcb_identifier'] =                'Identifier';
+$lang['gcb_content'] =                   'Content';
+$lang['add_gcb'] =                       'Add global content block';
+$lang['no_gcb'] =                        'No global content block available.';
+$lang['add_gcb'] =                       'Add global content block';
+$lang['edit_gcb'] =                      'Edit global content block';
+$lang['edit_gcb_identifier'] =           'Identifier:';
+$lang['edit_gcb_content'] =              'Content:';
+$lang['edit_gcb_formatting'] =           'auto formatting';
+$lang['gcb_error_no_identifier'] =       'No identifier specified';
+$lang['gcb_error_invalid_identifier'] =  'Identifier invalid';
+$lang['gcb_identifier_exists_error'] =   'Global content block identifier already exists';
+$lang['delete_gcb'] =                    'Delete global content block';
+$lang['delete_gcb_confirm'] =            'Delete this global content block?';
+
+# notes
+$lang['notes'] =                         'Notes';
+$lang['note_section'] =                  'Note section';
+$lang['create_note_section'] =           'Create note section';
+$lang['no_note_sections'] =              'There are no note sections.';
+$lang['note_section_name_m'] =           'Note section name:';
+$lang['add_note'] =                      'Add note';
+$lang['no_notes'] =                      'No notes in this section yet.';
+$lang['edit_note'] =                     'Edit note';
+$lang['edit_note_title'] =               'Title:';
+$lang['edit_note_text'] =                'Text:';
+$lang['edit_note_link'] =                'Link:';
+$lang['edit_note_linkname'] =            'Linkname:';
+$lang['edit_note_image'] =               'Image:';
+$lang['delete_note_confirm'] =           'Delete this note?';
+$lang['notes_title_hl'] =                'Title';
+$lang['notes_text_hl'] =                 'Text';
+$lang['notes_link_hl'] =                 'Link';
+$lang['notes_overview'] =                'Notes overview';
+$lang['delete_note_section'] =           'Delete note section';
+$lang['delete_note_section_confirm'] =   'Do you really want to delete the note section "[note_section]"?';
+$lang['delete_note_section_submit'] =    'OK - Delete';
+$lang['error_note_sect_name_invalid'] =  'Note section name invalid (e.g. contains spaces or special characters)';
+$lang['note_section_already_ex'] =       'Note section name already exists';
+$lang['notes_img_doesnt_exist'] =        'The image doesn\'t exist';
+$lang['edit_note_date_marking'] =        'Date/Time:';
+$lang['error_notes_no_title'] =          'No title entered';
+$lang['error_notes_no_text'] =           'No text entered';
+$lang['error_notes_time_invalid'] =      'Time invalid';
+
+# comments
+$lang['comments'] =                      'Comments';
+$lang['photo_comments_enabled'] =        'Photo comments are enabled ([[disable]]).';
+$lang['photo_comments_disabled'] =       'Photo comments are disabled ([[enable]]).';
+$lang['edit_comment'] =                  'Edit comment';
+$lang['delete_comments'] =               'Delete comments';
+$lang['comments_all_pages'] =            'All pages';
+$lang['comments_all_photos'] =           'All photos';
+$lang['comments_page_c'] =               'Page comments';
+$lang['comments_photo_c'] =              'Photo comments';
+$lang['comments_count'] =                '[comments_total] comments';
+$lang['comments_previous_page'] =        'Previous page';
+$lang['comments_next_page'] =            'Next page';
+$lang['no_comments'] =                   'No comments.';
+$lang['comments_page'] =                 'Page';
+$lang['comments_photo'] =                'Photo';
+$lang['comments_comment'] =              'Comment';
+$lang['comments_ip'] =                   'IP';
+$lang['comments_name'] =                 'Name';
+$lang['comments_time'] =                 'Date';
+$lang['toggle_selection'] =              'toggle selection';
+$lang['comments_del_checked'] =          'delete checked comments';
+$lang['comments_delete_all'] =           'delete all comments';
+$lang['delete_this_comment_confirm'] =   'Delete this comment?';
+$lang['delete_all_comments_page'] =      'delete all comments on [page]';
+$lang['delete_all_comments_photo'] =     'delete all comments on [photo]';
+$lang['delete_checked_confirm'] =        'Do you really want to delete the following comments?';
+$lang['delete_checked_confirm_subm'] =   'OK - Delete';
+$lang['delete_all_page_comments'] =      'Do you really want to delete <b>all</b> comments on <b>all</b> pages?';
+$lang['delete_all_photo_comments'] =     'Do you really want to delete <b>all</b> comments on <b>all</b> photos?';
+$lang['delete_all_comm_page_conf'] =     'Do you really want to delete <b>all</b> comments on <b>[page]</b>?';
+$lang['delete_all_comments_subm'] =      'OK - Delete';
+$lang['comments_name_m'] =               'Name:';
+$lang['comments_email_hp_m'] =           'E-mail or hompage:';
+$lang['report_spam'] =                   'Report spam';
+$lang['report_as_spam'] =                'report as spam';
+$lang['report_spam_confirm'] =           'Do you want to report this comment as spam to Akismet?';
+$lang['report_as_spam_submit'] =         'Report as spam';
+$lang['report_as_spam_delete_submit'] =  'Report as spam and delete';
+$lang['pingback'] =                      'Pingback';
+
+# photos
+$lang['photo_galleries'] =               'Photo galleries';
+$lang['new_gallery'] =                   'New gallery';
+$lang['edit_gallery'] =                  '[gallery]';
+$lang['edit_photo'] =                    'Edit photo';
+$lang['new_photo'] =                     'New Photo';
+$lang['gallery_properties_hl'] =         'Properties';
+$lang['gallery_name_alr_exists'] =       'Gallery name already exists';
+$lang['error_gallery_spec_chars'] =      'Gallery name contains special characters';
+$lang['gallery'] =                       'Gallery';
+$lang['no_gallery'] =                    'No gallery yet.';
+$lang['create_new_gallery'] =            'Create gallery';
+$lang['photo_overview'] =                'Photo overview';
+$lang['add_photo'] =                     'Add photo';
+$lang['photo'] =                         'Photo';
+$lang['photo_nr'] =                      'Nr.';
+$lang['photo_title'] =                   'Title';
+$lang['photo_subtitle'] =                'Subtitle';
+$lang['photo_description'] =             'Description';
+$lang['no_photo'] =                      'No photo yet.';
+$lang['delete_gallery'] =                'Delete gallery';
+$lang['delete_gallery_confirm'] =        'Delete this gallery?';
+$lang['delete_gallery_submit'] =         'OK - Delete';
+$lang['new_gallery_name'] =              'Gallery name:';
+$lang['edit_photo_thumbnail'] =          'Thumbnail:';
+$lang['edit_photo_normal'] =             'Photo:';
+$lang['edit_photo_large'] =              'Large photo:';
+$lang['edit_photo_size_flash'] =         '(only for *.swf/*.flv files)';
+$lang['edit_photo_xlarge'] =             'XLarge Photo:';
+$lang['edit_photo_title'] =              'Title:';
+$lang['edit_photo_subtitle'] =           'Subtitle:';
+$lang['edit_photo_description'] =        'Description:';
+$lang['invalid_photo'] =                 'Photo not avilable!';
+$lang['error_no_gallery'] =              'No gallery specified';
+$lang['error_no_thumbnail'] =            'No thumbnail specified';
+$lang['error_no_photo'] =                'No photo specified';
+$lang['error_no_photo_title'] =          'No title specified';
+$lang['select_image'] =                  'select image';
+$lang['err_photo_t_doesnt_exist'] =      'Thumbnail doesn\'t exist';
+$lang['err_image_type'] =                'Thumbnail must be an image (JPG/PNG/GIF)';
+$lang['err_photo_n_doesnt_exist'] =      'Photo doesn\'t exist';
+$lang['err_photo_l_doesnt_exist'] =      'Large photo doesn\'t exist';
+$lang['gallery_properties'] =            'Gallery properties';
+$lang['specify_photo_tpl_m'] =           'Photo template';
+$lang['photos_per_row'] =                'Photos per row';
+$lang['delete_photo_confirm'] =          'Delete this photo?';
+
+# user
+$lang['users'] =                         'Users';
+$lang['user_name'] =                     'Name';
+$lang['user_type'] =                     'Type';
+$lang['type_0'] =                        'editor';
+$lang['type_1'] =                        'admin';
+$lang['last_login'] =                    'Last login';
+$lang['no_users'] =                      'There are no users.';
+$lang['create_user_account'] =           'Create user account';
+$lang['user_name_m'] =                   'Username:';
+$lang['pw_m'] =                          'Password:';
+$lang['pw_conf_m'] =                     'Repeat password:';
+$lang['delete_user'] =                   'Delete user account';
+$lang['delete_user_confirm'] =           'Delete this user?';
+$lang['delete_user_submit'] =            'OK - Delete user';
+$lang['edit_userdata'] =                 'Edit user data';
+$lang['edit_userdata_name'] =            'Name:';
+$lang['edit_userdata_type'] =            'Type:';
+$lang['change_pw_old'] =                 'Old password:';
+$lang['change_pw_new'] =                 'New password:';
+$lang['change_pw_new_conf'] =            'Repeat new password:';
+$lang['change_pw_note'] =                '(only if you want to change it)';
+$lang['error_username_special_chars'] =  'Username contains invalid characters';
+$lang['error_username_alr_exists'] =     'Username already exists';
+$lang['error_pw_doesnt_comply'] =        'Password doesn\'t match with the repeated one';
+$lang['error_form_uncomplete'] =         'You didn\'t fill out all form fields';
+$lang['error_pw_wrong'] =                'Password wrong!';
+$lang['invalid_user_type'] =             'Invalid user type';
+$lang['rights_limitation_imposs'] =      'Limitation of your own user rights is not possible';
+$lang['del_yourself_imposs'] =           'You can\'t delete yourself.';
+$lang['userdata_saved_message'] =        'Userdata saved';
+
+#filemanager
+$lang['filemanager'] =                   'Filemanager';
+$lang['upload_file'] =                   'Upload file';
+$lang['directory'] =                     'Directory:';
+$lang['no_files'] =                      'No files.';
+$lang['file'] =                          'File';
+$lang['file_type'] =                     'Type';
+$lang['file_size'] =                     'Size (KB)';
+$lang['file_date'] =                     'Date';
+$lang['delete_file'] =                   'Delete file';
+$lang['delete_file_confirm'] =           'Delete this file?';
+$lang['delete_file_submit'] =            'OK - Delete file';
+$lang['delete_file_error'] =             'Unable to delete the file';
+$lang['file_legend'] =                   'File';
+$lang['upload_file_link'] =              'Upload file';
+$lang['upload_file_label'] =             'File:';
+$lang['upload_directory_label'] =        'Upload to:';
+$lang['overwrite_file'] =                'overwrite file with same name';
+$lang['image_options'] =                 'Options for images';
+$lang['upload_file_submit'] =            'Upload file';
+$lang['filename_on_server'] =            'Filename on server:';
+$lang['filename_server_same'] =          '(blank if unchanged)';
+$lang['upload_file_exists'] =            'There\'s already a file with this name';
+$lang['error_no_file'] =                 'No file to upload specified';
+$lang['upload_ok'] =                     'File successfully uploaded';
+$lang['delete_image_confirm'] =          'Are you sure you want to delete this image?';
+$lang['delete_image_submit'] =           'OK - Delete';
+$lang['delete_image_cancel'] =           'Cancel';
+$lang['upload_image_exists'] =           'There\'s already an image with this name';
+$lang['upload_overwrite_image'] =        'overwrite image with same name';
+$lang['dont_manipulate_image'] =         'Leave image as it is';
+$lang['manipulate_image'] =              'Modify image:';
+$lang['resize'] =                        'Resize:';
+$lang['resize_width'] =                  'width';
+$lang['resize_height'] =                 'height';
+$lang['compression'] =                   'Compression:';
+$lang['compression_jpg_only'] =          '(only for JPG images)';
+$lang['image_name_on_server'] =          'Image name on server:';
+$lang['image_name_server_same'] =        '(blank if unchanged)';
+$lang['error_no_image'] =                'No image to upload specified';
+$lang['invalid_image_format'] =          'Invalid image format ([format])';
+$lang['invalid_image_name'] =            'Invalid image name';
+$lang['invalid_compression_value'] =     'The value for the compression has to be between 1 and 100';
+$lang['create_thumbnail'] =              'Create thumbnail:';
+
+# settings
+$lang['settings'] =                      'Settings';
+$lang['advanced_settings'] =             'Advanced settings';
+$lang['settings_website_title'] =        'Website title';
+$lang['settings_website_subtitle'] =     'Subtitle';
+$lang['settings_website_footnote_1'] =   'Footnote 1';
+$lang['settings_website_footnote_2'] =   'Footnote 2';
+$lang['settings_website_address'] =      'URL';
+$lang['settings_email'] =                'E-mail';
+$lang['settings_index_page'] =           'Main page';
+$lang['settings_error_page'] =           'Error page';
+$lang['default_page_language'] =         'Default page language';
+$lang['admin_language'] =                'Administration language';
+$lang['wysiwyg_editor'] =                'WYSIWYG editor';
+$lang['wysiwyg_editor_enabled'] =        'WYSIWYG editor enabled';
+$lang['settings_caching'] =              'Caching';
+$lang['settings_caching_enabled'] =      'caching enabled';
+$lang['settings_name'] =                 'Name';
+$lang['settings_value'] =                'Value';
+$lang['add_new_setting_var'] =           'Add new settings variable';
+$lang['error_settings_spec_chars'] =     'Variable contains special characters';
+$lang['delete_setting_confirm'] =        'Delete this setting variable?';
+$lang['settings_saved'] =                'Settings saved';
+
+# spam protection
+$lang['spam_protection'] =               'Spam protection';
+$lang['akismet'] =                       'Akismet';
+$lang['akismet_desc'] =                  'Akismet spam protection';
+$lang['akismet_key'] =                   'Wordpress API Key:';
+$lang['akismet_entry_check'] =           'check comments';
+$lang['akismet_mail_check'] =            'check contact forms';
+$lang['banned_ips'] =                    'Banned IPs';
+$lang['banned_ips_desc'] =               'IP adresses which should not have access. IP ranges (e.g. 10.10.1.*) and CIDR notation (e.g. 10.10.1.32/27) possible. One IP per line.';
+$lang['banned_user_agents'] =            'Banned user agents';
+$lang['banned_user_agents_desc'] =       'Strings in user agents, which should not have access. One string per line.';
+$lang['not_accepted_words'] =            'Not accepted words';
+$lang['not_accepted_words_desc'] =       'Words or domains that should not be accepted in entries and e-mails. One word per line.';
+$lang['spam_protection_submit'] =        'OK - Save';
+$lang['spam_protection_saved'] =         'Saved';
+$lang['error_own_ip_banned'] =           'You banned your own IP!';
+$lang['error_own_user_agent_banned'] =   'You banned your own User Agent!';
+
+# insert_image
+$lang['insert_image'] =                  'Insert image';
+$lang['select_image_title'] =            'Insert image';
+$lang['insert_image_button'] =           'Insert image';
+$lang['insert_thumbnail_button'] =       'Insert thumbnail';
+$lang['default_image_alt'] =             'Image';
+$lang['upload_submit'] =                 'OK - Upload image';
+$lang['upload_image'] =                  'Upload image';
+$lang['upload_image_marking'] =          'Choose image:';
+$lang['available_images'] =              'Available images';
+$lang['no_images'] =                     'No images available';
+#$lang['view_image_button'] =             'show';
+#$lang['delete_image_button'] =           'delete';
+
+# insert_thumbnail
+$lang['insert_thumbnail'] =              'Insert thumbnail';
+$lang['thumbnail_select_gallery'] =      'Select gallery:';
+$lang['insert_image_label'] =           'Insert image';
+$lang['insert_thumbnail_label'] =       'Insert thumbnail';
+$lang['insert_gallery_label'] =         'Insert gallery';
+$lang['insert_image_class'] =            'CSS class:';
+$lang['insert_image_alt'] =              'ALT text:';
+$lang['insert_image_width_height'] =     'Width/Height:';
+$lang['delete_error'] =                  'Delete error';
+$lang['upload_error'] =                  'Upload error - check writing permission of img folder!';
+?>

cms/lang/english.page.lang.php

@@ -0,0 +1,179 @@
+<?php
+// Meta informaton:
+$lang['lang'] =                          'en';
+$lang['charset'] =                       'utf-8';
+$lang['locale'] =                        array('en_US.utf8','en','eng');
+#$lang['time_format'] =                  '%Y-%m-%d, %H:%M';
+#$lang['time_format_full'] =             '%A, %B %d, %Y, %H:%M';
+$lang['dir'] =                           'ltr';
+
+// General:
+$lang['exception_title'] =               'Error';
+$lang['exception_message'] =             'An error occurred while processing this directive.';
+$lang['error_headline'] =                'Error:';
+$lang['page_time'] =                     '[time|%A, %B %d, %Y, %H:%M]';
+$lang['include_news_time'] =             '[time|%B %e, %Y]';
+$lang['submit_button_ok'] =              '&nbsp;OK&nbsp;';
+$lang['page_last_modified'] =            '<!--Created: [created|%Y-%m-%d, %H:%M] - -->Last modified: [last_modified|%Y-%m-%d, %H:%M]';
+$lang['no_comments'] =                   'no comments';
+$lang['one_comment'] =                   '1 comment';
+$lang['several_comments'] =              '[comments] comments';
+$lang['number_of_comments'][0] =         'no comments';
+$lang['number_of_comments'][1] =         '1 comment';
+$lang['number_of_comments'][2] =         '[comments] comments';
+$lang['pagination'] =                    'Page [current_page] of [total_pages]';
+$lang['edit'] =                          'edit';
+$lang['delete'] =                        'delete';
+$lang['all_categories'] =                'show all categories';
+
+// Admin Menu:
+$lang['admin_menu_home'] =               'Home';
+$lang['admin_menu_admin'] =              'Administration';
+$lang['admin_menu_page_overview'] =      'Page overview';
+$lang['admin_menu_new_page'] =           'Create new page';
+$lang['admin_menu_logout'] =             'Log out';
+$lang['admin_menu_act_page_actions'] =   'This page:';
+$lang['admin_menu_edit_page'] =          'Edit';
+$lang['admin_menu_delete_page'] =        'Delete';
+$lang['admin_menu_delete_page_conf'] =   'Do you really want to delete this page?';
+
+// Comments:
+$lang['comment_headline'] =              'Comments';
+$lang['pingback_headline'] =             'Pingbacks';
+$lang['comment_no_comments'] =           'No comments yet.';
+$lang['comments_closed'] =               'Comments are closed.';
+$lang['comment_time'] =                  '[time|%A, %B %d, %Y, %H:%M]';
+$lang['comments_pagination_info'] =      '[total_comments] comments, page [current_page] of [total_pages]';
+$lang['comments_add_comment'] =          'Add comment';
+$lang['comment_input_text'] =            'Add comment:';
+$lang['comment_edit_text'] =             'Edit comment:';
+$lang['comment_input_name'] =            'Name:';
+$lang['comment_input_email_hp'] =        'E-mail or homepage:';
+$lang['comment_input_submit'] =          '&nbsp;OK&nbsp;';
+$lang['comment_input_preview'] =         'Preview';
+$lang['comment_preview_hl'] =            'Preview:';
+$lang['error_not_accepted_word'] =       'Not accepted word: [not_accepted_word]';
+$lang['error_not_accepted_words'] =      'Not accepted words: [not_accepted_words]';
+$lang['comment_error_closed'] =          'Comments are closed!';
+$lang['comment_error_no_name'] =         'No name entered';
+$lang['comment_error_no_text'] =         'No comment entered';
+$lang['comment_error_name_too_long'] =   'The name is too long';
+$lang['comment_error_email_hp_too_long'] = 'E-mail/homepage is too long';
+$lang['comment_error_email_hp_invalid'] = 'E-mail/homepage invalid';
+$lang['comment_error_text_too_long'] =   'The text is too long ([characters] charcters; maximum: [max_characters] characters)';
+$lang['comment_error_too_long_word'] =   'Too long word: [word]';
+$lang['comment_error_too_long_words'] =  'Too long words: [words]';
+$lang['comment_error_entry_exists'] =    'This entry already exists';
+$lang['comment_error_repeated_post'] =   'There has just been entered an entry with this IP - please wait a moment!';
+$lang['comment_error_too_fast'] =        'Form was submitted too fast - please try again!';
+$lang['comment_delete_link'] =           'delete';
+$lang['comment_delete_confirm'] =        'Do you really want to delete this comment?';
+$lang['comment_edit_link'] =             'edit';
+$lang['comment_note_email'] =            '(optional)';
+$lang['comments_open'] =                 'open';
+$lang['comments_close'] =                'Close comments';
+$lang['comment_notification_subject'] =  'Comment to [page]';
+$lang['comment_notification_message'] =  "[name]\n\n[comment]\n\n[link]";
+$lang['pingback_notification_subject'] = 'Pingback to [page]';
+$lang['pingback_notification_message'] = "[title]\n[url]\n[link]";
+
+// News:
+$lang['news_time'] =                     '[time|%A, %B %d, %Y, %H:%M]';
+$lang['no_news'] =                       'No news availble';
+
+// Notes:
+$lang['note_time'] =                     '[time|%A, %B %d, %Y, %H:%M]';
+$lang['no_notes'] =                      'No notes availble';
+
+// Formmailer:
+$lang['formmailer_label_email'] =        'E-mail:';
+$lang['formmailer_label_subject'] =      'Subject:';
+$lang['formmailer_label_message'] =      'Message:';
+$lang['formmailer_button_send'] =        'OK - Send';
+$lang['formmail_error_email_invalid'] =  'E-mail address invalid or empty';
+$lang['formmail_error_no_message'] =     'No message entered';
+$lang['formmail_error_text_too_long'] =  'The message is too long';
+$lang['formmail_error_subj_too_long'] =  'The subject is too long';
+$lang['formmail_error_mailserver'] =     'Mailserver error - please try again later!';
+$lang['formmailer_mail_sent'] =          'The message has been sent successfully.';
+$lang['formmailer_no_subject'] =         'No subject';
+
+// Gallery:
+$lang['gallery_no_photo'] =              'No photo in this gallery';
+
+// Photo:
+$lang['photo_headline'] =                'Photo';
+$lang['previous_photo'] =                'Previous image';
+$lang['next_photo'] =                    'Next image';
+$lang['enlarge_photo'] =                 'Enlarge';
+$lang['reduce_photo'] =                  'Reduce';
+$lang['show_large_photo'] =              'Large';
+$lang['show_large_photo_title'] =        'Show large photo';
+$lang['back_link'] =                     'back';
+$lang['back_title'] =                    'Back to &quot;[page]&quot;';
+$lang['photo_comment_link_title'] =      'Read or write comments to this photo';
+
+// Simple news:
+$lang['simple_news_time'] =              '[time|%A, %B %e, %Y]';
+$lang['simple_news_edit_title'] =        'Title:';
+$lang['simple_news_edit_teaser'] =       'Teaser:';
+$lang['simple_news_edit_text'] =         'Text:';
+$lang['simple_news_edit_text_format'] =  'auto formatting';
+$lang['simple_news_edit_linkname'] =     'Link name:';
+$lang['simple_news_default_linkname'] =  'more…';
+$lang['simple_news_edit_time'] =         'Date/time:';
+$lang['simple_news_edit_time_format'] =  '(YYYY-MM-DD HH:MM:SS)';
+$lang['simple_news_add_item'] =          'Add entry';
+$lang['simple_news_edit_item'] =         'Edit item';
+$lang['simple_news_delete_confirm'] =    'Do you really want to delete this entry?';
+$lang['error_news_no_title'] =           'No title specified';
+$lang['error_news_no_text'] =            'No text entered';
+$lang['error_news_time_invalid'] =       'invalid date/time format';
+$lang['delete_news_title'] =             'Delete entry';
+$lang['delete_news_confirm_submit'] =    'OK - Delete';
+
+// Newsletter:
+$lang['newsletter_subscr_email'] =       'E-mail address:';
+$lang['newsletter_subscribe'] =          'subscribe';
+$lang['newsletter_unsubscribe'] =        'unsubscribe';
+$lang['newsletter_email'] =              'E-mail';
+$lang['newsletter_subscribe_time'] =     'Subscribed';
+$lang['newsletter_subscribe_time_format'] = '[time|%d.%m.%Y, %H:%M]';
+$lang['newsletter_error_invalid_email'] = 'E-mail address invalid';
+$lang['newsletter_error_email_exists'] = 'This e-mail address already exists';
+$lang['newsletter_error_email_not_exist'] = 'The e-mail address doesn\'t exist';
+$lang['newsletter_error_mail'] =         'Error while sending e-mail - please try again later';
+$lang['newsletter_conf_ok'] =            'Thank you! Your e-mail address has been confirmed.';
+$lang['newsletter_delete_ok'] =          'You have successfully unsubscribed from the newsletter!';
+$lang['newsletter_conf_failed'] =        '<b>Error:</b> Invalid confirmation link (e.g. time period expired)!';
+$lang['newsletter_conf_mail_sent'] =     'An e-mail with a confirmation link has been sent to the specified e-mail address. Please confirm this link within one hour!';
+$lang['newsletter_email_delete'] =       'delete';
+$lang['newsletter_no_emails'] =          'No e-mail addresses available.';
+$lang['newsletter_add_email'] =          'Add e-mail address:';
+$lang['newsletter_email_list'] =         'E-mail list';
+$lang['newsletter_edit_emails'] =        'Edit e-mail addresses';
+$lang['newsletter_email_count'] =        '[number] e-mail addresses';
+$lang['newsletter_subscribe_subj'] =     'Subscribe to newsletter';
+$lang['newsletter_subscribe_text'] =     "Your e-mail address has been added to our mailing list. Please click the link below to confirm your request. If this e-mail has been sent in error (either by you or someone else) please ignore this e-mail.\n\nLink to confirm the subscription:\n[link]";
+$lang['newsletter_unsubscribe_subj'] =   'Unsubscribe to newsletter';
+$lang['newsletter_unsubscribe_text'] =   "Please click the following link to unsubscribe to the newsletter:\n[link]";
+$lang['newsletter_checkall'] =           'check all';
+$lang['newsletter_uncheckall'] =         'uncheck all';
+$lang['newsletter_delete_checked'] =     'Delete checked';
+$lang['newsletter_delete_confirm'] =     'Delete e-mail(s)?';
+$lang['newsletter_delete_confirm_submit'] = 'OK - Delete';
+
+// Search:
+$lang['search_submit'] =                 'Search';
+$lang['search_number_of_results'][0] =   'No pages found';
+$lang['search_number_of_results'][1] =   '1 page found:';
+$lang['search_number_of_results'][2] =   '[pages] pages found:';
+$lang['search_pagination'] =             '[total_results] results, page [current_page] of [total_pages]';
+$lang['search_photo'] =                  'Photo';
+$lang['search_no_results'] =             'No pages found';
+
+// Akismet:
+$lang['akismet_error_api_key'] =         'Invalid akismet api key';
+$lang['akismet_error_connection'] =      'Server connection error - please try again later';
+$lang['akismet_spam_suspicion'] =        'Spam suspicion!'
+?>

cms/modules/.dummy

@@ -0,0 +1 @@
+