<?php

session_start();
if ($form == 'sent') {
    unset($HTTP_SESSION_VARS);
    session_destroy();
}
global $asess_name, $asess_passwd, $asess_data;
session_register("asess_name");
session_register("asess_passwd");
session_register("asess_data");
include($DOCUMENT_ROOT . '/vars.php');
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);
if (!isset($HTTP_SESSION_VARS["asess_name"])) {
    if ($form = 'sent' && ereg($self_name, $HTTP_REFERER)) {
        if ($login == "" || $passwd == "" || ereg('%', $login) || ereg('%', $passwd)) {
            echo("<html><head><title>$title</title></head><body><p align=center><font face=$fontface><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=center><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\" value=\"test\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\" value=\"test\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
            unset($HTTP_SESSION_VARS);
            session_destroy();
            exit;
        }
        global $login, $passwd;
        $asess_name = $login;
        $asess_passwd = $passwd;
        header("Location: /control/?".SID);
        exit;
    }
    echo("<html><head><title>$title</title></head><body><p align=\"center\"><font face=\"$fontface\"><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=center><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\" value=\"test\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\" value=\"test\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
    unset($HTTP_SESSION_VARS);
    session_destroy();
    exit;
} else {
    $res = mysql_query("select value from admin where field='login'");
    $dblogin = mysql_result($res, 0);
    $res = mysql_query("select value from admin where field='passwd'");
    $dbpasswd = mysql_result($res, 0);
    if ($asess_name != $dblogin || $asess_passwd != $dbpasswd || !ereg($self_name, $HTTP_REFERER)) {
        echo("<html><head><title>$title</title></head><body><p align=\"center\"><font face=\"$fontface\"><b>
<span style=\"background-color: $admincolor\">&nbsp;$title Control Panel </span></b>
</font></p><div align=\"center\"><center>
<table border=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" cellpadding=\"0\" cellspacing=\"3\">
<form method=post action=/control/><input type=hidden name=form value=sent><tr>
<td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\"><b>
<font face=\"$fontface\" size=\"2\">Login</font>:</b></td>
<td align=\"left\" valign=\"top\">
<input type=\"text\" name=\"login\" size=\"25\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold\" value=\"test\"></td>
</tr><tr><td align=\"right\" valign=\"top\" bgcolor=\"$admincolor\">
<font face=\"$fontface\" size=\"2\"><b>Password:</b></font></td>
<td align=\"left\" valign=\"top\">
<input type=\"password\" name=\"passwd\" size=\"25\" style=\"font-size: 8pt; font-family: $fontface; font-weight: bold\" value=\"test\"></td>
</tr><tr><td></td><td align=\"left\" valign=\"top\">
<input type=\"submit\" value=\"Log in\" style=\"font-family: $fontface; font-size: 8pt; font-weight: bold; float: right\"></td>
</tr></form></table></center></div></body></html>");
        unset($HTTP_SESSION_VARS);
        session_destroy();
        exit;
    }
}
$menu = array('Stats', 'Authorization', 'Properties', 'User List', 'Site List', 'Abuse Reports', 'Content/HTML', 'Sell Credits', 'Sell Accounts', 'E-mail Users', 'Banners', 'F.A.Q', 'Text Ads','Weekly Stats', 'Log Out');
$full_menu = array('Stats Since Last Login', 'Authorization Details', 'System Properties', 'User List', 'Site List', 'Users\' Abuse Reports', 'Content/HTML Management', 'Credits Sales Options', 'Accounts Sales Options', 'E-mail Users', 'Banners For Users\' References', 'Users\' FAQ', 'Main Page Text Ads','Last 7 Days Statistics', 'Log Out');
$lim = 20;
if (!isset($y) || $y > 14 || $y < 0) {$y = 0;}
echo("<html><head><title>$title</title></head><body link=#000000 alink=#000000 vlink=#000000><table border=0 width=100% cellpadding=10><tr><td width=19% align=right valign=top style=\"border-right: thin solid black\" bgcolor=\"$admincolor\">");
while (list($key, $val) = each($menu)) {
    if ($key == $y) {echo("<b>&raquo; ");}
    echo("<a href=/control/?y=$key>");
    echo($val);
    if ($key == $y) {echo("</b>");}
    echo("</a>");
    echo("<br>");
}
echo("</td><td align=left valign=top>");
$sures = mysql_query("select value from adminprops where field='surplu'");
function surplus() {
    global $sures;
    $surp = mysql_result($sures, 0);
    $surp = round($surp, 2);
    if ($surp < 0) {$uig = 'Credits Deficiency';} else {$uig = 'Surplus Credits';}
    echo("<table border=0 cellpadding=4 style=\"font-weight: 600; background-color: $admincolor; font-family: $fontface; font-size: 10pt\"><tr><td>$uig: $surp</td></tr></table>");
}
function title() {
    global $full_menu, $y;
    echo("<b><p align=left style=\"font-size: 150%; font-family: $fontface\">$full_menu[$y]</b></p>");
}
if ($y == 0) {
    surplus();
    title();
    $res = mysql_query("select value from admin where field='lastac'");
    $lastac = date("Y-m-d H:i:s", mysql_result($res, 0));
    $lastac2 = mysql_result($res, 0);
    $res = mysql_query("select id, email from user where joindate>'$lastac'");
    if (mysql_num_rows($res) == 0) {
        echo("<p><b>There are no new users</b></p>");
    } else {
        echo("<p><b>New users:</b><br>");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $id = mysql_result($res, $i, "id");
            $em = mysql_result($res, $i, "email");
            echo("<a href=/control/?y=3&u=$id>$em</a><br>");
        }
        echo("</p>");
    }
    $res = mysql_query("select id, url from site where state='Waiting'");
    if (mysql_num_rows($res) == 0) {
        echo("<p><b>There are no sites waiting for approval</b></p>");
    } else {
        $kuku = mysql_num_rows($res);
        switch ($kuku) {
            case 1:
            $there = "There is";
            $sitez = "site";
            break;
            default:
            $there = "There are";
            $sitez = "sites";
        }
        echo("<p><b>$there $kuku <a href=/control/?y=4&a=3>$sitez waiting for approval</a></b></p>");
    }
    $res = mysql_query("select id, siteid, usrid from abuse where unix_timestamp(date)>'$lastac2'");
    if (mysql_num_rows($res) == 0) {
        echo("<p><b>There are no new abuse reports</b></p>");
    } else {
        echo("<p><b>New abuse reports:</b><br>");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $id = mysql_result($res, $i, "id");
            $em = mysql_result($res, $i, "siteid");
            $et = mysql_result($res, $i, "usrid");
            echo("<a href=/control/?y=5&u=$id>Site #$em by user #$et</a><br>");
        }
        echo("</p>");
    }
} elseif ($y == 1) {
    surplus();
    title();
    if ($a_form1 == 'sent') {
        $error = "";
        if ($a_login == "") {
            $error = $error . "You must not leave the 'login' field blank<br>";
        }
        if ($a_email == "") {
            $error = $error . "You must not leave the 'e-mail' field blank<br>";
        }
        if ($a_passwd != $asess_passwd) {
            $error = $error . "Your password is wrong<br>";
        }
        if ($error != "") {
            $error = $error . "<br>Use your browser's BACK button";
            echo($error);
        } else {
            $res = mysql_query("update admin set value='$a_login' where field='login'");
            $res = mysql_query("update admin set value='$a_email' where field='email'");
            $asess_name = $a_login;
            echo("New values were successfully saved in the database.");
        }
    } elseif ($a_form2 == 'sent') {
        $error = "";
        if ($a_old_passwd != $asess_passwd) {
            $error = $error . "Your old password is wrong<br>";
        }
        if ($a_new_passwd1 == "") {
            $error = $error . "You must not leave 'new password' field blank<br>";
        }
        if ($a_new_passwd1 != $a_new_passwd2) {
            $error = $error . "Your new password doesn't match<br>";
        }
        if ($error != "") {
            $error = $error . "<br>Use your browser's BACK button";
            echo($error);
        } else {
            $res = mysql_query("update admin set value='$a_new_passwd1' where field='passwd'");
            $asess_passwd = $a_new_passwd1;
            echo("Your password was successfully changed.");
        }
    } else {
        $res = mysql_query("select value from admin where field='email'");
        $a_email = mysql_result($res, 0);
        echo("<form method=post action=/control/?y=1><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p><table border=0><input type=hidden name=a_form1 value=sent><tr><td align=right valign=top>Login:</td><td align=left valign=top><input type=text name=a_login value=$asess_name></td></tr><tr><td align=right valign=top>E-mail:</td><td align=left valign=top><input type=text name=a_email value=$a_email></td></tr><tr><td align=right valign=top>Password:</td><td align=left valign=top><input type=password name=a_passwd></td></tr></form></table><p style=\"font-size: 150%\">Change password</p><form method=post action=/control/?y=1><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p><table border=0><input type=hidden name=a_form2 value=sent><tr><td align=right valign=top>Old password:</td><td align=left valign=top><input type=password name=a_old_passwd></td></tr><tr><td align=right valign=top>New password:</td><td align=left valign=top><input type=password name=a_new_passwd1></td></tr><tr><td align=right valign=top>Confirm new password:</td><td align=left valign=top><input type=password name=a_new_passwd2></td></tr></form></table>");
    }
} elseif ($y == 2) {
    surplus();
    title();
    $fields = array("inibon", "reftim", "negact", "contex", "contey", "inact");
    if ($pform == 'sent') {
        $error = "";
        if (!is_numeric($inact) || !is_numeric($inibon) || !is_numeric($reftim) || !is_numeric($contex) || !is_numeric($contey)) {
            $error = $error . "All the values you enter must be numeric<br>";
        }
        if ($inact == "" || $inibon == "" || $reftim == "" || $contex == "" || $contey == "") {
            $error = $error . "You must not leave any fields blank<br>";
        }
        if ($error != "") {
           $error = $error . "<br>Use your browser's BACK button";
           echo($error);
       } else {
           while (list($k, $v) = each($fields)) {
               $res = mysql_query("update adminprops set value=${$v} where field='$v'");
           }
           echo("New values were successfully saved in the database.");
       }
    } else {
        while (list($k, $v) = each($fields)) {
            $res = mysql_query("select value from adminprops where field='$v'");
            $props[$v] = mysql_result($res, 0);
        }
        reset($props);
        echo("<p align=left><form action=/control/?y=2 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></p>");
        echo("<table border=0><input type=hidden name=pform value=sent>");
        while (list($k, $v) = each($props)) {
            switch ($k) {
                case 'inibon':
                echo("<tr><td align=right valign=top>Initial bonus:</td><td align=left valign=top><input type=text name=$k value=$v></td><td align=left valign=top style=\"font-size: 70%\">This value is added to every new user's account.</td></tr>");
                break;
                case 'reftim':
                echo("<tr><td align=right valign=top>Refresh time:</td><td align=left valign=top><input type=text name=$k value=$v></td><td align=left valign=top style=\"font-size: 70%\">Time in seconds the viewbar is refreshed.</td></tr>");
                break;
                case 'negact':
                echo("<tr><td align=right valign=top>Show sites in advance:</td><td align=left valign=top><select name=$k>");
                switch ($v) {
                    case 0:
                    echo("<option value=1>Yes</option><option value=0 selected>No</option>");
                    break;
                    case 1:
                    echo("<option value=1 selected>Yes</option><option value=0>No</option>");
                    break;
                }
                echo("</select></td><td align=left valign=top style=\"font-size: 70%\">System behavior when there are no valid user sites to show. When set to 'NO' the default site (defined in '/vars.php') is shown.</td></tr>");
                break;
                case 'contex':
                echo("<tr><td align=right valign=top>Contest 'x':</td><td align=left valign=top><input type=text name=$k value=$v></td><td align=left valign=top style=\"font-size: 70%\">Number of site views user gets a bonus link. If set to '0', the feature is disabled.</td></tr>");
                break;
                case 'contey':
                echo("<tr><td align=right valign=top>Contest bonus:</td><td align=left valign=top><input type=text name=$k value=$v></td><td align=left valign=top style=\"font-size: 70%\">Amount of credits user wins in viewing contest.</td></tr>");
                break;
                case 'inact':
                echo("<tr><td align=right valign=top>Inactivity threshold:</td><td align=left valign=top><input type=text name=$k value=$v></td><td align=left valign=top style=\"font-size: 70%\">Number of days before user is considered inactive.</td></tr>");
                break;
            }
        }
        echo("</table>");
    }
} elseif ($y == 3) {
    surplus();
    title();
    if (!isset($u) || !is_numeric($u)) {
        $actypes[0] = "All users";
        $res = mysql_query("select id, name from acctype order by id asc");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $actypes[mysql_result($res, $i, "id")] = mysql_result($res, $i, "name");
        }
        $inact = count($actypes);
        while(!in_array("Inactive", $actypes)) {
            if (!isset($actypes[$inact])) {
                $actypes[$inact] = "Inactive";
            } else {
                $inact++;
            }
        }
        if (!isset($a) || !is_numeric($a)) {
            $a = 0;
        }
        echo("| ");
        reset($actypes);
        while (list($k, $v) = each($actypes)) {
            if ($k == $a) {echo("<b>");}
            else {echo("<a href=/control/?y=3&a=$k>");}
            echo($v);
            if ($k == $a) {echo("</b>");}
            else {echo("</a>");}
            echo(" | ");
        }
        if (!isset($s) || $s < 1 || !is_numeric($s)) {
            $s = 1;
        }
        $start = ($s - 1) * $lim;
        $fquery = "select id, name, email, acctype from user";
        if ($a == $inact) {
            $inactset = mysql_result(mysql_query("select value from adminprops where field='inact'"), 0);
            $inline = date("Y-m-d H:i:s", time() - 86400 * $inactset);
            $fquery = $fquery . " where lastaccess<'$inline'";
        } elseif ($a != 0) {$fquery = $fquery . " where acctype=$a";}
        $countpages = $fquery;
        $fquery = $fquery . " order by id asc limit $start, $lim";
        $res = mysql_query($fquery);
        $pages = ceil(mysql_num_rows(mysql_query($countpages)) / $lim);
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=3&a=$a&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
        echo("<p align=left><table border=0 cellpadding=2><tr style=\"font-weight: bold\"><td align=left style=\"background-color: $admincolor\">id</td><td align=left style=\"background-color: #f7f7f7\">E-mail</td><td align=left style=\"background-color: $admincolor\">Name</td><td align=left style=\"background-color: #f7f7f7\">Account</td></tr>");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $id = mysql_result($res, $i, "id");
            $name = mysql_result($res, $i, "name");
            $email = mysql_result($res, $i, "email");
            $acc = mysql_result($res, $i, "acctype");
            echo("<tr><td style=\"background-color: $admincolor\">$id</td><td style=\"background-color: #f7f7f7\"><a href=/control/?y=3&u=$id&a=$a&s=$s>$email</a></td><td style=\"background-color: $admincolor\">$name</td><td style=\"background-color: #f7f7f7\">$actypes[$acc]</td></tr>");
        }
        echo("</table></p>");
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=3&a=$a&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
    } else {
        if ($fform == 'sent') {
            if ($fac == 'trash') {
                $fquery = "delete from user where id=$u";
                $res = mysql_query("select id from site where usrid=$u");
                for ($i = 0; $i < mysql_num_rows($res); $i++) {
                    $sss = mysql_result($res, $i);
                    $newres = mysql_query("delete from abuse where siteid=$sss");
                    $newres = mysql_query("delete from 7statsite where siteid=$sss");
                }
                $res = mysql_query("delete from site where usrid=$u");
                $res = mysql_query("delete from 7stat where usrid=$u");
                $rep = "User #$u was deleted from the database.";
                $back = "a=$a";
            } else {
                $rep = "Changes to user #$u were saved in the database.";
                $back = "a=$a&s=$s";
                $opactyp = mysql_result(mysql_query("select name from acctype where id=$acctype"), 0);
                if ($opactyp == 'Premium') {
                    $oppremrd = mysql_result(mysql_query("select premregdate from user where id=$u"), 0);
                    if (!isset($oppremrd)) {
                        $opdate = date('Y-m-d H:i:s');
                        $opprembn = mysql_result(mysql_query("select value from adminprops where field='prembn'"), 0);
                        $res = mysql_query("update user set premregdate='$opdate' where id=$u");
                        $credits = $credits + $opprembn;
                    }
                }
                $oldcred = mysql_result(mysql_query("select credits from user where id=$u"), 0);
                $surp = $oldcred - $credits;
                $surpres = mysql_query("update adminprops set value=value+$surp where field='surplu'");
                $fquery = "update user set name='$name', email='$email', passwd='$passwd', ref='$ref', acctype='$acctype', credits='$credits', minmax='$minmax' where id=$u";
            }
            $res = mysql_query($fquery);
            echo("<b>$rep<br>&laquo;</b> <a href=/control/?y=3&$back>GO TO to user list</a>");
        } else {
            $res = mysql_query("select name, email, passwd, ref, acctype, credits, DATE_FORMAT(joindate, '%Y-%m-%d') as joindate, minmax from user where id=$u");
            if (mysql_num_rows($res) == 0) {
                echo("<b>User #$u was not found in the database.</b>");
            } else {
                if ($mail == 'send') {
                    $email = mysql_result(mysql_query("select email from user where id=$u"), 0);
                    $admail = mysql_result(mysql_query("select value from admin where field='email'"), 0);
                    $subject = stripslashes($subject);
                    $message = stripslashes($message);
                    mail($email, $subject, $message, "From: \"$title Admin\" <$admail>");
                    echo("<b>Your e-mail message was sent.<br>&laquo;</b> <a href=/control/?y=3&u=$u&a=$a&s=$s>BACK to user #$u</a><br><b>&laquo;</b> <a href=/control/?y=3&a=$a&s=$s>GO TO to user list</a>");
                } else {
                $name = mysql_result($res, 0, "name");
                $email = mysql_result($res, 0, "email");
                $passwd = mysql_result($res, 0, "passwd");
                $ref = mysql_result($res, 0, "ref");
                $acctype = mysql_result($res, 0, "acctype");
                $credits = mysql_result($res, 0, "credits");
                $credits = round($credits, 2);
                $joindate = mysql_result($res, 0, "joindate");
                $minmax = mysql_result($res, 0, "minmax");
                $res = mysql_query("select id, name from acctype");
                for ($i = 0; $i < mysql_num_rows($res); $i++) {
                    $key = mysql_result($res, $i, "id");
                    $val = mysql_result($res, $i, "name");
                    $actypes[$key] = $val;
                }
                $almin = array("No", "Yes");
                $res = mysql_query("select id, url, state, credits from site where usrid=$u");
                echo("<p align=left><b>User #$u:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=3&u=$u&a=$a method=post><input type=hidden name=fform value=sent><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=3&u=$u&a=$a&s=$s method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=sent><tr><td align=right valign=top>Signed up:</td><td align=left>$joindate</tr><tr><td align=right valign=top>E-mail:</td><td align=left><input type=text name=email value=$email></td></tr><tr><td align=right valign=top>Password:</td><td align=left><input type=text name=passwd value=$passwd></td></tr><tr><td align=right valign=top>Name:</td><td align=left><input type=text name=name value=\"$name\"></td></tr><tr><td align=right valign=top>Credits:</td><td align=left><input type=text name=credits value=$credits></td></tr><tr><td align=right valign=top>Account:</td><td align=left><select name=acctype>");
                while (list($k, $v) = each($actypes)) {
                    echo("<option value=$k");
                    if ($acctype == $k) {echo(" selected");}
                    echo(">$v</option>");
                }
                echo("</select></td></tr><tr><td align=right valign=top>Allow minimized:</td><td align=left><select name=minmax>");
                while (list($k, $v) = each($almin)) {
                    echo("<option value=$k");
                    if ($minmax == $k) {echo(" selected");}
                    echo(">$v</option>");
                }
                echo("</select></td></tr><tr><td align=right valign=top>Referrer:</td><td align=left><input type=text name=ref value=$ref></td></tr></table></form></p>");
                echo("<p align=left><b>User sites:</b><br><table border=0 cellpadding=2><tr style=\"font-weight: bold\"><td align=left style=\"background-color: $admincolor\">id</td><td align=left style=\"background-color: #f7f7f7\">URL</td><td align=left style=\"background-color: $admincolor\">State</td><td align=left style=\"background-color: #f7f7f7\">Credits</td></tr>");
                for ($i = 0; $i < mysql_num_rows($res); $i++) {
                    $id = mysql_result($res, $i, "id");
                    $url = mysql_result($res, $i, "url");
                    $state = mysql_result($res, $i, "state");
                    $credits = mysql_result($res, $i, "credits");
                    $credits = round($credits, 2);
                    echo("<tr><td align=left style=\"background-color: $admincolor\">$id</td><td align=left style=\"background-color: #f7f7f7\"><a href=/control/?y=4&u=$id>$url</a></td><td align=left style=\"background-color: $admincolor\">$state</td><td align=left style=\"background-color: #f7f7f7\">$credits</td></tr>");
                }
                echo("</table></p>");
                echo("<p align=left><b>E-mail this user:</b><br><table border=0><form action=/control/?y=3&u=$u&a=$a&s=$s method=post><input type=hidden name=mail value=send><tr><td align=left colspan=2><input type=submit value=\"Send message\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr><tr><td align=right valign=top>Subject:</td><td align=left><input type=text name=subject></td></tr><td align=right valign=top>Message:</td><td align=left><textarea name=message cols=60 rows=10></textarea></td></tr></form></table></p>");
            }}
        }
    }
} elseif ($y == 4) {
    surplus();
    title();
    if (!isset($u) || !is_numeric($u)) {
        $actypes = array("All sites", "Enabled", "On hold", "Waiting", "Suspended");
        if (!isset($a) || !is_numeric($a)) {
            $a = 0;
        }
        echo("| ");
        while (list($k, $v) = each($actypes)) {
            if ($k == $a) {echo("<b>");}
            else {echo("<a href=/control/?y=4&a=$k>");}
            echo($v);
            if ($k == $a) {echo("</b>");}
            else {echo("</a>");}
            echo(" | ");
        }
        if (!isset($s) || $s < 1 || !is_numeric($s)) {
            $s = 1;
        }
        $start = ($s - 1) * $lim;
        $fquery = "select id, usrid, url, state from site";
        if ($a != 0) {$fquery = $fquery . " where state='$actypes[$a]'";}
        $countpages = $fquery;
        $fquery = $fquery . " order by id asc limit $start, $lim";
        $res = mysql_query($fquery);
        $pages = ceil(mysql_num_rows(mysql_query($countpages)) / $lim);
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=4&a=$a&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
        echo("<p align=left><table border=0 cellpadding=2><tr style=\"font-weight: bold\"><td align=left style=\"background-color: $admincolor\">id</td><td align=left style=\"background-color: #f7f7f7\">URL</td><td align=left style=\"background-color: $admincolor\">User id</td><td align=left style=\"background-color: #f7f7f7\">State</td><td align=left style=\"background-color: $admincolor\">Open</td></tr>");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $id = mysql_result($res, $i, "id");
            $url = mysql_result($res, $i, "url");
            $usrid = mysql_result($res, $i, "usrid");
            $state = mysql_result($res, $i, "state");
            echo("<tr><td style=\"background-color: $admincolor\">$id</td><td style=\"background-color: #f7f7f7\"><a href=/control/?y=4&u=$id&a=$a&s=$s>$url</a></td><td style=\"background-color: $admincolor\">$usrid</td><td style=\"background-color: #f7f7f7\">$state</td><td align=left style=\"background-color: $admincolor; font-size: 85%\">[<a href=$url target=_blank>open</a>]</td></tr>");
        }
        echo("</table></p>");
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=4&a=$a&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
    } else {
        if ($fform == 'sent') {
            if ($fac == 'trash') {
                $fquery = "delete from site where id=$u";
                $kukures = mysql_query("delete from abuse where siteid=$u");
                $rep = "Site #$u was deleted from the database.";
                $back = "a=$a";
            } else {
                $fquery = "update site set name='$name', url='$url', lang='$lang', state='$state', credits='$credits' where id=$u";
                $rep = "Changes to site #$u were saved in the database.";
                $back = "a=$a&s=$s";
            }
            $oldcred = mysql_result(mysql_query("select credits from site where id=$u"), 0);
            $surp = $oldcred - $credits;
            $surpres = mysql_query("update adminprops set value=value+$surp where field='surplu'");
            $res = mysql_query($fquery);
            echo("<b>$rep<br>&laquo;</b> <a href=/control/?y=4&$back>GO TO to site list</a>");
        } else {
            $res = mysql_query("select usrid, name, url, lang, state, credits, totalhits from site where id=$u");
            if (mysql_num_rows($res) == 0) {
                echo("<b>Site #$u was not found in the database.</b>");
            } else {
                $name = mysql_result($res, 0, "name");
                $usrid = mysql_result($res, 0, "usrid");
                $url = mysql_result($res, 0, "url");
                $lang = mysql_result($res, 0, "lang");
                $state = mysql_result($res, 0, "state");
                $credits = mysql_result($res, 0, "credits");
                $credits = round($credits, 2);
                $totalhits = mysql_result($res, 0, "totalhits");
                $states = array("Enabled" => "Enabled", "On hold" => "On hold", "Waiting" => "Waiting for approval", "Suspended" => "Suspended");
                $langs = array("English" => "English", "Arabic" => "Arabic", "Chinese" => "Chinese", "Czech" => "Czech", "Danish" => "Danish", "Dutch" => "Dutch", "Estonian" => "Estonian", "Finnish" => "Finnish", "French" => "French", "German" => "German", "Greek" => "Greek", "Hebrew" => "Hebrew", "Hungarian" => "Hungarian", "Icelandic" => "Icelandic", "Italian" => "Italian", "Japanese" => "Japanese", "Korean" => "Korean", "Latvian" => "Latvian", "Lithuanian" => "Lithuanian", "Norwegian" => "Norwegian", "Polish" => "Polish", "Portuguese" => "Portuguese", "Romanian" => "Romanian", "Russian" => "Russian", "Spanish" => "Spanish", "Swedish" => "Swedish", "Turkish" => "Turkish");
                $res = mysql_query("select id, usrid, DATE_FORMAT(date, '%Y-%m-%d') as date from abuse where siteid=$u order by date desc");
                echo("<p align=left><b>Site #$u:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=4&u=$u&a=$a method=post><input type=hidden name=fform value=sent><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=4&u=$u&a=$a&s=$s method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=sent><tr><td align=right valign=top>Owned by:</td><td align=left><a href=/control/?y=3&u=$usrid>user #$usrid</a></tr><tr><td align=right valign=top>Total hits:</td><td align=left>$totalhits</td></tr><tr><td align=right valign=top>URL:</td><td align=left><input type=text name=url value=$url> <span style=\"font-size: 85%\">[<a href=$url target=_blank>open</a>]</span></td></tr><tr><td align=right valign=top>Name:</td><td align=left><input type=text name=name value=\"$name\"></td></tr><tr><td align=right valign=top>State:</td><td align=left><select name=state>");
                while (list($k, $v) = each($states)) {
                    echo("<option value=$k");
                    if ($state == $k) {echo(" selected");}
                    echo(">$v</option>");
                }
                echo("</select></td></tr><tr><td align=right valign=top>Credits:</td><td align=left><input type=text name=credits value=$credits></td></tr><tr><td align=right valign=top>Language:</td><td align=left><select name=lang>");
                while (list($k, $v) = each($langs)) {
                    echo("<option value=$k");
                    if ($lang == $k) {echo(" selected");}
                    echo(">$v</option>");
                }
                echo("</select></td></tr></table></form></p>");
                echo("<p align=left><b>Abuse reports:</b><br><table border=0 cellpadding=2><tr style=\"font-weight: bold\"><td align=left style=\"background-color: $admincolor\">id</td><td align=left style=\"background-color: #f7f7f7\">By user #</td><td align=left style=\"background-color: $admincolor\">Date</td><td align=right></td></tr>");
                for ($i = 0; $i < mysql_num_rows($res); $i++) {
                    $id = mysql_result($res, $i, "id");
                    $usrid = mysql_result($res, $i, "usrid");
                    $date = mysql_result($res, $i, "date");
                    echo("<tr><td align=left style=\"background-color: $admincolor\">$id</td><td align=left style=\"background-color: #f7f7f7\">$usrid</td><td align=left style=\"background-color: $admincolor\">$date</td><td align=right><a href=/control/?y=5&u=$id><b>open&raquo</b></a></td></tr>");
                }
                echo("</table></p>");
            }
        }
    }
} elseif ($y == 5) {
    surplus();
    title();
    if (!isset($u) || !is_numeric($u)) {
        if (!isset($s) || $s < 1 || !is_numeric($s)) {
            $s = 1;
        }
        $start = ($s - 1) * $lim;
        $fquery = "select id, siteid, usrid, DATE_FORMAT(date, '%Y-%m-%d') as date from abuse";
        $countpages = $fquery;
        $fquery = $fquery . " order by id desc limit $start, $lim";
        $res = mysql_query($fquery);
        $pages = ceil(mysql_num_rows(mysql_query($countpages)) / $lim);
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=5&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
        echo("<p align=left><table border=0 cellpadding=2><tr style=\"font-weight: bold\"><td align=left style=\"background-color: $admincolor\">id</td><td align=left style=\"background-color: #f7f7f7\">Subject</td><td align=left style=\"background-color: $admincolor\">By user#</td><td align=left style=\"background-color: #f7f7f7\">Date</td></tr>");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $id = mysql_result($res, $i, "id");
            $siteid = mysql_result($res, $i, "siteid");
            $usrid = mysql_result($res, $i, "usrid");
            $date = mysql_result($res, $i, "date");
            $siteurl = mysql_result(mysql_query("select url from site where id=$siteid"), 0);
            echo("<tr><td style=\"background-color: $admincolor\">$id</td><td style=\"background-color: #f7f7f7\"><a href=/control/?y=5&u=$id&s=$s>$siteurl</a></td><td style=\"background-color: $admincolor\">$usrid</td><td style=\"background-color: #f7f7f7\">$date</td></tr>");
        }
        echo("</table></p>");
        if ($pages > 1) {
            echo("<p align=left style=\"font-size: 85%\">");
            for ($i = 1; $i <= $pages; $i++) {
                echo("[");
                if ($i == $s) {echo("<b>");}
                else {echo("<a href=/control/?y=5&s=$i>");}
                echo("Page $i");
                if ($i == $s) {echo("</b>");}
                else {echo("</a>");}
                echo("]  ");
            }
            echo("</p>");
        }
    } else {
        if ($fform == 'sent') {
            $res = mysql_query("delete from abuse where id=$u");
            echo("<b>Abuse report #$u was deleted from the database.<br>&laquo;</b> <a href=/control/?y=5&s=$s>GO TO to abuse report list</a>");
        } else {
            $res = mysql_query("select siteid, usrid, text, DATE_FORMAT(date, '%Y-%m-%d') as date from abuse where id=$u");
            if (mysql_num_rows($res) == 0) {
                echo("<b>Abuse report #$u was not found in the database.</b>");
            } else {
                if ($mail == 'send') {
                    $email = mysql_result(mysql_query("select email from user where id=$usrid"), 0);
                    $admail = mysql_result(mysql_query("select value from admin where field='email'"), 0);
                    $subject = stripslashes($subject);
                    $message = stripslashes($message);
                    mail($email, $subject, $message, "From: \"$title Admin\" <$admail>");
                    echo("<b>Your e-mail message was sent.<br>&laquo;</b> <a href=/control/?y=5&u=$u&s=$s>BACK to abuse report #$u</a><br><b>&laquo;</b> <a href=/control/?y=5&s=$s>GO TO to abuse reports list</a>");
                } else {
                    $siteid = mysql_result($res, 0, "siteid");
                    $usrid = mysql_result($res, 0, "usrid");
                    $text = mysql_result($res, 0, "text");
                    $date = mysql_result($res, 0, "date");
                    $res = mysql_query("select email from user where id=$usrid");
                    $author = mysql_result($res, 0, "email");
                    $res = mysql_query("select usrid, url from site where id=$siteid");
                    $url = mysql_result($res, 0, "url");
                    $ownid = mysql_result($res, 0, "usrid");
                    $res = mysql_query("select email from user where id=$ownid");
                    $ownmail = mysql_result($res, 0);
                    $text = nl2br($text);
                    echo("<p align=left><b>Abuse report #$u:</b></p><form action=/control/?y=5&u=$u&s=$s method=post><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=sent><tr><td align=right valign=top>Date:</td><td align=left>$date</td></tr><tr><td align=right valign=top>Author:</td><td align=left><a href=/control/?y=3&u=$usrid>$author</a></td></tr><tr><td align=right valign=top>Site:</td><td align=left><a href=/control/?y=4&u=$siteid>$url</a>&nbsp;&nbsp;<span style=\"font-size: 85%\">[<a href=$url target=_blank>open</a>]</span></td></tr><tr><td align=right valign=top>Owner:</td><td align=left><a href=/control/?y=3&u=$ownid>$ownmail</a></td></tr><tr><td align=right valign=top>Report:</td><td align=left>$text</td></tr></form></table></p>");
                    echo("<p align=left><b>E-mail report author:</b><br><table border=0><form action=/control/?y=5&u=$u&s=$s method=post><input type=hidden name=mail value=send><input type=hidden name=usrid value=$usrid><tr><td align=left colspan=2><input type=submit value=\"Send message\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr><tr><td align=right valign=top>Subject:</td><td align=left><input type=text name=subject></td></tr><td align=right valign=top>Message:</td><td align=left><textarea name=message cols=60 rows=10></textarea></td></tr></form></table></p>");
                }
            }
        }
    }
} elseif ($y == 6) {
    surplus();
    title();
    $css_file_name = $DOCUMENT_ROOT . "/style.css";
    $fields = array("1page", "terms", "head1", "foot1", "head2", "foot2", "thanx", "paymn");
    $fnames = array("Site first page", "Terms & conditions", "Main page header", "Main page footer", "User area header", "User area footer", "'Thank you' page", "Payment details");
    if ($cform == 1) {
        $fp = fopen($css_file_name, "w");
        fwrite($fp, $css);
        fclose($fp);
    } elseif ($cform > 1 && $cform < 10) {
        $key = $cform - 2;
        $res = mysql_query("update html set content='${$fields[$key]}' where type='$fields[$key]'");
    }
    $fp = fopen($css_file_name, "r");
    $css = fread($fp, filesize($css_file_name));
    fclose($fp);
    echo("<p align=left><b>Cascading Style Sheets:</b></p><form action=/control/?y=6 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=cform value=1><tr><td align=left><textarea cols=70 rows=10 name=css>$css</textarea></td></tr></form></table></p><hr color=#000000 width=600 align=left>");
    while (list($k, $v) = each($fields)) {
        $cfn = $k + 2;
        $content = mysql_result(mysql_query("select content from html where type='$v'"), 0);
        echo("<p align=left><b>$fnames[$k] (HTML):</b></p><form action=/control/?y=6 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=cform value=$cfn><tr><td align=left><textarea cols=70 rows=10 name=$v>$content</textarea></td></tr></form></table></p><hr color=#000000 width=600 align=left>");
    }
} elseif ($y == 7) {
    surplus();
    title();
    if (is_numeric($fform) && ereg($self_name, $HTTP_REFERER)) {
        if ($fform == 0) {
            $fquery = "insert into sellcredit (name, descr, cost, paypal) values ('$name', '$descr', '$cost', '$paypal')";
        } elseif ($fac == 'trash') {
            $fquery = "delete from sellcredit where id=$fform";
        } else {
            $fquery = "update sellcredit set name='$name', descr='$descr', cost='$cost', paypal='$paypal' where id=$fform";
        }
        $res = mysql_query($fquery);
    }
    echo("<p align=left><b>New entry:</b></p><form action=/control/?y=7 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=0><tr><td align=right valign=top>Title:</td><td align=left><input type=text name=name></td></tr><tr><td align=right valign=top>Cost:</td><td align=left><input type=text name=cost></td></tr><tr><td align=right valign=top>Description:</td><td align=left><textarea name=descr cols=45 rows=5></textarea></td></tr><tr><td align=right valign=top>PayPal code:</td><td align=left><textarea name=paypal cols=45 rows=5></textarea></td></tr></form></table></p><hr color=#00000 width=600 align=left>");
    $res = mysql_query("select * from sellcredit order by id asc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $id = mysql_result($res, $i, "id");
        $name = mysql_result($res, $i, "name");
        $descr = mysql_result($res, $i, "descr");
        $cost = mysql_result($res, $i, "cost");
        $paypal = mysql_result($res, $i, "paypal");
        echo("<p align=left><b>Entry #$id:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=7 method=post><input type=hidden name=fform value=$id><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=7 method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=$id><tr><td align=right valign=top>Title:</td><td align=left><input type=text name=name value=\"$name\"></td></tr><tr><td align=right valign=top>Cost:</td><td align=left><input type=text name=cost value=\"$cost\"></td></tr><tr><td align=right valign=top>Description:</td><td align=left><textarea name=descr cols=45 rows=5>$descr</textarea></td></tr><tr><td align=right valign=top>PayPal code:</td><td align=left><textarea name=paypal cols=45 rows=5>$paypal</textarea></td></tr></form></table></p>");
    }
} elseif ($y == 8) {
    surplus();
    title();
    if (is_numeric($fform) && ereg($self_name, $HTTP_REFERER)) {
        if ($fform == 0) {
            $fquery = "insert into acctype (name, descr, ratemin, ratemax, cost, paypal) values ('$name', '$descr', '$ratemin', '$ratemax', '$cost', '$paypal')";
        } elseif ($fac == 'trash') {
            $res = mysql_query("update user set acctype=1 where acctype=$fform");
            $fquery = "delete from acctype where id=$fform";
        } else {
            $fquery = "update acctype set name='$name', descr='$descr', ratemin='$ratemin', ratemax='$ratemax', cost='$cost', paypal='$paypal' where id=$fform";
            if ($name == 'Premium') {
                $res = mysql_query("update adminprops set value=$premmx where field='premmx'");
                $res = mysql_query("update adminprops set value=$prembn where field='prembn'");
            }
        }
        $res = mysql_query($fquery);
    }
    echo("<p align=left><b>New entry:</b></p><form action=/control/?y=8 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=0><tr><td align=right valign=top>Title:</td><td align=left><input type=text name=name></td></tr><tr><td align=right valign=top>Cost:</td><td align=left><input type=text name=cost></td></tr><tr><td align=right valign=top>Minimized rate:</td><td align=left><input type=text name=ratemin></td></tr><tr><td align=right valign=top>Maximized rate:</td><td align=left><input type=text name=ratemax></td></tr><tr><td align=right valign=top>Description:</td><td align=left><textarea name=descr cols=45 rows=5></textarea></td></tr><tr><td align=right valign=top>PayPal code:</td><td align=left><textarea name=paypal cols=45 rows=5></textarea></td></tr></form></table></p><hr color=#00000 width=600 align=left>");
    $res = mysql_query("select * from acctype order by id asc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $id = mysql_result($res, $i, "id");
        $name = mysql_result($res, $i, "name");
        $descr = mysql_result($res, $i, "descr");
        $ratemin = mysql_result($res, $i, "ratemin");
        $ratemax = mysql_result($res, $i, "ratemax");
        $cost = mysql_result($res, $i, "cost");
        $paypal = mysql_result($res, $i, "paypal");
        echo("<p align=left><b>Entry #$id:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=8 method=post><input type=hidden name=fform value=$id><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=8 method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=$id><tr><td align=right valign=top>Title:</td><td align=left><input type=text name=name value=\"$name\"></td></tr><tr><td align=right valign=top>Cost:</td><td align=left><input type=text name=cost value=\"$cost\"></td></tr><tr><td align=right valign=top>Minimized rate:</td><td align=left><input type=text name=ratemin value=\"$ratemin\"></td></tr><tr><td align=right valign=top>Maximized rate:</td><td align=left><input type=text name=ratemax value=\"$ratemax\"></td></tr>");
        if ($name == 'Premium') {
            $premmx = mysql_result(mysql_query("select value from adminprops where field='premmx'"), 0);
            $prembn = mysql_result(mysql_query("select value from adminprops where field='prembn'"), 0);
            echo("<tr><td>Max. months no.:</td><td align=left><input type=text name=premmx value=$premmx></td></tr><tr><td align=right valign=top>First month bonus:</td><td align=left><input type=text name=prembn value=$prembn></td></tr>");
        }
        echo("<tr><td align=right valign=top>Description:</td><td align=left><textarea name=descr cols=45 rows=5>$descr</textarea></td></tr><tr><td align=right valign=top>PayPal code:</td><td align=left><textarea name=paypal cols=45 rows=5>$paypal</textarea></td></tr></form></table></p>");
    }
} elseif ($y == 9) {
    surplus();
    title();
    if ($fform == 'sent' && ereg($self_name, $HTTP_REFERER) && $subject != "" && $message != "") {
        $admail = mysql_result(mysql_query("select value from admin where field='email'"), 0);
        $res = mysql_query("select name, email from user");
        for ($i = 0; $i < mysql_num_rows($res); $i++) {
            $name = mysql_result($res, $i, "name");
            $email = mysql_result($res, $i, "email");
            $message = str_replace('[name]', $name, $message);
            $subject = stripslashes($subject);
            $message = stripslashes($message);
            mail($email, $subject, $message, "From: \"$title Admin\" <$admail>");
        }
    }
    echo("<form action=/control/?y=9 method=post><input type=submit value=\"Send this message to all users\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=sent><tr><td align=right valign=top>Subject:</td><td align=left><input type=text name=subject></td></tr><tr><td align=right valign=top>Message:</td><td align=left><textarea name=message cols=60 rows=10></textarea></td></tr><tr><td align=left colspan=2 style=\"font-size: 75%\">If you want to address user personally, use <b>[name]</b> in the message body.<br>The program will substitute proper user name for <b>[name]</b> automatically.</td></tr></form></table></p>");
} elseif ($y == 10) {
    surplus();
    title();
    if ($bform == 'file') {
        if (($HTTP_POST_FILES['upfile']['type'] == "image/gif" || $HTTP_POST_FILES['upfile']['type'] == "image/jpeg" || $HTTP_POST_FILES['upfile']['type'] == "image/pjpeg") && $HTTP_POST_FILES['upfile']['size'] <= 30720 && ereg($self_name, $HTTP_REFERER)) {
            switch ($HTTP_POST_FILES['upfile']['type']) {
                case "image/gif":
                $ext = ".gif";
                break;
                case "image/pjpeg":
                case "image/jpeg":
                $ext = ".jpg";
                break;
            }
            $simgurl = '/banners/' . $HTTP_POST_FILES['upfile']['name'];
            $wh = getimagesize($HTTP_POST_FILES['upfile']['tmp_name']);
            $res = mysql_query("insert into banner (imgurl, widtheight) values ('$simgurl', '$wh[3]')");
            $lastid = mysql_insert_id();
            rename($HTTP_POST_FILES['upfile']['tmp_name'], $DOCUMENT_ROOT . "/banners/ban$lastid" . $ext);
            $simgurl = $self_url . "banners/ban$lastid" . $ext;
            $res = mysql_query("update banner set imgurl='$simgurl' where id=$lastid");
        }
    } elseif (is_numeric($bform) && ereg($self_name, $HTTP_REFERER)) {
        $res = mysql_query("select imgurl from banner where id=$bform");
        $dext = mysql_result($res, 0);
        $dext = substr($dext, -4);
        unlink($DOCUMENT_ROOT . "/banners/ban" . $bform . $dext);
        $res = mysql_query("delete from banner where id=$bform");
    }
    echo("<p align=left><b>Upload new banner:</b></p><form enctype=\"multipart/form-data\" action=/control/?y=10 method=post><input type=submit value=\"Upload\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=bform value=file><input type=hidden name=MAX_FILE_SIZE value=30720><tr><td align=left style=\"font-size: 75%\">Only GIF & JPEG files that are not bigger than 30Kb can be uploaded.</td></tr><tr><td align=left><input type=file name=upfile></td></tr></form></table></p>");
    $res = mysql_query("select id, imgurl, widtheight from banner order by id asc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $id = mysql_result($res, $i, "id");
        $imgurl = mysql_result($res, $i, "imgurl");
        $widht = mysql_result($res, $i, "widtheight");
        echo("<p align=left><b>Banner #$id:</b></p><form action=/control/?y=10 method=post><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=bform value=$id><tr><td align=left><img src=$imgurl $widht border=0></td></tr><tr><td align=left><b>$imgurl</b></td></tr></form></table></p>");
    }
} elseif ($y == 11) {
    surplus();
    title();
    if (is_numeric($fform) && ereg($self_name, $HTTP_REFERER)) {
        if ($fform == 0) {
            $fquery = "insert into faq (quest, answ) values ('$quest', '$answ')";
        } elseif ($fac == 'trash') {
            $fquery = "delete from faq where id=$fform";
        } else {
            $fquery = "update faq set quest='$quest', answ='$answ' where id=$fform";
        }
        $res = mysql_query($fquery);
    }
    echo("<p align=left><b>New entry:</b></p><form action=/control/?y=11 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=0><tr><td align=right valign=top>Question:</td><td align=left><input type=text name=quest></td></tr><tr><td align=right valign=top>Answer:</td><td align=left><textarea name=answ cols=45 rows=5></textarea></td></tr></form></table></p>");
    $res = mysql_query("select * from faq order by id asc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $id = mysql_result($res, $i, "id");
        $quest = mysql_result($res, $i, "quest");
        $answ = mysql_result($res, $i, "answ");
        echo("<p align=left><b>Entry #$id:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=11 method=post><input type=hidden name=fform value=$id><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=11 method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\"style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=$id><tr><td align=right valign=top>Question:</td><td align=left><input type=text name=quest value=\"$quest\"></td></tr><tr><td align=right valign=top>Answer:</td><td align=left><textarea name=answ cols=45 rows=5>$answ</textarea></td></tr></form></table></p>");
    }
} elseif ($y == 12) {
    surplus();
    title();
    if (is_numeric($fform) && ereg($self_name, $HTTP_REFERER)) {
        if ($fform == 0) {
            $fquery = "insert into tads (text) values ('$text')";
        } elseif ($fac == 'trash') {
            $fquery = "delete from tads where id=$fform";
        } else {
            $fquery = "update tads set text='$text' where id=$fform";
        }
        $res = mysql_query($fquery);
    }
    echo("<p align=left><b>New entry:</b></p><form action=/control/?y=12 method=post><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"><p align=left><table border=0><input type=hidden name=fform value=0><tr><td align=right valign=top><tr><td align=right valign=top>Text (HTML):</td><td align=left><textarea name=text cols=45 rows=5></textarea></td></tr></form></table></p>");
    $res = mysql_query("select * from tads order by id asc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $id = mysql_result($res, $i, "id");
        $text = mysql_result($res, $i, "text");
        echo("<p align=left><b>Entry #$id:</b></p><table border=0 cellspacing=0 cellpadding=0><form action=/control/?y=12 method=post><input type=hidden name=fform value=$id><input type=hidden name=fac value=trash><tr><td><input type=submit value=\"Delete\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;</td></form><form action=/control/?y=12 method=post><td><input type=submit value=\"Save\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\">&nbsp;&nbsp;<input type=reset value=\"Reset\" style=\"color: #000000; font-size: 10pt; font-family: $fontface; font-weight: bold; border: 1px ridge #000000; background-color: $adminbutton\"></td></tr></table><p align=left><table border=0><input type=hidden name=fform value=$id><tr><td align=right valign=top>Text (HTML):</td><td align=left><textarea name=text cols=45 rows=5>$text</textarea></td></tr></form></table></p>");
    }
} elseif ($y == 13) {
    surplus();
    title();
    $res = mysql_query("select date from 7stat order by date desc");
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $arr1[] = mysql_result($res, $i);
    }
    $arr1u = array();
    for ($i = 0; $i < count($arr1); $i++) {
        if (!in_array($arr1[$i], $arr1u)) { $arr1u[] = $arr1[$i];}
    }
    $arr1u = array_slice($arr1u, 0, 7);
    $arr2 = array();
    while (list($k, $v) = each($arr1u)) {
        $res = mysql_query("select sum(num) from 7stat where date='$v'");
        $arr2[$v] = mysql_result($res, 0);
    }
    reset($arr2);
    while (list($k, $v) = each($arr2)) {
        $maxnum = $maxnum + $v;
    }
    $maxnum = round($maxnum);
    echo("<p align=left><b>Users' earned credits:</b><br><table border=0>");
    reset($arr2);
    while (list($k, $v) = each($arr2)) {
        $v = round($v);
        $px = 500 * ((($v * 100) / $maxnum) / 100);
        $px = round($px);
        echo("<tr><td>$k</td><td align=left><img src=/img/stripe.gif border=0 width=$px height=10> $v</td></tr>");
    }
    echo("</table><b>Total: $maxnum</b></p>");
    $res = mysql_query("select date from 7statsite order by date desc");
    $sarr1 = array();
    for ($i = 0; $i < mysql_num_rows($res); $i++) {
        $sarr1[] = mysql_result($res, $i);
    }
    $sarr1u = array();
    for ($i = 0; $i < count($sarr1); $i++) {
        if (!in_array($sarr1[$i], $sarr1u)) { $sarr1u[] = $sarr1[$i];}
    }
    $sarr1u = array_slice($sarr1u, 0, 7);
    $sarr2 = array();
    reset($sarr1u);
    while (list($k, $v) = each($sarr1u)) {
        $res = mysql_query("select sum(num) from 7statsite where date='$v'");
        $sarr2[$v] = mysql_result($res, 0);
    }
    $maxnum = 0;
    reset($sarr2);
    while (list($k, $v) = each($sarr2)) {
        $maxnum = $maxnum + $v;
    }
    $maxnum = round($maxnum);
    echo("<p align=left><b>Users' sites shown:</b><br><table border=0>");
    reset($sarr2);
    while (list($k, $v) = each($sarr2)) {
        $v = round($v);
        $px = 500 * ((($v * 100) / $maxnum) / 100);
        $px = round($px);
        echo("<tr><td>$k</td><td align=left><img src=/img/stripe.gif border=0 width=$px height=10> $v</td></tr>");
    }
    echo("</table><b>Total: $maxnum</b></p>");
} elseif ($y == 14) {
    title();
    unset($HTTP_SESSION_VARS);
    session_destroy();
    $time = time();
    $res = mysql_query("update admin set value='$time' where field='lastac'");
    echo("You have successfully logged out.");
}
echo("</td></tr></table></body></html>");
mysql_close;
?>