0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
0
+ − 6
Author: Dan Fuhry
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 7
Version: 1.0.1
0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 13
* Version 1.0.1 (Loch Ness)
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
+ − 38
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 39
));
+ − 40
');
+ − 41
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 42
// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 43
require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 44
0
+ − 45
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 46
+ − 47
function page_Admin_Home() {
+ − 48
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 49
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 50
{
+ − 51
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 52
return;
+ − 53
}
+ − 54
+ − 55
// Basic information
+ − 56
echo RenderMan::render(
+ − 57
'== Welcome to Runt, the Enano administration panel. ==
+ − 58
+ − 59
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 60
+ − 61
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 62
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 63
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 64
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 67
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 68
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 69
0
+ − 70
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 71
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 72
{
+ − 73
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 74
}
+ − 75
+ − 76
// Inactive users
+ − 77
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 78
if($q)
+ − 79
if($db->numrows() > 0)
+ − 80
{
+ − 81
$n = $db->numrows();
+ − 82
if($n == 1) $s = $n . ' user is';
+ − 83
else $s = $n . ' users are';
+ − 84
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 85
}
+ − 86
$db->free_result();
+ − 87
// Stats
+ − 88
if(getConfig('log_hits') == '1')
+ − 89
{
+ − 90
$stats = stats_top_pages(10);
61
+ − 91
//die('<pre>'.print_r($stats,true).'</pre>');
0
+ − 92
$c = 0;
+ − 93
$cls = 'row2';
+ − 94
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
61
+ − 95
foreach($stats as $data)
0
+ − 96
{
61
+ − 97
echo '<tr>';
+ − 98
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 99
echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';
+ − 100
echo '</tr>';
0
+ − 101
}
+ − 102
echo '</table></div>';
+ − 103
}
+ − 104
+ − 105
// Security log
+ − 106
echo '<h3>Security log</h3>';
+ − 107
echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
+ − 108
$cls = 'row2';
+ − 109
echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
20
+ − 110
require('config.php');
+ − 111
$hash = md5($dbpasswd);
+ − 112
unset($dbname, $dbhost, $dbuser, $dbpasswd);
+ − 113
unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 114
if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
0
+ − 115
{
20
+ − 116
echo '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
0
+ − 117
}
+ − 118
else
+ − 119
{
20
+ − 120
if(isset($_GET['fulllog']))
+ − 121
{
+ − 122
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
+ − 123
}
+ − 124
else
+ − 125
{
+ − 126
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5';
+ − 127
}
+ − 128
$q = $db->sql_query($l);
+ − 129
while($r = $db->fetchrow())
+ − 130
{
+ − 131
if($cls == 'row2') $cls = 'row1';
+ − 132
else $cls = 'row2';
+ − 133
echo '<tr><td class="'.$cls.'">';
+ − 134
switch($r['action']) {
+ − 135
case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break;
+ − 136
case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break;
+ − 137
case "activ_good": echo 'Successful account activation'; break;
+ − 138
case "auth_good": echo 'Successful regular user logon'; break;
+ − 139
case "activ_bad": echo 'Failed account activation'; break;
+ − 140
case "auth_bad": echo 'Failed regular user logon'; break;
+ − 141
case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
+ − 142
case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
+ − 143
case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 144
case "upgrade_enano": echo "Upgraded Enano to version {$r['page_text']}"; break;
20
+ − 145
}
+ − 146
echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
+ − 147
}
+ − 148
$db->free_result();
0
+ − 149
}
+ − 150
echo '</table></div>';
+ − 151
if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&fulllog\'); return false;">Full security log</a></p>';
+ − 152
+ − 153
}
+ − 154
+ − 155
function page_Admin_GeneralConfig() {
+ − 156
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 157
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 158
{
+ − 159
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 160
return;
+ − 161
}
+ − 162
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 163
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 164
{
0
+ − 165
+ − 166
// Global site options
+ − 167
setConfig('site_name', $_POST['site_name']);
+ − 168
setConfig('site_desc', $_POST['site_desc']);
+ − 169
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 170
setConfig('copyright_notice', $_POST['copyright']);
+ − 171
setConfig('contact_email', $_POST['contact_email']);
+ − 172
+ − 173
// Wiki mode
+ − 174
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 175
else setConfig('wiki_mode', '0');
+ − 176
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 177
else setConfig('wiki_mode_require_login', '0');
+ − 178
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 179
else setConfig('wiki_edit_notice', '0');
+ − 180
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 181
+ − 182
// Stats
+ − 183
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 184
else setConfig('log_hits', '0');
+ − 185
+ − 186
// Disablement
+ − 187
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 188
else setConfig('site_disabled', '0');
+ − 189
+ − 190
// Account activation
+ − 191
setConfig('account_activation', $_POST['account_activation']);
+ − 192
+ − 193
// W3C compliance buttons
+ − 194
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 195
else setConfig("w3c_vh32", "0");
+ − 196
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 197
else setConfig("w3c_vh40", "0");
+ − 198
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 199
else setConfig("w3c_vh401", "0");
+ − 200
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 201
else setConfig("w3c_vxhtml10", "0");
+ − 202
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 203
else setConfig("w3c_vxhtml11", "0");
+ − 204
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 205
else setConfig("w3c_vcss", "0");
+ − 206
+ − 207
// SourceForge.net logo
+ − 208
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 209
else setConfig('sflogo_enabled', '0');
+ − 210
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 211
setConfig('sflogo_type', $_POST['sflogo']);
+ − 212
+ − 213
// Comment options
+ − 214
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 215
else setConfig('approve_comments', '0');
+ − 216
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 217
else setConfig('enable_comments', '0');
+ − 218
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 219
+ − 220
// Powered by link
+ − 221
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 222
else setConfig('powered_btn', '0');
+ − 223
+ − 224
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 225
else setConfig('dbd_button', '0');
+ − 226
+ − 227
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 228
else setConfig('smtp_enabled', '1');
+ − 229
+ − 230
setConfig('smtp_server', $_POST['smtp_host']);
+ − 231
setConfig('smtp_user', $_POST['smtp_user']);
+ − 232
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 233
+ − 234
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 235
+ − 236
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 237
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 238
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 239
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 240
}
0
+ − 241
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 242
?>
+ − 243
<div class="tblholder">
+ − 244
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 245
+ − 246
<!-- Global options -->
+ − 247
+ − 248
<tr><th colspan="2">Global site options</th></tr>
+ − 249
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 250
40
+ − 251
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ − 252
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ − 253
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ − 254
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
0
+ − 255
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 256
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 257
+ − 258
<!-- Wiki mode -->
+ − 259
+ − 260
<tr><th colspan="2">Wiki mode</th></tr>
+ − 261
+ − 262
<tr>
+ − 263
<td class="row3" rowspan="2">
+ − 264
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 265
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 266
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 267
</td>
+ − 268
<td class="row1">
+ − 269
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 270
</td>
+ − 271
</tr>
+ − 272
+ − 273
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 274
+ − 275
<tr>
+ − 276
<td class="row3" rowspan="2">
+ − 277
<b>Edit page notice</b><br />
+ − 278
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 279
</td>
+ − 280
<td class="row1">
+ − 281
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 282
</td>
+ − 283
</tr>
+ − 284
+ − 285
<tr>
+ − 286
<td class="row2">
+ − 287
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 288
</td>
+ − 289
</tr>
+ − 290
+ − 291
<!-- Site statistics -->
+ − 292
+ − 293
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 294
+ − 295
<tr>
+ − 296
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 297
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 298
</tr>
+ − 299
+ − 300
<!-- Comment options -->
+ − 301
+ − 302
<tr><th colspan="2">Comment system</th></tr>
+ − 303
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 304
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 305
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 306
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 307
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 308
+ − 309
<!--
+ − 310
+ − 311
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 312
permissions, select The Entire Website in any permissions editor window.
+ − 313
+ − 314
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 315
+ − 316
<tr>
+ − 317
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 318
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 319
</tr>
+ − 320
+ − 321
-->
+ − 322
+ − 323
<!-- enanocms.org link -->
+ − 324
+ − 325
<tr>
+ − 326
<th colspan="2">Promote Enano</th>
+ − 327
</tr>
+ − 328
<tr>
+ − 329
<td class="row3">
+ − 330
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 331
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 332
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 333
using this link.
+ − 334
</td>
+ − 335
<td class="row1">
+ − 336
<label>
36
+ − 337
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar
0
+ − 338
</label>
+ − 339
</td>
+ − 340
</tr>
+ − 341
+ − 342
<!-- Site disablement -->
+ − 343
+ − 344
<tr><th colspan="2">Disable all site access</th></tr>
+ − 345
+ − 346
<tr>
+ − 347
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 348
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 349
</tr>
+ − 350
<tr>
+ − 351
<td class="row2">
30
+ − 352
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
0
+ − 353
Message to show to users:<br />
+ − 354
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 355
</div>
+ − 356
</td>
+ − 357
</tr>
+ − 358
+ − 359
<!-- Account activation -->
+ − 360
+ − 361
<tr><th colspan="2">User account activation</th></tr>
+ − 362
+ − 363
<tr>
+ − 364
<td class="row3" colspan="2">
+ − 365
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 366
You may also disable registration completely if needed.<br /><br />
+ − 367
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 368
</td>
+ − 369
</tr>
+ − 370
+ − 371
<tr>
+ − 372
<td class="row1">Account activation:</td><td class="row1">
+ − 373
<?php
+ − 374
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
+ − 375
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
+ − 376
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 377
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 378
?>
+ − 379
</td>
+ − 380
</tr>
+ − 381
+ − 382
<!-- E-mail options -->
+ − 383
+ − 384
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 385
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 386
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 387
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 388
</tr>
+ − 389
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 390
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 391
</tr>
+ − 392
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 393
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 394
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 395
</tr>
+ − 396
+ − 397
<!-- SourceForge.net logo -->
+ − 398
+ − 399
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 400
+ − 401
<tr>
+ − 402
<td colspan="2" class="row3">
+ − 403
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 404
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 405
</td>
+ − 406
</tr>
+ − 407
+ − 408
<?php
+ − 409
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 410
else $c='';
+ − 411
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 412
else $g='';
+ − 413
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 414
else $t='1';
+ − 415
?>
+ − 416
+ − 417
<tr>
+ − 418
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 419
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 420
</tr>
+ − 421
+ − 422
<tr>
+ − 423
<td class="row2">Group ID:</td>
+ − 424
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 425
</tr>
+ − 426
+ − 427
<tr>
+ − 428
<td class="row1">Logo style:</td>
+ − 429
<td class="row1">
+ − 430
<select name="sflogo">
+ − 431
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 432
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 433
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 434
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 435
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 436
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 437
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 438
</select>
+ − 439
</td>
+ − 440
</tr>
+ − 441
+ − 442
<!-- W3C validator buttons -->
+ − 443
+ − 444
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 445
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 446
+ − 447
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 448
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 449
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 450
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 451
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 452
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 453
+ − 454
<!-- DefectiveByDesign.org ad -->
+ − 455
+ − 456
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 457
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 458
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 459
+ − 460
<!-- Save button -->
+ − 461
+ − 462
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 463
+ − 464
</table>
+ − 465
</div>
+ − 466
</form>
+ − 467
<?php
+ − 468
}
+ − 469
+ − 470
function page_Admin_UploadConfig()
+ − 471
{
+ − 472
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 473
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 474
{
+ − 475
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 476
return;
+ − 477
}
+ − 478
+ − 479
if(isset($_POST['save']))
+ − 480
{
+ − 481
if(isset($_POST['enable_uploads'])) setConfig('enable_uploads', '1'); else setConfig('enable_uploads', '0');
+ − 482
if(isset($_POST['enable_imagemagick'])) setConfig('enable_imagemagick', '1'); else setConfig('enable_imagemagick', '0');
+ − 483
if(isset($_POST['cache_thumbs'])) setConfig('cache_thumbs', '1'); else setConfig('cache_thumbs', '0');
+ − 484
if(isset($_POST['file_history'])) setConfig('file_history', '1'); else setConfig('file_history', '0');
+ − 485
if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']);
+ − 486
else echo '<span style="color: red"><b>Warning:</b> the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.</span>';
+ − 487
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 488
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 489
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 490
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 491
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 492
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 493
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 494
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 495
}
0
+ − 496
}
+ − 497
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 498
?>
+ − 499
<h3>File upload configuration</h3>
+ − 500
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 501
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 502
and executable files can sometimes be uploaded.</p>
+ − 503
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 504
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 505
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 506
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 507
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 508
large images many times can cost you quite a lot of bandwidth.</p>
+ − 509
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 510
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 511
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 512
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 513
</p>
+ − 514
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 515
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 516
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 517
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 518
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 519
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 520
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 521
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 522
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 523
enabled unless you have less than 250MB of MySQL database space.</p>
+ − 524
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
+ − 525
<hr style="margin-left: 1em;" />
+ − 526
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 527
<?php
+ − 528
echo '</form>';
+ − 529
}
+ − 530
+ − 531
function page_Admin_PluginManager() {
+ − 532
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 533
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 534
{
+ − 535
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 536
return;
+ − 537
}
+ − 538
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 539
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 540
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 541
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 542
{
0
+ − 543
case "enable":
+ − 544
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 545
break;
+ − 546
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 547
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 548
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 549
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 550
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 551
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 552
if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 553
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 554
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 555
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 556
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 557
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 558
echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>');
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 559
}
0
+ − 560
break;
+ − 561
}
+ − 562
}
+ − 563
$dir = './plugins/';
+ − 564
$plugin_list = Array();
+ − 565
$system = Array();
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 566
$show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 567
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 568
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 569
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 570
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 571
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 572
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 573
{
0
+ − 574
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 575
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 576
unset($thelist);
0
+ − 577
if ( in_array($file, $plugins->system_plugins) )
+ − 578
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 579
if ( !$show_system )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 580
continue;
0
+ − 581
$thelist =& $system;
+ − 582
}
+ − 583
else
+ − 584
{
+ − 585
$thelist =& $plugin_list;
+ − 586
}
+ − 587
$f = file_get_contents($dir . $file);
+ − 588
$f = explode("\n", $f);
+ − 589
$f = array_slice($f, 2, 7);
+ − 590
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 591
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 592
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 593
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 594
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 595
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 596
$thelist[$file] = Array();
+ − 597
$thelist[$file]['name'] = $f[0];
+ − 598
$thelist[$file]['uri'] = $f[1];
+ − 599
$thelist[$file]['desc'] = $f[2];
+ − 600
$thelist[$file]['auth'] = $f[3];
+ − 601
$thelist[$file]['vers'] = $f[4];
+ − 602
$thelist[$file]['aweb'] = $f[5];
+ − 603
}
+ − 604
}
+ − 605
closedir($dh);
+ − 606
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 608
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 609
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 610
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 611
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 612
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 613
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 614
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 615
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 616
return;
0
+ − 617
}
+ − 618
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 619
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 620
$plugin_files_1 = array_keys($plugin_list);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 621
$plugin_files_2 = array_keys($system);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 622
$plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
0
+ − 623
$cls = 'row2';
+ − 624
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 625
{
+ − 626
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 627
$this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]];
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 628
$is_system = ( $system[$plugin_files[$i]] );
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 629
$bgcolor = '';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 630
if ( $is_system && $cls == 'row2' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 631
$bgcolor = ' style="background-color: #FFD8D8;"';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 632
else if ( $is_system && $cls == 'row3' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 633
$bgcolor = ' style="background-color: #FFD0D0;"';
0
+ − 634
echo '<tr>
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 635
<td class="'.$cls.'"'.$bgcolor.'>'.$plugin_files[$i].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 636
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['uri'].'">'.$this_plugin['name'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 637
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['desc'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 638
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['aweb'].'">'.$this_plugin['auth'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 639
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['vers'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 640
<td class="'.$cls.'"'.$bgcolor.'>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 641
if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
0
+ − 642
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 643
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 644
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 645
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 646
}
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 647
else
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 648
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 649
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 650
}
0
+ − 651
}
+ − 652
else
+ − 653
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 654
echo '[System]';
0
+ − 655
}
+ − 656
echo '</td></tr>';
+ − 657
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 658
$showhide_link = ( $show_system ) ?
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 659
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' :
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 660
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ;
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 661
echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
0
+ − 662
echo '</table></div>';
+ − 663
}
+ − 664
+ − 665
function page_Admin_UploadAllowedMimeTypes()
+ − 666
{
+ − 667
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 668
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 669
{
+ − 670
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 671
return;
+ − 672
}
+ − 673
+ − 674
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 675
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 676
{
+ − 677
$bits = '';
+ − 678
$keys = array_keys($mime_types);
+ − 679
foreach($keys as $i => $k)
+ − 680
{
+ − 681
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 682
else $bits .= '0';
+ − 683
}
+ − 684
$bits = compress_bitfield($bits);
+ − 685
setConfig('allowed_mime_types', $bits);
+ − 686
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 687
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 688
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 689
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 690
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 691
}
0
+ − 692
$allowed = fetch_allowed_extensions();
+ − 693
?>
+ − 694
<h3>Allowed file types</h3>
+ − 695
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 696
<?php
+ − 697
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 698
$c = -1;
+ − 699
$t = -1;
+ − 700
$cl = 'row1';
+ − 701
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
+ − 702
foreach($mime_types as $e => $m)
+ − 703
{
+ − 704
$c++;
+ − 705
$t++;
+ − 706
if($c == 3)
+ − 707
{
+ − 708
$c = 0;
+ − 709
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 710
echo '</tr>'."\n".' <tr>'."\n ";
+ − 711
}
+ − 712
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 713
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 714
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 715
}
+ − 716
while($c < 2)
+ − 717
{
+ − 718
$c++;
+ − 719
echo " <td class='{$cl}'></td>\n ";
+ − 720
}
+ − 721
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 722
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 723
echo '</form>';
+ − 724
?>
+ − 725
<?php
+ − 726
}
+ − 727
+ − 728
function page_Admin_Sidebar()
+ − 729
{
+ − 730
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 731
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 732
{
+ − 733
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 734
return;
+ − 735
}
+ − 736
+ − 737
?>
+ − 738
<h2>Editing and managing the Enano sidebar</h2>
+ − 739
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 740
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 741
markup language.
+ − 742
</p>
+ − 743
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 744
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 745
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 746
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 747
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 748
external sites.</p>
+ − 749
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 750
<pre>{slider=Navigation}
+ − 751
[[Main Page|Home]]
+ − 752
[[Enano:Sidebar|Edit the sidebar]]
+ − 753
{/slider}</pre>
+ − 754
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 755
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 756
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 757
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 758
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 759
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 760
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 761
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 762
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 763
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 764
<pre>{slider=$USERNAME}
+ − 765
[[User:$USERNAME|User page]]
+ − 766
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 767
{if user_logged_in}
+ − 768
[[Special:Preferences|Preferences]]
+ − 769
$THEME_LINK
+ − 770
{/if}
+ − 771
{if auth_admin}
+ − 772
[[Special:Administration|Administration]]
+ − 773
{/if}
+ − 774
{if user_logged_in}
+ − 775
$LOGOUT_LINK
+ − 776
{/if}
+ − 777
{!if user_logged_in}
+ − 778
Create an account
+ − 779
Log in
+ − 780
{/if}
+ − 781
{/slider}</pre>
+ − 782
<?php
+ − 783
}
+ − 784
+ − 785
function page_Admin_UserManager() {
+ − 786
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 787
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 788
{
+ − 789
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 790
return;
+ − 791
}
+ − 792
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 793
if(isset($_POST['go']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 794
{
0
+ − 795
// We need the user ID before we can do anything
+ − 796
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 797
if ( !$q )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 798
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 799
die('Error selecting user ID: '.mysql_error());
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 800
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 801
if ( $db->numrows() < 1 )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 802
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 803
echo('User does not exist, please enter another username.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 804
return;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 805
}
0
+ − 806
$r = $db->fetchrow();
+ − 807
$db->free_result();
+ − 808
if(isset($_POST['save']))
+ − 809
{
+ − 810
$_POST['level'] = intval($_POST['level']);
+ − 811
+ − 812
$new_level = $_POST['level'];
+ − 813
$old_level = intval($r['user_level']);
+ − 814
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 815
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 816
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 817
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 818
$re = Array('permission denied');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 819
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 820
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 821
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 822
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 823
}
0
+ − 824
+ − 825
if($re == 'success')
+ − 826
{
+ − 827
+ − 828
if ( $new_level != $old_level )
+ − 829
{
+ − 830
$user_id = intval($r['user_id']);
+ − 831
// We need to update group memberships
+ − 832
if ( $old_level == USER_LEVEL_ADMIN )
+ − 833
{
+ − 834
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
+ − 835
}
+ − 836
else if ( $old_level == USER_LEVEL_MOD )
+ − 837
{
+ − 838
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
+ − 839
}
+ − 840
+ − 841
if ( $new_level == USER_LEVEL_ADMIN )
+ − 842
{
+ − 843
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
+ − 844
}
+ − 845
else if ( $new_level == USER_LEVEL_MOD )
+ − 846
{
+ − 847
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
+ − 848
}
+ − 849
}
+ − 850
+ − 851
echo('<div class="info-box">Your changes have been saved.</div>');
+ − 852
}
+ − 853
else
+ − 854
{
+ − 855
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
+ − 856
}
+ − 857
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
+ − 858
if ( !$q )
+ − 859
{
+ − 860
die('Error selecting user ID: '.mysql_error());
+ − 861
}
+ − 862
if($db->numrows($q) < 1)
+ − 863
{
+ − 864
die('User does not exist, please enter another username.');
+ − 865
}
+ − 866
$r = mysql_fetch_object($q);
+ − 867
$db->free_result();
+ − 868
}
+ − 869
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
+ − 870
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 871
if ( defined('ENANO_DEMO_MODE') )
0
+ − 872
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 873
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
0
+ − 874
}
+ − 875
else
+ − 876
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 877
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 878
if($q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 879
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 880
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 881
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 882
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 883
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 884
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 885
}
0
+ − 886
}
+ − 887
}
+ − 888
else
+ − 889
{
22
+ − 890
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
0
+ − 891
echo('
+ − 892
<h3>Edit User Info</h3>
+ − 893
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 894
<table border="0" style="margin-left: 0.2in;">
+ − 895
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
22
+ − 896
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" /></td></tr>
+ − 897
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
+ − 898
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
+ − 899
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
0
+ − 900
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
+ − 901
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
+ − 902
<tr><td align="center" colspan="2">
+ − 903
<input type="submit" name="save" value="Save Changes" /></td></tr>
+ − 904
</table>
+ − 905
</form>
+ − 906
');
+ − 907
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 908
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 909
else if(isset($_POST['clearsessions']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 910
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 911
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 912
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 913
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 914
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 915
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 916
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 917
// Get the current session information so the user doesn't get logged out
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 918
$aes = new AESCrypt();
22
+ − 919
$sk = md5(strrev($session->sid_super));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 920
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
22
+ − 921
if ( !$qb )
+ − 922
{
+ − 923
die('Error selecting session key info block B: '.$db->get_error());
+ − 924
}
+ − 925
if ( $db->numrows($qb) < 1 )
+ − 926
{
+ − 927
die('Error: cannot read admin session info block B, aborting table clear process');
+ − 928
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 929
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
22
+ − 930
if ( !$qa )
+ − 931
{
+ − 932
die('Error selecting session key info block A: '.$db->get_error());
+ − 933
}
+ − 934
if ( $db->numrows($qa) < 1 )
+ − 935
{
+ − 936
die('Error: cannot read user session info block A, aborting table clear process');
+ − 937
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 938
$ra = mysql_fetch_object($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 939
$rb = mysql_fetch_object($qb);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 940
$db->free_result($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 941
$db->free_result($qb);
22
+ − 942
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 943
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 944
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
22
+ − 945
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 946
echo('
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 947
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 948
');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 949
}
0
+ − 950
}
+ − 951
echo('
+ − 952
<h3>User Management</h3>
+ − 953
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 954
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
+ − 955
<h3>Clear session keys table</h3>
+ − 956
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
+ − 957
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
+ − 958
</form>
+ − 959
');
+ − 960
if(isset($_GET['action']) && isset($_GET['user']))
+ − 961
{
+ − 962
switch($_GET['action'])
+ − 963
{
+ − 964
case "activate":
+ − 965
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
+ − 966
if($e)
+ − 967
{
+ − 968
$row = $db->fetchrow();
+ − 969
$db->free_result();
+ − 970
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 971
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ − 972
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
+ − 973
break;
+ − 974
case "sendemail":
+ − 975
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 976
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ − 977
break;
+ − 978
case "deny":
+ − 979
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ − 980
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
+ − 981
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ − 982
break;
+ − 983
}
+ − 984
}
30
+ − 985
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
+ − 986
LEFT JOIN '.table_prefix.'users AS u
+ − 987
ON ( u.username = l.edit_summary OR u.username IS NULL )
+ − 988
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
0
+ − 989
if($q)
+ − 990
{
+ − 991
if($db->numrows() > 0)
+ − 992
{
+ − 993
$n = $db->numrows();
+ − 994
if($n == 1) $s = $n . ' user is';
+ − 995
else $s = $n . ' users are';
+ − 996
echo '<h3>'.$s . ' awaiting account activation</h3>';
+ − 997
echo '<div class="tblholder">
+ − 998
<table border="0" cellspacing="1" cellpadding="4" width="100%">
30
+ − 999
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
0
+ − 1000
$cls = 'row2';
+ − 1001
while($row = $db->fetchrow())
+ − 1002
{
+ − 1003
if($cls == 'row2') $cls = 'row1';
+ − 1004
else $cls = 'row2';
30
+ − 1005
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
+ − 1006
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
0
+ − 1007
}
+ − 1008
echo '</table>';
+ − 1009
}
+ − 1010
$db->free_result();
+ − 1011
}
+ − 1012
}
+ − 1013
+ − 1014
function page_Admin_GroupManager()
+ − 1015
{
+ − 1016
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1017
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1018
{
+ − 1019
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1020
return;
+ − 1021
}
+ − 1022
+ − 1023
if(isset($_POST['do_create_stage1']))
+ − 1024
{
+ − 1025
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1026
{
+ − 1027
echo '<p>The group name you chose is invalid.</p>';
+ − 1028
return;
+ − 1029
}
+ − 1030
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1031
echo '<div class="tblholder">
+ − 1032
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1033
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 1034
<tr>
+ − 1035
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 1036
</tr>
+ − 1037
<tr><td class="row2">Group status</td><td class="row2">
+ − 1038
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 1039
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 1040
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 1041
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 1042
</td></tr>
+ − 1043
<tr>
+ − 1044
<th class="subhead" colspan="2">
+ − 1045
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 1046
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 1047
</th>
+ − 1048
</tr>
+ − 1049
</table>
+ − 1050
</div>';
+ − 1051
echo '</form>';
+ − 1052
return;
+ − 1053
}
+ − 1054
elseif(isset($_POST['do_create_stage2']))
+ − 1055
{
+ − 1056
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1057
{
+ − 1058
echo '<p>The group name you chose is invalid.</p>';
+ − 1059
return;
+ − 1060
}
+ − 1061
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 1062
{
+ − 1063
echo '<p>Hacking attempt</p>';
+ − 1064
return;
+ − 1065
}
+ − 1066
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1067
if(!$e)
+ − 1068
{
+ − 1069
echo $db->get_error();
+ − 1070
return;
+ − 1071
}
+ − 1072
if($db->numrows() > 0)
+ − 1073
{
+ − 1074
echo '<p>The group name you entered already exists.</p>';
+ − 1075
return;
+ − 1076
}
+ − 1077
$db->free_result();
+ − 1078
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 1079
if(!$q)
+ − 1080
{
+ − 1081
echo $db->get_error();
+ − 1082
return;
+ − 1083
}
+ − 1084
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 1085
if(!$e)
+ − 1086
{
+ − 1087
echo $db->get_error();
+ − 1088
return;
+ − 1089
}
+ − 1090
if($db->numrows() < 1)
+ − 1091
{
+ − 1092
echo '<p>The username you entered could not be found.</p>';
+ − 1093
return;
+ − 1094
}
+ − 1095
$row = $db->fetchrow();
+ − 1096
$id = $row['user_id'];
+ − 1097
$db->free_result();
+ − 1098
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1099
if(!$e)
+ − 1100
{
+ − 1101
echo $db->get_error();
+ − 1102
return;
+ − 1103
}
+ − 1104
if($db->numrows() < 1)
+ − 1105
{
+ − 1106
echo '<p>The group ID could not be looked up.</p>';
+ − 1107
return;
+ − 1108
}
+ − 1109
$row = $db->fetchrow();
+ − 1110
$gid = $row['group_id'];
+ − 1111
$db->free_result();
+ − 1112
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 1113
if(!$e)
+ − 1114
{
+ − 1115
echo $db->get_error();
+ − 1116
return;
+ − 1117
}
+ − 1118
echo "<div class='info-box'>
+ − 1119
<b>Information</b><br />
+ − 1120
The group {$_POST['create_group_name']} has been created successfully.
+ − 1121
</div>";
+ − 1122
}
+ − 1123
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 1124
{
+ − 1125
// Fetch the group name
+ − 1126
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1127
if(!$q)
+ − 1128
{
+ − 1129
echo $db->get_error();
+ − 1130
return;
+ − 1131
}
+ − 1132
if($db->numrows() < 1)
+ − 1133
{
+ − 1134
echo '<p>Error: couldn\'t look up group name</p>';
+ − 1135
}
+ − 1136
$row = $db->fetchrow();
+ − 1137
$name = $row['group_name'];
+ − 1138
$db->free_result();
+ − 1139
if(isset($_POST['edit_do']))
+ − 1140
{
+ − 1141
if(isset($_POST['edit_do']['del_group']))
+ − 1142
{
+ − 1143
if ( $row['system_group'] == 1 )
+ − 1144
{
+ − 1145
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 1146
}
+ − 1147
else
+ − 1148
{
+ − 1149
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1150
if(!$q)
+ − 1151
{
+ − 1152
echo $db->get_error();
+ − 1153
return;
+ − 1154
}
+ − 1155
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1156
if(!$q)
+ − 1157
{
+ − 1158
echo $db->get_error();
+ − 1159
return;
+ − 1160
}
+ − 1161
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1162
return;
+ − 1163
}
+ − 1164
}
+ − 1165
if(isset($_POST['edit_do']['save_name']))
+ − 1166
{
+ − 1167
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1168
{
+ − 1169
echo '<p>The group name you chose is invalid.</p>';
+ − 1170
return;
+ − 1171
}
+ − 1172
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1173
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1174
if(!$q)
+ − 1175
{
+ − 1176
echo $db->get_error();
+ − 1177
return;
+ − 1178
}
+ − 1179
else
+ − 1180
{
+ − 1181
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1182
The group name has been updated.
+ − 1183
</div>';
+ − 1184
}
+ − 1185
$name = $_POST['group_name'];
+ − 1186
+ − 1187
}
+ − 1188
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1189
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1190
if(!$q)
+ − 1191
{
+ − 1192
echo $db->get_error();
+ − 1193
return;
+ − 1194
}
+ − 1195
if($db->numrows() > 0)
+ − 1196
{
+ − 1197
while($row = $db->fetchrow($q))
+ − 1198
{
+ − 1199
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1200
{
+ − 1201
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1202
if(!$e)
+ − 1203
{
+ − 1204
echo $db->get_error();
+ − 1205
return;
+ − 1206
}
+ − 1207
}
+ − 1208
}
+ − 1209
}
+ − 1210
$db->free_result();
+ − 1211
if(isset($_POST['edit_do']['add_member']))
+ − 1212
{
+ − 1213
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1214
if(!$q)
+ − 1215
{
+ − 1216
echo $db->get_error();
+ − 1217
return;
+ − 1218
}
+ − 1219
if($db->numrows() > 0)
+ − 1220
{
+ − 1221
$row = $db->fetchrow();
+ − 1222
$user_id = $row['user_id'];
+ − 1223
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1224
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1225
if(!$q)
+ − 1226
{
+ − 1227
echo $db->get_error();
+ − 1228
return;
+ − 1229
}
+ − 1230
else
+ − 1231
{
+ − 1232
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1233
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1234
</div>';
+ − 1235
}
+ − 1236
}
+ − 1237
else
+ − 1238
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1239
}
+ − 1240
}
+ − 1241
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1242
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1243
echo '<div class="tblholder">
+ − 1244
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1245
<tr><th>Edit group name</th></tr>
+ − 1246
<tr>
+ − 1247
<td class="row1">
+ − 1248
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1249
</td>
+ − 1250
</tr>
+ − 1251
<tr>
+ − 1252
<th class="subhead">
+ − 1253
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1254
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1255
</th>
+ − 1256
</tr>
+ − 1257
</table>
+ − 1258
</div>
+ − 1259
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1260
echo '</form>';
+ − 1261
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1262
echo '<div class="tblholder">
+ − 1263
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1264
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1265
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1266
LEFT JOIN '.table_prefix.'users AS u
+ − 1267
ON u.user_id=m.user_id
+ − 1268
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1269
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1270
if(!$q)
+ − 1271
{
+ − 1272
echo $db->get_error();
+ − 1273
return;
+ − 1274
}
+ − 1275
if($db->numrows() < 1)
+ − 1276
{
+ − 1277
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1278
}
+ − 1279
else
+ − 1280
{
+ − 1281
$cls = 'row2';
+ − 1282
while($row = $db->fetchrow())
+ − 1283
{
+ − 1284
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1285
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1286
echo '<tr>
+ − 1287
<td class="'.$cls.'" style="width: 100%;">
+ − 1288
' . $row['username'] . '
+ − 1289
</td>
+ − 1290
<td class="'.$cls.'">
+ − 1291
'.$mod.'
+ − 1292
</td>
+ − 1293
<td class="'.$cls.'">
+ − 1294
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1295
</td>
+ − 1296
</tr>';
+ − 1297
}
+ − 1298
}
+ − 1299
$db->free_result();
+ − 1300
echo '</table>
+ − 1301
</div>
+ − 1302
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1303
echo '</form>';
+ − 1304
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1305
echo '<div class="tblholder">
+ − 1306
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1307
<tr>
+ − 1308
<th>Add a new member</th>
+ − 1309
</tr>
+ − 1310
<tr>
+ − 1311
<td class="row1">
+ − 1312
Username: ' . $template->username_field('edit_add_username') . '
+ − 1313
</td>
+ − 1314
</tr>
+ − 1315
<tr>
+ − 1316
<td class="row2">
+ − 1317
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1318
</td>
+ − 1319
</tr>
+ − 1320
<tr>
+ − 1321
<th class="subhead">
+ − 1322
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1323
</th>
+ − 1324
</tr>
+ − 1325
</table>
+ − 1326
</div>
+ − 1327
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1328
echo '</form>';
+ − 1329
return;
+ − 1330
}
+ − 1331
echo '<h3>Manage Usergroups</h3>';
+ − 1332
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1333
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1334
if(!$q)
+ − 1335
{
+ − 1336
echo $db->get_error();
+ − 1337
}
+ − 1338
else
+ − 1339
{
+ − 1340
echo '<div class="tblholder">
+ − 1341
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1342
<tr>
+ − 1343
<th>Edit an existing group</th>
+ − 1344
</tr>';
+ − 1345
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1346
while ( $row = $db->fetchrow() )
+ − 1347
{
+ − 1348
if ( $row['group_name'] != 'Everyone' )
+ − 1349
{
+ − 1350
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1351
}
+ − 1352
}
+ − 1353
$db->free_result();
+ − 1354
echo '</select></td></tr>';
+ − 1355
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1356
</table>
+ − 1357
</div>
+ − 1358
</form><br />';
+ − 1359
}
+ − 1360
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1361
echo '<div class="tblholder">
+ − 1362
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1363
<tr>
+ − 1364
<th colspan="2">Create a new group</th>
+ − 1365
</tr>';
+ − 1366
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1367
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1368
</table>
+ − 1369
</div>';
+ − 1370
echo '</form>';
+ − 1371
}
+ − 1372
30
+ − 1373
function page_Admin_COPPA()
+ − 1374
{
+ − 1375
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1376
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1377
{
+ − 1378
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1379
return;
+ − 1380
}
+ − 1381
+ − 1382
echo '<h2>Background information</h2>';
+ − 1383
echo '<p>
+ − 1384
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
+ − 1385
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
+ − 1386
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano
+ − 1387
provides an easy way to allow you, as the website administrator, to obtain this authorization.
+ − 1388
</p>';
+ − 1389
+ − 1390
// Start form
+ − 1391
+ − 1392
if ( isset($_POST['coppa_address']) )
+ − 1393
{
+ − 1394
// Saving changes
+ − 1395
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
+ − 1396
setConfig('enable_coppa', $enable_coppa);
+ − 1397
+ − 1398
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
+ − 1399
setConfig('coppa_address', $address);
+ − 1400
+ − 1401
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1402
}
+ − 1403
+ − 1404
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1405
+ − 1406
echo '<div class="tblholder">';
+ − 1407
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1408
echo '<tr>
+ − 1409
<th colspan="2">
+ − 1410
COPPA support
+ − 1411
</th>
+ − 1412
</tr>';
+ − 1413
+ − 1414
echo '<tr>
+ − 1415
<td class="row1">
+ − 1416
Enable COPPA support:
+ − 1417
</td>
+ − 1418
<td class="row2">
+ − 1419
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
+ − 1420
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
+ − 1421
</td>
+ − 1422
</tr>';
+ − 1423
+ − 1424
echo '<tr>
+ − 1425
<td class="row1">
+ − 1426
Your mailing address:<br />
+ − 1427
<small>This is the address to which parents will send authorization forms.</small>
+ − 1428
</td>
+ − 1429
<td class="row2">
+ − 1430
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
+ − 1431
</td>
+ − 1432
</tr>';
+ − 1433
+ − 1434
echo '<tr>
+ − 1435
<th colspan="2" class="subhead">
+ − 1436
<input type="submit" value="Save changes" />
+ − 1437
</th>
+ − 1438
</tr>';
+ − 1439
+ − 1440
echo '</table>';
+ − 1441
+ − 1442
echo '</form>';
+ − 1443
+ − 1444
}
+ − 1445
0
+ − 1446
function page_Admin_PageManager()
+ − 1447
{
+ − 1448
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1449
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1450
{
+ − 1451
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1452
return;
+ − 1453
}
+ − 1454
+ − 1455
+ − 1456
echo '<h2>Page management</h2>';
+ − 1457
+ − 1458
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1459
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1460
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1461
if ( $source == 'ajax' )
+ − 1462
{
+ − 1463
$_POST['search'] = true;
+ − 1464
$_POST['page_url'] = $_GET['page_id'];
+ − 1465
}
+ − 1466
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1467
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1468
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1469
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1470
$k = array_keys($paths->nslist);
+ − 1471
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1472
{
+ − 1473
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1474
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1475
{
+ − 1476
$ns = $k[$i];
+ − 1477
$page_id = substr($pid, $ln, strlen($pid));
+ − 1478
}
+ − 1479
}
+ − 1480
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1481
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1482
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1483
{
+ − 1484
if(!isset($final_pid))
+ − 1485
{
+ − 1486
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1487
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1488
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1489
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1490
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1491
}
+ − 1492
}
+ − 1493
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1494
$_POST['namespace'] = $ns;
+ − 1495
$_POST['old_namespace'] = $ns;
+ − 1496
$_POST['page_id'] = $final_pid;
+ − 1497
$_POST['old_page_id'] = $final_pid;
+ − 1498
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1499
}
+ − 1500
+ − 1501
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1502
{
40
+ − 1503
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
0
+ − 1504
if(isset($_POST['submit']))
+ − 1505
{
22
+ − 1506
switch(true)
0
+ − 1507
{
22
+ − 1508
case true:
+ − 1509
// Create a list of things to update
+ − 1510
$page_info = Array(
+ − 1511
'name'=>$_POST['name'],
+ − 1512
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1513
'namespace'=>$_POST['namespace'],
+ − 1514
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1515
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1516
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1517
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1518
);
+ − 1519
40
+ − 1520
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
22
+ − 1521
+ − 1522
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1523
{
+ − 1524
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1525
break;
+ − 1526
}
+ − 1527
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1528
{
+ − 1529
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1530
break;
+ − 1531
}
+ − 1532
// Build the query
+ − 1533
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1534
$k = array_keys($page_info);
+ − 1535
foreach($k as $c)
+ − 1536
{
+ − 1537
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1538
}
+ − 1539
$q = substr($q, 0, strlen($q)-1);
+ − 1540
// Build the WHERE statements
+ − 1541
$q .= ' WHERE ';
+ − 1542
$k = array_keys($cpage);
40
+ − 1543
if ( !isset($cpage) )
+ − 1544
die('no cpage');
22
+ − 1545
foreach($k as $c)
+ − 1546
{
+ − 1547
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1548
{
+ − 1549
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1550
}
+ − 1551
else if($c == 'urlname')
+ − 1552
{
+ − 1553
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1554
}
+ − 1555
}
+ − 1556
// Trim off the last " AND " and append a semicolon
+ − 1557
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1558
// Send the completed query to MySQL
+ − 1559
$e = $db->sql_query($q);
+ − 1560
if(!$e) $db->_die('The page data could not be updated.');
+ − 1561
// Update any additional tables
+ − 1562
$q = Array(
+ − 1563
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1564
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1565
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1566
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
72
bda11e521e8a
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Dan
diff
changeset
+ − 1567
'UPDATE '.table_prefix.'acl SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';'
22
+ − 1568
);
+ − 1569
foreach($q as $cq)
+ − 1570
{
+ − 1571
$e = $db->sql_query($cq);
+ − 1572
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1573
}
+ − 1574
// Update $cpage
+ − 1575
$cpage = $page_info;
+ − 1576
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1577
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1578
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1579
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1580
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1581
break;
0
+ − 1582
}
+ − 1583
} elseif(isset($_POST['delete'])) {
+ − 1584
$q = Array(
+ − 1585
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1586
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1587
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1588
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1589
);
+ − 1590
foreach($q as $cq)
+ − 1591
{
+ − 1592
$e = $db->sql_query($cq);
+ − 1593
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1594
}
+ − 1595
+ − 1596
if(!$db->sql_query(
+ − 1597
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1598
)) $db->_die('The page could not be deleted.');
+ − 1599
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1600
return;
+ − 1601
}
+ − 1602
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration'.htmlspecialchars(urlSeparator).(( isset($_GET['sqldbg']) ) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1603
?>
89
+ − 1604
<h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
0
+ − 1605
<table border="0">
+ − 1606
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
89
+ − 1607
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr>
22
+ − 1608
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1609
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1610
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1611
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1612
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1613
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1614
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1615
<tr><td colspan="2" style="text-align: right;">
+ − 1616
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1617
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1618
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1619
</table>
+ − 1620
<?php
+ − 1621
echo '</form>';
+ − 1622
} else {
+ − 1623
echo '<h3>Please select a page</h3>';
+ − 1624
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1625
?>
+ − 1626
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1627
<p>Select page title from a list: <select name="page_force_url">
+ − 1628
<?php
+ − 1629
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1630
{
89
+ − 1631
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.htmlspecialchars($paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name']).'</option>'."\n";
0
+ − 1632
}
+ − 1633
?>
+ − 1634
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1635
<?php
+ − 1636
echo '</form>';
+ − 1637
+ − 1638
}
+ − 1639
}
+ − 1640
+ − 1641
function page_Admin_PageEditor()
+ − 1642
{
+ − 1643
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1644
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1645
{
+ − 1646
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1647
return;
+ − 1648
}
+ − 1649
+ − 1650
+ − 1651
echo '<h2>Edit page content</h2>';
+ − 1652
+ − 1653
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1654
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1655
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1656
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1657
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1658
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1659
$k = array_keys($paths->nslist);
+ − 1660
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1661
{
+ − 1662
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1663
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1664
{
+ − 1665
$ns = $k[$i];
+ − 1666
$page_id = substr($pid, $ln, strlen($pid));
+ − 1667
}
+ − 1668
}
+ − 1669
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1670
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1671
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1672
{
+ − 1673
if(!isset($final_pid))
+ − 1674
{
+ − 1675
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1676
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1677
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1678
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1679
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1680
}
+ − 1681
}
+ − 1682
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1683
$_POST['namespace'] = $ns;
+ − 1684
$_POST['page_id'] = $final_pid;
+ − 1685
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1686
}
+ − 1687
+ − 1688
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1689
{
+ − 1690
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1691
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1692
else $content = $_POST['content'];
+ − 1693
if(isset($_POST['save']))
+ − 1694
{
+ − 1695
$data = $content;
+ − 1696
$id = md5( microtime() . mt_rand() );
+ − 1697
+ − 1698
$minor = isset($_POST['minor']) ? 'true' : 'false';
+ − 1699
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
+ − 1700
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1701
+ − 1702
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1703
$e = $db->sql_query($query);
+ − 1704
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1705
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1706
} elseif(isset($_POST['preview'])) {
+ − 1707
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1708
}
+ − 1709
?>
+ − 1710
<p>
+ − 1711
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
+ − 1712
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br />
+ − 1713
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1714
</p>
+ − 1715
<p>
+ − 1716
<input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" />
+ − 1717
<input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" />
+ − 1718
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1719
</p>
+ − 1720
<?php
+ − 1721
echo '</form>';
+ − 1722
} else {
+ − 1723
echo '<h3>Please select a page</h3>';
+ − 1724
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1725
?>
+ − 1726
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1727
<p>Select page title from a list: <select name="page_force_url">
+ − 1728
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1729
for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ )
0
+ − 1730
{
+ − 1731
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1732
}
+ − 1733
?>
+ − 1734
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1735
<?php
+ − 1736
echo '</form>';
+ − 1737
}
+ − 1738
}
+ − 1739
+ − 1740
function page_Admin_ThemeManager()
+ − 1741
{
+ − 1742
+ − 1743
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1744
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1745
{
+ − 1746
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1747
return;
+ − 1748
}
+ − 1749
+ − 1750
+ − 1751
// Get the list of styles in the themes/ dir
+ − 1752
$h = opendir('./themes');
+ − 1753
$l = Array();
+ − 1754
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1755
while(false !== ($n = readdir($h))) {
+ − 1756
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1757
$l[] = $n;
+ − 1758
}
+ − 1759
closedir($h);
+ − 1760
echo('
+ − 1761
<h3>Theme Management</h3>
+ − 1762
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1763
');
+ − 1764
if(isset($_POST['disenable'])) {
+ − 1765
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1766
$s = $db->sql_query($q);
+ − 1767
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1768
$r = $db->fetchrow_num($s);
+ − 1769
$db->free_result();
+ − 1770
if($r[0] == 1) $e = 0;
+ − 1771
else $e = 1;
+ − 1772
$s=true;
+ − 1773
if($e==0)
+ − 1774
{
+ − 1775
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1776
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1777
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1778
}
+ − 1779
$db->free_result();
+ − 1780
if($s) {
+ − 1781
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1782
$a = $db->sql_query($q);
+ − 1783
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1784
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1785
}
+ − 1786
}
+ − 1787
elseif(isset($_POST['edit'])) {
+ − 1788
+ − 1789
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1790
$list = Array();
+ − 1791
// Open a known directory, and proceed to read its contents
+ − 1792
if (is_dir($dir)) {
+ − 1793
if ($dh = opendir($dir)) {
+ − 1794
while (($file = readdir($dh)) !== false) {
+ − 1795
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1796
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1797
}
+ − 1798
}
+ − 1799
closedir($dh);
+ − 1800
}
+ − 1801
}
+ − 1802
$lk = array_keys($list);
+ − 1803
+ − 1804
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1805
$s = $db->sql_query($q);
+ − 1806
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1807
$r = $db->fetchrow_num($s);
+ − 1808
$db->free_result();
+ − 1809
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1810
echo('<div class="question-box">
+ − 1811
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1812
Default stylesheet: <select name="defaultcss">');
+ − 1813
foreach ($lk as $l)
+ − 1814
{
+ − 1815
if($r[1] == $l) $v = ' selected="selected"';
+ − 1816
else $v = '';
+ − 1817
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1818
}
+ − 1819
echo('</select><br /><br />
+ − 1820
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1821
</div>');
+ − 1822
echo('</form>');
+ − 1823
}
+ − 1824
elseif(isset($_POST['editsave'])) {
+ − 1825
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1826
$s = $db->sql_query($q);
+ − 1827
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1828
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1829
}
+ − 1830
elseif(isset($_POST['up'])) {
+ − 1831
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1832
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1833
$s = $db->sql_query($q);
+ − 1834
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1835
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1836
$sn = $db->sql_query($q);
+ − 1837
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1838
$r = $db->fetchrow_num($sn);
+ − 1839
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1840
// Get the order IDs of the selected theme and the theme before it
+ − 1841
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1842
$s = $db->sql_query($q);
+ − 1843
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1844
$r = $db->fetchrow_num($s);
+ − 1845
$r = $r[0];
+ − 1846
$rb = $r - 1;
+ − 1847
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1848
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1849
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1850
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1851
echo('<div class="info-box">Theme moved up.</div>');
+ − 1852
}
+ − 1853
$db->free_result($s);
+ − 1854
$db->free_result($sn);
+ − 1855
}
+ − 1856
elseif(isset($_POST['down'])) {
+ − 1857
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1858
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1859
$s = $db->sql_query($q);
+ − 1860
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1861
$r = $db->fetchrow_num($s);
+ − 1862
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1863
// Get the order IDs of the selected theme and the theme before it
+ − 1864
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1865
$s = $db->sql_query($q);
+ − 1866
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1867
$r = $db->fetchrow_num($s);
+ − 1868
$r = $r[0];
+ − 1869
$rb = $r + 1;
+ − 1870
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1871
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1872
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1873
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1874
echo('<div class="info-box">Theme moved down.</div>');
+ − 1875
}
+ − 1876
}
+ − 1877
else if(isset($_POST['uninstall']))
+ − 1878
{
+ − 1879
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1880
$s = $db->sql_query($q);
+ − 1881
if ( !$s )
+ − 1882
{
+ − 1883
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1884
}
+ − 1885
$n = $db->numrows($s);
+ − 1886
$db->free_result();
+ − 1887
+ − 1888
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1889
{
+ − 1890
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1891
}
+ − 1892
else
+ − 1893
{
+ − 1894
if($n < 2)
+ − 1895
{
+ − 1896
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1897
}
+ − 1898
else
+ − 1899
{
+ − 1900
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 1901
$s = $db->sql_query($q);
+ − 1902
if ( !$s )
+ − 1903
{
+ − 1904
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1905
}
+ − 1906
else
+ − 1907
{
+ − 1908
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 1909
}
+ − 1910
}
+ − 1911
}
+ − 1912
}
+ − 1913
elseif(isset($_POST['install'])) {
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1914
$q = 'SELECT theme_id FROM '.table_prefix.'themes;';
0
+ − 1915
$s = $db->sql_query($q);
+ − 1916
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1917
$n = $db->numrows($s);
+ − 1918
$n++;
+ − 1919
$theme_id = $_POST['theme_id'];
+ − 1920
$theme = Array();
+ − 1921
include('./themes/'.$theme_id.'/theme.cfg');
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1922
if ( !isset($theme['theme_id']) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1923
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1924
echo '<div class="error-box">Could not load theme.cfg (theme metadata file)</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1925
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1926
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1927
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1928
$default_style = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1929
if ( $dh = opendir('./themes/' . $theme_id . '/css') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1930
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1931
while ( $file = readdir($dh) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1932
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1933
if ( $file != '_printable.css' && preg_match('/\.css$/i', $file) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1934
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1935
$default_style = $file;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1936
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1937
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1938
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1939
closedir($dh);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1940
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1941
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1942
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1943
die('The /css subdirectory could not be located in the theme\'s directory');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1944
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1945
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1946
if ( $default_style )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1947
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1948
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled,default_style) VALUES(\''.$db->escape($theme['theme_id']).'\', \''.$db->escape($theme['theme_name']).'\', '.$n.', 1, \'' . $db->escape($default_style) . '\')';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1949
$s = $db->sql_query($q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1950
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1951
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1952
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1953
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1954
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1955
echo '<div class="error-box">Could not determine the default style for the theme.</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1956
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1957
}
0
+ − 1958
}
+ − 1959
echo('
+ − 1960
<h3>Currently installed themes</h3>
+ − 1961
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 1962
<p>
+ − 1963
<select name="theme_id">
+ − 1964
');
+ − 1965
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 1966
$s = $db->sql_query($q);
+ − 1967
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1968
while ( $r = $db->fetchrow_num($s) ) {
+ − 1969
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 1970
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 1971
}
+ − 1972
$db->free_result();
+ − 1973
echo('
+ − 1974
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 1975
</p>
+ − 1976
</form>
+ − 1977
<h3>Install a new theme</h3>
+ − 1978
');
+ − 1979
$theme = Array();
+ − 1980
$obb = '';
+ − 1981
for($i=0;$i<sizeof($l);$i++) {
+ − 1982
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 1983
include('./themes/'.$l[$i].'/theme.cfg');
+ − 1984
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 1985
$s = $db->sql_query($q);
+ − 1986
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1987
if($db->numrows($s) < 1) {
+ − 1988
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 1989
}
+ − 1990
$db->free_result();
+ − 1991
}
+ − 1992
}
+ − 1993
if($obb != '') {
+ − 1994
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 1995
echo('<select name="theme_id">');
+ − 1996
echo($obb);
+ − 1997
echo('</select>');
+ − 1998
echo('
+ − 1999
<input type="submit" name="install" value="Install this theme" />
+ − 2000
</p></form>');
+ − 2001
} else echo('<p>All themes are currently installed.</p>');
+ − 2002
}
+ − 2003
+ − 2004
function page_Admin_BanControl()
+ − 2005
{
+ − 2006
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2007
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2008
{
+ − 2009
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2010
return;
+ − 2011
}
+ − 2012
+ − 2013
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 2014
{
+ − 2015
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 2016
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 2017
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2018
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 2019
{
+ − 2020
$q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\'';
+ − 2021
if(isset($_POST['regex'])) $q .= ', 1';
+ − 2022
else $q .= ', 0';
+ − 2023
$q .= ');';
+ − 2024
$e = $db->sql_query($q);
+ − 2025
if(!$e) $db->_die('The banlist could not be updated.');
+ − 2026
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2027
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2028
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2029
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2030
}
0
+ − 2031
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 2032
if(!$q) $db->_die('The banlist data could not be selected.');
+ − 2033
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 2034
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
+ − 2035
if($db->numrows() < 1) echo '<td colspan="4">No ban rules yet.</td>';
+ − 2036
while($r = $db->fetchrow())
+ − 2037
{
+ − 2038
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 2039
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 2040
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 2041
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
+ − 2042
echo '<tr><td>'.$t.'</td><td>'.$r['ban_value'].'</td><td>'.$g.'</td><td><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
+ − 2043
}
+ − 2044
$db->free_result();
+ − 2045
echo '</table>';
+ − 2046
echo '<h3>Create new ban rule</h3>';
+ − 2047
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2048
?>
+ − 2049
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 2050
Rule: <input type="text" name="value" size="30" /><br />
+ − 2051
Reason to show to the banned user: <textarea name="reason" rows="7" cols="20"></textarea><br />
+ − 2052
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 2053
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 2054
<?php
+ − 2055
echo '</form>';
+ − 2056
}
+ − 2057
+ − 2058
function page_Admin_MassEmail()
+ − 2059
{
+ − 2060
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2061
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2062
{
+ − 2063
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2064
return;
+ − 2065
}
+ − 2066
+ − 2067
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2068
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 2069
{
+ − 2070
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 2071
+ − 2072
//
+ − 2073
// Let's do some checking to make sure that mass mail functions
+ − 2074
// are working in win32 versions of php. (copied from phpBB)
+ − 2075
//
+ − 2076
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 2077
{
+ − 2078
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 2079
+ − 2080
// We are running on windows, force delivery to use our smtp functions
+ − 2081
// since php's are broken by default
+ − 2082
$use_smtp = true;
+ − 2083
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 2084
}
+ − 2085
+ − 2086
$mail = new emailer( !empty($use_smtp) );
+ − 2087
+ − 2088
// Validate subject/message body
+ − 2089
$subject = stripslashes(trim($_POST['subject']));
+ − 2090
$message = stripslashes(trim($_POST['message']));
+ − 2091
+ − 2092
if ( empty($subject) )
+ − 2093
$errors[] = 'Please enter a subject.';
+ − 2094
if ( empty($message) )
+ − 2095
$errors[] = 'Please enter a message.';
+ − 2096
+ − 2097
// Get list of members
+ − 2098
if ( !empty($_POST['userlist']) )
+ − 2099
{
+ − 2100
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 2101
$userlist = explode(',', $userlist);
+ − 2102
foreach ( $userlist as $k => $u )
+ − 2103
{
+ − 2104
if ( $u == $session->username )
+ − 2105
{
+ − 2106
// Message is automatically sent to the sender
+ − 2107
unset($userlist[$k]);
+ − 2108
}
+ − 2109
else
+ − 2110
{
+ − 2111
$userlist[$k] = $db->escape($u);
+ − 2112
}
+ − 2113
}
+ − 2114
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 2115
+ − 2116
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 2117
if ( !$q )
+ − 2118
$db->_die();
+ − 2119
+ − 2120
if ( $row = $db->fetchrow() )
+ − 2121
{
+ − 2122
do {
+ − 2123
$mail->cc($row['email']);
+ − 2124
} while ( $row = $db->fetchrow() );
+ − 2125
}
+ − 2126
+ − 2127
$db->free_result();
+ − 2128
+ − 2129
}
+ − 2130
else
+ − 2131
{
+ − 2132
// Sending to a usergroup
+ − 2133
+ − 2134
$group_id = intval($_POST['group_id']);
+ − 2135
if ( $group_id < 1 )
+ − 2136
{
+ − 2137
$errors[] = 'Invalid group ID';
+ − 2138
}
+ − 2139
else
+ − 2140
{
+ − 2141
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2142
LEFT JOIN '.table_prefix.'users AS u
+ − 2143
ON (u.user_id=g.user_id)
+ − 2144
WHERE g.group_id=' . $group_id . ';');
+ − 2145
if ( !$q )
+ − 2146
$db->_die();
+ − 2147
+ − 2148
if ( $row = $db->fetchrow() )
+ − 2149
{
+ − 2150
do {
+ − 2151
$mail->cc($row['email']);
+ − 2152
} while ( $row = $db->fetchrow() );
+ − 2153
}
+ − 2154
+ − 2155
$db->free_result();
+ − 2156
}
+ − 2157
}
+ − 2158
+ − 2159
if ( sizeof($errors) < 1 )
+ − 2160
{
+ − 2161
+ − 2162
$mail->from(getConfig('contact_email'));
+ − 2163
$mail->replyto(getConfig('contact_email'));
+ − 2164
$mail->set_subject($subject);
+ − 2165
$mail->email_address(getConfig('contact_email'));
+ − 2166
+ − 2167
// Copied/modified from phpBB
+ − 2168
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2169
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2170
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2171
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2172
+ − 2173
$mail->extra_headers($email_headers);
+ − 2174
+ − 2175
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2176
+ − 2177
{CONTACT_EMAIL}
+ − 2178
+ − 2179
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2180
{MESSAGE}
+ − 2181
';
+ − 2182
+ − 2183
$mail->use_template($tpl);
+ − 2184
+ − 2185
$mail->assign_vars(array(
+ − 2186
'SENDER' => $session->username,
+ − 2187
'SITE_NAME' => getConfig('site_name'),
+ − 2188
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2189
'MESSAGE' => $message
+ − 2190
));
+ − 2191
+ − 2192
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2193
+ − 2194
// All done
+ − 2195
$mail->send();
+ − 2196
$mail->reset();
+ − 2197
+ − 2198
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2199
+ − 2200
}
+ − 2201
else
+ − 2202
{
+ − 2203
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2204
}
+ − 2205
+ − 2206
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2207
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2208
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2209
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2210
}
0
+ − 2211
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2212
?>
+ − 2213
<div class="tblholder">
+ − 2214
<table border="0" cellspacing="1" cellpadding="4">
+ − 2215
<tr>
+ − 2216
<th colspan="2">Send mass e-mail</th>
+ − 2217
</tr>
+ − 2218
<tr>
+ − 2219
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2220
Send message to:<br />
+ − 2221
<small>
+ − 2222
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2223
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2224
</small>
+ − 2225
</td>
+ − 2226
<td class="row1">
+ − 2227
<select name="group_id">
+ − 2228
<?php
+ − 2229
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2230
if ( !$q )
+ − 2231
$db->_die();
+ − 2232
while ( $row = $db->fetchrow() )
+ − 2233
{
+ − 2234
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2235
}
+ − 2236
?>
+ − 2237
</select>
+ − 2238
</td>
+ − 2239
</tr>
+ − 2240
<tr>
+ − 2241
<td class="row1">
+ − 2242
Usernames: <input type="text" name="userlist" size="50" />
+ − 2243
</td>
+ − 2244
</tr>
+ − 2245
<tr>
+ − 2246
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2247
Subject:
+ − 2248
</td>
+ − 2249
<td class="row1">
+ − 2250
<input name="subject" type="text" size="50" />
+ − 2251
</td>
+ − 2252
</tr>
+ − 2253
<tr>
+ − 2254
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2255
Message:
+ − 2256
</td>
+ − 2257
<td class="row1">
+ − 2258
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2259
</td>
+ − 2260
</tr>
+ − 2261
<tr>
+ − 2262
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2263
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2264
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2265
</th>
+ − 2266
</tr>
+ − 2267
+ − 2268
</table>
+ − 2269
</div>
+ − 2270
<?php
+ − 2271
echo '</form>';
+ − 2272
}
+ − 2273
+ − 2274
function page_Admin_DBBackup()
+ − 2275
{
+ − 2276
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2277
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2278
{
+ − 2279
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2280
return;
+ − 2281
}
+ − 2282
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2283
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2284
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2285
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2286
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2287
0
+ − 2288
global $system_table_list;
+ − 2289
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2290
{
+ − 2291
+ − 2292
if(defined('SQL_BACKUP_CRYPT'))
+ − 2293
// Try to increase our time limit
+ − 2294
@set_time_limit(300); // five minutes
+ − 2295
// Do the actual export
+ − 2296
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
+ − 2297
$filename = 'enano_backup_' . date('dmy') . '.sql' . $aesext;
+ − 2298
ob_start();
+ − 2299
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2300
header('Content-type: application/transact-sql');
+ − 2301
// Spew some headers
+ − 2302
$headdate = date('F d, Y \a\t h:i a');
+ − 2303
echo <<<HEADER
+ − 2304
-- Enano CMS SQL backup
+ − 2305
-- Generated on {$headdate} by {$session->username}
+ − 2306
+ − 2307
HEADER;
+ − 2308
// build the table list
+ − 2309
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2310
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2311
$tables = array_merge($base, $add);
+ − 2312
+ − 2313
// Log it!
+ − 2314
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2315
if ( !$e )
+ − 2316
$db->_die();
+ − 2317
+ − 2318
foreach($tables as $i => $t)
+ − 2319
{
+ − 2320
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2321
die('Hacking attempt');
+ − 2322
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2323
// unset($tables[$i]);
+ − 2324
}
+ − 2325
foreach($tables as $t)
+ − 2326
{
+ − 2327
// Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables.
+ − 2328
// If encryption is enabled the log data will be excluded too.
+ − 2329
echo export_table(
+ − 2330
$t,
+ − 2331
isset($_POST['do_struct']),
+ − 2332
( isset($_POST['do_data']) /* && $t != table_prefix.'files' && $t != table_prefix.'search_index' && $t != table_prefix.'search_cache' && ( !defined('SQL_BACKUP_CRYPT') || ( defined('SQL_BACKUP_CRYPT') && $t != table_prefix.'logs' ) ) */ ),
+ − 2333
false
+ − 2334
) . "\n";
+ − 2335
}
+ − 2336
$data = ob_get_contents();
+ − 2337
ob_end_clean();
+ − 2338
if(defined('SQL_BACKUP_CRYPT'))
+ − 2339
{
+ − 2340
// Free some memory, we don't need this stuff any more
+ − 2341
$db->close();
+ − 2342
unset($paths, $db, $template, $plugins);
+ − 2343
$tea = new TEACrypt();
+ − 2344
$data = $tea->encrypt($data, $session->private_key);
+ − 2345
}
+ − 2346
header('Content-length: '.strlen($data));
+ − 2347
echo $data;
+ − 2348
exit;
+ − 2349
}
+ − 2350
else
+ − 2351
{
+ − 2352
// Show the UI
+ − 2353
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2354
?>
+ − 2355
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2356
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2357
<p>Additional tables to export:</p>
+ − 2358
<p><select name="additional_tables[]" multiple="multiple">
+ − 2359
<?php
+ − 2360
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2361
while($row = $db->fetchrow_num())
+ − 2362
{
+ − 2363
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2364
}
+ − 2365
?>
+ − 2366
</select>
+ − 2367
</p>
+ − 2368
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2369
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2370
</p>
+ − 2371
<p><input type="submit" value="Create backup" /></p>
+ − 2372
<?php
+ − 2373
echo '</form>';
+ − 2374
}
+ − 2375
}
+ − 2376
+ − 2377
function page_Admin_AdminLogout()
+ − 2378
{
+ − 2379
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2380
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2381
{
+ − 2382
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2383
return;
+ − 2384
}
+ − 2385
+ − 2386
$session->logout(USER_LEVEL_ADMIN);
+ − 2387
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2388
}
+ − 2389
+ − 2390
function page_Special_Administration()
+ − 2391
{
+ − 2392
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2393
+ − 2394
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2395
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2396
exit;
+ − 2397
}
+ − 2398
else
+ − 2399
{
+ − 2400
$template->load_theme('admin', 'default');
+ − 2401
$template->init_vars();
+ − 2402
if( !isset( $_GET['noheaders'] ) )
+ − 2403
{
+ − 2404
$template->header();
+ − 2405
}
+ − 2406
echo 'Administer your Enano website.';
+ − 2407
?>
+ − 2408
<script type="text/javascript">
+ − 2409
function ajaxPage(t)
+ − 2410
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2411
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2412
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2413
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2414
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2415
}
0
+ − 2416
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2417
{
+ − 2418
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2419
mb.onclick['Yes'] = function() {
+ − 2420
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2421
var tigraobj = $(tigraentry);
+ − 2422
var div = document.createElement('div');
+ − 2423
div.style.backgroundColor = '#FFFFFF';
+ − 2424
domObjChangeOpac(70, div);
+ − 2425
div.style.position = 'absolute';
+ − 2426
var top = tigraobj.Top();
+ − 2427
var left = tigraobj.Left();
+ − 2428
var width = tigraobj.Width();
+ − 2429
var height = tigraobj.Height();
+ − 2430
div.style.top = top + 'px';
+ − 2431
div.style.left = left + 'px';
+ − 2432
div.style.width = width + 'px';
+ − 2433
div.style.height = height + 'px';
+ − 2434
var body = document.getElementsByTagName('body')[0];
+ − 2435
enlighten(true);
+ − 2436
body.appendChild(div);
+ − 2437
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2438
}
+ − 2439
return;
+ − 2440
}
+ − 2441
ajaxPageBin(t);
+ − 2442
}
+ − 2443
function ajaxPageBin(t)
+ − 2444
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2445
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2446
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2447
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2448
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2449
}
0
+ − 2450
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2451
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2452
if(ajax.readyState == 4) {
+ − 2453
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2454
fadeInfoBoxes();
+ − 2455
}
+ − 2456
});
+ − 2457
}
+ − 2458
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2459
var TREE_TPL = {
+ − 2460
'target' : '_self', // name of the frame links will be opened in
+ − 2461
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2462
+ − 2463
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2464
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2465
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2466
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2467
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2468
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2469
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2470
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2471
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2472
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2473
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2474
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2475
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2476
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2477
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2478
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2479
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2480
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2481
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2482
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2483
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2484
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2485
};
+ − 2486
<?php
+ − 2487
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2488
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2489
</script>
+ − 2490
<table border="0" width="100%">
+ − 2491
<tr>
+ − 2492
<td class="holder" valign="top">
+ − 2493
<div class="pad" style="padding-right: 20px;">
+ − 2494
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2495
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2496
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2497
new tree(TREE_ITEMS, TREE_TPL);
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2498
}
0
+ − 2499
</script>
+ − 2500
</div>
+ − 2501
</td>
+ − 2502
<td width="100%" valign="top">
+ − 2503
<div class="pad" id="ajaxPageContainer">
+ − 2504
<?php
+ − 2505
if(isset($_GET['module']))
+ − 2506
{
+ − 2507
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2508
$k = array_keys($paths->nslist);
+ − 2509
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2510
{
+ − 2511
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2512
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2513
{
+ − 2514
$ns = $k[$i];
+ − 2515
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2516
}
+ − 2517
}
+ − 2518
$fname = 'page_'.$ns.'_'.$nm;
+ − 2519
$s = strpos($fname, '?noheaders');
+ − 2520
if($s) $fname = substr($fname, 0, $s);
+ − 2521
$paths->cpage['module'] = $_GET['module'];
+ − 2522
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2523
{
+ − 2524
eval($fname.'();');
+ − 2525
}
+ − 2526
}
+ − 2527
else
+ − 2528
{
+ − 2529
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2530
}
+ − 2531
?>
+ − 2532
</div>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2533
<script type="text/javascript">
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2534
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2535
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2536
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2537
}
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2538
</script>
0
+ − 2539
</td>
+ − 2540
</tr>
+ − 2541
</table>
+ − 2542
+ − 2543
<?php
+ − 2544
}
+ − 2545
if(!isset($_GET['noheaders']))
+ − 2546
{
+ − 2547
$template->footer();
+ − 2548
}
+ − 2549
}
+ − 2550
+ − 2551
function page_Special_EditSidebar()
+ − 2552
{
+ − 2553
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2554
+ − 2555
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2556
{
+ − 2557
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2558
exit;
+ − 2559
}
+ − 2560
else
+ − 2561
{
+ − 2562
+ − 2563
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2564
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2565
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2566
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2567
+ − 2568
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2569
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2570
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2571
+ − 2572
$template->load_theme('oxygen', 'bleu');
+ − 2573
$template->init_vars();
+ − 2574
+ − 2575
$template->header();
+ − 2576
+ − 2577
if(isset($_POST['save']))
+ − 2578
{
+ − 2579
// Write the new block order to the database
+ − 2580
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2581
// Anyone know a better way to do this?
+ − 2582
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2583
if ( !$q )
+ − 2584
{
+ − 2585
$db->_die('The sidebar order data could not be selected.');
+ − 2586
}
+ − 2587
$orders = Array();
+ − 2588
while($row = $db->fetchrow())
+ − 2589
{
+ − 2590
$orders[] = Array(
+ − 2591
count($orders),
+ − 2592
$row['item_id'],
+ − 2593
$row['sidebar_id'],
+ − 2594
);
+ − 2595
}
+ − 2596
$db->free_result();
+ − 2597
+ − 2598
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2599
$ol = explode(',', $_POST['order_left']);
+ − 2600
$odr = explode(',', $_POST['order_right']);
+ − 2601
$om = array_merge($ol, $odr);
+ − 2602
unset($ol, $odr);
+ − 2603
$queries = Array();
+ − 2604
foreach($orders as $k => $v)
+ − 2605
{
+ − 2606
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2607
}
+ − 2608
foreach($queries as $sql)
+ − 2609
{
+ − 2610
$q = $db->sql_query($sql);
+ − 2611
if(!$q)
+ − 2612
{
+ − 2613
$t = $db->get_error();
+ − 2614
echo $t;
+ − 2615
$template->footer();
+ − 2616
exit;
+ − 2617
}
+ − 2618
}
+ − 2619
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2620
}
+ − 2621
elseif(isset($_POST['create']))
+ − 2622
{
+ − 2623
switch((int)$_POST['type'])
+ − 2624
{
+ − 2625
case BLOCK_WIKIFORMAT:
+ − 2626
$content = $_POST['wikiformat_content'];
+ − 2627
break;
+ − 2628
case BLOCK_TEMPLATEFORMAT:
+ − 2629
$content = $_POST['templateformat_content'];
+ − 2630
break;
+ − 2631
case BLOCK_HTML:
+ − 2632
$content = $_POST['html_content'];
+ − 2633
break;
+ − 2634
case BLOCK_PHP:
+ − 2635
$content = $_POST['php_content'];
+ − 2636
break;
+ − 2637
case BLOCK_PLUGIN:
+ − 2638
$content = $_POST['plugin_id'];
+ − 2639
break;
+ − 2640
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2641
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2642
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2643
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2644
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2645
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2646
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2647
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2648
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2649
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2650
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2651
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2652
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2653
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2654
0
+ − 2655
// Get the value of item_order
+ − 2656
+ − 2657
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2658
if(!$q) $db->_die('The order number could not be selected');
+ − 2659
$io = $db->numrows();
+ − 2660
+ − 2661
$db->free_result();
+ − 2662
+ − 2663
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2664
$result = $db->sql_query($q);
+ − 2665
if(!$result)
+ − 2666
{
+ − 2667
echo $db->get_error();
+ − 2668
$template->footer();
+ − 2669
exit;
+ − 2670
}
+ − 2671
+ − 2672
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2673
+ − 2674
}
+ − 2675
+ − 2676
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2677
{
+ − 2678
if(preg_match('#^([0-9]*)$#', $_GET['id']))
+ − 2679
{
+ − 2680
} else {
+ − 2681
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2682
}
+ − 2683
switch($_GET['action'])
+ − 2684
{
+ − 2685
case 'new':
+ − 2686
?>
+ − 2687
<script type="text/javascript">
+ − 2688
function setType(input)
+ − 2689
{
+ − 2690
val = input.value;
+ − 2691
if(!val)
+ − 2692
{
+ − 2693
return false;
+ − 2694
}
+ − 2695
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2696
for(var i in divs)
+ − 2697
{
+ − 2698
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2699
else divs[i].style.display = 'none';
+ − 2700
}
+ − 2701
}
+ − 2702
</script>
+ − 2703
+ − 2704
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2705
+ − 2706
<p>
+ − 2707
What type of block should this be?
+ − 2708
</p>
+ − 2709
<p>
+ − 2710
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2711
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2712
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2713
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2714
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2715
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2716
</select>
+ − 2717
</p>
+ − 2718
+ − 2719
<p>
+ − 2720
+ − 2721
Block title: <input name="title" type="text" size="40" /><br />
+ − 2722
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2723
+ − 2724
</p>
+ − 2725
+ − 2726
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2727
<p>
+ − 2728
Wikitext:
+ − 2729
</p>
+ − 2730
<p>
+ − 2731
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2732
</p>
+ − 2733
</div>
+ − 2734
+ − 2735
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2736
<p>
+ − 2737
Template code:
+ − 2738
</p>
+ − 2739
<p>
+ − 2740
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2741
</p>
+ − 2742
</div>
+ − 2743
+ − 2744
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2745
<p>
+ − 2746
HTML to place inside the sidebar:
+ − 2747
</p>
+ − 2748
<p>
+ − 2749
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2750
</p>
+ − 2751
</div>
+ − 2752
+ − 2753
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2754
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2755
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2756
<?php } else { ?>
0
+ − 2757
<p>
+ − 2758
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2759
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2760
</p>
+ − 2761
<p>
+ − 2762
<span style="color: red;">
+ − 2763
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2764
</span> You have been warned.
+ − 2765
</p>
+ − 2766
<p>
+ − 2767
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2768
</p>
+ − 2769
<p>
+ − 2770
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2771
</p>
+ − 2772
<p>
+ − 2773
PHP code:
+ − 2774
</p>
+ − 2775
<p>
+ − 2776
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2777
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2778
<?php } ?>
0
+ − 2779
</div>
+ − 2780
+ − 2781
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2782
<p>
+ − 2783
Plugin:
+ − 2784
</p>
+ − 2785
<p>
+ − 2786
<select name="plugin_id">
+ − 2787
<?php
+ − 2788
foreach($template->plugin_blocks as $k => $c)
+ − 2789
{
+ − 2790
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2791
}
+ − 2792
?>
+ − 2793
</select>
+ − 2794
</p>
+ − 2795
</div>
+ − 2796
+ − 2797
<p>
+ − 2798
+ − 2799
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2800
<input type="submit" name="cancel" value="Cancel" />
+ − 2801
+ − 2802
</p>
+ − 2803
+ − 2804
</form>
+ − 2805
+ − 2806
<script type="text/javascript">
+ − 2807
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2808
for(var i in divs)
+ − 2809
{
+ − 2810
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2811
}
+ − 2812
</script>
+ − 2813
+ − 2814
<?php
+ − 2815
$template->footer();
+ − 2816
return;
+ − 2817
break;
+ − 2818
case 'move':
+ − 2819
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2820
{
+ − 2821
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2822
break;
+ − 2823
}
+ − 2824
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2825
if(!$query)
+ − 2826
{
+ − 2827
echo $db->get_error();
+ − 2828
$template->footer();
+ − 2829
exit;
+ − 2830
}
+ − 2831
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2832
break;
+ − 2833
case 'delete':
+ − 2834
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
+ − 2835
if(!$query)
+ − 2836
{
+ − 2837
echo $db->get_error();
+ − 2838
$template->footer();
+ − 2839
exit;
+ − 2840
}
+ − 2841
if(isset($_GET['ajax']))
+ − 2842
{
+ − 2843
ob_end_clean();
+ − 2844
die('GOOD');
+ − 2845
}
+ − 2846
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 2847
break;
+ − 2848
case 'disenable';
+ − 2849
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2850
if(!$q)
+ − 2851
{
+ − 2852
echo $db->get_error();
+ − 2853
$template->footer();
+ − 2854
exit;
+ − 2855
}
+ − 2856
$r = $db->fetchrow();
+ − 2857
$db->free_result();
+ − 2858
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
+ − 2859
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2860
if(!$q)
+ − 2861
{
+ − 2862
echo $db->get_error();
+ − 2863
$template->footer();
+ − 2864
exit;
+ − 2865
}
+ − 2866
if(isset($_GET['ajax']))
+ − 2867
{
+ − 2868
ob_end_clean();
+ − 2869
die('GOOD');
+ − 2870
}
+ − 2871
break;
+ − 2872
case 'getsource':
+ − 2873
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2874
if(!$q)
+ − 2875
{
+ − 2876
echo $db->get_error();
+ − 2877
$template->footer();
+ − 2878
exit;
+ − 2879
}
+ − 2880
ob_end_clean();
+ − 2881
$r = $db->fetchrow();
+ − 2882
$db->free_result();
+ − 2883
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 2884
die($r['block_content']);
+ − 2885
break;
+ − 2886
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2887
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2888
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2889
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2890
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2891
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2892
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2893
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2894
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2895
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2896
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2897
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2898
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2899
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2900
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2901
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2902
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2903
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2904
}
0
+ − 2905
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2906
if(!$q)
+ − 2907
{
+ − 2908
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2909
exit;
+ − 2910
}
+ − 2911
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2912
if(!$q)
+ − 2913
{
+ − 2914
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2915
exit;
+ − 2916
}
+ − 2917
$row = $db->fetchrow();
+ − 2918
$db->free_result();
+ − 2919
switch($row['block_type'])
+ − 2920
{
+ − 2921
case BLOCK_WIKIFORMAT:
+ − 2922
default:
+ − 2923
$c = RenderMan::render($row['block_content']);
+ − 2924
break;
+ − 2925
case BLOCK_TEMPLATEFORMAT:
+ − 2926
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2927
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2928
break;
+ − 2929
case BLOCK_HTML:
+ − 2930
$c = $row['block_content'];
+ − 2931
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2932
break;
+ − 2933
case BLOCK_PHP:
+ − 2934
ob_start();
+ − 2935
eval($row['block_content']);
+ − 2936
$c = ob_get_contents();
+ − 2937
ob_end_clean();
+ − 2938
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2939
break;
+ − 2940
case BLOCK_PLUGIN:
+ − 2941
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2942
break;
+ − 2943
}
+ − 2944
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 2945
break;
+ − 2946
}
+ − 2947
}
+ − 2948
+ − 2949
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2950
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 2951
+ − 2952
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 2953
+ − 2954
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 2955
$parser->assign_vars(Array(
+ − 2956
'HREF'=>'#',
+ − 2957
'FLAGS'=>'onclick="return false;"',
+ − 2958
'TEXT'=>'Change theme'
+ − 2959
));
+ − 2960
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 2961
$parser->assign_vars(Array(
+ − 2962
'TEXT'=>'Log out',
+ − 2963
));
+ − 2964
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 2965
+ − 2966
$n1 = Array();
+ − 2967
$n2 = Array();
+ − 2968
$n =& $n1;
+ − 2969
+ − 2970
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 2971
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2972
+ − 2973
// Time for the loop
+ − 2974
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 2975
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 2976
while($row = $db->fetchrow())
+ − 2977
{
+ − 2978
if(isset($current_side))
+ − 2979
{
+ − 2980
if($current_side != $row['sidebar_id'])
+ − 2981
{
+ − 2982
// Time to switch!
+ − 2983
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2984
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 2985
//echo '</td><td valign="top">';
+ − 2986
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2987
$n =& $n2;
+ − 2988
}
+ − 2989
}
+ − 2990
$n[] = count($n);
+ − 2991
$current_side = $row['sidebar_id'];
+ − 2992
switch($row['block_type'])
+ − 2993
{
+ − 2994
case BLOCK_WIKIFORMAT:
+ − 2995
default:
+ − 2996
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2997
$c = RenderMan::render($row['block_content']);
+ − 2998
break;
+ − 2999
case BLOCK_TEMPLATEFORMAT:
+ − 3000
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 3001
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 3002
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3003
break;
+ − 3004
case BLOCK_HTML:
+ − 3005
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3006
$c = $row['block_content'];
+ − 3007
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3008
break;
+ − 3009
case BLOCK_PHP:
+ − 3010
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3011
ob_start();
+ − 3012
eval($row['block_content']);
+ − 3013
$c = ob_get_contents();
+ − 3014
ob_end_clean();
+ − 3015
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3016
break;
+ − 3017
case BLOCK_PLUGIN:
+ − 3018
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3019
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 3020
break;
+ − 3021
}
+ − 3022
$t = $template->tplWikiFormat($row['block_name']);
+ − 3023
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 3024
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 3025
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 3026
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 3027
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 3028
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 3029
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 3030
$as = '';
+ − 3031
$ae = ' '.$tb;
+ − 3032
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 3033
echo $parser->run();
+ − 3034
unset($parser);
+ − 3035
+ − 3036
}
+ − 3037
$db->free_result();
+ − 3038
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 3039
echo '</div></td></tr></table>';
+ − 3040
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 3041
$order = implode(',', $n1);
+ − 3042
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 3043
$order = implode(',', $n2);
+ − 3044
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 3045
echo '
+ − 3046
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 3047
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 3048
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 3049
<br />
+ − 3050
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 3051
</div>
+ − 3052
</form>
+ − 3053
';
+ − 3054
}
+ − 3055
+ − 3056
$template->footer();
+ − 3057
}
+ − 3058
+ − 3059
?>