X-Git-Url: http://git.sourceforge.jp/view?p=nucleus-jp%2Fnucleus-jp-ancient.git;a=blobdiff_plain;f=utf8%2Fnucleus%2Flibs%2FADMIN.php;h=6b6e5361e69ecbe97e396b2060a191ac3216d490;hp=43be8788bedb1a4e46ec1618abd3c0ea6f12ac0b;hb=7a9ab741d74fc3e819af9b1e23a2bb6a28e00297;hpb=13827291f82dcbcbaf3815d98056ab525f8702c1

diff --git a/utf8/nucleus/libs/ADMIN.php b/utf8/nucleus/libs/ADMIN.php
index 43be878..6b6e536 100755
--- a/utf8/nucleus/libs/ADMIN.php
+++ b/utf8/nucleus/libs/ADMIN.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
+ * Copyright (C) 2002-2010 The Nucleus Group
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -13,7 +13,7 @@
  * The code for the Nucleus admin area
  *
  * @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
  * @version $Id$
  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $
  */
@@ -115,7 +115,7 @@ class ADMIN {
 		);
 /*
 		// the rest of the actions needs to be checked
-		$aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');
+		$aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');
 */
 		if (!in_array($this->action, $aActionsNotToCheck))
 		{
@@ -157,9 +157,9 @@ class ADMIN {
 		?>
 
 		<form action="index.php" method="post"><p>
-		<?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />
+		<?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />
 		<br />
-		<?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />
+		<?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />
 		<br />
 		<input name="action" value="login" type="hidden" />
 		<br />
@@ -169,7 +169,7 @@ class ADMIN {
 			<input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>
 			<br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>
 		</small>
-		<?php			// pass through vars
+		<?php		   // pass through vars
 
 			$oldaction = postVar('oldaction');
 			if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {
@@ -179,7 +179,7 @@ class ADMIN {
 
 		?>
 		</p></form>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 	}
 
 
@@ -335,18 +335,18 @@ class ADMIN {
 			$amount = intPostVar('amount');
 		else {
 			$amount = intval($CONF['DefaultListSize']);
-			if ($amount < 1) 
+			if ($amount < 1)
 				$amount = 10;
 		}
 
 		$search = postVar('search');	// search through items
 
-		$query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'
+		$query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'
 			   . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')
 			   . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;
 
 		if ($search)
-			$query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
+			$query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';
 
 		// non-blog-admins can only edit/delete their own items
 		if (!$member->blogAdminRights($blogid))
@@ -534,7 +534,7 @@ class ADMIN {
 				case 'unsetadmin':
 					// there should always remain at least one super-admin
 					$r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');
-					if (mysql_num_rows($r) < 2)
+					if (sql_num_rows($r) < 2)
 						$error = _ERROR_ATLEASTONEADMIN;
 					else
 						sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
@@ -604,7 +604,7 @@ class ADMIN {
 				case 'unsetadmin':
 					// there should always remain at least one admin
 					$r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);
-					if (mysql_num_rows($r) < 2)
+					if (sql_num_rows($r) < 2)
 						$error = _ERROR_ATLEASTONEBLOGADMIN;
 					else
 						sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
@@ -677,7 +677,7 @@ class ADMIN {
 					$error = _BATCH_UNKNOWN . htmlspecialchars($action);
 			}
 
-			echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
+			echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';
 			echo '</li>';
 		}
 
@@ -717,7 +717,7 @@ class ADMIN {
 			<input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />
 
 		</div></form>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 		exit;
 	}
 
@@ -750,7 +750,7 @@ class ADMIN {
 			<input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />
 
 		</div></form>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 		exit;
 	}
 
@@ -769,7 +769,7 @@ class ADMIN {
 			<?php $manager->addTicketHidden() ?>
 			<input type="hidden" name="batchaction" value="delete" />
 			<input type="hidden" name="confirmation" value="yes" />
-			<?php				// insert selected item numbers
+			<?php			   // insert selected item numbers
 				$idx = 0;
 				foreach ($ids as $id)
 					echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';
@@ -789,7 +789,7 @@ class ADMIN {
 			<input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />
 
 		</div></form>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 		exit;
 	}
 
@@ -805,12 +805,12 @@ class ADMIN {
 
 	/**
 	 * Inserts a HTML select element with choices for all blogs to which the user has access
-	 *		mode = 'blog' => shows blognames and values are blogids
-	 *		mode = 'category' => show category names and values are catids
+	 *	  mode = 'blog' => shows blognames and values are blogids
+	 *	  mode = 'category' => show category names and values are catids
 	 *
 	 * @param $iForcedBlogInclude
-	 *		ID of a blog that always needs to be included, without checking if the
-	 *		member is on the blog team (-1 = none)
+	 *	  ID of a blog that always needs to be included, without checking if the
+	 *	  member is on the blog team (-1 = none)
 	 * @todo document parameters
 	 */
 	function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {
@@ -826,7 +826,7 @@ class ADMIN {
 		else
 			$queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();
 		$rblogids = sql_query($queryBlogs);
-		while ($o = mysql_fetch_object($rblogids))
+		while ($o = sql_fetch_object($rblogids))
 			if ($o->bnumber != $iForcedBlogInclude)
 				$aBlogIds[] = intval($o->bnumber);
 
@@ -840,10 +840,10 @@ class ADMIN {
 		$queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';
 		$blogs = sql_query($queryBlogs);
 		if ($mode == 'category') {
-			if (mysql_num_rows($blogs) > 1)
+			if (sql_num_rows($blogs) > 1)
 				$multipleBlogs = 1;
 
-			while ($oBlog = mysql_fetch_object($blogs)) {
+			while ($oBlog = sql_fetch_object($blogs)) {
 				if ($multipleBlogs)
 					echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';
 
@@ -856,7 +856,7 @@ class ADMIN {
 
 				// 2. for each category in that blog
 				$categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');
-				while ($oCat = mysql_fetch_object($categories)) {
+				while ($oCat = sql_fetch_object($categories)) {
 					if ($oCat->catid == $selected)
 						$selectText = ' selected="selected" ';
 					else
@@ -869,7 +869,7 @@ class ADMIN {
 			}
 		} else {
 			// blog mode
-			while ($oBlog = mysql_fetch_object($blogs)) {
+			while ($oBlog = sql_fetch_object($blogs)) {
 				echo '<option value="',$oBlog->bnumber,'"';
 				if ($oBlog->bnumber == $selected)
 					echo ' selected="selected"';
@@ -902,7 +902,7 @@ class ADMIN {
 			$amount = intPostVar('amount');
 		else {
 			$amount = intval($CONF['DefaultListSize']);
-			if ($amount < 1) 
+			if ($amount < 1)
 				$amount = 10;
 		}
 
@@ -913,7 +913,7 @@ class ADMIN {
 			   . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
 
 		if ($search)
-			$query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
+			$query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';
 
 		$query .= ' ORDER BY itime DESC'
 				. " LIMIT $start,$amount";
@@ -957,7 +957,7 @@ class ADMIN {
 			$amount = intPostVar('amount');
 		else {
 			$amount = intval($CONF['DefaultListSize']);
-			if ($amount < 1) 
+			if ($amount < 1)
 				$amount = 10;
 		}
 
@@ -969,7 +969,7 @@ class ADMIN {
 		$query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;
 
 		if ($search)
-			$query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+			$query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
 
 		$query .= ' ORDER BY ctime ASC'
 				. " LIMIT $start,$amount";
@@ -1001,7 +1001,7 @@ class ADMIN {
 			$amount = intPostVar('amount');
 		else {
 			$amount = intval($CONF['DefaultListSize']);
-			if ($amount < 1) 
+			if ($amount < 1)
 				$amount = 10;
 		}
 
@@ -1011,7 +1011,7 @@ class ADMIN {
 		$query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
 
 		if ($search)
-			$query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+			$query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
 
 		$query .= ' ORDER BY ctime DESC'
 				. " LIMIT $start,$amount";
@@ -1022,7 +1022,7 @@ class ADMIN {
 		echo '<h2>', _COMMENTS_YOUR ,'</h2>';
 
 		$template['content'] = 'commentlist';
-		$template['canAddBan'] = 0;	// doesn't make sense to allow banning yourself
+		$template['canAddBan'] = 0; // doesn't make sense to allow banning yourself
 
 		$manager->loadClass("ENCAPSULATE");
 		$navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
@@ -1057,7 +1057,7 @@ class ADMIN {
 			$amount = intPostVar('amount');
 		else {
 			$amount = intval($CONF['DefaultListSize']);
-			if ($amount < 1) 
+			if ($amount < 1)
 				$amount = 10;
 		}
 
@@ -1067,7 +1067,7 @@ class ADMIN {
 		$query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
 
 		if ($search != '')
-			$query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+			$query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
 
 
 		$query .= ' ORDER BY ctime DESC'
@@ -1163,9 +1163,9 @@ class ADMIN {
 			return;
 		}
 
-		$body 	= postVar('body');
-		$title 	= postVar('title');
-		$more 	= postVar('more');
+		$body   = postVar('body');
+		$title  = postVar('title');
+		$more   = postVar('more');
 		$closed = intPostVar('closed');
 		$draftid = intPostVar('draftid');
 
@@ -1199,41 +1199,6 @@ class ADMIN {
 				$wasdraft: set to 1 when the item used to be a draft item
 				$publish: set to 1 when the edited item is not a draft
 		*/
-/*<del by shizuki>
-		switch ($actiontype) {
-			case 'adddraft':
-				$publish = 0;
-				$wasdraft = 1;
-				$timestamp = 0;
-				break;
-			case 'addfuture':
-				$wasdraft = 1;
-				$publish = 1;
-				$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
-				break;
-			case 'addnow':
-				$wasdraft = 1;
-				$publish = 1;
-				$timestamp = 0;
-				break;
-			case 'changedate':
-				$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
-				$publish = 1;
-				$wasdraft = 0;
-				break;
-			case 'backtodrafts':
-				$wasdraft = 0;
-				$publish = 0;
-				$timestamp = 0;
-				break;			
-			case 'edit':
-			default:
-				$publish = 1;
-				$wasdraft = 0;
-				$timestamp = 0;
-		}
-</del by shizuki>*/
-// <add by shizuki>
 		$blogid =  getBlogIDFromItemID($itemid);
 		$blog   =& $manager->getBlog($blogid);
 
@@ -1245,22 +1210,10 @@ class ADMIN {
 		} else {
 			$timestamp =0;
 		}
-		$doping = ($publish && $timestamp < $blog->getCorrectTime() && postVar('dosendping')) ? 1 : 0;
-// </add by shizuki>
 
 		// edit the item for real
 		ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
 
-/* <del by shizuki>
-		$blogid = getBlogIDFromItemID($itemid);
-		$blog =& $manager->getBlog($blogid);
-
-		$isFuture = 0;
-		if ($timestamp > $blog->getCorrectTime(time())) {
-			$isFuture = 1;
-		}
-
-</del by shizuki>*/
 		$this->updateFuturePosted($blogid);
 
 		if ($draftid > 0) {
@@ -1268,12 +1221,6 @@ class ADMIN {
 			ITEM::delete($draftid);
 		}
 
-//		if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {
-		if (!$closed && $doping && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0) {		//<mod by shizuki />
-			$this->action_sendping($blogid);
-			return;
-		}
-
 		// show category edit window when we created a new category
 		// ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')
 		if ($catid != intPostVar('catid')) {
@@ -1381,7 +1328,7 @@ class ADMIN {
 		$currenttime = $blog->getCorrectTime(time());
 		$result = sql_query("SELECT * FROM ".sql_table('item').
 			" WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
-		if (mysql_num_rows($result) > 0) {
+		if (sql_num_rows($result) > 0) {
 				$blog->setFuturePost();
 		}
 		else {
@@ -1483,7 +1430,7 @@ class ADMIN {
 	 * Adds a item to the chosen blog
 	 */
 	function action_additem() {
-		global $member, $manager, $CONF;
+		global $manager, $CONF;
 
 		$manager->loadClass('ITEM');
 
@@ -1494,98 +1441,16 @@ class ADMIN {
 
 		$blogid = getBlogIDFromItemID($result['itemid']);
 		$blog =& $manager->getBlog($blogid);
-/* <del by shizuki>
-		$pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
-
-		if ($result['status'] == 'newcategory')
-			$this->action_categoryedit(
-				$result['catid'],
-				$blogid,
-				$blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''
-			);
-		elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)
-			$this->action_sendping($blogid);
-		else
-			$this->action_itemlist($blogid);
-</del by shizuki>*/
-// <add by shizuki>
 		$btimestamp = $blog->getCorrectTime();
-		$bPingInfo  = ($blog->sendPing() && numberOfEventSubscriber('SendPing') > 0);
-		$item       = $manager->getItem(intval($result['itemid']), 1, 1);
-		$iPingInfo  = (!$item['draft'] && postVar('dosendping') && $item['timestamp'] < $btimestamp);
-		if ($iPingInfo && $bPingInfo) {
-			$nextAction = 'sendping';
-		} else {
-			$nextAction = 'itemlist';
-		}
+		$item	   = $manager->getItem(intval($result['itemid']), 1, 1);
+
 		if ($result['status'] == 'newcategory') {
-			$distURI = ($nextAction = 'sendping') ? $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action='
-					 . $nextAction . '&blogid=' . intval($blogid)) : 
-					   '';
+			$distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
 			$this->action_categoryedit($result['catid'], $blogid, $distURI);
 		} else {
-			$methodName = 'action_' . $nextAction;
+			$methodName = 'action_itemList';
 			call_user_func(array(&$this, $methodName), $blogid);
 		}
-//</add by shizuki>
-	}
-
-	/**
-	 * Shows a window that says we're about to ping.
-	 * immediately refresh to the real pinging page, which will
-	 * show an error, or redirect to the blog.
-	 *
-	 * @param int $blogid ID of blog for which ping needs to be sent out
-	 */
-	function action_sendping($blogid = -1) {
-		global $member, $manager;
-
-		if ($blogid == -1)
-			$blogid = intRequestVar('blogid');
-
-		$member->isLoggedIn() or $this->disallow();
-
-		$rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
-
-		$this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
-		echo _UPDATEDPING_MESSAGE;
-		?>
-		<a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>"><?php echo _UPDATEDPING_GOPINGPAGE ?></a>
-		</p>
-		<?php
-		$this->pagefoot();
-	}
-
-	/**
-	 * Sends the real ping (can take up to 10 seconds!)
-	 */
-	function action_rawping() {
-		global $manager;
-		// TODO: checks?
-
-		$blogid = intRequestVar('blogid');
-		$blog =& $manager->getBlog($blogid);
-
-		$this->pagehead();
-
-		?>
-
-		<h2><?php echo _UPDATEDPING_PINGING ?></h2>
-		<div class='note'>
-                <?php
-
-		// send sendPing event
-		$manager->notify('SendPing', array('blogid' => $blogid));
-
-                ?>
-                </div>
-
-		<ul>
-			<li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>"><?php echo _UPDATEDPING_VIEWITEM . htmlspecialchars($blog->getName())?></a></li>
-			<li><a href="<?php echo $blog->getURL()?>"><?php echo _UPDATEDPING_VISITOWNSITE ?></a></li>
-		</ul>
-
-		<?php		$this->pagefoot();
 	}
 
 	/**
@@ -1604,9 +1469,11 @@ class ADMIN {
 
 		// change <br /> to \n
 		$comment['body'] = str_replace('<br />','',$comment['body']);
-
-		$comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);
-
+		
+		// replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
+		/* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */
+		$comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#I", "\\1", $comment['body']);
+		
 		$this->pagehead();
 
 		?>
@@ -1622,7 +1489,7 @@ class ADMIN {
 		</tr><tr>
 			<td><?php echo _EDITC_WHO?></td>
 			<td>
-			<?php				if ($comment['member'])
+			<?php			   if ($comment['member'])
 					echo $comment['member'] . " (" . _EDITC_MEMBER . ")";
 				else
 					echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";
@@ -1646,7 +1513,7 @@ class ADMIN {
 		<tr>
 			<td><?php echo _EDITC_TEXT?></td>
 			<td>
-				<textarea name="body" tabindex="10" rows="10" cols="50"><?php					// htmlspecialchars not needed (things should be escaped already)
+				<textarea name="body" tabindex="10" rows="10" cols="50"><?php				   // htmlspecialchars not needed (things should be escaped already)
 					echo $comment['body'];
 				?></textarea>
 			</td>
@@ -1673,18 +1540,25 @@ class ADMIN {
 		$url = postVar('url');
 		$email = postVar('email');
 		$body = postVar('body');
-
+		
+		# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+		# original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
+		# important note that '\' must be matched with '\\\\' in preg* expressions
 		// intercept words that are too long
-		if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
+		if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
+		{
 			$this->error(_ERROR_COMMENT_LONGWORD);
-
+		}
+		
 		// check length
-		if (strlen($body)<3)
+		if (strlen($body) < 3) {
 			$this->error(_ERROR_COMMENT_NOCOMMENT);
+		}
 		if (strlen($body)>5000)
+		{
 			$this->error(_ERROR_COMMENT_TOOLONG);
-
-
+		}
+		
 		// prepare body
 		$body = COMMENT::prepareBody($body);
 
@@ -1692,13 +1566,13 @@ class ADMIN {
 		$manager->notify('PreUpdateComment',array('body' => &$body));
 
 		$query =  'UPDATE '.sql_table('comment')
-			   . " SET cmail = '" . addslashes($url) . "', cemail = '" . addslashes($email) . "', cbody = '" . addslashes($body) . "'"
+			   . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"
 			   . " WHERE cnumber=" . $commentid;
 		sql_query($query);
 
 		// get itemid
 		$res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
-		$o = mysql_fetch_object($res);
+		$o = sql_fetch_object($res);
 		$itemid = $o->citem;
 
 		if ($member->canAlterItem($itemid))
@@ -1761,7 +1635,7 @@ class ADMIN {
 
 		// get item id first
 		$res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
-		$o = mysql_fetch_object($res);
+		$o = sql_fetch_object($res);
 		$itemid = $o->citem;
 
 		$error = $this->deleteOneComment($commentid);
@@ -1837,7 +1711,7 @@ class ADMIN {
 				<td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
 				<br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
 				</td>
-				<td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
+				<td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>
 			</tr><tr>
 				<td><?php echo _MEMBERS_REALNAME?></td>
 				<td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>
@@ -1919,7 +1793,7 @@ class ADMIN {
 			</td>
 			<td>
 			<?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>
-				<input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
+				<input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />
 			<?php } else {
 				echo htmlspecialchars($member->getDisplayName());
 			   }
@@ -1965,20 +1839,26 @@ class ADMIN {
 
 				<select name="deflang" tabindex="85">
 					<option value=""><?php echo _MEMBERS_USESITELANG?></option>
-				<?php				// show a dropdown list of all available languages
+				<?php			   // show a dropdown list of all available languages
 				global $DIR_LANG;
 				$dirhandle = opendir($DIR_LANG);
-				while ($filename = readdir($dirhandle)) {
-					if (ereg("^(.*)\.php$",$filename,$matches)) {
+				while ($filename = readdir($dirhandle))
+				{
+					# replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+					# original ereg: ereg("^(.*)\.php$", $filename, $matches)
+					if (preg_match('#^(.*)\.php$#', $filename, $matches) )
+					{
 						$name = $matches[1];
-						echo "<option value='$name'";
-						if ($name == $mem->getLanguage())
-							echo " selected='selected'";
+						echo "<option value=\"$name\"";
+						if ($name == $mem->getLanguage() )
+						{
+							echo " selected=\"selected\"";
+						}
 						echo ">$name</option>";
 					}
 				}
 				closedir($dirhandle);
-
+				
 				?>
 				</select>
 
@@ -2025,20 +1905,23 @@ class ADMIN {
 		// check if allowed
 		($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
 
-		$name			= trim(strip_tags(postVar('name')));
-		$realname		= trim(strip_tags(postVar('realname')));
-		$password		= postVar('password');
-		$repeatpassword	= postVar('repeatpassword');
-		$email			= strip_tags(postVar('email'));
+		$name		   = trim(strip_tags(postVar('name')));
+		$realname	   = trim(strip_tags(postVar('realname')));
+		$password	   = postVar('password');
+		$repeatpassword = postVar('repeatpassword');
+		$email		  = strip_tags(postVar('email'));
 		$url			= strip_tags(postVar('url'));
 
-		// Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
-		if (!eregi("^https?://", $url))
-			$url = "http://".$url;
-
-		$admin			= postVar('admin');
-		$canlogin		= postVar('canlogin');
-		$notes			= strip_tags(postVar('notes'));
+		# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+		# original eregi: !eregi("^https?://", $url)
+		// begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
+		if (!preg_match('#^https?://#', $url) )
+		{
+			$url = "http://" . $url;
+		}
+		$admin		  = postVar('admin');
+		$canlogin	   = postVar('canlogin');
+		$notes		  = strip_tags(postVar('notes'));
 		$deflang		= postVar('deflang');
 
 		$mem = MEMBER::createFromID($memberid);
@@ -2056,6 +1939,15 @@ class ADMIN {
 
 			if ($password && (strlen($password) < 6))
 				$this->error(_ERROR_PASSWORDTOOSHORT);
+
+			if ($password) {
+				$pwdvalid = true;
+				$pwderror = '';
+				$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
+				if (!$pwdvalid) {
+					$this->error($pwderror);
+				}
+			}
 		}
 
 		if (!isValidMailAddress($email))
@@ -2070,12 +1962,12 @@ class ADMIN {
 
 		// check if there will remain at least one site member with both the logon and admin rights
 		// (check occurs when taking away one of these rights from such a member)
-		if (    (!$admin && $mem->isAdmin() && $mem->canLogin())
+		if (	(!$admin && $mem->isAdmin() && $mem->canLogin())
 			 || (!$canlogin && $mem->isAdmin() && $mem->canLogin())
 		   )
 		{
 			$r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
-			if (mysql_num_rows($r) < 2)
+			if (sql_num_rows($r) < 2)
 				$this->error(_ERROR_ATLEASTONEADMIN);
 		}
 
@@ -2100,7 +1992,7 @@ class ADMIN {
 			$mem->setCanLogin($canlogin);
 		}
 
-		$autosave = postVar ('autosave'); 
+		$autosave = postVar ('autosave');
 		$mem->setAutosave($autosave);
 
 		$mem->write();
@@ -2275,7 +2167,7 @@ class ADMIN {
 	 * @author dekarma
 	 */
 	function action_activatesetpwd() {
-
+		
 		$key = postVar('key');
 
 		// clean up old activation keys
@@ -2292,17 +2184,25 @@ class ADMIN {
 		if (!$mem)
 			return $this->_showActivationPage($key, _ERROR_ACTIVATE);
 
-		$password 		= postVar('password');
-		$repeatpassword	= postVar('repeatpassword');
+		$password	   = postVar('password');
+		$repeatpassword = postVar('repeatpassword');
 
 		if ($password != $repeatpassword)
 			return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
 
 		if ($password && (strlen($password) < 6))
 			return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
-
+		
+		if ($password) {
+			$pwdvalid = true;
+			$pwderror = '';
+			global $manager;
+			$manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
+			if (!$pwdvalid) {
+				return $this->_showActivationPage($key,$pwderror);
+			}
+		}
 		$error = '';
-		global $manager;
 		$manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
 		if ($error != '')
 			return $this->_showActivationPage($key, $error);
@@ -2364,7 +2264,7 @@ class ADMIN {
 
 			<table><tr>
 				<td><?php echo _TEAM_CHOOSEMEMBER?></td>
-				<td><?php					// TODO: try to make it so only non-team-members are listed
+				<td><?php				   // TODO: try to make it so only non-team-members are listed
 					$query =  'SELECT mname as text, mnumber as value'
 						   . ' FROM '.sql_table('member');
 
@@ -2471,7 +2371,7 @@ class ADMIN {
 			return _ERROR_DISALLOWED;
 
 		// check if: - there remains at least one blog admin
-		//           - (there remains at least one team member)
+		//		   - (there remains at least one team member)
 		$tmem = MEMBER::createFromID($memberid);
 
 		$manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
@@ -2481,14 +2381,14 @@ class ADMIN {
 			// (check for at least two admins before deletion)
 			$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
 			$r = sql_query($query);
-			if (mysql_num_rows($r) < 2)
+			if (sql_num_rows($r) < 2)
 				return _ERROR_ATLEASTONEBLOGADMIN;
 		}
 
 		$query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
 		sql_query($query);
 
-		$manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
+		$manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
 
 		return '';
 	}
@@ -2510,7 +2410,7 @@ class ADMIN {
 		// don't allow when there is only one admin at this moment
 		if ($mem->isBlogAdmin($blogid)) {
 			$r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
-			if (mysql_num_rows($r) == 1)
+			if (sql_num_rows($r) == 1)
 				$this->error(_ERROR_ATLEASTONEBLOGADMIN);
 		}
 
@@ -2551,11 +2451,11 @@ class ADMIN {
 
 		<h3><?php echo _EBLOG_TEAM_TITLE?></h3>
 
-		<p>Members currently on your team:
+		<p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>
 		<?php
 			$res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));
 			$aMemberNames = array();
-			while ($o = mysql_fetch_object($res))
+			while ($o = sql_fetch_object($res))
 				array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');
 			echo implode(',', $aMemberNames);
 		?>
@@ -2625,7 +2525,7 @@ class ADMIN {
 		 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>
 	  </tr><tr>
 			<td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>
-			<td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
+			<td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>
 		</tr><tr>
 			<td><?php echo _EBLOG_NOTIFY_ON?></td>
 			<td>
@@ -2642,15 +2542,6 @@ class ADMIN {
 				/><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
 			</td>
 		</tr><tr>
-		<?php
-		if (numberOfEventSubscriber('SendPing') > 0) {
-		?>
-			<td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>
-			<td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>
-		</tr><tr>
-		<?php
-		}
-		?>
 			<td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
 			<td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>
 		</tr><tr>
@@ -2757,13 +2648,13 @@ class ADMIN {
 		if (!isValidCategoryName($cname))
 			$this->error(_ERROR_BADCATEGORYNAME);
 
-		$query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
+		$query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);
 		$res = sql_query($query);
-		if (mysql_num_rows($res) > 0)
+		if (sql_num_rows($res) > 0)
 			$this->error(_ERROR_DUPCATEGORYNAME);
 
-		$blog 		=& $manager->getBlog($blogid);
-		$newCatID	=  $blog->createNewCategory($cname, $cdesc);
+		$blog	   =& $manager->getBlog($blogid);
+		$newCatID   =  $blog->createNewCategory($cname, $cdesc);
 
 		$this->action_blogsettings();
 	}
@@ -2786,7 +2677,7 @@ class ADMIN {
 		$member->blogAdminRights($blogid) or $this->disallow();
 
 		$res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
-		$obj = mysql_fetch_object($res);
+		$obj = sql_fetch_object($res);
 
 		$cname = $obj->cname;
 		$cdesc = $obj->cdesc;
@@ -2847,14 +2738,14 @@ class ADMIN {
 		if (!isValidCategoryName($cname))
 			$this->error(_ERROR_BADCATEGORYNAME);
 
-		$query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
+		$query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
 		$res = sql_query($query);
-		if (mysql_num_rows($res) > 0)
+		if (sql_num_rows($res) > 0)
 			$this->error(_ERROR_DUPCATEGORYNAME);
 
 		$query =  'UPDATE '.sql_table('category').' SET'
-			   . " cname='" . addslashes($cname) . "',"
-			   . " cdesc='" . addslashes($cdesc) . "'"
+			   . " cname='" . sql_real_escape_string($cname) . "',"
+			   . " cdesc='" . sql_real_escape_string($cdesc) . "'"
 			   . " WHERE catid=" . $catid;
 
 		sql_query($query);
@@ -2897,7 +2788,7 @@ class ADMIN {
 		// check if catid is the only category left for blogid
 		$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
 		$res = sql_query($query);
-		if (mysql_num_rows($res) == 1)
+		if (sql_num_rows($res) == 1)
 			$this->error(_ERROR_DELETELASTCATEGORY);
 
 
@@ -2946,8 +2837,6 @@ class ADMIN {
 
 		$catid = intval($catid);
 
-		$manager->notify('PreDeleteCategory', array('catid' => $catid));
-
 		$blogid = getBlogIDFromCatID($catid);
 
 		if (!$member->blogAdminRights($blogid))
@@ -2969,9 +2858,11 @@ class ADMIN {
 		// check if catid is the only category left for blogid
 		$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
 		$res = sql_query($query);
-		if (mysql_num_rows($res) == 1)
+		if (sql_num_rows($res) == 1)
 			return _ERROR_DELETELASTCATEGORY;
 
+		$manager->notify('PreDeleteCategory', array('catid' => $catid));
+
 		// change category for all items to the default category
 		$query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
 		sql_query($query);
@@ -3032,7 +2923,7 @@ class ADMIN {
 		// update comments table (cblog)
 		$query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
 		$items = sql_query($query);
-		while ($oItem = mysql_fetch_object($items)) {
+		while ($oItem = sql_fetch_object($items)) {
 			sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
 		}
 
@@ -3067,16 +2958,16 @@ class ADMIN {
 
 		$blog =& $manager->getBlog($blogid);
 
-		$notify			= trim(postVar('notify'));
-		$shortname		= trim(postVar('shortname'));
-		$updatefile		= trim(postVar('update'));
+		$notify		 = trim(postVar('notify'));
+		$shortname	  = trim(postVar('shortname'));
+		$updatefile	 = trim(postVar('update'));
 
-		$notifyComment	= intPostVar('notifyComment');
-		$notifyVote		= intPostVar('notifyVote');
-		$notifyNewItem	= intPostVar('notifyNewItem');
+		$notifyComment  = intPostVar('notifyComment');
+		$notifyVote	 = intPostVar('notifyVote');
+		$notifyNewItem  = intPostVar('notifyNewItem');
 
 		if ($notifyComment == 0)	$notifyComment = 1;
-		if ($notifyVote == 0)		$notifyVote = 1;
+		if ($notifyVote == 0)	   $notifyVote = 1;
 		if ($notifyNewItem == 0)	$notifyNewItem = 1;
 
 		$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
@@ -3111,7 +3002,6 @@ class ADMIN {
 		$blog->setDefaultSkin(intPostVar('defskin'));
 		$blog->setDescription(trim(postVar('desc')));
 		$blog->setPublic(postVar('public'));
-		$blog->setPingUserland(postVar('sendping'));
 		$blog->setConvertBreaks(intPostVar('convertbreaks'));
 		$blog->setAllowPastPosting(intPostVar('allowpastposting'));
 		$blog->setDefaultCategory(intPostVar('defcat'));
@@ -3284,7 +3174,7 @@ class ADMIN {
 
 		/* unlink comments from memberid */
 		if ($memberid) {
-			$query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName())
+			$query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())
 				   .'" WHERE cmember='.$memberid;
 			sql_query($query);
 		}
@@ -3365,7 +3255,7 @@ class ADMIN {
 						   . ' FROM '.sql_table('skin_desc');
 					$template['name'] = 'defskin';
 					$template['tabindex'] = 50;
-					$template['selected'] = $CONF['BaseSkin'];	// set default selected skin to be globally defined base skin
+					$template['selected'] = $CONF['BaseSkin'];  // set default selected skin to be globally defined base skin
 					showlist($query,'select',$template);
 				?>
 			</td>
@@ -3399,11 +3289,11 @@ class ADMIN {
 		// Only Super-Admins can do this
 		$member->isAdmin() or $this->disallow();
 
-		$bname			= trim(postVar('name'));
-		$bshortname		= trim(postVar('shortname'));
+		$bname		  = trim(postVar('name'));
+		$bshortname	 = trim(postVar('shortname'));
 		$btimeoffset	= postVar('timeoffset');
-		$bdesc			= trim(postVar('desc'));
-		$bdefskin		= postVar('defskin');
+		$bdesc		  = trim(postVar('desc'));
+		$bdefskin	   = postVar('defskin');
 
 		if (!isValidShortName($bshortname))
 			$this->error(_ERROR_BADSHORTBLOGNAME);
@@ -3414,7 +3304,7 @@ class ADMIN {
 		$manager->notify(
 			'PreAddBlog',
 			array(
-				'name'        => &$bname,
+				'name'		=> &$bname,
 				'shortname'   => &$bshortname,
 				'timeoffset'  => &$btimeoffset,
 				'description' => &$bdesc,
@@ -3424,21 +3314,25 @@ class ADMIN {
 
 
 		// add slashes for sql queries
-		$bname       = addslashes($bname);
-		$bshortname  = addslashes($bshortname);
-		$btimeoffset = addslashes($btimeoffset);
-		$bdesc       = addslashes($bdesc);
-		$bdefskin    = addslashes($bdefskin);
+		$bname	   = sql_real_escape_string($bname);
+		$bshortname  = sql_real_escape_string($bshortname);
+		$btimeoffset = sql_real_escape_string($btimeoffset);
+		$bdesc	   = sql_real_escape_string($bdesc);
+		$bdefskin	= sql_real_escape_string($bdefskin);
 
 		// create blog
 		$query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";
 		sql_query($query);
-		$blogid	= mysql_insert_id();
-		$blog	=& $manager->getBlog($blogid);
+		$blogid = sql_insert_id();
+		$blog   =& $manager->getBlog($blogid);
 
 		// create new category
-		sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");
-		$catid = mysql_insert_id();
+		$catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
+		$catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
+		$sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
+		sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));
+//		sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");
+		$catid = sql_insert_id();
 
 		// set as default category
 		$blog->setDefaultCategory($catid);
@@ -3448,10 +3342,15 @@ class ADMIN {
 		$memberid = $member->getID();
 		$query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";
 		sql_query($query);
-
-
-		$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
-
+		
+		$itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
+		$itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
+		
+		$blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
+		//$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
+		
+		
+		
 		$manager->notify(
 			'PostAddBlog',
 			array(
@@ -3462,10 +3361,10 @@ class ADMIN {
 		$manager->notify(
 			'PostAddCategory',
 			array(
-				'blog'        => &$blog,
-				'name'        => _EBLOGDEFAULTCATEGORY_NAME,
+				'blog'		=> &$blog,
+				'name'		=> _EBLOGDEFAULTCATEGORY_NAME,
 				'description' => _EBLOGDEFAULTCATEGORY_DESC,
-				'catid'       => $catid
+				'catid'	   => $catid
 			)
 		);
 
@@ -3476,13 +3375,13 @@ class ADMIN {
 		<p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p>
 
 		<ol>
-			<li><a href="#index_php"><?php sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></code></a></li>
-			<li><a href="#skins"><?php _BLOGCREATED_ADVANCEDWAY ?></a></li>
+			<li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li>
+			<li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li>
 		</ol>
 
-		<h3><a id="index_php"><?php sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3>
+		<h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3>
 
-		<p><?php sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p>
+		<p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p>
 <pre><code>&lt;?php
 
 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>';
@@ -3528,7 +3427,7 @@ selector();
 			</tr></table>
 		</div></form>
 
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 
 	}
 
@@ -3540,8 +3439,8 @@ selector();
 
 		$member->blogAdminRights($blogid) or $this->disallow();
 
-		$burl	= requestVar('url');
-		$blogid	= intRequestVar('blogid');
+		$burl   = requestVar('url');
+		$blogid = intRequestVar('blogid');
 
 		$blog =& $manager->getBlog($blogid);
 		$blog->setURL(trim($burl));
@@ -3569,7 +3468,7 @@ selector();
 		<h2><?php echo _SKINIE_TITLE_IMPORT?></h2>
 
 				<p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label>
-				<?php					global $DIR_SKINS;
+				<?php				   global $DIR_SKINS;
 
 					$candidates = SKINIMPORT::searchForCandidates($DIR_SKINS);
 
@@ -3580,7 +3479,7 @@ selector();
 								<?php $manager->addTicketHidden() ?>
 								<input type="hidden" name="mode" value="file" />
 								<select name="skinfile" id="skinie_import_local">
-								<?php									foreach ($candidates as $skinname => $skinfile) {
+								<?php								   foreach ($candidates as $skinname => $skinfile) {
 										$html = htmlspecialchars($skinfile);
 										echo '<option value="',$html,'">',$skinname,'</option>';
 									}
@@ -3588,7 +3487,7 @@ selector();
 								</select>
 								<input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />
 							</div></form>
-						<?php					} else {
+						<?php				   } else {
 						echo _SKINIE_NOCANDIDATES;
 					}
 				?>
@@ -3616,9 +3515,9 @@ selector();
 			<table><tr>
 				<th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th>
 			</tr><tr>
-	<?php		// show list of skins
+	<?php	   // show list of skins
 		$res = sql_query('SELECT * FROM '.sql_table('skin_desc'));
-		while ($skinObj = mysql_fetch_object($res)) {
+		while ($skinObj = sql_fetch_object($res)) {
 			$id = 'skinexp' . $skinObj->sdnumber;
 			echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']"  id="',$id,'" />';
 			echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>';
@@ -3630,7 +3529,7 @@ selector();
 
 		// show list of templates
 		$res = sql_query('SELECT * FROM '.sql_table('template_desc'));
-		while ($templateObj = mysql_fetch_object($res)) {
+		while ($templateObj = sql_fetch_object($res)) {
 			$id = 'templateexp' . $templateObj->tdnumber;
 			echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />';
 			echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>';
@@ -3666,7 +3565,7 @@ selector();
 		include_once($DIR_LIBS . 'skinie.php');
 
 		$skinFileRaw= postVar('skinfile');
-		$mode 		= postVar('mode');
+		$mode	   = postVar('mode');
 
 		$importer =& new SKINIMPORT();
 
@@ -3688,7 +3587,7 @@ selector();
 		// clashes
 		$skinNameClashes = $importer->checkSkinNameClashes();
 		$templateNameClashes = $importer->checkTemplateNameClashes();
-		$hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes)	> 0);
+		$hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
 
 		if ($error) $this->error($error);
 
@@ -3747,7 +3646,7 @@ selector();
 		include_once($DIR_LIBS . 'skinie.php');
 
 		$skinFileRaw= postVar('skinfile');
-		$mode		= postVar('mode');
+		$mode	   = postVar('mode');
 
 		$allowOverwrite = intPostVar('overwrite');
 
@@ -3788,7 +3687,7 @@ selector();
 			<li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>
 		</ul>
 
-	<?php		$this->pagefoot();
+	<?php	   $this->pagefoot();
 
 	}
 
@@ -3881,7 +3780,7 @@ selector();
 		$member->isAdmin() or $this->disallow();
 
 		$extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';
-		$extrahead .= '<script type="text/javascript">setTemplateEditText("'.addslashes(_EDITTEMPLATE_EMPTY).'");</script>';
+		$extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>';
 
 		$this->pagehead($extrahead);
 
@@ -3896,7 +3795,7 @@ selector();
 
 		<h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo  htmlspecialchars($templatename); ?>'</h2>
 
-		<?php					if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
+		<?php				   if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
 		?>
 
 		<p><?php echo _TEMPLATE_EDIT_MSG?></p>
@@ -4003,7 +3902,7 @@ selector();
 				$this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0);
 			}
 		}
-?>			
+?>
 		</tr><tr>
 			<th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>
 		</tr><tr>
@@ -4025,11 +3924,12 @@ selector();
 	 */
 	function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
 		static $count = 1;
+		if (!isset($template[$name])) $template[$name] = '';
 	?>
 		</tr><tr>
 			<td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>
 			<td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  htmlspecialchars($template[$name]); ?></textarea></td>
-	<?php		$count++;
+	<?php	   $count++;
 	}
 
 	/**
@@ -4052,8 +3952,8 @@ selector();
 			$this->error(_ERROR_DUPTEMPLATENAME);
 
 
-		$name = addslashes($name);
-		$desc = addslashes($desc);
+		$name = sql_real_escape_string($name);
+		$desc = sql_real_escape_string($desc);
 
 		// 1. Remove all template parts
 		$query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid;
@@ -4119,8 +4019,8 @@ selector();
 	 * @todo document this
 	 */
 	function addToTemplate($id, $partname, $content) {
-		$partname = addslashes($partname);
-		$content = addslashes($content);
+		$partname = sql_real_escape_string($partname);
+		$content = sql_real_escape_string($content);
 
 		$id = intval($id);
 
@@ -4129,8 +4029,8 @@ selector();
 
 		$query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) "
 			   . "VALUES ($id, '$partname', '$content')";
-		sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . mysql_error());
-		return mysql_insert_id();
+		sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
+		return sql_insert_id();
 	}
 
 	/**
@@ -4241,7 +4141,7 @@ selector();
 		// 3. create clone
 		// go through parts of old template and add them to the new one
 		$res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
-		while ($o = mysql_fetch_object($res)) {
+		while ($o = sql_fetch_object($res)) {
 			$this->addToTemplate($newid, $o->tpartname, $o->tcontent);
 		}
 
@@ -4362,12 +4262,12 @@ selector();
 		echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n";
 		echo '</form>' . "\r\n";
 
-		if ($res && mysql_num_rows($res) > 0) {
+		if ($res && sql_num_rows($res) > 0) {
 			echo '<ul>';
 			$tabstart = 75;
 
-			while ($row = mysql_fetch_assoc($res)) {
-				echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>';
+			while ($row = sql_fetch_assoc($res)) {
+				echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">'._LISTS_DELETE.'</a>)</li>';
 			}
 
 			echo '</ul>';
@@ -4406,7 +4306,7 @@ selector();
 		</form>
 
 
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 	}
 
 	/**
@@ -4472,7 +4372,7 @@ selector();
 
 		<h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>
 
-		<?php			if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
+		<?php		   if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
 		?>
 
 
@@ -4503,7 +4403,7 @@ selector();
 
 		<br /><br />
 		<?php echo _SKIN_ALLOWEDVARS?>
-		<?php			$actions = SKIN::getAllowedActionsForType($type);
+		<?php		   $actions = SKIN::getAllowedActionsForType($type);
 
 			sort($actions);
 
@@ -4561,7 +4461,7 @@ selector();
 		// don't allow deletion of default skins for blogs
 		$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
 		$r = sql_query($query);
-		if ($o = mysql_fetch_object($r))
+		if ($o = sql_fetch_object($r))
 			$this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));
 
 		$this->pagehead();
@@ -4604,7 +4504,7 @@ selector();
 		// don't allow deletion of default skins for blogs
 		$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
 		$r = sql_query($query);
-		if ($o = mysql_fetch_object($r))
+		if ($o = sql_fetch_object($r))
 			$this->error(_ERROR_SKINDEFDELETE .$o->bname);
 
 		$manager->notify('PreDeleteSkin', array('skinid' => $skinid));
@@ -4741,7 +4641,7 @@ selector();
 
 		$query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;
 		$res = sql_query($query);
-		while ($row = mysql_fetch_assoc($res)) {
+		while ($row = sql_fetch_assoc($res)) {
 			$this->skinclonetype($skin, $newid, $row['stype']);
 		}
 
@@ -4756,7 +4656,7 @@ selector();
 		$newid = intval($newid);
 		$content = $skin->getContent($type);
 		if ($content) {
-			$query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". addslashes($content)."', '". addslashes($type)."')";
+			$query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')";
 			sql_query($query);
 		}
 	}
@@ -4835,15 +4735,21 @@ selector();
 			<td>
 
 				<select name="Language" tabindex="10050">
-				<?php				// show a dropdown list of all available languages
+				<?php			   // show a dropdown list of all available languages
 				global $DIR_LANG;
 				$dirhandle = opendir($DIR_LANG);
-				while ($filename = readdir($dirhandle)) {
-					if (ereg("^(.*)\.php$",$filename,$matches)) {
+				while ($filename = readdir($dirhandle) )
+				{
+					# replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+					# original ereg: ereg("^(.*)\.php$",$filename,$matches)
+					if (preg_match('#^(.*)\.php$#', $filename, $matches) )
+					{
 						$name = $matches[1];
-						echo "<option value='$name'";
+						echo "<option value=\"$name\"";
 						if ($name == $CONF['Language'])
-							echo " selected='selected'";
+						{
+							echo " selected=\"selected\"";
+						}
 						echo ">$name</option>";
 					}
 				}
@@ -4885,7 +4791,7 @@ selector();
 			</td>
 			<td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>
 				<select name="DisableJsTools" tabindex="10075">
-			<?php					$extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';
+			<?php				   $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';
 					echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>";
 					$extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : '';
 					echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>";
@@ -4911,14 +4817,14 @@ selector();
 					   <td><?php
 
 						$this->input_yesno('DebugVars',$CONF['DebugVars'],10078);
-						
+
 							 ?>
 
 					   </td>
 		</tr><tr>
 			<td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td>
 			<td>
-			<?php 
+			<?php
 				if (!array_key_exists('DefaultListSize',$CONF)) {
 					sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')");
 					$CONF['DefaultListSize'] = 10;
@@ -4932,7 +4838,7 @@ selector();
 			<td><?php echo _SETTINGS_MEDIADIR?></td>
 			<td><?php echo  htmlspecialchars($DIR_MEDIA) ?>
 				<i><?php echo _SETTINGS_SEECONFIGPHP?></i>
-				<?php			    	if (!is_dir($DIR_MEDIA))
+				<?php				   if (!is_dir($DIR_MEDIA))
 						echo "<br /><b>" . _WARNING_NOTADIR . "</b>";
 					if (!is_readable($DIR_MEDIA))
 						echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>";
@@ -5060,39 +4966,39 @@ selector();
 
 
 		// save settings
-		$this->updateConfig('DefaultBlog',		postVar('DefaultBlog'));
-		$this->updateConfig('BaseSkin',			postVar('BaseSkin'));
-		$this->updateConfig('IndexURL',			postVar('IndexURL'));
-		$this->updateConfig('AdminURL',			postVar('AdminURL'));
+		$this->updateConfig('DefaultBlog',	  postVar('DefaultBlog'));
+		$this->updateConfig('BaseSkin',		 postVar('BaseSkin'));
+		$this->updateConfig('IndexURL',		 postVar('IndexURL'));
+		$this->updateConfig('AdminURL',		 postVar('AdminURL'));
 		$this->updateConfig('PluginURL',		postVar('PluginURL'));
-		$this->updateConfig('SkinsURL',			postVar('SkinsURL'));
+		$this->updateConfig('SkinsURL',		 postVar('SkinsURL'));
 		$this->updateConfig('ActionURL',		postVar('ActionURL'));
-		$this->updateConfig('Language',			postVar('Language'));
-		$this->updateConfig('AdminEmail',		postVar('AdminEmail'));
+		$this->updateConfig('Language',		 postVar('Language'));
+		$this->updateConfig('AdminEmail',	   postVar('AdminEmail'));
 		$this->updateConfig('SessionCookie',	postVar('SessionCookie'));
 		$this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
-		$this->updateConfig('AllowMemberMail',	postVar('AllowMemberMail'));
+		$this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));
 		$this->updateConfig('NonmemberMail',	postVar('NonmemberMail'));
-		$this->updateConfig('ProtectMemNames',	postVar('ProtectMemNames'));
-		$this->updateConfig('SiteName',			postVar('SiteName'));
+		$this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));
+		$this->updateConfig('SiteName',		 postVar('SiteName'));
 		$this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
-		$this->updateConfig('DisableSite',		postVar('DisableSite'));
-		$this->updateConfig('DisableSiteURL',	postVar('DisableSiteURL'));
+		$this->updateConfig('DisableSite',	  postVar('DisableSite'));
+		$this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));
 		$this->updateConfig('LastVisit',		postVar('LastVisit'));
-		$this->updateConfig('MediaURL',			postVar('MediaURL'));
-		$this->updateConfig('AllowedTypes',		postVar('AllowedTypes'));
-		$this->updateConfig('AllowUpload',		postVar('AllowUpload'));
+		$this->updateConfig('MediaURL',		 postVar('MediaURL'));
+		$this->updateConfig('AllowedTypes',	 postVar('AllowedTypes'));
+		$this->updateConfig('AllowUpload',	  postVar('AllowUpload'));
 		$this->updateConfig('MaxUploadSize',	postVar('MaxUploadSize'));
-		$this->updateConfig('MediaPrefix',		postVar('MediaPrefix'));
-		$this->updateConfig('AllowLoginEdit',	postVar('AllowLoginEdit'));
-		$this->updateConfig('DisableJsTools',	postVar('DisableJsTools'));
-		$this->updateConfig('CookieDomain',		postVar('CookieDomain'));
-		$this->updateConfig('CookiePath',		postVar('CookiePath'));
-		$this->updateConfig('CookieSecure',		postVar('CookieSecure'));
-		$this->updateConfig('URLMode',			postVar('URLMode'));
-		$this->updateConfig('CookiePrefix',		postVar('CookiePrefix'));
+		$this->updateConfig('MediaPrefix',	  postVar('MediaPrefix'));
+		$this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));
+		$this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));
+		$this->updateConfig('CookieDomain',	 postVar('CookieDomain'));
+		$this->updateConfig('CookiePath',	   postVar('CookiePath'));
+		$this->updateConfig('CookieSecure',	 postVar('CookieSecure'));
+		$this->updateConfig('URLMode',		  postVar('URLMode'));
+		$this->updateConfig('CookiePrefix',	 postVar('CookiePrefix'));
 		$this->updateConfig('DebugVars',		postVar('DebugVars'));
-		$this->updateConfig('DefaultListSize',	postVar('DefaultListSize'));
+		$this->updateConfig('DefaultListSize',  postVar('DefaultListSize'));
 
 		// load new config and redirect (this way, the new language will be used is necessary)
 		// note that when changing cookie settings, this redirect might cause the user
@@ -5105,7 +5011,7 @@ selector();
 
 	/**
 	 *  Give an overview over the used system
-	 */	
+	 */
 	function action_systemoverview() {
 		global $member, $nucleus, $CONF;
 
@@ -5127,7 +5033,7 @@ selector();
 			echo "\t\t" . '<td>' . phpversion() . "</td>\n";
 			echo "\t</tr><tr>\n";
 			echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n";
-			echo "\t\t" . '<td>' . mysql_get_server_info() . ' (' . mysql_get_client_info() . ')' . "</td>\n";
+			echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n";
 			echo "\t</tr>";
 			echo "</table>\n";
 
@@ -5144,7 +5050,7 @@ selector();
 			$mqr = get_magic_quotes_runtime() ? 'On' : 'Off';
 			echo "\t\t" . '<td>' . $mqr . "</td>\n";
 			echo "\t</tr><tr>\n";
-			echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n";
+			echo "\t\t" . '<td>register_globals' . "</td>\n";
 			$rg = ini_get('register_globals') ? 'On' : 'Off';
 			echo "\t\t" . '<td>' . $rg . "</td>\n";
 			echo "\t</tr>";
@@ -5179,14 +5085,14 @@ selector();
 			echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n";
 			echo "\t</tr><tr>\n";
 			echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n";
-			$modrewrite = (strstr($im, 'mod_rewrite') != '') ? 
+			$modrewrite = (strstr($im, 'mod_rewrite') != '') ?
 						_ADMIN_SYSTEMOVERVIEW_ENABLE :
 						_ADMIN_SYSTEMOVERVIEW_DISABLE;
 			echo "\t\t" . '<td>' . $modrewrite . "</td>\n";
 			echo "\t</tr>\n";
 			echo "</table>\n";
 
-			// Information about the used Nucleus CMS 
+			// Information about the used Nucleus CMS
 			echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n";
 			global $nucleus;
 			$nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')';
@@ -5211,6 +5117,9 @@ selector();
 			echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n";
 			echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n";
 			echo "\t</tr><tr>\n";
+			echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n";
+			echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n";
+			echo "\t</tr><tr>\n";
 			echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n";
 			$ohs = $CONF['alertOnHeadersSent'] ?
 						_ADMIN_SYSTEMOVERVIEW_ENABLE :
@@ -5236,7 +5145,7 @@ selector();
 		else {
 			echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN;
 		}
-		
+
 		$this->pagefoot();
 	}
 
@@ -5244,15 +5153,15 @@ selector();
 	 * @todo document this
 	 */
 	function updateConfig($name, $val) {
-		$name = addslashes($name);
-		$val = trim(addslashes($val));
+		$name = sql_real_escape_string($name);
+		$val = trim(sql_real_escape_string($val));
 
 		$query = 'UPDATE '.sql_table('config')
 			   . " SET value='$val'"
 			   . " WHERE name='$name'";
 
-		sql_query($query) or die("Query error: " . mysql_error());
-		return mysql_insert_id();
+		sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
+		return sql_insert_id();
 	}
 
 	/**
@@ -5263,7 +5172,7 @@ selector();
 		$this->pagehead();
 		?>
 		<h2>Error!</h2>
-		<?php		echo $msg;
+		<?php	   echo $msg;
 		echo "<br />";
 		echo "<a href='index.php' onclick='history.back()'>"._BACK."</a>";
 		$this->pagefoot();
@@ -5316,13 +5225,14 @@ selector();
 			<?php echo $extrahead?>
 		</head>
 		<body>
+		<div id="adminwrapper">
 		<div class="header">
 		<h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1>
 		</div>
 		<div id="container">
 		<div id="content">
 		<div class="loginname">
-		<?php			if ($member->isLoggedIn())
+		<?php		   if ($member->isLoggedIn())
 				echo _LOGGEDINAS . ' ' . $member->getDisplayName()
 					." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>"
 					. "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";
@@ -5335,10 +5245,19 @@ selector();
 
 			$codenamestring = ($nucleus['codename']!='')? ' &quot;'.$nucleus['codename'].'&quot;':'';
 
-			if ($member->isLoggedIn() && $member->isAdmin())
-				echo '<a href="http://nucleuscms.org/version.php?v=',getNucleusVersion(),'&amp;pl=',getNucleusPatchLevel(),'" title="Check for upgrade">Nucleus CMS ', $nucleus['version'], $codenamestring, '</a>';
-			else
-				echo 'Nucleus CMS ', $nucleus['version'], $codenamestring;
+			if ($member->isLoggedIn() && $member->isAdmin()) {
+				$checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
+				echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';
+				$newestVersion = getLatestVersion();
+				$newestCompare = str_replace('/','.',$newestVersion);
+				$newestCompare = intval($newestCompare);
+				$currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);
+				if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) {
+					echo '<br /><a style="color:red" href="http://nucleuscms.org/upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>';
+				}
+			} else {
+				echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;
+			}
 			echo ')';
 		echo '</div>';
 	}
@@ -5363,7 +5282,7 @@ selector();
 				<li><a href="index.php?action=overview"><?php echo  _BACKHOME?></a></li>
 				<li><a href='index.php?action=logout'><?php echo  _LOGOUT?></a></li>
 			</ul>
-			<?php		}
+			<?php	   }
 		?>
 			<div class="foot">
 				<a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> &copy; 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?>
@@ -5375,7 +5294,7 @@ selector();
 
 			<div id="quickmenu">
 
-				<?php				// ---- user settings ----
+				<?php			   // ---- user settings ----
 				if (($action != 'showlogin') && ($member->isLoggedIn())) {
 					echo '<ul>';
 					echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>';
@@ -5426,11 +5345,11 @@ selector();
 						echo '<ul>';
 						echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>';
 						echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>';
+						echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>';
 						echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>';
 						echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>';
 						echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>';
 						echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>';
-						echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>';
 						echo '</ul>';
 
 						echo '<h2>',_QMENU_LAYOUT,'</h2>';
@@ -5471,12 +5390,14 @@ selector();
 			</div>
 
 			<!-- content / quickmenu container -->
+			<div class="clear"></div>	<!-- new -->
 			</div>
 
-
+			<!-- adminwrapper -->	<!-- new -->
+			</div>	 <!-- new -->
 			</body>
 			</html>
-		<?php	}
+		<?php   }
 
 	/**
 	 * @todo document this
@@ -5814,7 +5735,7 @@ selector();
 
 		</form>
 
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 	}
 
 	/**
@@ -5823,12 +5744,12 @@ selector();
 	function action_banlistadd() {
 		global $member;
 
-		$blogid = 		intPostVar('blogid');
-		$allblogs = 	postVar('allblogs');
-		$iprange = 		postVar('iprange');
+		$blogid =	   intPostVar('blogid');
+		$allblogs =	 postVar('allblogs');
+		$iprange =	  postVar('iprange');
 		if ($iprange == "custom")
 			$iprange = postVar('customiprange');
-		$reason = 		postVar('reason');
+		$reason =	   postVar('reason');
 
 		$member->blogAdminRights($blogid) or $this->disallow();
 
@@ -5915,7 +5836,7 @@ selector();
 			<br /><?php echo _RESTORE_WARNING?>
 		</p></form>
 
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 	}
 
 	/**
@@ -5965,7 +5886,7 @@ selector();
 		$this->pagehead();
 		?>
 		<h2><?php echo _RESTORE_COMPLETE?></h2>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 
 	}
 
@@ -5984,7 +5905,7 @@ selector();
 
 		echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>';
 
-		echo '<h3>' , _PLUGS_TITLE_INSTALLED , '</h3>';
+		echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' &nbsp;&nbsp;<span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>';
 
 
 		$query =  'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC';
@@ -6005,23 +5926,31 @@ selector();
 			</div></form>
 
 			<h3><?php echo _PLUGS_TITLE_NEW?></h3>
-
-			<?php				// find a list of possibly non-installed plugins
+			
+			<?php
+			// find a list of possibly non-installed plugins
 				$candidates = array();
 				global $DIR_PLUGINS;
 				$dirhandle = opendir($DIR_PLUGINS);
-				while ($filename = readdir($dirhandle)) {
-					if (ereg('^NP_(.*)\.php$',$filename,$matches)) {
+				while ($filename = readdir($dirhandle) )
+				{
+					# replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+					# original ereg: ereg('^NP_(.*)\.php$',$filename,$matches)
+					if (preg_match('#^NP_(.*)\.php$#', $filename, $matches) )
+					{
 						$name = $matches[1];
 						// only show in list when not yet installed
-						$res = sql_query('SELECT * FROM '.sql_table('plugin').' WHERE pfile="NP_'.addslashes($name).'"');
-						if (mysql_num_rows($res) == 0)
-							array_push($candidates,$name);
+						$res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE `pfile` = "NP_' . sql_real_escape_string($name) . '"');
+						if (sql_num_rows($res) == 0)
+						{
+							array_push($candidates, $name);
+						}
 					}
 				}
 				closedir($dirhandle);
-
-				if (sizeof($candidates) > 0) {
+				
+				if (sizeof($candidates) > 0)
+				{
 			?>
 
 			<p><?php echo _PLUGS_ADD_TEXT?></p>
@@ -6031,14 +5960,20 @@ selector();
 				<input type='hidden' name='action' value='pluginadd' />
 				<?php $manager->addTicketHidden() ?>
 				<select name="filename" tabindex="30">
-				<?php					foreach($candidates as $name)
-						echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';
+				<?php	
+				foreach($candidates as $name)
+				{
+					echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';
+				}
 				?>
 				</select>
 				<input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' />
 			</div></form>
 
-		<?php			} else {	// sizeof(candidates) == 0
+		<?php
+				}
+				else
+				{
 				echo '<p>',_PLUGS_NOCANDIDATES,'</p>';
 			}
 
@@ -6099,7 +6034,7 @@ selector();
 
 		// get number of currently installed plugins
 		$res = sql_query('SELECT * FROM '.sql_table('plugin'));
-		$numCurrent = mysql_num_rows($res);
+		$numCurrent = sql_num_rows($res);
 
 		// plugin will be added as last one in the list
 		$newOrder = $numCurrent + 1;
@@ -6112,9 +6047,9 @@ selector();
 		);
 
 		// do this before calling getPlugin (in case the plugin id is used there)
-		$query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")';
+		$query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';
 		sql_query($query);
-		$iPid = mysql_insert_id();
+		$iPid = sql_insert_id();
 
 		$manager->clearCachedInfo('installedPlugins');
 
@@ -6154,7 +6089,7 @@ selector();
 		{
 
 			$res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
-			if (mysql_num_rows($res) == 0)
+			if (sql_num_rows($res) == 0)
 			{
 				// uninstall plugin again...
 				$this->deleteOnePlugin($plugin->getID());
@@ -6181,7 +6116,7 @@ selector();
 	 * @todo document this
 	 */
 	function action_pluginupdate() {
-		global $member, $manager;
+		global $member, $manager, $CONF;
 
 		// check if allowed
 		$member->isAdmin() or $this->disallow();
@@ -6191,18 +6126,18 @@ selector();
 
 		// loop over all installed plugins
 		$res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
-		while($o = mysql_fetch_object($res)) {
+		while($o = sql_fetch_object($res)) {
 			$pid = $o->pid;
 			$plug =& $manager->getPlugin($o->pfile);
 			if ($plug)
 			{
 				$eventList = $plug->getEventList();
 				foreach ($eventList as $eventName)
-					sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')');
+					sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');
 			}
 		}
 
-		redirect('?action=pluginlist');
+		redirect($CONF['AdminURL'] . '?action=pluginlist');
 //		$this->action_pluginlist();
 	}
 
@@ -6232,14 +6167,15 @@ selector();
 			<input type="hidden" name="plugid" value="<?php echo $pid; ?>" />
 			<input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
 			</div></form>
-		<?php		$this->pagefoot();
+		<?php
+		$this->pagefoot();
 	}
 
 	/**
 	 * @todo document this
 	 */
 	function action_plugindeleteconfirm() {
-		global $member, $manager;
+		global $member, $manager, $CONF;
 
 		// check if allowed
 		$member->isAdmin() or $this->disallow();
@@ -6251,7 +6187,7 @@ selector();
 			$this->error($error);
 		}
 
-		redirect('?action=pluginlist');
+		redirect($CONF['AdminURL'] . '?action=pluginlist');
 //		$this->action_pluginlist();
 	}
 
@@ -6276,7 +6212,7 @@ selector();
 
 		// check dependency before delete
 		$res = sql_query('SELECT pfile FROM '.sql_table('plugin'));
-		while($o = mysql_fetch_object($res)) {
+		while($o = sql_fetch_object($res)) {
 			$plug =& $manager->getPlugin($o->pfile);
 			if ($plug)
 			{
@@ -6306,7 +6242,7 @@ selector();
 		// get OIDs from plugin_option_desc
 		$res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
 		$aOIDs = array();
-		while ($o = mysql_fetch_object($res)) {
+		while ($o = sql_fetch_object($res)) {
 			array_push($aOIDs, $o->oid);
 		}
 
@@ -6317,7 +6253,7 @@ selector();
 
 		// update order numbers
 		$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);
-		$o = mysql_fetch_object($res);
+		$o = sql_fetch_object($res);
 		sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);
 
 		// delete row
@@ -6333,7 +6269,7 @@ selector();
 	 * @todo document this
 	 */
 	function action_pluginup() {
-		global $member, $manager;
+		global $member, $manager, $CONF;
 
 		// check if allowed
 		$member->isAdmin() or $this->disallow();
@@ -6345,7 +6281,7 @@ selector();
 
 		// 1. get old order number
 		$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
-		$o = mysql_fetch_object($res);
+		$o = sql_fetch_object($res);
 		$oldOrder = $o->porder;
 
 		// 2. calculate new order number
@@ -6357,14 +6293,14 @@ selector();
 
 		//$this->action_pluginlist();
 		// To avoid showing ticket in the URL, redirect to pluginlist, instead.
-		redirect('?action=pluginlist');
+		redirect($CONF['AdminURL'] . '?action=pluginlist');
 	}
 
 	/**
 	 * @todo document this
 	 */
 	function action_plugindown() {
-		global $member, $manager;
+		global $member, $manager, $CONF;
 
 		// check if allowed
 		$member->isAdmin() or $this->disallow();
@@ -6375,11 +6311,11 @@ selector();
 
 		// 1. get old order number
 		$res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
-		$o = mysql_fetch_object($res);
+		$o = sql_fetch_object($res);
 		$oldOrder = $o->porder;
 
 		$res = sql_query('SELECT * FROM '.sql_table('plugin'));
-		$maxOrder = mysql_num_rows($res);
+		$maxOrder = sql_num_rows($res);
 
 		// 2. calculate new order number
 		$newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
@@ -6390,7 +6326,7 @@ selector();
 
 		//$this->action_pluginlist();
 		// To avoid showing ticket in the URL, redirect to pluginlist, instead.
-		redirect('?action=pluginlist');
+		redirect($CONF['AdminURL'] . '?action=pluginlist');
 	}
 
 	/**
@@ -6430,7 +6366,7 @@ selector();
 		$aOIDs = array();
 		$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC';
 		$r = sql_query($query);
-		while ($o = mysql_fetch_object($r)) {
+		while ($o = sql_fetch_object($r)) {
 			array_push($aOIDs, $o->oid);
 			$aOptions[$o->oid] = array(
 						'oid' => $o->oid,
@@ -6445,7 +6381,7 @@ selector();
 		// fill out actual values
 		if (count($aOIDs) > 0) {
 			$r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')');
-			while ($o = mysql_fetch_object($r))
+			while ($o = sql_fetch_object($r))
 				$aOptions[$o->oid]['value'] = $o->ovalue;
 		}
 
@@ -6460,7 +6396,7 @@ selector();
 		?>
 			</div>
 			</form>
-		<?php		$this->pagefoot();
+		<?php	   $this->pagefoot();
 
 
 
@@ -6496,16 +6432,16 @@ selector();
 		// (note: this might contain doubles for overlapping contextids)
 		$aIdToValue = array();
 		$res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
-		while ($o = mysql_fetch_object($res)) {
+		while ($o = sql_fetch_object($res)) {
 			$aIdToValue[$o->oid] = $o->ovalue;
 		}
 
 		// get list of oids per pid
 		$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin')
-			   . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC';
+			   . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC';
 		$res = sql_query($query);
 		$aOptions = array();
-		while ($o = mysql_fetch_object($res)) {
+		while ($o = sql_fetch_object($res)) {
 			if (in_array($o->oid, array_keys($aIdToValue)))
 				$value = $aIdToValue[$o->oid];
 			else
@@ -6535,20 +6471,19 @@ selector();
 			// new plugin?
 			if ($iPrevPid != $aOption['pid']) {
 				$iPrevPid = $aOption['pid'];
-
-				echo '<tr><th colspan="2">Options for ', htmlspecialchars($aOption['pfile']),'</th></tr>';
+				if (!defined('_PLUGIN_OPTIONS_TITLE')) {
+					define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');
+				}
+				echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>';
 			}
-
-			$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
+			
+			$meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);
 			if (@$meta['access'] != 'hidden') {
 				echo '<tr>';
 				listplug_plugOptionRow($aOption);
 				echo '</tr>';
 			}
-
 		}
-
-
 	}
 
 	/**
@@ -6564,7 +6499,7 @@ selector();
 
 		if ($name=="admin") {
 			echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';
-	   	} else {
+		} else {
 			echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';
 		}