<?
  session_name('w7400cms');
  session_start();

  // Sys-INIT
  $JumpToEdit     = '';
  $w74page        = '';
  $onload_message = '';
  $loadparent     = '';
  $grandparent    = '';
  $linkspur[1]    = '';
  $linkspur[2]    = '';
  $linkspur[3]    = '';
  $pagespur[1]    = '';
  $pagespur[2]    = '';
  $pagespur[3]    = '';
  if( ! isset( $_SESSION['online'] ) ) 
    { $_SESSION['online'] = false; }

  // MySQL öffnen
  if( file_exists( '7400_config/config.inc.php' ) )
    {
      include( '7400_config/config.inc.php' );
      if( ! $w74handle )
        { 
          include( '7400_styles/nosql.php' ); 
          die(); 
        }
    }
  else
    {
      include( '7400_styles/nosql.php' );
      die();
    }

  // Login-Installation
  $log = mysql_query( "SELECT params FROM ".W74PREFIX."install WHERE addon='Std-Login' LIMIT 1" );
  if( mysql_num_rows( $log ) == 1 )
    { 
      $lin = mysql_fetch_assoc( $log );
      $pars = explode( '|', $lin['params'] );
      $par1 = explode( ':', $pars[0] );      
      $par2 = explode( ':', $pars[1] );
      mysql_query( "UPDATE ".W74PREFIX."navibox SET aktiv='".$par1[1]."'    WHERE name='Login' LIMIT 1" );
      mysql_query( "UPDATE ".W74PREFIX."navibox SET aktiv='".$par1[1]."'    WHERE name='Logout' LIMIT 1" );
      mysql_query( "UPDATE ".W74PREFIX."content SET freigabe='".$par2[1]."' WHERE page='Std-Login' LIMIT 1 " );
    }

  // Style Name holen
  $w74stname = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='STYLE_Aktiv' LIMIT 1" ) );  
  $stname    = trim( $w74stname['inhalt'] );

  // Style Parameter
  $w74aktstyle = mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."stylemain WHERE stylename='".$stname."' LIMIT 1" ) );
  $style_path     = $w74aktstyle['pfad'];
  $style_banner   = $w74aktstyle['banner'];
  $style_navigate = $w74aktstyle['navigate'];
  $style_abstl    = $w74aktstyle['abstl'];
  $style_absto    = $w74aktstyle['absto'];
  $style_tabelle  = $w74aktstyle['tabelle'];
  $style_frei     = $w74aktstyle['frei'];
  $_SESSION['style_path'] = $style_path;
  switch( $w74aktstyle['lage'] )
  {
    case 'links'  : $style_lage = 'left';   break;
    case 'mitte'  : $style_lage = 'center'; break;
    case 'rechts' : $style_lage = 'right';  break;
  } 

  // Sonstige globale Parameter
  $w74active      = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='MENUE_Indicate' LIMIT 1" ) );
  $menue_indicate = StrToBool( $w74active['inhalt'] );
  $w74proname     = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='PROJEKT_Name' LIMIT 1" ) );
  $projekt_name   = $w74proname['inhalt'];
  $w74lauf        = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='HP_Laufschrift' LIMIT 1" ) );
  $hp_laufschrift = $w74lauf['inhalt'];

  // Externe User-DB...
  $w74extdb       = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='EXTERN_UserDB' LIMIT 1" ) ); 
  $w74extusr      = explode( ',', $w74extdb['inhalt'] );
  $fields = $w74extusr[1].','.$w74extusr[2].','.$w74extusr[3];
  $extdb  = $w74extusr[0]; $extlog = $w74extusr[1]; $extpwd = $w74extusr[2]; $extid = $w74extusr[3];

  // NextLink-Parameter lesen
  if( $_GET['page']  != '' ) { $w74page = $_GET['page'];  }
  if( $_POST['page'] != '' ) { $w74page = $_POST['page']; }

  // Login-Status prüfen
  if( $_POST['login'] == '1' )
    {
      // Erst interne DB prüfen
      $vuser = mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."userdata WHERE BINARY login='".$_POST['username']."' LIMIT 1" ) );
      if( $vuser['password'] == md5( $_POST['password'] ) )
        {
          $_SESSION['login']    = $vuser['login']; 
          $_SESSION['password'] = $vuser['password']; 
          $_SESSION['user_id']  = $vuser['id']; 
          $_SESSION['level']    = $vuser['level'];
          $_SESSION['online']   = true;
          $_SESSION['errcnt']   = 0;
          SetLogin( 0, '', '' );
          mysql_query( "UPDATE ".W74PREFIX."userdata SET session='".session_id()."' WHERE id='".$vuser['id']."' LIMIT 1" );
        }
      else
        {
          // Eventuell externe DB?
          if( trim( $extdb ) == '' )
            { 
              $onload_message = "Username oder Passwort unbekannt."; 
              SetLogin( 1, $_POST['username'], $_POST['password'] );
            }
          else
            {
              // Ja, externe DB vorhanden
              $vuser = mysql_fetch_assoc( mysql_query( "SELECT ".$fields." FROM ".$extdb." WHERE BINARY ".$extlog."='".$_POST['username']."' LIMIT 1" ) );
              if( $vuser[$extpwd] == md5( $_POST['password'] ) )
                {
                  $_SESSION['login']    = $vuser[$extlog]; 
                  $_SESSION['password'] = $vuser[$extpwd]; 
                  $_SESSION['user_id']  = $vuser[$extid]; 
                  $_SESSION['level']    = 0;
                  $_SESSION['online']   = true;
                  $_SESSION['errcnt']   = 0;
                  SetLogin( 0, '', '' );
                }
              else
                { 
                  $onload_message = "Username oder Passwort unbekannt."; 
                  SetLogin( 1, $_POST['username'], $_POST['password'] );
                }
            }
        }
    }

  // Logout-Anforderung prüfen
  if( $_POST['logout'] == '1' )
    {
      $_SESSION['login']    = ''; 
      $_SESSION['password'] = ''; 
      $_SESSION['user_id']  = ''; 
      $_SESSION['level']    = '';
      $_SESSION['online']   = false;
    }

  // Angeforderte Seite erlaubt?
  if( ! trim( $w74page ) == '' )
    {
      // Freigabe = JA ???
      $erlaubt = mysql_fetch_assoc( mysql_query( "SELECT freigabe, status FROM ".W74PREFIX."content WHERE page='".$w74page."' LIMIT 1" ) );
      if( ! StrToBool( $erlaubt['freigabe'] ) ) 
        { $w74page = ''; $onload_message = "Seite nicht gefunden."; }
      else 
        {
          if( ! CheckStatus( $erlaubt['status'], false, $w74page ) )
            { $w74page = ''; $onload_message = "Seite nicht gefunden!"; }
          else
            {  
              if( $_SESSION['login'] != '' )
                {
                  $ts = mysql_fetch_assoc( mysql_query( "SELECT session FROM ".W74PREFIX."userdata WHERE login='".$_SESSION['login']."' LIMIT 1" ) );
                  if( $ts['session'] != session_id() )
                    { $w74page = ''; $onload_message = "Seite nicht gefunden!!"; }                
                }
            }
        }        
    }

  // Unbekannt oder nicht erlaubt? Dann "default-Seite" zeigen
  if( $w74page == '' )
    { 
      $w74tmp = mysql_fetch_assoc( mysql_query( "SELECT inhalt FROM ".W74PREFIX."config WHERE schluessel='CONTENT_Default' LIMIT 1 " ) );
      $w74page = $w74tmp['inhalt'];
      if( $w74tmp['inhalt'] == '' )
        { 
          // nicht definiert > 1. Seite vom Content
          $w74tmp = mysql_fetch_assoc( mysql_query( "SELECT page FROM ".W74PREFIX."content ORDER BY id LIMIT 1" ) );
          $w74page = $w74tmp['page'];
        }
    }

  // Seiteninhalte lesen und aufbereiten
  $contentlines = array();
  $pagecontent = array( 0, false );

  // Erste Spalte und erste Zeile
  $submenu  = array();
  $res00    = mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."content WHERE page='".$w74page."' LIMIT 1" ) );
  $master   = $res00['first'];
  $reihe    = $res00['sublast'];
  array_push( $submenu, $res00['submenu'] );
  $head_title_text  = $res00['titel'];
  $head_keywords    = $res00['keywords'];
  $head_description = $res00['description'];
  $hide_navigation  = StrToBool( $res00['hidenavi'] );

  // Sprung zur Eingabemaske
  if( $_GET['JumpToEdit'] == 'JA' ) { $JumpToEdit = '#JumpToEdit'; }

  // Brotkrümel und Subemenüs
  $linkspur[1] = $res00['bezeich'];
  $pagespur[1] = $res00['page'];
  $loadparent  = $res00['untervon']; 
  if( $loadparent != '' ) 
    { 
      $pa = mysql_fetch_assoc( mysql_query( "SELECT bezeich, page FROM ".W74PREFIX."content WHERE page='".$loadparent."' LIMIT 1" ) ); 
      $linkspur[2] = $pa['bezeich'];
      $pagespur[2] = $pa['page'];
    }
  $gp = mysql_fetch_assoc( mysql_query( "SELECT untervon FROM ".W74PREFIX."content WHERE page='".$loadparent."' LIMIT 1" ) );
  $grandparent = $gp['untervon']; 
  if( $grandparent != '' )
    {
      $gpa = mysql_fetch_assoc( mysql_query( "SELECT bezeich, page FROM ".W74PREFIX."content WHERE page='".$grandparent."' LIMIT 1" ) ); 
      $linkspur[3] = $gpa['bezeich'];
      $pagespur[3] = $gpa['page'];
    }

  // Content aufbereiten
  array_push( $pagecontent, MainBox( $res00 ) ); 
  $pagecontent[0]++;
  if( trim( $res00['second'] ) != '' ) { $n = NebenBox( $res00['second'] ); if( $n['frei'] ) { array_push( $pagecontent, $n ); $pagecontent[0]++; } }
  if( trim( $res00['third']  ) != '' ) { $n = NebenBox( $res00['third']  ); if( $n['frei'] ) { array_push( $pagecontent, $n ); $pagecontent[0]++; } }
  if( PageConTitle( $pagecontent ) ) { $pagecontent[1] = true; }
  array_push( $contentlines, $pagecontent );

  // SunContents lesen je nach Reihenfolge
  if( $res00['sublast'] == 'JA' )
    {
      // Alle übrigen am Anfang
      $res00 = mysql_query( "SELECT * FROM ".W74PREFIX."subcon WHERE typ='Main' ORDER BY id" );  // 03
      while( $val00 = mysql_fetch_assoc( $res00 ) )
      { 
        if( $val00['maincon'] == $w74page ) 
          { 
            if( $val00['freigabe'] == 'JA' )
              {
                array_push( $contentlines, GetSubCon( $val00 ) ); 
                if( $val00['submenu'] != '' ) { array_push( $submenu, $val00['submenu'] ); }
              }
          } 
      }
      // MASTER zum Schluss
      if( $master != '' )
        { 
          $val00 = mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."subcon WHERE scid='".$master."' ORDER BY id LIMIT 1" ) ); // 01
          if( $val00['freigabe'] == 'JA' )
            {
              if( ! trim( $val00['scid'] ) == '' )
                { 
                  array_push( $contentlines, GetSubCon( $val00 ) ); 
                  if( $val00['submenu'] != '' ) { array_push( $submenu, $val00['submenu'] ); }
                }
            } 
        }
    }
  else
    {
      // Zuerst MASTER
      if( $master != '' )
        { 
          $val00 = mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."subcon WHERE scid='".$master."' ORDER BY id LIMIT 1" ) ); // 01
          if( $val00['freigabe'] == 'JA' )
            {
              if( ! trim( $val00['scid'] ) == '' )
                { 
                  array_push( $contentlines, GetSubCon( $val00 ) ); 
                  if( $val00['submenu'] != '' ) { array_push( $submenu, $val00['submenu'] ); }
                }
            } 
        }
      // Dann alle übrigen
      $res00 = mysql_query( "SELECT * FROM ".W74PREFIX."subcon WHERE typ='Main' ORDER BY id" );  // 03
      while( $val00 = mysql_fetch_assoc( $res00 ) )
      { if( $val00['maincon'] == $w74page ) 
        { 
          if( $val00['freigabe'] == 'JA' )
            {
              array_push( $contentlines, GetSubCon( $val00 ) ); 
              if( $val00['submenu'] != '' ) { array_push( $submenu, $val00['submenu'] ); }
            }
        } 
      }
    }

  // Navigationen einlesen und aufbereiten sofern AKTIV
  $navigation = array();
  $res01 = mysql_query( "SELECT * FROM ".W74PREFIX."navibox WHERE aktiv='JA' ORDER BY id" );
  while( $val01 = mysql_fetch_assoc( $res01 ) )
  {
    if( CheckStatus( $val01['status'], true, '' ) )
    {
      if( $val01['abhaengig'] == 'JA' )
        { 
          foreach( $submenu as $sub )
          {
            if( $sub == $val01['nid'] ) 
              { array_push( $navigation, $val01 ); } 
          }
        }
      else
        { 
          switch( $val01['name'] )
          {
            case 'Login'  : if( ! $_SESSION['online'] ) { array_push( $navigation, $val01 ); } break;
            case 'Logout' : if(   $_SESSION['online'] ) { array_push( $navigation, $val01 ); } break;
            default       : array_push( $navigation, $val01 ); break;
          }                         
        }   
    }
  }

  // Zugriffszähler aktualisieren
  $v = mysql_fetch_assoc( mysql_query( "SELECT klicks FROM ".W74PREFIX."content WHERE page='".$w74page."' LIMIT 1" ) );
  $n = $v['klicks'] + 1;
  mysql_query( "UPDATE ".W74PREFIX."content SET klicks='".$n."' WHERE page='".$w74page."' LIMIT 1" );

  // Seite laden und zeigen 
  include( '7400_styles/page.inc.php' );

  // -----------------------------------------------------------------------------------------------------------------------------------

  function GetSubCon( $ident )
  {
    $pc = array( 0, false );
    array_push( $pc, SubBox( $ident ) ); 
    $pc[0]++;
    if( trim( $ident['second'] ) != '' ) { $n = NebenBox( $ident['second'] ); if( $n['frei'] ) { array_push( $pc, $n ); $pc[0]++; } }
    if( trim( $ident['third']  ) != '' ) { $n = NebenBox( $ident['third']  ); if( $n['frei'] ) { array_push( $pc, $n ); $pc[0]++; } }
    if( PageConTitle( $pc ) ) { $pc[1] = true; }
    return $pc;
  }

  function StrToBool( $str )
  { if( $str == 'JA' ) { return true; } else { return false; } }

  function PathBackground( $str )
  { return '7400_images/sysimg/'.$str; }

  function MainBox( $res )
  { return array( 'typ' => '0', 'visible' => StrToBool( $res['showtitle'] ), 'id' => $res['id'] ); }

  function SubBox( $res )
  { return array( 'typ' => '1', 'visible' => StrToBool( $res['showtitle'] ), 'id' => $res['id'] ); }

  function NebenBox( $res )
  { 
    $r = mysql_fetch_assoc( mysql_query( "SELECT id, showtitle, freigabe FROM ".W74PREFIX."subcon WHERE scid='".$res."' LIMIT 1" ) );
    return array( 'typ' => '1', 'visible' => StrToBool( $r['showtitle'] ), 'id' => $r['id'], 'frei' => StrToBool( $r['freigabe'] ) );
  }
 
  function PageConTitle( $v )
  { if( $v[2]['visible'] || $v[3]['visible'] || $v3[4]['visible'] ) { return true; } else { return false; } }

  function GetFromSQL( $ty, $id )
  {
    if( $ty == 0 ) 
      { return mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."content WHERE id='".$id."' LIMIT 1" ) ); }
    else
      { return mysql_fetch_assoc( mysql_query( "SELECT * FROM ".W74PREFIX."subcon WHERE id='".$id."' LIMIT 1" ) ); }
  }

  function ShowOneBox( $r )
  {
    if( $r['herkunft'] == 'intern' )
      { echo bbParse( html_entity_decode( $r['content'], ENT_QUOTES ) ); }
    else
      { include( $r['nachladen'] ); }
  }

  function CheckStatus( $r, $box, $pag  ) 
  {
    switch( $r )
    {
      case '0' : return true; 
                 break;

      case '1' : if( $_SESSION['login'] == '' ) { return false; } else { return true;  } 
                 break;

      case '2' : if( $box )
                   { if( $_SESSION['level'] > 0 ) { return true; } else { return false; } }
                 else
                   { 
                     if( $_SESSION['level'] > 131000 )
                       { return true; }
                     else 
                       {
                         if( $_SESSION['level'] > 0 )
                           {
                             $rechte = mysql_query( "SELECT * FROM ".W74PREFIX."rights WHERE login='".$_SESSION['login']."' AND page='".$pag."' " );
                             if( mysql_num_rows( $rechte ) == 1 ) { return true;  } else { return false; }
                           }
                         else
                           { return false; }                        
                       }
                   }
                 break;

      case '3' : if( $_SESSION['level'] > 131000 ) { return true;  } else { return false; }  
                 break;
    }
  }

  function SetLogin( $i, $u, $p )
  {
    $remote = getenv( 'REMOTE_ADDR' );
    switch( $i ) 
    {
      case 0 : mysql_query( "DELETE FROM ".W74PREFIX."admlogin WHERE ipadr='".$remote."' " );
               break;
      case 1 : $tmp = mysql_query( "SELECT * FROM ".W74PREFIX."admlogin WHERE ipadr='".$remote."' " );
               if( mysql_num_rows( $tmp ) == 0 )
                 { mysql_query( "INSERT INTO ".W74PREFIX."admlogin ( ipadr, user, cnt ) VALUES ( '".$remote."', '".$u."', '1' )" ); }
               else
                 {
                   $vmp = mysql_fetch_assoc( $tmp );
                   $vmp['cnt'] = $vmp['cnt'] + 1;
                   mysql_query( "UPDATE ".W74PREFIX."admlogin SET cnt='".$vmp['cnt']."' WHERE ipadr='".$remote."' LIMIT 1" );
                   $_SESSION['errcnt'] = $vmp['cnt'];
                 }
               break;
    }
  }

  function CheckCustom()
  {
    $tmp = mysql_query( "SELECT cnt FROM ".W74PREFIX."admlogin WHERE ipadr='".getenv('REMOTE_ADDR')."' " );
    if( mysql_num_rows( $tmp ) == 0 )
      { return true; }
    else
      {
        $vmp = mysql_fetch_assoc( $tmp ); 
        if( $vmp['cnt'] < 3 )
          { return true; }
        else
          { return false; }
      }
  }

  function bbParse( $ein )
  {
    $aus = $ein;
    $aus = preg_replace('/\[b\](.*?)\[\/b\]/', '<b>$1</b>', $aus );  
    $aus = preg_replace('/\[i\](.*?)\[\/i\]/', '<i>$1</i>', $aus );  
    $aus = preg_replace('/\[u\](.*?)\[\/u\]/', '<u>$1</u>', $aus );  
    $aus = preg_replace('/\[em\](.*?)\[\/em\]/', '<em>$1</em>', $aus );  
    $aus = preg_replace('/\[strong\](.*?)\[\/strong\]/', '<strong>$1</strong>', $aus );  
    $aus = preg_replace('/\[h1\](.*?)\[\/h1\]/', '<h1>$1</h1>', $aus );  
    $aus = preg_replace('/\[h2\](.*?)\[\/h2\]/', '<h2>$1</h2>', $aus );  
    $aus = preg_replace('/\[h3\](.*?)\[\/h3\]/', '<h3>$1</h3>', $aus );  
    $aus = preg_replace('/\[color=([[:alnum:]]{6}?).*\](.*?)\[\/color\]/', '<font color="#$1">$2</font>', $aus ); 
    return $aus;
  }

?>