0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
0
+ − 6
Author: Dan Fuhry
285
+ − 7
Version: 1.0.4
0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
294
+ − 13
* Version 1.0.5 (Ferrishyn)
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 38
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 39
));
+ − 40
');
+ − 41
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 42
// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 43
require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 44
require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 45
require(ENANO_ROOT . '/plugins/admin/UserManager.php');
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 46
0
+ − 47
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 48
+ − 49
function page_Admin_Home() {
+ − 50
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 51
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 52
{
+ − 53
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 54
return;
+ − 55
}
+ − 56
+ − 57
// Basic information
+ − 58
echo RenderMan::render(
+ − 59
'== Welcome to Runt, the Enano administration panel. ==
+ − 60
+ − 61
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 62
+ − 63
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 64
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 67
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 68
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 69
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 70
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 71
270
+ − 72
// If we're on PHP4, warn the user
+ − 73
// Enano is not supported on PHP4 after December 31, 2007.
+ − 74
if ( version_compare(PHP_VERSION, '5.0.0', '<') )
+ − 75
{
+ − 76
echo '<div class="warning-box">
+ − 77
<b>Your server is running PHP ' . PHP_VERSION . '.</b><br />
+ − 78
As of December 31, 2007, servers running the PHP 4.x interpreter are not eligible for support on the Enano forums. While you
+ − 79
may be able to obtain support elsewhere, all official Enano support channels do not provide any type of support for servers
+ − 80
running this outdated and vulnerable version of PHP.<br />
+ − 81
<br />
+ − 82
This notice will not show if PHP 5.0.0 or later is detected. You may want to ask your web host to upgrade their PHP
+ − 83
installation. If you\'re refused, point them to <a href="http://gophp5.org/">GoPHP5.org</a> and explain that they are opening
+ − 84
themselves to security problems by not upgrading.
+ − 85
</div>';
+ − 86
}
+ − 87
0
+ − 88
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 89
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 90
{
+ − 91
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 92
}
+ − 93
+ − 94
// Inactive users
+ − 95
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 96
if($q)
+ − 97
if($db->numrows() > 0)
+ − 98
{
+ − 99
$n = $db->numrows();
+ − 100
if($n == 1) $s = $n . ' user is';
+ − 101
else $s = $n . ' users are';
+ − 102
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 103
}
+ − 104
$db->free_result();
+ − 105
// Stats
+ − 106
if(getConfig('log_hits') == '1')
+ − 107
{
+ − 108
$stats = stats_top_pages(10);
61
+ − 109
//die('<pre>'.print_r($stats,true).'</pre>');
0
+ − 110
$c = 0;
+ − 111
$cls = 'row2';
+ − 112
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
61
+ − 113
foreach($stats as $data)
0
+ − 114
{
61
+ − 115
echo '<tr>';
+ − 116
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 117
echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';
+ − 118
echo '</tr>';
0
+ − 119
}
+ − 120
echo '</table></div>';
+ − 121
}
+ − 122
+ − 123
// Security log
+ − 124
echo '<h3>Security log</h3>';
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 125
$seclog = get_security_log(5);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 126
echo $seclog;
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 127
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 128
echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>';
0
+ − 129
+ − 130
}
+ − 131
+ − 132
function page_Admin_GeneralConfig() {
+ − 133
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 134
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 135
{
+ − 136
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 137
return;
+ − 138
}
+ − 139
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 140
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 141
{
0
+ − 142
+ − 143
// Global site options
+ − 144
setConfig('site_name', $_POST['site_name']);
+ − 145
setConfig('site_desc', $_POST['site_desc']);
+ − 146
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 147
setConfig('copyright_notice', $_POST['copyright']);
+ − 148
setConfig('contact_email', $_POST['contact_email']);
+ − 149
+ − 150
// Wiki mode
+ − 151
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 152
else setConfig('wiki_mode', '0');
+ − 153
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 154
else setConfig('wiki_mode_require_login', '0');
+ − 155
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 156
else setConfig('wiki_edit_notice', '0');
+ − 157
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 158
+ − 159
// Stats
+ − 160
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 161
else setConfig('log_hits', '0');
+ − 162
+ − 163
// Disablement
+ − 164
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 165
else setConfig('site_disabled', '0');
+ − 166
+ − 167
// Account activation
+ − 168
setConfig('account_activation', $_POST['account_activation']);
+ − 169
+ − 170
// W3C compliance buttons
+ − 171
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 172
else setConfig("w3c_vh32", "0");
+ − 173
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 174
else setConfig("w3c_vh40", "0");
+ − 175
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 176
else setConfig("w3c_vh401", "0");
+ − 177
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 178
else setConfig("w3c_vxhtml10", "0");
+ − 179
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 180
else setConfig("w3c_vxhtml11", "0");
+ − 181
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 182
else setConfig("w3c_vcss", "0");
+ − 183
+ − 184
// SourceForge.net logo
+ − 185
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 186
else setConfig('sflogo_enabled', '0');
+ − 187
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 188
setConfig('sflogo_type', $_POST['sflogo']);
+ − 189
+ − 190
// Comment options
+ − 191
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 192
else setConfig('approve_comments', '0');
+ − 193
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 194
else setConfig('enable_comments', '0');
+ − 195
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 196
+ − 197
// Powered by link
+ − 198
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 199
else setConfig('powered_btn', '0');
+ − 200
+ − 201
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 202
else setConfig('dbd_button', '0');
+ − 203
+ − 204
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 205
else setConfig('smtp_enabled', '1');
+ − 206
+ − 207
setConfig('smtp_server', $_POST['smtp_host']);
+ − 208
setConfig('smtp_user', $_POST['smtp_user']);
+ − 209
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 210
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 211
// Password strength
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 212
if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 213
else setConfig('pw_strength_enable', '0');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 214
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 215
$strength = intval($_POST['pw_strength_minimum']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 216
if ( $strength >= -10 && $strength <= 30 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 217
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 218
$strength = strval($strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 219
setConfig('pw_strength_minimum', $strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 220
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 221
0
+ − 222
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 223
+ − 224
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 225
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 226
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 227
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 228
}
0
+ − 229
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 230
?>
+ − 231
<div class="tblholder">
+ − 232
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 233
+ − 234
<!-- Global options -->
+ − 235
+ − 236
<tr><th colspan="2">Global site options</th></tr>
+ − 237
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 238
40
+ − 239
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ − 240
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ − 241
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ − 242
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
0
+ − 243
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 244
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 245
+ − 246
<!-- Wiki mode -->
+ − 247
+ − 248
<tr><th colspan="2">Wiki mode</th></tr>
+ − 249
+ − 250
<tr>
+ − 251
<td class="row3" rowspan="2">
+ − 252
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 253
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 254
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 255
</td>
+ − 256
<td class="row1">
+ − 257
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 258
</td>
+ − 259
</tr>
+ − 260
+ − 261
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 262
+ − 263
<tr>
+ − 264
<td class="row3" rowspan="2">
+ − 265
<b>Edit page notice</b><br />
+ − 266
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 267
</td>
+ − 268
<td class="row1">
+ − 269
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 270
</td>
+ − 271
</tr>
+ − 272
+ − 273
<tr>
+ − 274
<td class="row2">
+ − 275
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 276
</td>
+ − 277
</tr>
+ − 278
+ − 279
<!-- Site statistics -->
+ − 280
+ − 281
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 282
+ − 283
<tr>
+ − 284
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 285
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 286
</tr>
+ − 287
+ − 288
<!-- Comment options -->
+ − 289
+ − 290
<tr><th colspan="2">Comment system</th></tr>
+ − 291
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 292
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 293
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 294
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 295
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 296
+ − 297
<!--
+ − 298
+ − 299
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 300
permissions, select The Entire Website in any permissions editor window.
+ − 301
+ − 302
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 303
+ − 304
<tr>
+ − 305
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 306
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 307
</tr>
+ − 308
+ − 309
-->
+ − 310
+ − 311
<!-- enanocms.org link -->
+ − 312
+ − 313
<tr>
+ − 314
<th colspan="2">Promote Enano</th>
+ − 315
</tr>
+ − 316
<tr>
+ − 317
<td class="row3">
+ − 318
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 319
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 320
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 321
using this link.
+ − 322
</td>
+ − 323
<td class="row1">
+ − 324
<label>
36
+ − 325
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar
0
+ − 326
</label>
+ − 327
</td>
+ − 328
</tr>
+ − 329
+ − 330
<!-- Site disablement -->
+ − 331
+ − 332
<tr><th colspan="2">Disable all site access</th></tr>
+ − 333
+ − 334
<tr>
+ − 335
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 336
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 337
</tr>
+ − 338
<tr>
+ − 339
<td class="row2">
30
+ − 340
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
0
+ − 341
Message to show to users:<br />
+ − 342
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 343
</div>
+ − 344
</td>
+ − 345
</tr>
+ − 346
+ − 347
<!-- Account activation -->
+ − 348
+ − 349
<tr><th colspan="2">User account activation</th></tr>
+ − 350
+ − 351
<tr>
+ − 352
<td class="row3" colspan="2">
+ − 353
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 354
You may also disable registration completely if needed.<br /><br />
+ − 355
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 356
</td>
+ − 357
</tr>
+ − 358
+ − 359
<tr>
+ − 360
<td class="row1">Account activation:</td><td class="row1">
+ − 361
<?php
+ − 362
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
192
+ − 363
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
0
+ − 364
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 365
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 366
?>
+ − 367
</td>
+ − 368
</tr>
+ − 369
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 370
<tr><th colspan="2">Password strength</th></tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 371
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 372
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 373
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 374
<b>Enable password strength analysis</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 375
<small>This should be enabled in most cases. When this is enabled, a strength meter and a numerical score will be displayed wherever a password can be changed.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 376
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 377
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 378
<label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 379
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 380
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 381
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 382
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 383
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 384
<b>Minimum strength score</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 385
<small>This is the lowest score a password will be allowed to have. -10 will allow any password. A score of under -3 is considered weak, under 1 is fair, under 4 is good, under 10 is strong, and 10 and above are very strong. The scale is open-ended. This only has an effect if the meter is enabled above.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 386
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 387
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 388
<input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 389
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 390
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 391
0
+ − 392
<!-- E-mail options -->
+ − 393
+ − 394
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 395
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 396
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 397
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 398
</tr>
+ − 399
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 400
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 401
</tr>
+ − 402
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 403
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 404
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 405
</tr>
+ − 406
+ − 407
<!-- SourceForge.net logo -->
+ − 408
+ − 409
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 410
+ − 411
<tr>
+ − 412
<td colspan="2" class="row3">
+ − 413
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 414
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 415
</td>
+ − 416
</tr>
+ − 417
+ − 418
<?php
+ − 419
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 420
else $c='';
+ − 421
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 422
else $g='';
+ − 423
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 424
else $t='1';
+ − 425
?>
+ − 426
+ − 427
<tr>
+ − 428
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 429
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 430
</tr>
+ − 431
+ − 432
<tr>
+ − 433
<td class="row2">Group ID:</td>
+ − 434
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 435
</tr>
+ − 436
+ − 437
<tr>
+ − 438
<td class="row1">Logo style:</td>
+ − 439
<td class="row1">
+ − 440
<select name="sflogo">
+ − 441
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 442
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 443
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 444
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 445
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 446
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 447
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 448
</select>
+ − 449
</td>
+ − 450
</tr>
+ − 451
+ − 452
<!-- W3C validator buttons -->
+ − 453
+ − 454
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 455
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 456
+ − 457
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 458
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 459
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 460
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 461
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 462
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 463
+ − 464
<!-- DefectiveByDesign.org ad -->
+ − 465
+ − 466
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 467
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 468
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 469
+ − 470
<!-- Save button -->
+ − 471
+ − 472
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 473
+ − 474
</table>
+ − 475
</div>
+ − 476
</form>
+ − 477
<?php
+ − 478
}
+ − 479
+ − 480
function page_Admin_UploadConfig()
+ − 481
{
+ − 482
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 483
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 484
{
+ − 485
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 486
return;
+ − 487
}
+ − 488
+ − 489
if(isset($_POST['save']))
+ − 490
{
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 491
if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 492
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 493
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 494
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 495
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 496
setConfig('enable_uploads', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 497
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 498
else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 499
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 500
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 501
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 502
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 503
setConfig('enable_uploads', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 504
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 505
if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 506
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 507
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 508
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 509
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 510
setConfig('enable_imagemagick', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 511
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 512
else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 513
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 514
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 515
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 516
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 517
setConfig('enable_imagemagick', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 518
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 519
if(isset($_POST['cache_thumbs']))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 520
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 521
setConfig('cache_thumbs', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 522
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 523
else
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 524
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 525
setConfig('cache_thumbs', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 526
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 527
if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 528
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 529
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 530
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 531
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 532
setConfig('file_history', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 533
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 534
else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 535
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 536
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 537
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 538
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 539
setConfig('file_history', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 540
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 541
if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path'))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 542
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 543
$old = getConfig('imagemagick_path');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 544
$oldnew = "{$old}||{$_POST['imagemagick_path']}";
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 545
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 546
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 547
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 548
setConfig('imagemagick_path', $_POST['imagemagick_path']);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 549
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 550
else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 551
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 552
echo '<span style="color: red"><b>Warning:</b> the file "'.htmlspecialchars($_POST['imagemagick_path']).'" was not found, and the ImageMagick file path was not updated.</span>';
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 553
}
0
+ − 554
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 555
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 556
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 557
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 558
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 559
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 560
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 561
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 562
}
0
+ − 563
}
+ − 564
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 565
?>
+ − 566
<h3>File upload configuration</h3>
+ − 567
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 568
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 569
and executable files can sometimes be uploaded.</p>
+ − 570
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 571
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 572
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 573
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 574
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 575
large images many times can cost you quite a lot of bandwidth.</p>
+ − 576
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 577
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 578
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 579
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 580
</p>
+ − 581
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 582
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 583
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 584
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 585
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 586
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 587
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 588
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 589
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 590
enabled unless you have less than 250MB of MySQL database space.</p>
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 591
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
0
+ − 592
<hr style="margin-left: 1em;" />
+ − 593
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 594
<?php
+ − 595
echo '</form>';
+ − 596
}
+ − 597
+ − 598
function page_Admin_PluginManager() {
+ − 599
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 600
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 601
{
+ − 602
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 603
return;
+ − 604
}
+ − 605
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 606
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 608
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 609
{
0
+ − 610
case "enable":
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 611
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 612
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 613
$db->_die();
0
+ − 614
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 615
break;
+ − 616
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 617
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 618
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 619
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 620
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 621
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 622
if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 623
{
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 624
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 625
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 626
$db->_die();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 627
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 628
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 629
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 630
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 631
echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>');
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 632
}
0
+ − 633
break;
+ − 634
}
+ − 635
}
+ − 636
$dir = './plugins/';
+ − 637
$plugin_list = Array();
+ − 638
$system = Array();
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 639
$show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 640
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 641
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 642
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 643
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 644
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 645
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 646
{
0
+ − 647
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 648
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 649
unset($thelist);
0
+ − 650
if ( in_array($file, $plugins->system_plugins) )
+ − 651
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 652
if ( !$show_system )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 653
continue;
0
+ − 654
$thelist =& $system;
+ − 655
}
+ − 656
else
+ − 657
{
+ − 658
$thelist =& $plugin_list;
+ − 659
}
+ − 660
$f = file_get_contents($dir . $file);
+ − 661
$f = explode("\n", $f);
+ − 662
$f = array_slice($f, 2, 7);
+ − 663
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 664
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 665
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 666
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 667
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 668
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 669
$thelist[$file] = Array();
+ − 670
$thelist[$file]['name'] = $f[0];
+ − 671
$thelist[$file]['uri'] = $f[1];
+ − 672
$thelist[$file]['desc'] = $f[2];
+ − 673
$thelist[$file]['auth'] = $f[3];
+ − 674
$thelist[$file]['vers'] = $f[4];
+ − 675
$thelist[$file]['aweb'] = $f[5];
+ − 676
}
+ − 677
}
+ − 678
closedir($dh);
+ − 679
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 680
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 681
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 682
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 683
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 684
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 685
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 686
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 687
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 688
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 689
return;
0
+ − 690
}
+ − 691
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 692
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 693
$plugin_files_1 = array_keys($plugin_list);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 694
$plugin_files_2 = array_keys($system);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 695
$plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
0
+ − 696
$cls = 'row2';
+ − 697
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 698
{
+ − 699
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 700
$this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]];
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 701
$is_system = ( $system[$plugin_files[$i]] );
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 702
$bgcolor = '';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 703
if ( $is_system && $cls == 'row2' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 704
$bgcolor = ' style="background-color: #FFD8D8;"';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 705
else if ( $is_system && $cls == 'row3' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 706
$bgcolor = ' style="background-color: #FFD0D0;"';
0
+ − 707
echo '<tr>
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 708
<td class="'.$cls.'"'.$bgcolor.'>'.$plugin_files[$i].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 709
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['uri'].'">'.$this_plugin['name'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 710
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['desc'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 711
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['aweb'].'">'.$this_plugin['auth'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 712
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['vers'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 713
<td class="'.$cls.'"'.$bgcolor.'>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 714
if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
0
+ − 715
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 716
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 717
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 718
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 719
}
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 720
else
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 721
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 722
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 723
}
0
+ − 724
}
+ − 725
else
+ − 726
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 727
echo '[System]';
0
+ − 728
}
+ − 729
echo '</td></tr>';
+ − 730
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 731
$showhide_link = ( $show_system ) ?
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 732
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' :
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 733
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ;
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 734
echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
0
+ − 735
echo '</table></div>';
+ − 736
}
+ − 737
+ − 738
function page_Admin_UploadAllowedMimeTypes()
+ − 739
{
+ − 740
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 741
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 742
{
+ − 743
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 744
return;
+ − 745
}
+ − 746
+ − 747
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 748
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 749
{
+ − 750
$bits = '';
+ − 751
$keys = array_keys($mime_types);
+ − 752
foreach($keys as $i => $k)
+ − 753
{
+ − 754
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 755
else $bits .= '0';
+ − 756
}
+ − 757
$bits = compress_bitfield($bits);
+ − 758
setConfig('allowed_mime_types', $bits);
+ − 759
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 760
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 761
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 762
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 763
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 764
}
0
+ − 765
$allowed = fetch_allowed_extensions();
+ − 766
?>
+ − 767
<h3>Allowed file types</h3>
+ − 768
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 769
<?php
+ − 770
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 771
$c = -1;
+ − 772
$t = -1;
+ − 773
$cl = 'row1';
+ − 774
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
237
4ab30e8dd168
Nothing special. ksort()ing list of allowed filetypes in the admin panel to make editing the list marginally easier
Dan
diff
changeset
+ − 775
ksort($mime_types);
0
+ − 776
foreach($mime_types as $e => $m)
+ − 777
{
+ − 778
$c++;
+ − 779
$t++;
+ − 780
if($c == 3)
+ − 781
{
+ − 782
$c = 0;
+ − 783
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 784
echo '</tr>'."\n".' <tr>'."\n ";
+ − 785
}
+ − 786
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 787
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 788
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 789
}
+ − 790
while($c < 2)
+ − 791
{
+ − 792
$c++;
+ − 793
echo " <td class='{$cl}'></td>\n ";
+ − 794
}
+ − 795
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 796
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 797
echo '</form>';
+ − 798
?>
+ − 799
<?php
+ − 800
}
+ − 801
+ − 802
function page_Admin_Sidebar()
+ − 803
{
+ − 804
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 805
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 806
{
+ − 807
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 808
return;
+ − 809
}
+ − 810
+ − 811
?>
+ − 812
<h2>Editing and managing the Enano sidebar</h2>
+ − 813
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 814
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 815
markup language.
+ − 816
</p>
+ − 817
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 818
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 819
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 820
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 821
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 822
external sites.</p>
+ − 823
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 824
<pre>{slider=Navigation}
+ − 825
[[Main Page|Home]]
+ − 826
[[Enano:Sidebar|Edit the sidebar]]
+ − 827
{/slider}</pre>
+ − 828
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 829
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 830
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 831
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 832
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 833
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 834
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 835
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 836
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 837
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 838
<pre>{slider=$USERNAME}
+ − 839
[[User:$USERNAME|User page]]
+ − 840
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 841
{if user_logged_in}
+ − 842
[[Special:Preferences|Preferences]]
+ − 843
$THEME_LINK
+ − 844
{/if}
+ − 845
{if auth_admin}
+ − 846
[[Special:Administration|Administration]]
+ − 847
{/if}
+ − 848
{if user_logged_in}
+ − 849
$LOGOUT_LINK
+ − 850
{/if}
+ − 851
{!if user_logged_in}
+ − 852
Create an account
+ − 853
Log in
+ − 854
{/if}
+ − 855
{/slider}</pre>
+ − 856
<?php
+ − 857
}
+ − 858
+ − 859
function page_Admin_GroupManager()
+ − 860
{
+ − 861
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 862
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 863
{
+ − 864
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 865
return;
+ − 866
}
+ − 867
+ − 868
if(isset($_POST['do_create_stage1']))
+ − 869
{
+ − 870
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 871
{
+ − 872
echo '<p>The group name you chose is invalid.</p>';
+ − 873
return;
+ − 874
}
+ − 875
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 876
echo '<div class="tblholder">
+ − 877
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 878
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 879
<tr>
+ − 880
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 881
</tr>
+ − 882
<tr><td class="row2">Group status</td><td class="row2">
+ − 883
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 884
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 885
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 886
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 887
</td></tr>
+ − 888
<tr>
+ − 889
<th class="subhead" colspan="2">
+ − 890
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 891
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 892
</th>
+ − 893
</tr>
+ − 894
</table>
+ − 895
</div>';
+ − 896
echo '</form>';
+ − 897
return;
+ − 898
}
+ − 899
elseif(isset($_POST['do_create_stage2']))
+ − 900
{
+ − 901
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 902
{
+ − 903
echo '<p>The group name you chose is invalid.</p>';
+ − 904
return;
+ − 905
}
+ − 906
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 907
{
+ − 908
echo '<p>Hacking attempt</p>';
+ − 909
return;
+ − 910
}
+ − 911
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 912
if(!$e)
+ − 913
{
+ − 914
echo $db->get_error();
+ − 915
return;
+ − 916
}
+ − 917
if($db->numrows() > 0)
+ − 918
{
+ − 919
echo '<p>The group name you entered already exists.</p>';
+ − 920
return;
+ − 921
}
+ − 922
$db->free_result();
+ − 923
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 924
if(!$q)
+ − 925
{
+ − 926
echo $db->get_error();
+ − 927
return;
+ − 928
}
+ − 929
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 930
if(!$e)
+ − 931
{
+ − 932
echo $db->get_error();
+ − 933
return;
+ − 934
}
+ − 935
if($db->numrows() < 1)
+ − 936
{
+ − 937
echo '<p>The username you entered could not be found.</p>';
+ − 938
return;
+ − 939
}
+ − 940
$row = $db->fetchrow();
+ − 941
$id = $row['user_id'];
+ − 942
$db->free_result();
+ − 943
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 944
if(!$e)
+ − 945
{
+ − 946
echo $db->get_error();
+ − 947
return;
+ − 948
}
+ − 949
if($db->numrows() < 1)
+ − 950
{
+ − 951
echo '<p>The group ID could not be looked up.</p>';
+ − 952
return;
+ − 953
}
+ − 954
$row = $db->fetchrow();
+ − 955
$gid = $row['group_id'];
+ − 956
$db->free_result();
+ − 957
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 958
if(!$e)
+ − 959
{
+ − 960
echo $db->get_error();
+ − 961
return;
+ − 962
}
+ − 963
echo "<div class='info-box'>
+ − 964
<b>Information</b><br />
+ − 965
The group {$_POST['create_group_name']} has been created successfully.
+ − 966
</div>";
+ − 967
}
+ − 968
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 969
{
+ − 970
// Fetch the group name
+ − 971
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 972
if(!$q)
+ − 973
{
+ − 974
echo $db->get_error();
+ − 975
return;
+ − 976
}
+ − 977
if($db->numrows() < 1)
+ − 978
{
+ − 979
echo '<p>Error: couldn\'t look up group name</p>';
+ − 980
}
+ − 981
$row = $db->fetchrow();
+ − 982
$name = $row['group_name'];
+ − 983
$db->free_result();
+ − 984
if(isset($_POST['edit_do']))
+ − 985
{
+ − 986
if(isset($_POST['edit_do']['del_group']))
+ − 987
{
+ − 988
if ( $row['system_group'] == 1 )
+ − 989
{
+ − 990
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 991
}
+ − 992
else
+ − 993
{
+ − 994
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 995
if(!$q)
+ − 996
{
+ − 997
echo $db->get_error();
+ − 998
return;
+ − 999
}
+ − 1000
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1001
if(!$q)
+ − 1002
{
+ − 1003
echo $db->get_error();
+ − 1004
return;
+ − 1005
}
+ − 1006
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1007
return;
+ − 1008
}
+ − 1009
}
+ − 1010
if(isset($_POST['edit_do']['save_name']))
+ − 1011
{
+ − 1012
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1013
{
+ − 1014
echo '<p>The group name you chose is invalid.</p>';
+ − 1015
return;
+ − 1016
}
+ − 1017
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1018
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1019
if(!$q)
+ − 1020
{
+ − 1021
echo $db->get_error();
+ − 1022
return;
+ − 1023
}
+ − 1024
else
+ − 1025
{
+ − 1026
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1027
The group name has been updated.
+ − 1028
</div>';
+ − 1029
}
+ − 1030
$name = $_POST['group_name'];
+ − 1031
+ − 1032
}
+ − 1033
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1034
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1035
if(!$q)
+ − 1036
{
+ − 1037
echo $db->get_error();
+ − 1038
return;
+ − 1039
}
+ − 1040
if($db->numrows() > 0)
+ − 1041
{
+ − 1042
while($row = $db->fetchrow($q))
+ − 1043
{
+ − 1044
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1045
{
+ − 1046
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1047
if(!$e)
+ − 1048
{
+ − 1049
echo $db->get_error();
+ − 1050
return;
+ − 1051
}
+ − 1052
}
+ − 1053
}
+ − 1054
}
+ − 1055
$db->free_result();
+ − 1056
if(isset($_POST['edit_do']['add_member']))
+ − 1057
{
+ − 1058
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1059
if(!$q)
+ − 1060
{
+ − 1061
echo $db->get_error();
+ − 1062
return;
+ − 1063
}
+ − 1064
if($db->numrows() > 0)
+ − 1065
{
+ − 1066
$row = $db->fetchrow();
+ − 1067
$user_id = $row['user_id'];
+ − 1068
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1069
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1070
if(!$q)
+ − 1071
{
+ − 1072
echo $db->get_error();
+ − 1073
return;
+ − 1074
}
+ − 1075
else
+ − 1076
{
+ − 1077
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1078
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1079
</div>';
+ − 1080
}
+ − 1081
}
+ − 1082
else
+ − 1083
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1084
}
+ − 1085
}
+ − 1086
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1087
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1088
echo '<div class="tblholder">
+ − 1089
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1090
<tr><th>Edit group name</th></tr>
+ − 1091
<tr>
+ − 1092
<td class="row1">
+ − 1093
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1094
</td>
+ − 1095
</tr>
+ − 1096
<tr>
+ − 1097
<th class="subhead">
+ − 1098
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1099
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1100
</th>
+ − 1101
</tr>
+ − 1102
</table>
+ − 1103
</div>
+ − 1104
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1105
echo '</form>';
+ − 1106
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1107
echo '<div class="tblholder">
+ − 1108
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1109
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1110
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1111
LEFT JOIN '.table_prefix.'users AS u
+ − 1112
ON u.user_id=m.user_id
+ − 1113
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1114
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1115
if(!$q)
+ − 1116
{
+ − 1117
echo $db->get_error();
+ − 1118
return;
+ − 1119
}
+ − 1120
if($db->numrows() < 1)
+ − 1121
{
+ − 1122
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1123
}
+ − 1124
else
+ − 1125
{
+ − 1126
$cls = 'row2';
+ − 1127
while($row = $db->fetchrow())
+ − 1128
{
+ − 1129
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1130
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1131
echo '<tr>
+ − 1132
<td class="'.$cls.'" style="width: 100%;">
+ − 1133
' . $row['username'] . '
+ − 1134
</td>
+ − 1135
<td class="'.$cls.'">
+ − 1136
'.$mod.'
+ − 1137
</td>
+ − 1138
<td class="'.$cls.'">
+ − 1139
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1140
</td>
+ − 1141
</tr>';
+ − 1142
}
+ − 1143
}
+ − 1144
$db->free_result();
+ − 1145
echo '</table>
+ − 1146
</div>
+ − 1147
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1148
echo '</form>';
+ − 1149
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1150
echo '<div class="tblholder">
+ − 1151
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1152
<tr>
+ − 1153
<th>Add a new member</th>
+ − 1154
</tr>
+ − 1155
<tr>
+ − 1156
<td class="row1">
+ − 1157
Username: ' . $template->username_field('edit_add_username') . '
+ − 1158
</td>
+ − 1159
</tr>
+ − 1160
<tr>
+ − 1161
<td class="row2">
+ − 1162
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1163
</td>
+ − 1164
</tr>
+ − 1165
<tr>
+ − 1166
<th class="subhead">
+ − 1167
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1168
</th>
+ − 1169
</tr>
+ − 1170
</table>
+ − 1171
</div>
+ − 1172
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1173
echo '</form>';
+ − 1174
return;
+ − 1175
}
+ − 1176
echo '<h3>Manage Usergroups</h3>';
+ − 1177
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1178
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1179
if(!$q)
+ − 1180
{
+ − 1181
echo $db->get_error();
+ − 1182
}
+ − 1183
else
+ − 1184
{
+ − 1185
echo '<div class="tblholder">
+ − 1186
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1187
<tr>
+ − 1188
<th>Edit an existing group</th>
+ − 1189
</tr>';
+ − 1190
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1191
while ( $row = $db->fetchrow() )
+ − 1192
{
+ − 1193
if ( $row['group_name'] != 'Everyone' )
+ − 1194
{
+ − 1195
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1196
}
+ − 1197
}
+ − 1198
$db->free_result();
+ − 1199
echo '</select></td></tr>';
+ − 1200
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1201
</table>
+ − 1202
</div>
+ − 1203
</form><br />';
+ − 1204
}
+ − 1205
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1206
echo '<div class="tblholder">
+ − 1207
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1208
<tr>
+ − 1209
<th colspan="2">Create a new group</th>
+ − 1210
</tr>';
+ − 1211
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1212
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1213
</table>
+ − 1214
</div>';
+ − 1215
echo '</form>';
+ − 1216
}
+ − 1217
30
+ − 1218
function page_Admin_COPPA()
+ − 1219
{
+ − 1220
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1221
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1222
{
+ − 1223
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1224
return;
+ − 1225
}
+ − 1226
+ − 1227
echo '<h2>Background information</h2>';
+ − 1228
echo '<p>
+ − 1229
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
+ − 1230
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
+ − 1231
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano
+ − 1232
provides an easy way to allow you, as the website administrator, to obtain this authorization.
+ − 1233
</p>';
+ − 1234
+ − 1235
// Start form
+ − 1236
+ − 1237
if ( isset($_POST['coppa_address']) )
+ − 1238
{
+ − 1239
// Saving changes
+ − 1240
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
+ − 1241
setConfig('enable_coppa', $enable_coppa);
+ − 1242
+ − 1243
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
+ − 1244
setConfig('coppa_address', $address);
+ − 1245
+ − 1246
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1247
}
+ − 1248
+ − 1249
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1250
+ − 1251
echo '<div class="tblholder">';
+ − 1252
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1253
echo '<tr>
+ − 1254
<th colspan="2">
+ − 1255
COPPA support
+ − 1256
</th>
+ − 1257
</tr>';
+ − 1258
+ − 1259
echo '<tr>
+ − 1260
<td class="row1">
+ − 1261
Enable COPPA support:
+ − 1262
</td>
+ − 1263
<td class="row2">
+ − 1264
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
+ − 1265
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
+ − 1266
</td>
+ − 1267
</tr>';
+ − 1268
+ − 1269
echo '<tr>
+ − 1270
<td class="row1">
+ − 1271
Your mailing address:<br />
+ − 1272
<small>This is the address to which parents will send authorization forms.</small>
+ − 1273
</td>
+ − 1274
<td class="row2">
+ − 1275
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
+ − 1276
</td>
+ − 1277
</tr>';
+ − 1278
+ − 1279
echo '<tr>
+ − 1280
<th colspan="2" class="subhead">
+ − 1281
<input type="submit" value="Save changes" />
+ − 1282
</th>
+ − 1283
</tr>';
+ − 1284
+ − 1285
echo '</table>';
+ − 1286
+ − 1287
echo '</form>';
+ − 1288
+ − 1289
}
+ − 1290
0
+ − 1291
function page_Admin_PageManager()
+ − 1292
{
+ − 1293
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1294
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1295
{
+ − 1296
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1297
return;
+ − 1298
}
+ − 1299
+ − 1300
+ − 1301
echo '<h2>Page management</h2>';
+ − 1302
+ − 1303
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1304
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1305
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1306
if ( $source == 'ajax' )
+ − 1307
{
+ − 1308
$_POST['search'] = true;
+ − 1309
$_POST['page_url'] = $_GET['page_id'];
+ − 1310
}
+ − 1311
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1312
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1313
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1314
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1315
$k = array_keys($paths->nslist);
+ − 1316
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1317
{
+ − 1318
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1319
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1320
{
+ − 1321
$ns = $k[$i];
+ − 1322
$page_id = substr($pid, $ln, strlen($pid));
+ − 1323
}
+ − 1324
}
+ − 1325
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1326
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1327
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1328
{
+ − 1329
if(!isset($final_pid))
+ − 1330
{
+ − 1331
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1332
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1333
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1334
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1335
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1336
}
+ − 1337
}
+ − 1338
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1339
$_POST['namespace'] = $ns;
+ − 1340
$_POST['old_namespace'] = $ns;
+ − 1341
$_POST['page_id'] = $final_pid;
+ − 1342
$_POST['old_page_id'] = $final_pid;
+ − 1343
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1344
}
+ − 1345
+ − 1346
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1347
{
40
+ − 1348
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
0
+ − 1349
if(isset($_POST['submit']))
+ − 1350
{
22
+ − 1351
switch(true)
0
+ − 1352
{
22
+ − 1353
case true:
+ − 1354
// Create a list of things to update
+ − 1355
$page_info = Array(
+ − 1356
'name'=>$_POST['name'],
+ − 1357
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1358
'namespace'=>$_POST['namespace'],
+ − 1359
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1360
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1361
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1362
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1363
);
+ − 1364
40
+ − 1365
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
22
+ − 1366
+ − 1367
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1368
{
+ − 1369
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1370
break;
+ − 1371
}
+ − 1372
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1373
{
+ − 1374
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1375
break;
+ − 1376
}
+ − 1377
// Build the query
+ − 1378
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1379
$k = array_keys($page_info);
+ − 1380
foreach($k as $c)
+ − 1381
{
+ − 1382
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1383
}
+ − 1384
$q = substr($q, 0, strlen($q)-1);
+ − 1385
// Build the WHERE statements
+ − 1386
$q .= ' WHERE ';
+ − 1387
$k = array_keys($cpage);
40
+ − 1388
if ( !isset($cpage) )
110
+ − 1389
die('[internal] no cpage');
22
+ − 1390
foreach($k as $c)
+ − 1391
{
+ − 1392
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1393
{
+ − 1394
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1395
}
+ − 1396
else if($c == 'urlname')
+ − 1397
{
+ − 1398
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1399
}
+ − 1400
}
+ − 1401
// Trim off the last " AND " and append a semicolon
+ − 1402
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1403
// Send the completed query to MySQL
+ − 1404
$e = $db->sql_query($q);
+ − 1405
if(!$e) $db->_die('The page data could not be updated.');
+ − 1406
// Update any additional tables
+ − 1407
$q = Array(
+ − 1408
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1409
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1410
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1411
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
72
bda11e521e8a
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Dan
diff
changeset
+ − 1412
'UPDATE '.table_prefix.'acl SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';'
22
+ − 1413
);
+ − 1414
foreach($q as $cq)
+ − 1415
{
+ − 1416
$e = $db->sql_query($cq);
+ − 1417
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1418
}
+ − 1419
// Update $cpage
+ − 1420
$cpage = $page_info;
+ − 1421
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1422
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1423
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1424
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1425
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1426
break;
0
+ − 1427
}
+ − 1428
} elseif(isset($_POST['delete'])) {
+ − 1429
$q = Array(
+ − 1430
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1431
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1432
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1433
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1434
);
+ − 1435
foreach($q as $cq)
+ − 1436
{
+ − 1437
$e = $db->sql_query($cq);
+ − 1438
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1439
}
+ − 1440
+ − 1441
if(!$db->sql_query(
+ − 1442
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1443
)) $db->_die('The page could not be deleted.');
+ − 1444
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1445
return;
+ − 1446
}
130
+ − 1447
$url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true);
+ − 1448
echo '<form action="'.$url.'" method="post">';
0
+ − 1449
?>
89
+ − 1450
<h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
0
+ − 1451
<table border="0">
+ − 1452
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
89
+ − 1453
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr>
22
+ − 1454
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1455
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1456
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1457
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1458
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1459
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1460
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1461
<tr><td colspan="2" style="text-align: right;">
+ − 1462
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1463
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1464
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1465
</table>
+ − 1466
<?php
+ − 1467
echo '</form>';
+ − 1468
} else {
+ − 1469
echo '<h3>Please select a page</h3>';
+ − 1470
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1471
?>
+ − 1472
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1473
<p>Select page title from a list: <select name="page_force_url">
+ − 1474
<?php
+ − 1475
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1476
{
89
+ − 1477
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.htmlspecialchars($paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name']).'</option>'."\n";
0
+ − 1478
}
+ − 1479
?>
+ − 1480
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1481
<?php
+ − 1482
echo '</form>';
+ − 1483
+ − 1484
}
+ − 1485
}
+ − 1486
+ − 1487
function page_Admin_PageEditor()
+ − 1488
{
+ − 1489
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1490
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1491
{
+ − 1492
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1493
return;
+ − 1494
}
+ − 1495
+ − 1496
+ − 1497
echo '<h2>Edit page content</h2>';
+ − 1498
+ − 1499
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1500
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1501
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1502
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1503
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1504
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1505
$k = array_keys($paths->nslist);
+ − 1506
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1507
{
+ − 1508
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1509
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1510
{
+ − 1511
$ns = $k[$i];
+ − 1512
$page_id = substr($pid, $ln, strlen($pid));
+ − 1513
}
+ − 1514
}
+ − 1515
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1516
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1517
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1518
{
+ − 1519
if(!isset($final_pid))
+ − 1520
{
+ − 1521
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1522
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1523
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1524
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1525
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1526
}
+ − 1527
}
+ − 1528
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1529
$_POST['namespace'] = $ns;
+ − 1530
$_POST['page_id'] = $final_pid;
+ − 1531
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1532
}
+ − 1533
+ − 1534
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1535
{
+ − 1536
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1537
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1538
else $content = $_POST['content'];
+ − 1539
if(isset($_POST['save']))
+ − 1540
{
+ − 1541
$data = $content;
+ − 1542
$id = md5( microtime() . mt_rand() );
+ − 1543
+ − 1544
$minor = isset($_POST['minor']) ? 'true' : 'false';
255
+ − 1545
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$db->escape($data).'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
0
+ − 1546
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1547
+ − 1548
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1549
$e = $db->sql_query($query);
+ − 1550
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1551
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1552
} elseif(isset($_POST['preview'])) {
+ − 1553
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1554
}
+ − 1555
?>
+ − 1556
<p>
+ − 1557
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
255
+ − 1558
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo htmlspecialchars($_POST['summary']); ?>" size="40" /><br />
0
+ − 1559
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1560
</p>
+ − 1561
<p>
255
+ − 1562
<input type="hidden" name="page_id" value="<?php echo htmlspecialchars($_POST['page_id']); ?>" />
+ − 1563
<input type="hidden" name="namespace" value="<?php echo htmlspecialchars($_POST['namespace']); ?>" />
0
+ − 1564
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1565
</p>
+ − 1566
<?php
+ − 1567
echo '</form>';
+ − 1568
} else {
+ − 1569
echo '<h3>Please select a page</h3>';
+ − 1570
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1571
?>
+ − 1572
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1573
<p>Select page title from a list: <select name="page_force_url">
+ − 1574
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1575
for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ )
0
+ − 1576
{
+ − 1577
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1578
}
+ − 1579
?>
+ − 1580
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1581
<?php
+ − 1582
echo '</form>';
+ − 1583
}
+ − 1584
}
+ − 1585
+ − 1586
function page_Admin_ThemeManager()
+ − 1587
{
+ − 1588
+ − 1589
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1590
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1591
{
+ − 1592
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1593
return;
+ − 1594
}
+ − 1595
+ − 1596
+ − 1597
// Get the list of styles in the themes/ dir
+ − 1598
$h = opendir('./themes');
+ − 1599
$l = Array();
+ − 1600
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1601
while(false !== ($n = readdir($h))) {
+ − 1602
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1603
$l[] = $n;
+ − 1604
}
+ − 1605
closedir($h);
+ − 1606
echo('
+ − 1607
<h3>Theme Management</h3>
+ − 1608
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1609
');
+ − 1610
if(isset($_POST['disenable'])) {
+ − 1611
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1612
$s = $db->sql_query($q);
+ − 1613
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1614
$r = $db->fetchrow_num($s);
+ − 1615
$db->free_result();
+ − 1616
if($r[0] == 1) $e = 0;
+ − 1617
else $e = 1;
+ − 1618
$s=true;
+ − 1619
if($e==0)
+ − 1620
{
+ − 1621
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1622
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1623
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1624
}
+ − 1625
$db->free_result();
+ − 1626
if($s) {
+ − 1627
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1628
$a = $db->sql_query($q);
+ − 1629
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1630
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1631
}
+ − 1632
}
+ − 1633
elseif(isset($_POST['edit'])) {
+ − 1634
+ − 1635
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1636
$list = Array();
+ − 1637
// Open a known directory, and proceed to read its contents
+ − 1638
if (is_dir($dir)) {
+ − 1639
if ($dh = opendir($dir)) {
+ − 1640
while (($file = readdir($dh)) !== false) {
+ − 1641
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1642
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1643
}
+ − 1644
}
+ − 1645
closedir($dh);
+ − 1646
}
+ − 1647
}
+ − 1648
$lk = array_keys($list);
+ − 1649
+ − 1650
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1651
$s = $db->sql_query($q);
+ − 1652
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1653
$r = $db->fetchrow_num($s);
+ − 1654
$db->free_result();
+ − 1655
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1656
echo('<div class="question-box">
+ − 1657
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1658
Default stylesheet: <select name="defaultcss">');
+ − 1659
foreach ($lk as $l)
+ − 1660
{
+ − 1661
if($r[1] == $l) $v = ' selected="selected"';
+ − 1662
else $v = '';
+ − 1663
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1664
}
+ − 1665
echo('</select><br /><br />
+ − 1666
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1667
</div>');
+ − 1668
echo('</form>');
+ − 1669
}
+ − 1670
elseif(isset($_POST['editsave'])) {
+ − 1671
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1672
$s = $db->sql_query($q);
+ − 1673
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1674
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1675
}
+ − 1676
elseif(isset($_POST['up'])) {
+ − 1677
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1678
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1679
$s = $db->sql_query($q);
+ − 1680
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1681
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1682
$sn = $db->sql_query($q);
+ − 1683
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1684
$r = $db->fetchrow_num($sn);
+ − 1685
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1686
// Get the order IDs of the selected theme and the theme before it
+ − 1687
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1688
$s = $db->sql_query($q);
+ − 1689
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1690
$r = $db->fetchrow_num($s);
+ − 1691
$r = $r[0];
+ − 1692
$rb = $r - 1;
+ − 1693
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1694
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1695
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1696
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1697
echo('<div class="info-box">Theme moved up.</div>');
+ − 1698
}
+ − 1699
$db->free_result($s);
+ − 1700
$db->free_result($sn);
+ − 1701
}
+ − 1702
elseif(isset($_POST['down'])) {
+ − 1703
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1704
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1705
$s = $db->sql_query($q);
+ − 1706
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1707
$r = $db->fetchrow_num($s);
+ − 1708
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1709
// Get the order IDs of the selected theme and the theme before it
+ − 1710
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1711
$s = $db->sql_query($q);
+ − 1712
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1713
$r = $db->fetchrow_num($s);
+ − 1714
$r = $r[0];
+ − 1715
$rb = $r + 1;
+ − 1716
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1717
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1718
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1719
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1720
echo('<div class="info-box">Theme moved down.</div>');
+ − 1721
}
+ − 1722
}
+ − 1723
else if(isset($_POST['uninstall']))
+ − 1724
{
+ − 1725
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1726
$s = $db->sql_query($q);
+ − 1727
if ( !$s )
+ − 1728
{
+ − 1729
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1730
}
+ − 1731
$n = $db->numrows($s);
+ − 1732
$db->free_result();
+ − 1733
+ − 1734
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1735
{
+ − 1736
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1737
}
+ − 1738
else
+ − 1739
{
+ − 1740
if($n < 2)
+ − 1741
{
+ − 1742
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1743
}
+ − 1744
else
+ − 1745
{
+ − 1746
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 1747
$s = $db->sql_query($q);
+ − 1748
if ( !$s )
+ − 1749
{
+ − 1750
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1751
}
+ − 1752
else
+ − 1753
{
+ − 1754
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 1755
}
+ − 1756
}
+ − 1757
}
+ − 1758
}
+ − 1759
elseif(isset($_POST['install'])) {
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1760
$q = 'SELECT theme_id FROM '.table_prefix.'themes;';
0
+ − 1761
$s = $db->sql_query($q);
+ − 1762
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1763
$n = $db->numrows($s);
+ − 1764
$n++;
+ − 1765
$theme_id = $_POST['theme_id'];
+ − 1766
$theme = Array();
+ − 1767
include('./themes/'.$theme_id.'/theme.cfg');
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1768
if ( !isset($theme['theme_id']) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1769
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1770
echo '<div class="error-box">Could not load theme.cfg (theme metadata file)</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1771
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1772
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1773
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1774
$default_style = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1775
if ( $dh = opendir('./themes/' . $theme_id . '/css') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1776
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1777
while ( $file = readdir($dh) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1778
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1779
if ( $file != '_printable.css' && preg_match('/\.css$/i', $file) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1780
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1781
$default_style = $file;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1782
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1783
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1784
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1785
closedir($dh);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1786
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1787
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1788
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1789
die('The /css subdirectory could not be located in the theme\'s directory');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1790
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1791
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1792
if ( $default_style )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1793
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1794
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled,default_style) VALUES(\''.$db->escape($theme['theme_id']).'\', \''.$db->escape($theme['theme_name']).'\', '.$n.', 1, \'' . $db->escape($default_style) . '\')';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1795
$s = $db->sql_query($q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1796
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1797
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1798
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1799
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1800
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1801
echo '<div class="error-box">Could not determine the default style for the theme.</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1802
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 1803
}
0
+ − 1804
}
+ − 1805
echo('
+ − 1806
<h3>Currently installed themes</h3>
+ − 1807
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 1808
<p>
+ − 1809
<select name="theme_id">
+ − 1810
');
+ − 1811
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 1812
$s = $db->sql_query($q);
+ − 1813
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1814
while ( $r = $db->fetchrow_num($s) ) {
+ − 1815
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 1816
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 1817
}
+ − 1818
$db->free_result();
+ − 1819
echo('
+ − 1820
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 1821
</p>
+ − 1822
</form>
+ − 1823
<h3>Install a new theme</h3>
+ − 1824
');
+ − 1825
$theme = Array();
+ − 1826
$obb = '';
+ − 1827
for($i=0;$i<sizeof($l);$i++) {
+ − 1828
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 1829
include('./themes/'.$l[$i].'/theme.cfg');
+ − 1830
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 1831
$s = $db->sql_query($q);
+ − 1832
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1833
if($db->numrows($s) < 1) {
+ − 1834
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 1835
}
+ − 1836
$db->free_result();
+ − 1837
}
+ − 1838
}
+ − 1839
if($obb != '') {
+ − 1840
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 1841
echo('<select name="theme_id">');
+ − 1842
echo($obb);
+ − 1843
echo('</select>');
+ − 1844
echo('
+ − 1845
<input type="submit" name="install" value="Install this theme" />
+ − 1846
</p></form>');
+ − 1847
} else echo('<p>All themes are currently installed.</p>');
+ − 1848
}
+ − 1849
+ − 1850
function page_Admin_BanControl()
+ − 1851
{
+ − 1852
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1853
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1854
{
+ − 1855
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1856
return;
+ − 1857
}
+ − 1858
+ − 1859
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 1860
{
+ − 1861
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 1862
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 1863
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1864
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 1865
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1866
$type = intval($_POST['type']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1867
$value = trim($_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1868
if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1869
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1870
echo '<div class="error-box">Hacking attempt.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1871
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1872
else if ( empty($value) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1873
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1874
echo '<div class="error-box">Please enter something to ban.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1875
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1876
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1877
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1878
$entries = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1879
$input = explode(',', $_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1880
$error = false;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1881
foreach ( $input as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1882
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1883
$entry = trim($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1884
if ( empty($entry) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1885
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1886
echo '<div class="error-box">Malformed entry.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1887
$error = true;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1888
break;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1889
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1890
if ( $type == BAN_IP )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1891
{
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1892
if ( !isset($_POST['regex']) )
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1893
{
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1894
// as of 1.0.2 parsing is done at runtime
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1895
$entries[] = $entry;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1896
}
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1897
else
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1898
{
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1899
$entries[] = $entry;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1900
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1901
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1902
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1903
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1904
$entries[] = $entry;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1905
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1906
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1907
if ( !$error )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1908
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1909
$regex = ( isset($_POST['regex']) ) ? '1' : '0';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1910
$to_insert = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1911
$reason = $db->escape($_POST['reason']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1912
foreach ( $entries as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1913
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1914
$entry = $db->escape($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1915
$to_insert[] = "($type, '$entry', '$reason', $regex)";
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1916
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1917
$q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1918
@set_time_limit(0);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1919
$e = $db->sql_query($q);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1920
if(!$e) $db->_die('The banlist could not be updated.');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1921
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1922
}
0
+ − 1923
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1924
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1925
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1926
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1927
}
0
+ − 1928
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 1929
if(!$q) $db->_die('The banlist data could not be selected.');
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1930
echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1931
<table border="0" cellspacing="1" cellpadding="4">';
0
+ − 1932
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1933
if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1934
$cls = 'row2';
0
+ − 1935
while($r = $db->fetchrow())
+ − 1936
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1937
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
0
+ − 1938
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 1939
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 1940
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 1941
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1942
echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
0
+ − 1943
}
+ − 1944
$db->free_result();
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1945
echo '</table></div>';
0
+ − 1946
echo '<h3>Create new ban rule</h3>';
+ − 1947
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1948
?>
+ − 1949
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 1950
Rule: <input type="text" name="value" size="30" /><br />
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1951
<small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses.</small><br />
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1952
Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br />
0
+ − 1953
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 1954
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 1955
<?php
+ − 1956
echo '</form>';
+ − 1957
}
+ − 1958
+ − 1959
function page_Admin_MassEmail()
+ − 1960
{
+ − 1961
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1962
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1963
{
+ − 1964
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1965
return;
+ − 1966
}
+ − 1967
+ − 1968
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1969
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 1970
{
+ − 1971
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 1972
+ − 1973
//
+ − 1974
// Let's do some checking to make sure that mass mail functions
+ − 1975
// are working in win32 versions of php. (copied from phpBB)
+ − 1976
//
+ − 1977
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 1978
{
+ − 1979
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 1980
+ − 1981
// We are running on windows, force delivery to use our smtp functions
+ − 1982
// since php's are broken by default
+ − 1983
$use_smtp = true;
+ − 1984
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 1985
}
+ − 1986
+ − 1987
$mail = new emailer( !empty($use_smtp) );
+ − 1988
+ − 1989
// Validate subject/message body
+ − 1990
$subject = stripslashes(trim($_POST['subject']));
+ − 1991
$message = stripslashes(trim($_POST['message']));
+ − 1992
+ − 1993
if ( empty($subject) )
+ − 1994
$errors[] = 'Please enter a subject.';
+ − 1995
if ( empty($message) )
+ − 1996
$errors[] = 'Please enter a message.';
+ − 1997
+ − 1998
// Get list of members
+ − 1999
if ( !empty($_POST['userlist']) )
+ − 2000
{
+ − 2001
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 2002
$userlist = explode(',', $userlist);
+ − 2003
foreach ( $userlist as $k => $u )
+ − 2004
{
+ − 2005
if ( $u == $session->username )
+ − 2006
{
+ − 2007
// Message is automatically sent to the sender
+ − 2008
unset($userlist[$k]);
+ − 2009
}
+ − 2010
else
+ − 2011
{
+ − 2012
$userlist[$k] = $db->escape($u);
+ − 2013
}
+ − 2014
}
+ − 2015
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 2016
+ − 2017
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 2018
if ( !$q )
+ − 2019
$db->_die();
+ − 2020
+ − 2021
if ( $row = $db->fetchrow() )
+ − 2022
{
+ − 2023
do {
+ − 2024
$mail->cc($row['email']);
+ − 2025
} while ( $row = $db->fetchrow() );
+ − 2026
}
+ − 2027
+ − 2028
$db->free_result();
+ − 2029
+ − 2030
}
+ − 2031
else
+ − 2032
{
+ − 2033
// Sending to a usergroup
+ − 2034
+ − 2035
$group_id = intval($_POST['group_id']);
+ − 2036
if ( $group_id < 1 )
+ − 2037
{
+ − 2038
$errors[] = 'Invalid group ID';
+ − 2039
}
+ − 2040
else
+ − 2041
{
+ − 2042
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2043
LEFT JOIN '.table_prefix.'users AS u
+ − 2044
ON (u.user_id=g.user_id)
+ − 2045
WHERE g.group_id=' . $group_id . ';');
+ − 2046
if ( !$q )
+ − 2047
$db->_die();
+ − 2048
+ − 2049
if ( $row = $db->fetchrow() )
+ − 2050
{
+ − 2051
do {
+ − 2052
$mail->cc($row['email']);
+ − 2053
} while ( $row = $db->fetchrow() );
+ − 2054
}
+ − 2055
+ − 2056
$db->free_result();
+ − 2057
}
+ − 2058
}
+ − 2059
+ − 2060
if ( sizeof($errors) < 1 )
+ − 2061
{
+ − 2062
+ − 2063
$mail->from(getConfig('contact_email'));
+ − 2064
$mail->replyto(getConfig('contact_email'));
+ − 2065
$mail->set_subject($subject);
+ − 2066
$mail->email_address(getConfig('contact_email'));
+ − 2067
+ − 2068
// Copied/modified from phpBB
+ − 2069
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2070
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2071
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2072
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2073
+ − 2074
$mail->extra_headers($email_headers);
+ − 2075
+ − 2076
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2077
+ − 2078
{CONTACT_EMAIL}
+ − 2079
+ − 2080
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2081
{MESSAGE}
+ − 2082
';
+ − 2083
+ − 2084
$mail->use_template($tpl);
+ − 2085
+ − 2086
$mail->assign_vars(array(
+ − 2087
'SENDER' => $session->username,
+ − 2088
'SITE_NAME' => getConfig('site_name'),
+ − 2089
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2090
'MESSAGE' => $message
+ − 2091
));
+ − 2092
+ − 2093
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2094
+ − 2095
// All done
+ − 2096
$mail->send();
+ − 2097
$mail->reset();
+ − 2098
+ − 2099
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2100
+ − 2101
}
+ − 2102
else
+ − 2103
{
+ − 2104
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2105
}
+ − 2106
+ − 2107
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2108
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2109
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2110
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2111
}
0
+ − 2112
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2113
?>
+ − 2114
<div class="tblholder">
+ − 2115
<table border="0" cellspacing="1" cellpadding="4">
+ − 2116
<tr>
+ − 2117
<th colspan="2">Send mass e-mail</th>
+ − 2118
</tr>
+ − 2119
<tr>
+ − 2120
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2121
Send message to:<br />
+ − 2122
<small>
+ − 2123
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2124
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2125
</small>
+ − 2126
</td>
+ − 2127
<td class="row1">
+ − 2128
<select name="group_id">
+ − 2129
<?php
+ − 2130
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2131
if ( !$q )
+ − 2132
$db->_die();
+ − 2133
while ( $row = $db->fetchrow() )
+ − 2134
{
+ − 2135
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2136
}
+ − 2137
?>
+ − 2138
</select>
+ − 2139
</td>
+ − 2140
</tr>
+ − 2141
<tr>
+ − 2142
<td class="row1">
+ − 2143
Usernames: <input type="text" name="userlist" size="50" />
+ − 2144
</td>
+ − 2145
</tr>
+ − 2146
<tr>
+ − 2147
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2148
Subject:
+ − 2149
</td>
+ − 2150
<td class="row1">
+ − 2151
<input name="subject" type="text" size="50" />
+ − 2152
</td>
+ − 2153
</tr>
+ − 2154
<tr>
+ − 2155
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2156
Message:
+ − 2157
</td>
+ − 2158
<td class="row1">
+ − 2159
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2160
</td>
+ − 2161
</tr>
+ − 2162
<tr>
+ − 2163
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2164
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2165
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2166
</th>
+ − 2167
</tr>
+ − 2168
+ − 2169
</table>
+ − 2170
</div>
+ − 2171
<?php
+ − 2172
echo '</form>';
+ − 2173
}
+ − 2174
+ − 2175
function page_Admin_DBBackup()
+ − 2176
{
+ − 2177
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2178
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2179
{
+ − 2180
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2181
return;
+ − 2182
}
+ − 2183
261
+ − 2184
if ( ENANO_DBLAYER != 'MYSQL' )
+ − 2185
die('<h3>Not supported</h3>
+ − 2186
<p>This function is only supported under the MySQL database driver.</p>');
+ − 2187
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2188
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2189
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2190
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2191
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2192
0
+ − 2193
global $system_table_list;
+ − 2194
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2195
{
+ − 2196
+ − 2197
if(defined('SQL_BACKUP_CRYPT'))
+ − 2198
// Try to increase our time limit
261
+ − 2199
@set_time_limit(0);
0
+ − 2200
// Do the actual export
+ − 2201
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2202
$filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext;
0
+ − 2203
ob_start();
+ − 2204
// Spew some headers
+ − 2205
$headdate = date('F d, Y \a\t h:i a');
+ − 2206
echo <<<HEADER
+ − 2207
-- Enano CMS SQL backup
+ − 2208
-- Generated on {$headdate} by {$session->username}
+ − 2209
+ − 2210
HEADER;
+ − 2211
// build the table list
+ − 2212
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2213
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2214
$tables = array_merge($base, $add);
+ − 2215
+ − 2216
// Log it!
+ − 2217
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2218
if ( !$e )
+ − 2219
$db->_die();
+ − 2220
+ − 2221
foreach($tables as $i => $t)
+ − 2222
{
+ − 2223
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2224
die('Hacking attempt');
+ − 2225
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2226
// unset($tables[$i]);
+ − 2227
}
+ − 2228
foreach($tables as $t)
+ − 2229
{
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2230
// THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0.
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2231
// Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables.
0
+ − 2232
// If encryption is enabled the log data will be excluded too.
261
+ − 2233
$result = export_table(
0
+ − 2234
$t,
+ − 2235
isset($_POST['do_struct']),
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2236
( isset($_POST['do_data']) ),
0
+ − 2237
false
+ − 2238
) . "\n";
261
+ − 2239
if ( !$result )
+ − 2240
{
+ − 2241
$db->_die();
+ − 2242
}
+ − 2243
echo $result;
0
+ − 2244
}
+ − 2245
$data = ob_get_contents();
+ − 2246
ob_end_clean();
+ − 2247
if(defined('SQL_BACKUP_CRYPT'))
+ − 2248
{
+ − 2249
// Free some memory, we don't need this stuff any more
+ − 2250
$db->close();
+ − 2251
unset($paths, $db, $template, $plugins);
+ − 2252
$tea = new TEACrypt();
+ − 2253
$data = $tea->encrypt($data, $session->private_key);
+ − 2254
}
261
+ − 2255
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2256
header('Content-type: application/transact-sql');
0
+ − 2257
header('Content-length: '.strlen($data));
+ − 2258
echo $data;
+ − 2259
exit;
+ − 2260
}
+ − 2261
else
+ − 2262
{
+ − 2263
// Show the UI
+ − 2264
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2265
?>
+ − 2266
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2267
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2268
<p>Additional tables to export:</p>
+ − 2269
<p><select name="additional_tables[]" multiple="multiple">
+ − 2270
<?php
261
+ − 2271
if ( ENANO_DBLAYER == 'MYSQL' )
+ − 2272
{
+ − 2273
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2274
}
+ − 2275
else if ( ENANO_DBLAYER == 'PGSQL' )
+ − 2276
{
+ − 2277
$q = $db->sql_query('SELECT relname FROM pg_stat_user_tables ORDER BY relname;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2278
}
0
+ − 2279
while($row = $db->fetchrow_num())
+ − 2280
{
+ − 2281
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2282
}
+ − 2283
?>
+ − 2284
</select>
+ − 2285
</p>
+ − 2286
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2287
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2288
</p>
+ − 2289
<p><input type="submit" value="Create backup" /></p>
+ − 2290
<?php
+ − 2291
echo '</form>';
+ − 2292
}
+ − 2293
}
+ − 2294
+ − 2295
function page_Admin_AdminLogout()
+ − 2296
{
+ − 2297
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2298
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2299
{
+ − 2300
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2301
return;
+ − 2302
}
+ − 2303
+ − 2304
$session->logout(USER_LEVEL_ADMIN);
+ − 2305
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2306
}
+ − 2307
+ − 2308
function page_Special_Administration()
+ − 2309
{
+ − 2310
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2311
+ − 2312
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2313
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2314
exit;
+ − 2315
}
+ − 2316
else
+ − 2317
{
+ − 2318
$template->load_theme('admin', 'default');
+ − 2319
$template->init_vars();
+ − 2320
if( !isset( $_GET['noheaders'] ) )
+ − 2321
{
+ − 2322
$template->header();
+ − 2323
}
+ − 2324
echo 'Administer your Enano website.';
+ − 2325
?>
+ − 2326
<script type="text/javascript">
+ − 2327
function ajaxPage(t)
+ − 2328
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2329
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2330
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2331
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2332
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2333
}
0
+ − 2334
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2335
{
+ − 2336
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2337
mb.onclick['Yes'] = function() {
+ − 2338
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2339
var tigraobj = $(tigraentry);
+ − 2340
var div = document.createElement('div');
+ − 2341
div.style.backgroundColor = '#FFFFFF';
+ − 2342
domObjChangeOpac(70, div);
+ − 2343
div.style.position = 'absolute';
+ − 2344
var top = tigraobj.Top();
+ − 2345
var left = tigraobj.Left();
+ − 2346
var width = tigraobj.Width();
+ − 2347
var height = tigraobj.Height();
+ − 2348
div.style.top = top + 'px';
+ − 2349
div.style.left = left + 'px';
+ − 2350
div.style.width = width + 'px';
+ − 2351
div.style.height = height + 'px';
+ − 2352
var body = document.getElementsByTagName('body')[0];
+ − 2353
enlighten(true);
+ − 2354
body.appendChild(div);
+ − 2355
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2356
}
+ − 2357
return;
+ − 2358
}
+ − 2359
ajaxPageBin(t);
+ − 2360
}
+ − 2361
function ajaxPageBin(t)
+ − 2362
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2363
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2364
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2365
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2366
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2367
}
0
+ − 2368
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2369
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2370
if(ajax.readyState == 4) {
+ − 2371
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2372
fadeInfoBoxes();
+ − 2373
}
+ − 2374
});
+ − 2375
}
+ − 2376
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2377
var TREE_TPL = {
+ − 2378
'target' : '_self', // name of the frame links will be opened in
+ − 2379
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2380
+ − 2381
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2382
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2383
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2384
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2385
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2386
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2387
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2388
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2389
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2390
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2391
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2392
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2393
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2394
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2395
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2396
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2397
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2398
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2399
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2400
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2401
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2402
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2403
};
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 2404
addOnloadHook(keepalive_onload);
0
+ − 2405
<?php
+ − 2406
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2407
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2408
</script>
+ − 2409
<table border="0" width="100%">
+ − 2410
<tr>
+ − 2411
<td class="holder" valign="top">
+ − 2412
<div class="pad" style="padding-right: 20px;">
+ − 2413
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2414
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2415
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2416
new tree(TREE_ITEMS, TREE_TPL);
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2417
}
0
+ − 2418
</script>
+ − 2419
</div>
+ − 2420
</td>
+ − 2421
<td width="100%" valign="top">
+ − 2422
<div class="pad" id="ajaxPageContainer">
+ − 2423
<?php
+ − 2424
if(isset($_GET['module']))
+ − 2425
{
+ − 2426
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2427
$k = array_keys($paths->nslist);
+ − 2428
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2429
{
+ − 2430
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2431
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2432
{
+ − 2433
$ns = $k[$i];
+ − 2434
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2435
}
+ − 2436
}
+ − 2437
$fname = 'page_'.$ns.'_'.$nm;
+ − 2438
$s = strpos($fname, '?noheaders');
+ − 2439
if($s) $fname = substr($fname, 0, $s);
+ − 2440
$paths->cpage['module'] = $_GET['module'];
+ − 2441
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2442
{
+ − 2443
eval($fname.'();');
+ − 2444
}
+ − 2445
}
+ − 2446
else
+ − 2447
{
+ − 2448
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2449
}
+ − 2450
?>
+ − 2451
</div>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2452
<script type="text/javascript">
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2453
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2454
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2455
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2456
}
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2457
</script>
0
+ − 2458
</td>
+ − 2459
</tr>
+ − 2460
</table>
+ − 2461
+ − 2462
<?php
+ − 2463
}
+ − 2464
if(!isset($_GET['noheaders']))
+ − 2465
{
+ − 2466
$template->footer();
+ − 2467
}
+ − 2468
}
+ − 2469
+ − 2470
function page_Special_EditSidebar()
+ − 2471
{
+ − 2472
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2473
+ − 2474
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2475
{
+ − 2476
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2477
exit;
+ − 2478
}
+ − 2479
else
+ − 2480
{
+ − 2481
+ − 2482
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2483
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2484
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2485
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2486
+ − 2487
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2488
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2489
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2490
+ − 2491
$template->load_theme('oxygen', 'bleu');
+ − 2492
$template->init_vars();
+ − 2493
+ − 2494
$template->header();
+ − 2495
+ − 2496
if(isset($_POST['save']))
+ − 2497
{
+ − 2498
// Write the new block order to the database
+ − 2499
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2500
// Anyone know a better way to do this?
+ − 2501
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2502
if ( !$q )
+ − 2503
{
+ − 2504
$db->_die('The sidebar order data could not be selected.');
+ − 2505
}
+ − 2506
$orders = Array();
+ − 2507
while($row = $db->fetchrow())
+ − 2508
{
+ − 2509
$orders[] = Array(
+ − 2510
count($orders),
+ − 2511
$row['item_id'],
+ − 2512
$row['sidebar_id'],
+ − 2513
);
+ − 2514
}
+ − 2515
$db->free_result();
+ − 2516
+ − 2517
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2518
$ol = explode(',', $_POST['order_left']);
+ − 2519
$odr = explode(',', $_POST['order_right']);
+ − 2520
$om = array_merge($ol, $odr);
+ − 2521
unset($ol, $odr);
+ − 2522
$queries = Array();
+ − 2523
foreach($orders as $k => $v)
+ − 2524
{
+ − 2525
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2526
}
+ − 2527
foreach($queries as $sql)
+ − 2528
{
+ − 2529
$q = $db->sql_query($sql);
+ − 2530
if(!$q)
+ − 2531
{
+ − 2532
$t = $db->get_error();
+ − 2533
echo $t;
+ − 2534
$template->footer();
+ − 2535
exit;
+ − 2536
}
+ − 2537
}
+ − 2538
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2539
}
+ − 2540
elseif(isset($_POST['create']))
+ − 2541
{
+ − 2542
switch((int)$_POST['type'])
+ − 2543
{
+ − 2544
case BLOCK_WIKIFORMAT:
+ − 2545
$content = $_POST['wikiformat_content'];
+ − 2546
break;
+ − 2547
case BLOCK_TEMPLATEFORMAT:
+ − 2548
$content = $_POST['templateformat_content'];
+ − 2549
break;
+ − 2550
case BLOCK_HTML:
+ − 2551
$content = $_POST['html_content'];
+ − 2552
break;
+ − 2553
case BLOCK_PHP:
+ − 2554
$content = $_POST['php_content'];
+ − 2555
break;
+ − 2556
case BLOCK_PLUGIN:
+ − 2557
$content = $_POST['plugin_id'];
+ − 2558
break;
+ − 2559
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2560
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2561
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2562
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2563
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2564
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2565
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2566
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2567
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2568
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2569
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2570
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2571
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2572
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2573
0
+ − 2574
// Get the value of item_order
+ − 2575
+ − 2576
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2577
if(!$q) $db->_die('The order number could not be selected');
+ − 2578
$io = $db->numrows();
+ − 2579
+ − 2580
$db->free_result();
+ − 2581
+ − 2582
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2583
$result = $db->sql_query($q);
+ − 2584
if(!$result)
+ − 2585
{
+ − 2586
echo $db->get_error();
+ − 2587
$template->footer();
+ − 2588
exit;
+ − 2589
}
+ − 2590
+ − 2591
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2592
+ − 2593
}
+ − 2594
+ − 2595
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2596
{
161
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 2597
if(!preg_match('#^([0-9]*)$#', $_GET['id']))
0
+ − 2598
{
+ − 2599
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2600
}
+ − 2601
switch($_GET['action'])
+ − 2602
{
+ − 2603
case 'new':
+ − 2604
?>
+ − 2605
<script type="text/javascript">
+ − 2606
function setType(input)
+ − 2607
{
+ − 2608
val = input.value;
+ − 2609
if(!val)
+ − 2610
{
+ − 2611
return false;
+ − 2612
}
+ − 2613
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2614
for(var i in divs)
+ − 2615
{
+ − 2616
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2617
else divs[i].style.display = 'none';
+ − 2618
}
+ − 2619
}
+ − 2620
</script>
+ − 2621
+ − 2622
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2623
+ − 2624
<p>
+ − 2625
What type of block should this be?
+ − 2626
</p>
+ − 2627
<p>
+ − 2628
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2629
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2630
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2631
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2632
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2633
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2634
</select>
+ − 2635
</p>
+ − 2636
+ − 2637
<p>
+ − 2638
+ − 2639
Block title: <input name="title" type="text" size="40" /><br />
+ − 2640
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2641
+ − 2642
</p>
+ − 2643
+ − 2644
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2645
<p>
+ − 2646
Wikitext:
+ − 2647
</p>
+ − 2648
<p>
+ − 2649
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2650
</p>
+ − 2651
</div>
+ − 2652
+ − 2653
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2654
<p>
+ − 2655
Template code:
+ − 2656
</p>
+ − 2657
<p>
+ − 2658
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2659
</p>
+ − 2660
</div>
+ − 2661
+ − 2662
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2663
<p>
+ − 2664
HTML to place inside the sidebar:
+ − 2665
</p>
+ − 2666
<p>
+ − 2667
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2668
</p>
+ − 2669
</div>
+ − 2670
+ − 2671
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2672
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2673
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2674
<?php } else { ?>
0
+ − 2675
<p>
+ − 2676
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2677
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2678
</p>
+ − 2679
<p>
+ − 2680
<span style="color: red;">
+ − 2681
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2682
</span> You have been warned.
+ − 2683
</p>
+ − 2684
<p>
+ − 2685
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2686
</p>
+ − 2687
<p>
+ − 2688
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2689
</p>
+ − 2690
<p>
+ − 2691
PHP code:
+ − 2692
</p>
+ − 2693
<p>
+ − 2694
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2695
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2696
<?php } ?>
0
+ − 2697
</div>
+ − 2698
+ − 2699
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2700
<p>
+ − 2701
Plugin:
+ − 2702
</p>
+ − 2703
<p>
+ − 2704
<select name="plugin_id">
+ − 2705
<?php
+ − 2706
foreach($template->plugin_blocks as $k => $c)
+ − 2707
{
+ − 2708
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2709
}
+ − 2710
?>
+ − 2711
</select>
+ − 2712
</p>
+ − 2713
</div>
+ − 2714
+ − 2715
<p>
+ − 2716
+ − 2717
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2718
<input type="submit" name="cancel" value="Cancel" />
+ − 2719
+ − 2720
</p>
+ − 2721
+ − 2722
</form>
+ − 2723
+ − 2724
<script type="text/javascript">
+ − 2725
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2726
for(var i in divs)
+ − 2727
{
+ − 2728
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2729
}
+ − 2730
</script>
+ − 2731
+ − 2732
<?php
+ − 2733
$template->footer();
+ − 2734
return;
+ − 2735
break;
+ − 2736
case 'move':
+ − 2737
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2738
{
+ − 2739
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2740
break;
+ − 2741
}
179
+ − 2742
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2743
if(!$query)
+ − 2744
{
+ − 2745
echo $db->get_error();
+ − 2746
$template->footer();
+ − 2747
exit;
+ − 2748
}
+ − 2749
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2750
break;
+ − 2751
case 'delete':
179
+ − 2752
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
0
+ − 2753
if(!$query)
+ − 2754
{
+ − 2755
echo $db->get_error();
+ − 2756
$template->footer();
+ − 2757
exit;
+ − 2758
}
+ − 2759
if(isset($_GET['ajax']))
+ − 2760
{
+ − 2761
ob_end_clean();
+ − 2762
die('GOOD');
+ − 2763
}
+ − 2764
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 2765
break;
+ − 2766
case 'disenable';
179
+ − 2767
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2768
if(!$q)
+ − 2769
{
+ − 2770
echo $db->get_error();
+ − 2771
$template->footer();
+ − 2772
exit;
+ − 2773
}
+ − 2774
$r = $db->fetchrow();
+ − 2775
$db->free_result();
+ − 2776
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
179
+ − 2777
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
+ − 2778
if(!$q)
+ − 2779
{
+ − 2780
echo $db->get_error();
+ − 2781
$template->footer();
+ − 2782
exit;
+ − 2783
}
+ − 2784
if(isset($_GET['ajax']))
+ − 2785
{
+ − 2786
ob_end_clean();
+ − 2787
die('GOOD');
+ − 2788
}
+ − 2789
break;
+ − 2790
case 'rename';
+ − 2791
$newname = $db->escape($_POST['newname']);
+ − 2792
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2793
if(!$q)
+ − 2794
{
+ − 2795
echo $db->get_error();
+ − 2796
$template->footer();
+ − 2797
exit;
+ − 2798
}
+ − 2799
if(isset($_GET['ajax']))
+ − 2800
{
+ − 2801
ob_end_clean();
+ − 2802
die('GOOD');
+ − 2803
}
+ − 2804
break;
+ − 2805
case 'getsource':
179
+ − 2806
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2807
if(!$q)
+ − 2808
{
+ − 2809
echo $db->get_error();
+ − 2810
$template->footer();
+ − 2811
exit;
+ − 2812
}
+ − 2813
ob_end_clean();
+ − 2814
$r = $db->fetchrow();
+ − 2815
$db->free_result();
+ − 2816
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 2817
die($r['block_content']);
+ − 2818
break;
+ − 2819
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2820
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2821
{
179
+ − 2822
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2823
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2824
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2825
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2826
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2827
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2828
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2829
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2830
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2831
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2832
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2833
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2834
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2835
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2836
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2837
}
179
+ − 2838
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2839
if(!$q)
+ − 2840
{
+ − 2841
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2842
exit;
+ − 2843
}
179
+ − 2844
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2845
if(!$q)
+ − 2846
{
+ − 2847
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2848
exit;
+ − 2849
}
+ − 2850
$row = $db->fetchrow();
+ − 2851
$db->free_result();
+ − 2852
switch($row['block_type'])
+ − 2853
{
+ − 2854
case BLOCK_WIKIFORMAT:
+ − 2855
default:
+ − 2856
$c = RenderMan::render($row['block_content']);
+ − 2857
break;
+ − 2858
case BLOCK_TEMPLATEFORMAT:
+ − 2859
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2860
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2861
break;
+ − 2862
case BLOCK_HTML:
+ − 2863
$c = $row['block_content'];
+ − 2864
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2865
break;
+ − 2866
case BLOCK_PHP:
+ − 2867
ob_start();
+ − 2868
eval($row['block_content']);
+ − 2869
$c = ob_get_contents();
+ − 2870
ob_end_clean();
+ − 2871
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2872
break;
+ − 2873
case BLOCK_PLUGIN:
+ − 2874
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2875
break;
+ − 2876
}
+ − 2877
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 2878
break;
+ − 2879
}
+ − 2880
}
+ − 2881
+ − 2882
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2883
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 2884
+ − 2885
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 2886
+ − 2887
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 2888
$parser->assign_vars(Array(
+ − 2889
'HREF'=>'#',
+ − 2890
'FLAGS'=>'onclick="return false;"',
+ − 2891
'TEXT'=>'Change theme'
+ − 2892
));
+ − 2893
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 2894
$parser->assign_vars(Array(
+ − 2895
'TEXT'=>'Log out',
+ − 2896
));
+ − 2897
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 2898
+ − 2899
$n1 = Array();
+ − 2900
$n2 = Array();
+ − 2901
$n =& $n1;
+ − 2902
+ − 2903
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 2904
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2905
+ − 2906
// Time for the loop
+ − 2907
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 2908
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 2909
while($row = $db->fetchrow())
+ − 2910
{
+ − 2911
if(isset($current_side))
+ − 2912
{
+ − 2913
if($current_side != $row['sidebar_id'])
+ − 2914
{
+ − 2915
// Time to switch!
+ − 2916
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2917
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 2918
//echo '</td><td valign="top">';
+ − 2919
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2920
$n =& $n2;
+ − 2921
}
+ − 2922
}
+ − 2923
$n[] = count($n);
+ − 2924
$current_side = $row['sidebar_id'];
+ − 2925
switch($row['block_type'])
+ − 2926
{
+ − 2927
case BLOCK_WIKIFORMAT:
+ − 2928
default:
+ − 2929
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2930
$c = RenderMan::render($row['block_content']);
+ − 2931
break;
+ − 2932
case BLOCK_TEMPLATEFORMAT:
+ − 2933
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2934
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2935
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
173
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 2936
// fix for the "Administration" link that somehow didn't get rendered properly
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 2937
$c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
0
+ − 2938
break;
+ − 2939
case BLOCK_HTML:
+ − 2940
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2941
$c = $row['block_content'];
+ − 2942
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2943
break;
+ − 2944
case BLOCK_PHP:
+ − 2945
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2946
ob_start();
+ − 2947
eval($row['block_content']);
+ − 2948
$c = ob_get_contents();
+ − 2949
ob_end_clean();
+ − 2950
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2951
break;
+ − 2952
case BLOCK_PLUGIN:
+ − 2953
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2954
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2955
break;
+ − 2956
}
190
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 2957
$block_name = $template->tplWikiFormat($row['block_name']);
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 2958
if ( empty($block_name) )
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 2959
$block_name = '<Unnamed>';
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 2960
$t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
0
+ − 2961
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 2962
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 2963
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 2964
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 2965
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 2966
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 2967
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 2968
$as = '';
+ − 2969
$ae = ' '.$tb;
+ − 2970
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 2971
echo $parser->run();
+ − 2972
unset($parser);
+ − 2973
+ − 2974
}
+ − 2975
$db->free_result();
+ − 2976
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2977
echo '</div></td></tr></table>';
+ − 2978
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 2979
$order = implode(',', $n1);
+ − 2980
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 2981
$order = implode(',', $n2);
+ − 2982
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 2983
echo '
+ − 2984
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 2985
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 2986
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 2987
<br />
+ − 2988
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 2989
</div>
+ − 2990
</form>
+ − 2991
';
+ − 2992
}
+ − 2993
+ − 2994
$template->footer();
+ − 2995
}
+ − 2996
+ − 2997
?>