'; echo 'click here'; } else { header('Location: '.$url); } exit; } elseif ($clickheatConf['viewerLogin'] !== '' && $_POST['login'] === $clickheatConf['viewerLogin'] && md5($_POST['pass']) === $clickheatConf['viewerPass']) { /* Set a session cookie */ setcookie('clickheat', $clickheatConf['viewerLogin'].'||'.$clickheatConf['viewerPass'], 0, '/'); /* Redirect to index.php */ header('Content-Type: text/html'); /* IIS removes cookies when sending a 301/302 header, so we need to do some crap (and yes, this HTML code is crap too) */ if (strpos($_SERVER['SERVER_SOFTWARE'], 'IIS')) { echo ''; echo 'click here'; } else { header('Location: '.CLICKHEAT_INDEX_PATH.'action=view'); } exit; } } $__action = 'login'; } } if (!defined('CLICKHEAT_ADMIN')) { define('CLICKHEAT_ADMIN', false); } /* Specific definitions */ $clickheatConf['__screenSizes'] = array(0 /* Must start with 0 */, 240, 640, 800, 1024, 1152, 1280, 1440, 1600, 1800); $clickheatConf['__browsersList'] = array('all' => '', 'msie' => 'Internet Explorer', 'firefox' => 'Firefox', 'chrome' => 'Chrome', 'safari' => 'Safari', 'opera' => 'Opera', 'unknown' => ''); switch ($__action) { case 'config': { if (file_exists(CLICKHEAT_CONFIG) && CLICKHEAT_ADMIN !== true) { exit('Error'); } /* No break here */ } case 'check': case 'view': case 'login': { header('Content-Type: text/html; charset=utf-8'); include CLICKHEAT_ROOT.'header.php'; include CLICKHEAT_ROOT.$__action.'.php'; include CLICKHEAT_ROOT.'footer.php'; break; } case 'generate': case 'layout': case 'javascript': case 'latest': case 'cleaner': { header('Content-Type: text/html; charset=utf-8'); include CLICKHEAT_ROOT.$__action.'.php'; break; } case 'iframe': { $group = isset($_GET['group']) ? str_replace('/', '', $_GET['group']) : ''; if (is_dir($clickheatConf['logPath'].$group)) { $webPage = array('/'); if (file_exists($clickheatConf['logPath'].$group.'/url.txt')) { $f = fopen($clickheatConf['logPath'].$group.'/url.txt', 'r'); if ($f !== false) { $webPage = explode('>', trim(fgets($f, 1024))); fclose($f); } } echo $webPage[0]; } break; } case 'png': { $imagePath = $clickheatConf['cachePath'].(isset($_GET['file']) ? str_replace('/', '', $_GET['file']) : '**unknown**'); header('Content-Type: image/png'); if (file_exists($imagePath)) { readfile($imagePath); } else { readfile(CLICKHEAT_ROOT.'images/warning.png'); } break; } case 'layoutupdate': { if (CLICKHEAT_ADMIN !== true) { exit('Error'); } $group = isset($_GET['group']) ? str_replace('/', '', $_GET['group']) : ''; $url = isset($_GET['url']) ? $_GET['url'] : ''; if (strpos($url, 'http') !== 0) { $url = 'http://'.$_SERVER['SERVER_NAME'].'/'.ltrim($url, '/'); } /* Improved security for PHP injection (PMV2.3b3 bug) */ $url = parse_url(str_replace(array('<', '>'), array('', ''), $url)); $left = isset($_GET['left']) ? (int) $_GET['left'] : 0; $center = isset($_GET['center']) ? (int) $_GET['center'] : 0; $right = isset($_GET['right']) ? (int) $_GET['right'] : 0; if (!is_dir($clickheatConf['logPath'].$group) || !isset($url['host']) || !isset($url['path'])) { exit('Error'); } if ($url['scheme'] !== 'http' && $url['scheme'] !== 'https') { $url['scheme'] = 'http'; } if (isset($url['query'])) { $url = $url['scheme'].'://'.$url['host'].$url['path'].'?'.$url['query']; } else { $url = $url['scheme'].'://'.$url['host'].$url['path']; } $f = fopen($clickheatConf['logPath'].$group.'/url.txt', 'w'); fputs($f, $url.'>'.$left.'>'.$center.'>'.$right); fclose($f); echo 'OK'; break; } case 'logout': { setcookie('clickheat', '', time() - 30 * 86400, '/'); /* IIS removes cookies when sending a 301/302 header, so we need to do some crap (and yes, this HTML code is crap too) */ if (strpos($_SERVER['SERVER_SOFTWARE'], 'IIS')) { echo ''; echo 'click here'; } else { header('Location: index.php'); } exit; break; } default: { header('HTTP/1.0 404 Not Found'); exit('Error, page not found'); break; } }