<?

// web'ing fix
include_once 'webingfix.php';


// web'ing . (c) code-x gmbh . www.code-x.de
// -----------------------------------------
// wbv 2.1.1


	header("Expires: Mon, 18 Dec 2000 05:00:00 GMT");
	header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
	header("Cache-Control: no-store, no-cache, must-revalidate");
	header("Cache-Control: post-check=0, pre-check=0", false);
	header("Pragma: no-cache");


if(!isset($send))
	$WB_INDEX = true;

include_once("71-webing/wb_library.php");

// ====================================================================================================
// ====================================================================================================
//
// -- - variante heraussuchen und als cookie speichern
//
// ----------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------

if($WB_VARIANTEN)
{
	if(isset($_GET['v']) || isset($v))
	{
		$neu_v = $_GET['v'];
		setcookie("wb_web_variante",$_GET['v'],time()+60*60*24*30*4,"/");		
		$wb_variante = $_GET['v'];
		$wb_web_variante = $_GET['v'];	
	} else {
		if(isset($_COOKIE["wb_web_variante"])) 
		{
			setcookie("wb_web_variante",$_COOKIE["wb_web_variante"],time()+60*60*24*30*4,"/");
			$wb_variante = $_COOKIE["wb_web_variante"];
			$wb_web_variante = $_COOKIE["wb_web_variante"];
		} else {
			setcookie("wb_web_variante",$WB_VARIANTE_DEFAULT ,time()+60*60*24*30*4,"/");
			$wb_web_variante = $WB_VARIANTE_DEFAULT;
		}
	}
}

// ====================================================================================================

if($rid!="")
	setcookie("rid",$rid,time()+60*60*24*30*4,"/");

if(isset($wb_dev))
{
	setcookie("wb_dev_modus",$wb_dev,0,"/");
	$wb_dev_modus = $wb_dev;
}

if(!isset($wb_dev_modus))
	$wb_dev_modus = 1;

if(isset($wb_dev_temp))
	$wb_dev_modus = $wb_dev_temp;


// ====================================================================================================
// ====================================================================================================
//
// -- - artikel heraussuchen  und aus elementen zusammenbauen
//
// ----------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------

// name des artikels (=$an) hat vorrang vor id (=$a)

if($nljobkickoff!="")
{
	$db->cx_sql("SELECT * FROM wbnewsletterjob WHERE njstatus='1'");
	if($r=$db->cx_row())
		$a = $r['njarticle'];
}

if(!isset($a) && !isset($an))
	$an = "startseite";
	
if(isset($an)) // wenn an (artikelname) gesetzt, dann a heraussuchen
{
	$db->cx_sql("SELECT * FROM wbarticle WHERE artitle='$an' AND arfrom<='$jetzt' AND aruntil>='$jetzt' AND aractive>='".$wb_dev_modus."' AND aractive<2 AND arindex<2;");
	if($r = $db->cx_row())
		$a = $r['id'];
}else
	$an = "id_".$a;

$db->cx_sql("SELECT arindex FROM wbarticle WHERE id='$a';");
if($r = $db->cx_row()) { $ain = $r['arindex']; }
if( $ain=="1" || $ain=="0") { $ain=0; } else { --$ain; }

// ====================================================================================================
//
// alles klar, los geht's. erst einmal den artikel heraussuchen

if($WB_VARIANTEN)
	$v = "SELECT *,a.id AS ai,ms.id AS m,armaster,too.id as tid,arlink FROM wbarticle a,wbmaster ms,wbtopic too WHERE a.id=$a AND ms.msname=armaster AND too.id=artopic AND ((ms.msvarianten LIKE '%,".$wb_variante.",%') OR (ms.msvarianten LIKE '%,*,%')) AND ms.mstyp='$ain';";
else 
	$v = "SELECT *,a.id AS ai,ms.id AS m,armaster,too.id as tid,arlink FROM wbarticle a,wbmaster ms,wbtopic too WHERE a.id=$a AND ms.msname=armaster AND too.id=artopic AND ms.mstyp='$ain';";

$db->cx_sql($v);

if($r = $db->cx_row())
{

	// ====================================================================================================
	// check ob artikel überhaupt aktiv ist

	if($wb_dev_modus!="0")
		if($r['arfrom']>$jetzt || $r['aruntil']<$jetzt || $r['aractive']!=1)
			wb_error("objekt kann nicht angezeigt werden.","index.php");
	
	// ====================================================================================================
	// checken ob für diesen artikel user-rechte gesetzt und entsprechend weiter dann

	if($r['aruser']=="" && strtolower($an)!="login")
		$r['aruser'] = $WB_LOGIN_STANDARD;
		
	if($r['aruser']!="")
	{
		$arusers = explode(",",$r['aruser']);
		// wenn falscher user eingeloggt, artikel mit dem namen 'login' zeigen.
		if($WB_LOGINS=="auth") // login über http-auth
		{
			if(!in_array($PHP_AUTH_USER,$arusers) && $r['aruser']!="*") 
				wb_login("anmeldung");
			else
				$WB_USER_NAME = $PHP_AUTH_USER;
		}
		else // login über cookie-mechanik
		{
			if($WB_USER_NAME!="")
			{
				$db_aux->cx_sql("SELECT * FROM wbuser WHERE usname='".$WB_USER_NAME."' AND PASSWORD(uspass)='".$WB_USER_PASS."'");
				if(!$db_aux->cx_row() || (!in_array($WB_USER_NAME,$arusers) && $r['aruser']!="*"))
					die('<html><body><form name="f" action="index.php" method="post"><input type="hidden" name="fa" value="'.$a.'"><input type="hidden" name="an" value="login"></form><script type="text/javascript">document.f.submit();</script></body></html>');
			}else
				die('<html><body><form name="f" action="index.php" method="post"><input type="hidden" name="fa" value="'.$a.'"><input type="hidden" name="an" value="login"></form><script type="text/javascript">document.f.submit();</script></body></html>');
	 // wenn arredirect=1 dann wird seite mit ARTITLE_USERNAME gezeigt
	 	}
		if($r['arredirect']==1)
			die('<html><body><form name="f" action="index.php" method="post"><input type="hidden" name="an" value="'.$r['artitle'].'_'.$WB_USER_NAME.'"></form><script type="text/javascript">document.f.submit();</script></body></html>');			
	};

	// ====================================================================================================
	// einige globale variable setzen, die später von diversen routinen genutzt werden

	$query = $_SERVER["QUERY_STRING"];    // querystring der servers
	$an  = $r['artitle'];						// name des artikels
	$keys = $r['arkeys'];           // keys des artikel
	$cnt = 1*$r['arcounter'];				// zaehler des artikels
	$arsend = $r['arsend'];
	$arlink = $r['arlink'];
	if(!isset($at) && !isset($atn)) // thema/topic (name und id) des artikels heraussuchen
	{
		$at  = $r['toname'];
		$atn = $r['tid'];
	};

	// master-force !?
	$m   = $r['m']; // id des masters
	if(isset($mf))
		$m = $mf;
	$c   = wb_master($r['m']); // html-code des masters

	$db_aux->cx_sql("UPDATE wbarticle SET arcounter=".($cnt+1)." WHERE id=$a;");

}
else
{
	if ($wb_dev_modus != "0")
		wb_commonlog($REMOTE_ADDR,$PHP_AUTH_USER,-1*$a,$an,"404",strlen($c));
	if($an!="_hinweis")
		header("location: index.php?an=_hinweis&refa=id_".$a."&refan=".$an);
	else
		die("fatal error 805!");
}


// ====================================================================================================
//
// at oder atn waren offensichtlich vorbelegt, deshalb jeweils anderes heraussuchen

if(isset($at) && !isset($atn))
{
	$db->cx_sql("SELECT * FROM wbtopic WHERE toname='$at';");
	if($r=$db->cx_row())
		$atn = $r['id'];
	else
		wb_error("thema '$at' nicht gefunden.","index.php");
}else if(isset($atn) && !isset($at))
{
	$db->cx_sql("SELECT * FROM wbtopic WHERE id='$atn';");
	if($r=$db->cx_row())
		$at = $r['toname'];
	else
		wb_error("thema mit id $at nicht gefunden.","index.php");
}else if(!isset($at) && !isset($atn))
	wb_error("hae? kein at oder atn angegeben.","index.php");


$i = ""; // speichert den code

// ====================================================================================================
// ====================================================================================================
//
// -- - eventuell umleiten, wenn keine bausteine angehängt ...
//
// ----------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------

if($arlink!="")
{
	$db->cx_sql("SELECT * FROM wbelement WHERE elarticle=$a;");
	if(!($r=$db->cx_row()))
		if(is_numeric($arlink))
			header("location: index.php?a=".$arlink);
		else
			header("location: ".$arlink);
};

// ====================================================================================================
// ====================================================================================================
//
// -- - <wbarticle> ersetzen
//
// ----------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------

while(stristr($c,'{wbarticle')) // abarbeiten der tags
{
	
	// parsen des tags
	
	$name     = ""; // name des tags (interessant für volltextsuche)
	$id 			= ""; // id des anzuzeigenden tags. wenn leer, wird der mit a oder an übergebene angezeigt
		
	$ii    = stristr($c,"{wbarticle");
	$paras = split(" ",substr($ii,1,strpos($ii,"}")-1));
	for($i=1;$i<count($paras);$i++)
	{
		$parse_paras = explode("=",$paras[$i]);
		$$parse_paras[0] = str_replace(chr(34),"",$parse_paras[1]);
	};
	
	if($name=="" && $id=="")
		$id = $a;
	else if($name!="") // $wenn keine id gesetzt, aber der name entsprechende id heraussuchen
	{
		$db_aux->cx_sql("SELECT * FROM wbarticle WHERE artitle='$name' AND aractive=1;");
		if($rr=$db_aux->cx_row())
			$id=$rr['id'];
		else
		{
			if ($wb_dev_modus != "0")
				wb_commonlog($REMOTE_ADDR,$PHP_AUTH_USER,0,$name,"404",strlen($c));
			header("location: index.php?an=_hinweis&refan3=".$name);
		}
	};
	
	// alles parat, deshalb artikel zusammenbauen <wbarticle ...> ersetzen
	$ac = wb_article($id);
	
	$ii = stristr($c,"{wbarticle");
	$c  = substr($c,0,strlen($c)-strlen($ii)).$ac.substr(stristr($ii,"}"),1);
	
	// $c = str_replace("<wbarticle>",wb_article($a),$c);
	
};

// {wbvar ...} finden und entsprechend einsetzen
// (<wbvar ...> wird aus kompatibilitŠts-gründen ersetzt)

while(stristr($c,'{wbvar'))
{
	$ii    = stristr($c,"{wbvar");
	$paras = split(" ",substr($ii,1,strpos($ii,"}")-1));
	$ii = stristr($c,"{wbvar");
	$c  = substr($c,0,strlen($c)-strlen($ii)).$$paras[1].substr(stristr($ii,"}"),1);
};

// ====================================================================================================
// ====================================================================================================

// einige global tags noch durch werte ersetzen

$db_aux->cx_sql("SELECT * FROM wbarticle WHERE id=$a;");
if($r=$db_aux->cx_row())
{
	$c = str_replace("{artitle}",nl2br(htmlentities(stripslashes($r['artitle']))),$c);
	$d0 = explode("-",$d[0]); // datum
	$ardate = (1*$d0[2]).".".(1*$d0[1]).".".$d0[0]; // datum
	$c = str_replace("{ardate}",$ardate,$c);
	$c = str_replace("{artime}",$d[1],$c);
	$c = str_replace("{arcontent}",nl2br(htmlentities(stripslashes($r['arcontent']))),$c);
	$c = str_replace("{arimage}",$r['arimage'],$c);
	$db_aux->cx_sql("SELECT * FROM wbtopic WHERE id='".$r['artopic']."';");
	if($r=$db_aux->cx_row())
	{
		$c = str_replace("{artopic}",nl2br(htmlentities(stripslashes($r['toname']))),$c);
		$c = str_replace("wb_topic",$r['toname'],$c);
	}	
	$c = str_replace("{rssdate}",date("Y-m-d")."T".date("H:i:s")."Z",$c);
};

// ====================================================================================================
// ====================================================================================================
//
// -- - einzelne module abarbeiten
//
// ----------------------------------------------------------------------------------------------------
// ----------------------------------------------------------------------------------------------------

while(stristr($c,'{wbset'))
{
	$ii    = stristr($c,"{wbset");
	$paras = split(" ",substr($ii,1,strpos($ii,"}")-1));
	for($i=1;$i<count($paras);$i++)
	{
		$parse_paras = explode("=",$paras[$i]);
		if(substr($parse_paras[1],0,1)=="\"" || substr($parse_paras[1],0,1)=="'")
			$parse_paras[1] = substr($parse_paras[1],1);
		if(substr($parse_paras[1],strlen($parse_paras[1])-1,1)=="\"" || substr($parse_paras[1],strlen($parse_paras[1])-1,1)=="'")
			$parse_paras[1] = substr($parse_paras[1],0,strlen($parse_paras[1])-1);
		$$parse_paras[0] = $parse_paras[1];
	};
	$c  = substr($c,0,strlen($c)-strlen($ii)).substr(stristr($ii,"}"),1);
}

@include_once("modules/wb_infoboxes.php");

// ====================================================================================================
// ====================================================================================================

// einige global tags noch durch werte ersetzen
$db_aux->cx_sql("SELECT * FROM wbarticle WHERE id=$a;");
if($r=$db_aux->cx_row())
{
	$c = str_replace("{artitle}",nl2br(htmlentities(stripslashes($r['artitle']))),$c);
	$d0 = explode("-",$d[0]); // datum
	$ardate = (1*$d0[2]).".".(1*$d0[1]).".".$d0[0]; // datum
	$c = str_replace("{ardate}",$ardate,$c);
	$c = str_replace("{artime}",$d[1],$c);
	$c = str_replace("{arcontent}",nl2br(htmlentities(stripslashes($r['arcontent']))),$c);
	$c = str_replace("{arimage}",$r['arimage'],$c);
	$db_aux->cx_sql("SELECT * FROM wbtopic WHERE id='".$r['artopic']."';");
	if($r=$db_aux->cx_row())
	{
		$c = str_replace("{artopic}",nl2br(htmlentities(stripslashes($r['toname']))),$c);
		$c = str_replace("wb_topic",$r['toname'],$c);
	}	
	$c = str_replace("{rssdate}",date("Y-m-d")."T".date("H:i:s")."Z",$c);
};

@include_once("modules/wb_guestbooks.php");
@include_once("modules/wb_comments.php");
@include_once("modules/wb_indexes.php");
@include_once("modules/wb_rss.php");
@include_once("modules/wb_random.php");
//@include_once("modules/wb_gallerys.php");
include_once("modules/wb_gallerys2006.php");
@include_once("modules/wb_votings.php");
@include_once("modules/wb_sitemap.php");
@include_once("modules/wb_modify.php");
@include_once("modules/wb_history.php");
@include_once("modules/wb_shop.php");
@include_once("modules/wb_shoparticle.php");
@include_once("modules/wb_shopwarenkorb.php");
@include_once("modules/wb_shopkasse.php");

// {wbvar ...} finden und entsprechend einsetzen
// (<wbvar ...> wird aus kompatibilitäts-gründen ersetzt)
while(stristr($c,'{wbvar'))
{
	$ii    = stristr($c,"{wbvar");
	$paras = split(" ",substr($ii,1,strpos($ii,"}")-1));
	$ii = stristr($c,"{wbvar");
	$c  = substr($c,0,strlen($c)-strlen($ii)).$$paras[1].substr(stristr($ii,"}"),1);
};

$c = str_replace("wb_topic",$at,$c);
	
// ====================================================================================================
// ====================================================================================================


if($WB_TOPICS) echo "user darf alles";


// einige global tags noch durch werte ersetzen
$db_aux->cx_sql("SELECT * FROM wbarticle WHERE id=$a;");
if($r=$db_aux->cx_row())
{
	$c = str_replace("{artitle}",nl2br(htmlentities(stripslashes($r['artitle']))),$c);
	$d0 = explode("-",$d[0]); // datum
	$ardate = (1*$d0[2]).".".(1*$d0[1]).".".$d0[0]; // datum
	$c = str_replace("{ardate}",$ardate,$c);
	$c = str_replace("{artime}",$d[1],$c);
	$c = str_replace("{arcontent}",nl2br(htmlentities(stripslashes($r['arcontent']))),$c);
	$c = str_replace("{arimage}",$r['arimage'],$c);
	$db_aux->cx_sql("SELECT * FROM wbtopic WHERE id='".$r['artopic']."';");
	if($r=$db_aux->cx_row())
	{
		$c = str_replace("{artopic}",nl2br(htmlentities(stripslashes($r['toname']))),$c);
		$c = str_replace("wb_topic",$r['toname'],$c);
	}	
	$c = str_replace("{rssdate}",date("Y-m-d")."T".date("H:i:s")."Z",$c);
};

// wiki-funktion
$c = preg_replace("/{wiki (.[^}]+)}/i",'<a href="index.php?an=\1">\1</a>',$c);

// {iftopic ...}
if(strstr($c,"{iftopic"))
{
	$db->cx_sql("SELECT * FROM wbtopic");
	while($r=$db->cx_row())
	{
		if($at==$r['toname'])
			$c = preg_replace("/{iftopic ".$r['toname']."}[\n\r\t]*(.*)[\n\r\t]*.*{else}[\n\r\t]*(.*)[\n\r\t]*.*{endif}/i",'\1',$c);
		else
			$c = preg_replace("/{iftopic ".$r['toname']."}[\n\r\t]*(.*)[\n\r\t]*.*{else}[\n\r\t]*(.*)[\n\r\t]*.*{endif}/i",'\2',$c);
	}
}

// parsen des codes abschliessen:
$c = str_replace("&lt;","<",$c);
$c = str_replace("&gt;",">",$c);
$c = str_replace("&amp;","&",$c);

// quellcode label code-x
$qlc = '<head>
		
		<!-- 
			diese internet-praesenz wird mit web\'ing gepflegt.
			web\'ing ist ein produkt der code-x gmbh aus paderborn.
			weitere informationen gibt\'s unter http://www.code-x.de.
		-->
	  ';
$c = str_replace("<head>", "<HEAD>", $c);
$c = str_replace("<HEAD>", $qlc, $c);


// popup für surf'n'edit
if ($wb_dev_modus == "0" && $WB_SURFNEDIT)
{
	$hlp = '<script>
	function wbARTICLE(adr,ziel,w,h)
	{
	 	xx = (screen.width-w)/2;
	 	yy = (screen.height-h)/2;
	 	cx_win = window.open(adr,ziel,"left="+xx+",top="+yy+",screenX="+xx+",screenY="+yy+",width="+w+",height="+h+",toolbar=no,status=no,scrollbars=yes");
	 	cx_win.window.moveTo(xx,yy);
		cx_win.focus();
	};
	</script>
	</head>';

	$c = str_replace("</head>", "</HEAD>", $c);
	$c = str_replace("</HEAD>", $hlp, $c);

	$editorbox = '<div style="position: absolute; left: 6px; top: 6px; display: block; color: #bbbbbb; background: #474747; padding: 8px; border: solid 2px #45c00a; margin: 3px 5px 5px 5px; width: 164px; font-size: 11px; font-family: Arial,sans-serif">'.$WB_EDITOR.'</div></BODY>';

	$c = str_replace("</BODY>", $editorbox, $c);
	$c = str_replace("</body>", $editorbox, $c);

}

$db->cx_sql("SELECT * FROM wbarticle ORDER BY armodify DESC LIMIT 0,1;");
$r=$db->cx_row();
$lm     = explode(" ",$r['armodify']);
$lm0    = explode("-",$lm[0]);
$lmdate = $lm[1]." ".$lm0[2].".".$lm0[1].".".$lm0[0];
$c = str_replace("{arlastmodify}", $lmdate, $c);


// eventuell trennen
if($wb_range!="")
{
	$cs = explode("<!-- ".$wb_range." -->",$c);
	$c  = $cs[1];
};

// logfile

if ($wb_dev_modus != "0")
	wb_commonlog($REMOTE_ADDR,$PHP_AUTH_USER,$a,addslashes($an),"200",strlen($c));

// ====================================================================================================
// ====================================================================================================
// eventuell als newsletter versenden, sonst einfach ausgeben!

if($nljobkickoff!="" && $WB_EMAIL) // direkt als newsletter versenden
{
	include_once("modules/wb_newsletter_pro.php");
}
else if($send && $WB_EMAIL)
{
	include_once("modules/wb_newsletter.php");
}else{
	$c = str_replace("{nladress}",'hallo',$c);
	$c = str_replace("{nlremove}",'<a href="#" target=_blank>',$c);
	$c = str_replace("{/nlremove}","</a>",$c);
	$c = str_replace("{nlname}",$WB_USER_REALNAME,$c);
	$c = str_replace("{nlemail}",$WB_USER_EMAIL,$c);
	$c = str_replace("{nlid}","CODE-X",$c);
	$c = str_replace("{nlpass}","WINBEG",$c);
	$c = str_replace("{nlumfrage}",'<a href="#" target=_blank>',$c);
	$c = str_replace("{/nlumfrage}","</a>",$c);
	echo($c);
};

?>