0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
0
+ − 6
Author: Dan Fuhry
181
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 7
Version: 1.0.2
0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 13
* Version 1.0.2 (Coblynau)
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 38
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 39
));
+ − 40
');
+ − 41
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 42
// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 43
require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 44
require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 45
require(ENANO_ROOT . '/plugins/admin/UserManager.php');
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 46
0
+ − 47
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 48
+ − 49
function page_Admin_Home() {
+ − 50
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 51
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 52
{
+ − 53
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 54
return;
+ − 55
}
+ − 56
+ − 57
// Basic information
+ − 58
echo RenderMan::render(
+ − 59
'== Welcome to Runt, the Enano administration panel. ==
+ − 60
+ − 61
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 62
+ − 63
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 64
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 67
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 68
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 69
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 70
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 71
0
+ − 72
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 73
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 74
{
+ − 75
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 76
}
+ − 77
+ − 78
// Inactive users
+ − 79
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 80
if($q)
+ − 81
if($db->numrows() > 0)
+ − 82
{
+ − 83
$n = $db->numrows();
+ − 84
if($n == 1) $s = $n . ' user is';
+ − 85
else $s = $n . ' users are';
+ − 86
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 87
}
+ − 88
$db->free_result();
+ − 89
// Stats
+ − 90
if(getConfig('log_hits') == '1')
+ − 91
{
+ − 92
$stats = stats_top_pages(10);
61
+ − 93
//die('<pre>'.print_r($stats,true).'</pre>');
0
+ − 94
$c = 0;
+ − 95
$cls = 'row2';
+ − 96
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
61
+ − 97
foreach($stats as $data)
0
+ − 98
{
61
+ − 99
echo '<tr>';
+ − 100
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 101
echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';
+ − 102
echo '</tr>';
0
+ − 103
}
+ − 104
echo '</table></div>';
+ − 105
}
+ − 106
+ − 107
// Security log
+ − 108
echo '<h3>Security log</h3>';
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 109
$seclog = get_security_log(5);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 110
echo $seclog;
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 111
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 112
echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>';
0
+ − 113
+ − 114
}
+ − 115
+ − 116
function page_Admin_GeneralConfig() {
+ − 117
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 118
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 119
{
+ − 120
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 121
return;
+ − 122
}
+ − 123
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 124
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 125
{
0
+ − 126
+ − 127
// Global site options
+ − 128
setConfig('site_name', $_POST['site_name']);
+ − 129
setConfig('site_desc', $_POST['site_desc']);
+ − 130
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 131
setConfig('copyright_notice', $_POST['copyright']);
+ − 132
setConfig('contact_email', $_POST['contact_email']);
+ − 133
+ − 134
// Wiki mode
+ − 135
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 136
else setConfig('wiki_mode', '0');
+ − 137
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 138
else setConfig('wiki_mode_require_login', '0');
+ − 139
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 140
else setConfig('wiki_edit_notice', '0');
+ − 141
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 142
+ − 143
// Stats
+ − 144
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 145
else setConfig('log_hits', '0');
+ − 146
+ − 147
// Disablement
+ − 148
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 149
else setConfig('site_disabled', '0');
+ − 150
+ − 151
// Account activation
+ − 152
setConfig('account_activation', $_POST['account_activation']);
+ − 153
+ − 154
// W3C compliance buttons
+ − 155
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 156
else setConfig("w3c_vh32", "0");
+ − 157
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 158
else setConfig("w3c_vh40", "0");
+ − 159
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 160
else setConfig("w3c_vh401", "0");
+ − 161
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 162
else setConfig("w3c_vxhtml10", "0");
+ − 163
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 164
else setConfig("w3c_vxhtml11", "0");
+ − 165
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 166
else setConfig("w3c_vcss", "0");
+ − 167
+ − 168
// SourceForge.net logo
+ − 169
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 170
else setConfig('sflogo_enabled', '0');
+ − 171
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 172
setConfig('sflogo_type', $_POST['sflogo']);
+ − 173
+ − 174
// Comment options
+ − 175
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 176
else setConfig('approve_comments', '0');
+ − 177
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 178
else setConfig('enable_comments', '0');
+ − 179
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 180
+ − 181
// Powered by link
+ − 182
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 183
else setConfig('powered_btn', '0');
+ − 184
+ − 185
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 186
else setConfig('dbd_button', '0');
+ − 187
+ − 188
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 189
else setConfig('smtp_enabled', '1');
+ − 190
+ − 191
setConfig('smtp_server', $_POST['smtp_host']);
+ − 192
setConfig('smtp_user', $_POST['smtp_user']);
+ − 193
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 194
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 195
// Password strength
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 196
if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 197
else setConfig('pw_strength_enable', '0');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 198
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 199
$strength = intval($_POST['pw_strength_minimum']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 200
if ( $strength >= -10 && $strength <= 30 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 201
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 202
$strength = strval($strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 203
setConfig('pw_strength_minimum', $strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 204
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 205
0
+ − 206
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 207
+ − 208
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 209
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 210
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 211
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 212
}
0
+ − 213
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 214
?>
+ − 215
<div class="tblholder">
+ − 216
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 217
+ − 218
<!-- Global options -->
+ − 219
+ − 220
<tr><th colspan="2">Global site options</th></tr>
+ − 221
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 222
40
+ − 223
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ − 224
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ − 225
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ − 226
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
0
+ − 227
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 228
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 229
+ − 230
<!-- Wiki mode -->
+ − 231
+ − 232
<tr><th colspan="2">Wiki mode</th></tr>
+ − 233
+ − 234
<tr>
+ − 235
<td class="row3" rowspan="2">
+ − 236
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 237
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 238
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 239
</td>
+ − 240
<td class="row1">
+ − 241
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 242
</td>
+ − 243
</tr>
+ − 244
+ − 245
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 246
+ − 247
<tr>
+ − 248
<td class="row3" rowspan="2">
+ − 249
<b>Edit page notice</b><br />
+ − 250
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 251
</td>
+ − 252
<td class="row1">
+ − 253
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 254
</td>
+ − 255
</tr>
+ − 256
+ − 257
<tr>
+ − 258
<td class="row2">
+ − 259
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 260
</td>
+ − 261
</tr>
+ − 262
+ − 263
<!-- Site statistics -->
+ − 264
+ − 265
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 266
+ − 267
<tr>
+ − 268
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 269
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 270
</tr>
+ − 271
+ − 272
<!-- Comment options -->
+ − 273
+ − 274
<tr><th colspan="2">Comment system</th></tr>
+ − 275
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 276
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 277
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 278
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 279
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 280
+ − 281
<!--
+ − 282
+ − 283
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 284
permissions, select The Entire Website in any permissions editor window.
+ − 285
+ − 286
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 287
+ − 288
<tr>
+ − 289
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 290
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 291
</tr>
+ − 292
+ − 293
-->
+ − 294
+ − 295
<!-- enanocms.org link -->
+ − 296
+ − 297
<tr>
+ − 298
<th colspan="2">Promote Enano</th>
+ − 299
</tr>
+ − 300
<tr>
+ − 301
<td class="row3">
+ − 302
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 303
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 304
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 305
using this link.
+ − 306
</td>
+ − 307
<td class="row1">
+ − 308
<label>
36
+ − 309
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar
0
+ − 310
</label>
+ − 311
</td>
+ − 312
</tr>
+ − 313
+ − 314
<!-- Site disablement -->
+ − 315
+ − 316
<tr><th colspan="2">Disable all site access</th></tr>
+ − 317
+ − 318
<tr>
+ − 319
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 320
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 321
</tr>
+ − 322
<tr>
+ − 323
<td class="row2">
30
+ − 324
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
0
+ − 325
Message to show to users:<br />
+ − 326
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 327
</div>
+ − 328
</td>
+ − 329
</tr>
+ − 330
+ − 331
<!-- Account activation -->
+ − 332
+ − 333
<tr><th colspan="2">User account activation</th></tr>
+ − 334
+ − 335
<tr>
+ − 336
<td class="row3" colspan="2">
+ − 337
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 338
You may also disable registration completely if needed.<br /><br />
+ − 339
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 340
</td>
+ − 341
</tr>
+ − 342
+ − 343
<tr>
+ − 344
<td class="row1">Account activation:</td><td class="row1">
+ − 345
<?php
+ − 346
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
+ − 347
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
+ − 348
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 349
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 350
?>
+ − 351
</td>
+ − 352
</tr>
+ − 353
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 354
<tr><th colspan="2">Password strength</th></tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 355
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 356
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 357
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 358
<b>Enable password strength analysis</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 359
<small>This should be enabled in most cases. When this is enabled, a strength meter and a numerical score will be displayed wherever a password can be changed.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 360
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 361
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 362
<label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 363
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 364
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 365
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 366
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 367
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 368
<b>Minimum strength score</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 369
<small>This is the lowest score a password will be allowed to have. -10 will allow any password. A score of under -3 is considered weak, under 1 is fair, under 4 is good, under 10 is strong, and 10 and above are very strong. The scale is open-ended. This only has an effect if the meter is enabled above.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 370
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 371
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 372
<input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 373
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 374
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 375
0
+ − 376
<!-- E-mail options -->
+ − 377
+ − 378
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 379
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 380
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 381
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 382
</tr>
+ − 383
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 384
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 385
</tr>
+ − 386
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 387
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 388
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 389
</tr>
+ − 390
+ − 391
<!-- SourceForge.net logo -->
+ − 392
+ − 393
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 394
+ − 395
<tr>
+ − 396
<td colspan="2" class="row3">
+ − 397
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 398
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 399
</td>
+ − 400
</tr>
+ − 401
+ − 402
<?php
+ − 403
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 404
else $c='';
+ − 405
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 406
else $g='';
+ − 407
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 408
else $t='1';
+ − 409
?>
+ − 410
+ − 411
<tr>
+ − 412
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 413
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 414
</tr>
+ − 415
+ − 416
<tr>
+ − 417
<td class="row2">Group ID:</td>
+ − 418
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 419
</tr>
+ − 420
+ − 421
<tr>
+ − 422
<td class="row1">Logo style:</td>
+ − 423
<td class="row1">
+ − 424
<select name="sflogo">
+ − 425
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 426
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 427
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 428
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 429
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 430
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 431
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 432
</select>
+ − 433
</td>
+ − 434
</tr>
+ − 435
+ − 436
<!-- W3C validator buttons -->
+ − 437
+ − 438
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 439
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 440
+ − 441
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 442
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 443
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 444
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 445
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 446
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 447
+ − 448
<!-- DefectiveByDesign.org ad -->
+ − 449
+ − 450
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 451
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 452
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 453
+ − 454
<!-- Save button -->
+ − 455
+ − 456
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 457
+ − 458
</table>
+ − 459
</div>
+ − 460
</form>
+ − 461
<?php
+ − 462
}
+ − 463
+ − 464
function page_Admin_UploadConfig()
+ − 465
{
+ − 466
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 467
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 468
{
+ − 469
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 470
return;
+ − 471
}
+ − 472
+ − 473
if(isset($_POST['save']))
+ − 474
{
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 475
if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 476
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 477
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 478
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 479
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 480
setConfig('enable_uploads', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 481
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 482
else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 483
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 484
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 485
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 486
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 487
setConfig('enable_uploads', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 488
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 489
if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 490
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 491
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 492
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 493
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 494
setConfig('enable_imagemagick', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 495
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 496
else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 497
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 498
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 499
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 500
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 501
setConfig('enable_imagemagick', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 502
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 503
if(isset($_POST['cache_thumbs']))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 504
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 505
setConfig('cache_thumbs', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 506
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 507
else
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 508
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 509
setConfig('cache_thumbs', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 510
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 511
if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 512
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 513
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 514
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 515
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 516
setConfig('file_history', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 517
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 518
else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 519
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 520
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 521
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 522
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 523
setConfig('file_history', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 524
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 525
if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path'))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 526
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 527
$old = getConfig('imagemagick_path');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 528
$oldnew = "{$old}||{$_POST['imagemagick_path']}";
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 529
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","magick_path",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($oldnew) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 530
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 531
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 532
setConfig('imagemagick_path', $_POST['imagemagick_path']);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 533
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 534
else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 535
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 536
echo '<span style="color: red"><b>Warning:</b> the file "'.htmlspecialchars($_POST['imagemagick_path']).'" was not found, and the ImageMagick file path was not updated.</span>';
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 537
}
0
+ − 538
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 539
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 540
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 541
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 542
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 543
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 544
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 545
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 546
}
0
+ − 547
}
+ − 548
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 549
?>
+ − 550
<h3>File upload configuration</h3>
+ − 551
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 552
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 553
and executable files can sometimes be uploaded.</p>
+ − 554
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 555
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 556
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 557
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 558
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 559
large images many times can cost you quite a lot of bandwidth.</p>
+ − 560
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 561
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 562
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 563
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 564
</p>
+ − 565
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 566
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 567
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 568
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 569
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 570
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 571
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 572
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 573
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 574
enabled unless you have less than 250MB of MySQL database space.</p>
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 575
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
0
+ − 576
<hr style="margin-left: 1em;" />
+ − 577
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 578
<?php
+ − 579
echo '</form>';
+ − 580
}
+ − 581
+ − 582
function page_Admin_PluginManager() {
+ − 583
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 584
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 585
{
+ − 586
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 587
return;
+ − 588
}
+ − 589
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 590
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 591
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 592
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 593
{
0
+ − 594
case "enable":
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 595
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 596
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 597
$db->_die();
0
+ − 598
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 599
break;
+ − 600
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 601
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 602
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 603
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 604
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 605
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 606
if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
{
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 608
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 609
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 610
$db->_die();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 611
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 612
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 613
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 614
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 615
echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>');
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 616
}
0
+ − 617
break;
+ − 618
}
+ − 619
}
+ − 620
$dir = './plugins/';
+ − 621
$plugin_list = Array();
+ − 622
$system = Array();
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 623
$show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 624
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 625
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 626
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 627
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 628
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 629
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 630
{
0
+ − 631
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 632
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 633
unset($thelist);
0
+ − 634
if ( in_array($file, $plugins->system_plugins) )
+ − 635
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 636
if ( !$show_system )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 637
continue;
0
+ − 638
$thelist =& $system;
+ − 639
}
+ − 640
else
+ − 641
{
+ − 642
$thelist =& $plugin_list;
+ − 643
}
+ − 644
$f = file_get_contents($dir . $file);
+ − 645
$f = explode("\n", $f);
+ − 646
$f = array_slice($f, 2, 7);
+ − 647
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 648
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 649
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 650
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 651
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 652
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 653
$thelist[$file] = Array();
+ − 654
$thelist[$file]['name'] = $f[0];
+ − 655
$thelist[$file]['uri'] = $f[1];
+ − 656
$thelist[$file]['desc'] = $f[2];
+ − 657
$thelist[$file]['auth'] = $f[3];
+ − 658
$thelist[$file]['vers'] = $f[4];
+ − 659
$thelist[$file]['aweb'] = $f[5];
+ − 660
}
+ − 661
}
+ − 662
closedir($dh);
+ − 663
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 664
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 665
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 666
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 667
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 668
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 669
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 670
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 671
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 672
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 673
return;
0
+ − 674
}
+ − 675
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 676
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 677
$plugin_files_1 = array_keys($plugin_list);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 678
$plugin_files_2 = array_keys($system);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 679
$plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
0
+ − 680
$cls = 'row2';
+ − 681
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 682
{
+ − 683
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 684
$this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]];
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 685
$is_system = ( $system[$plugin_files[$i]] );
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 686
$bgcolor = '';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 687
if ( $is_system && $cls == 'row2' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 688
$bgcolor = ' style="background-color: #FFD8D8;"';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 689
else if ( $is_system && $cls == 'row3' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 690
$bgcolor = ' style="background-color: #FFD0D0;"';
0
+ − 691
echo '<tr>
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 692
<td class="'.$cls.'"'.$bgcolor.'>'.$plugin_files[$i].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 693
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['uri'].'">'.$this_plugin['name'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 694
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['desc'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 695
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['aweb'].'">'.$this_plugin['auth'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 696
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['vers'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 697
<td class="'.$cls.'"'.$bgcolor.'>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 698
if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
0
+ − 699
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 700
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 701
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 702
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 703
}
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 704
else
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 705
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 706
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 707
}
0
+ − 708
}
+ − 709
else
+ − 710
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 711
echo '[System]';
0
+ − 712
}
+ − 713
echo '</td></tr>';
+ − 714
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 715
$showhide_link = ( $show_system ) ?
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 716
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' :
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 717
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ;
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 718
echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
0
+ − 719
echo '</table></div>';
+ − 720
}
+ − 721
+ − 722
function page_Admin_UploadAllowedMimeTypes()
+ − 723
{
+ − 724
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 725
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 726
{
+ − 727
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 728
return;
+ − 729
}
+ − 730
+ − 731
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 732
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 733
{
+ − 734
$bits = '';
+ − 735
$keys = array_keys($mime_types);
+ − 736
foreach($keys as $i => $k)
+ − 737
{
+ − 738
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 739
else $bits .= '0';
+ − 740
}
+ − 741
$bits = compress_bitfield($bits);
+ − 742
setConfig('allowed_mime_types', $bits);
+ − 743
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 744
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 745
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 746
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 747
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 748
}
0
+ − 749
$allowed = fetch_allowed_extensions();
+ − 750
?>
+ − 751
<h3>Allowed file types</h3>
+ − 752
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 753
<?php
+ − 754
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 755
$c = -1;
+ − 756
$t = -1;
+ − 757
$cl = 'row1';
+ − 758
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
+ − 759
foreach($mime_types as $e => $m)
+ − 760
{
+ − 761
$c++;
+ − 762
$t++;
+ − 763
if($c == 3)
+ − 764
{
+ − 765
$c = 0;
+ − 766
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 767
echo '</tr>'."\n".' <tr>'."\n ";
+ − 768
}
+ − 769
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 770
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 771
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 772
}
+ − 773
while($c < 2)
+ − 774
{
+ − 775
$c++;
+ − 776
echo " <td class='{$cl}'></td>\n ";
+ − 777
}
+ − 778
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 779
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 780
echo '</form>';
+ − 781
?>
+ − 782
<?php
+ − 783
}
+ − 784
+ − 785
function page_Admin_Sidebar()
+ − 786
{
+ − 787
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 788
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 789
{
+ − 790
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 791
return;
+ − 792
}
+ − 793
+ − 794
?>
+ − 795
<h2>Editing and managing the Enano sidebar</h2>
+ − 796
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 797
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 798
markup language.
+ − 799
</p>
+ − 800
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 801
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 802
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 803
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 804
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 805
external sites.</p>
+ − 806
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 807
<pre>{slider=Navigation}
+ − 808
[[Main Page|Home]]
+ − 809
[[Enano:Sidebar|Edit the sidebar]]
+ − 810
{/slider}</pre>
+ − 811
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 812
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 813
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 814
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 815
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 816
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 817
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 818
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 819
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 820
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 821
<pre>{slider=$USERNAME}
+ − 822
[[User:$USERNAME|User page]]
+ − 823
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 824
{if user_logged_in}
+ − 825
[[Special:Preferences|Preferences]]
+ − 826
$THEME_LINK
+ − 827
{/if}
+ − 828
{if auth_admin}
+ − 829
[[Special:Administration|Administration]]
+ − 830
{/if}
+ − 831
{if user_logged_in}
+ − 832
$LOGOUT_LINK
+ − 833
{/if}
+ − 834
{!if user_logged_in}
+ − 835
Create an account
+ − 836
Log in
+ − 837
{/if}
+ − 838
{/slider}</pre>
+ − 839
<?php
+ − 840
}
+ − 841
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 842
/*
0
+ − 843
function page_Admin_UserManager() {
+ − 844
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 845
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 846
{
+ − 847
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 848
return;
+ − 849
}
+ − 850
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 851
if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 852
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 853
$_POST['go'] = true;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 854
$_POST['username'] = $_GET['user'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 855
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 856
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 857
if(isset($_POST['go']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 858
{
0
+ − 859
// We need the user ID before we can do anything
102
+ − 860
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 861
if ( !$q )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 862
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 863
die('Error selecting user ID: '.mysql_error());
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 864
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 865
if ( $db->numrows() < 1 )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 866
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 867
echo('User does not exist, please enter another username.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 868
return;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 869
}
0
+ − 870
$r = $db->fetchrow();
+ − 871
$db->free_result();
+ − 872
if(isset($_POST['save']))
+ − 873
{
+ − 874
$_POST['level'] = intval($_POST['level']);
+ − 875
+ − 876
$new_level = $_POST['level'];
+ − 877
$old_level = intval($r['user_level']);
+ − 878
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 879
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 880
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 881
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 882
$re = Array('permission denied');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 883
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 884
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 885
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 886
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 887
}
0
+ − 888
+ − 889
if($re == 'success')
+ − 890
{
+ − 891
+ − 892
if ( $new_level != $old_level )
+ − 893
{
+ − 894
$user_id = intval($r['user_id']);
+ − 895
// We need to update group memberships
+ − 896
if ( $old_level == USER_LEVEL_ADMIN )
+ − 897
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 898
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 899
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 900
$db->_die();
0
+ − 901
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
+ − 902
}
+ − 903
else if ( $old_level == USER_LEVEL_MOD )
+ − 904
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 905
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 906
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 907
$db->_die();
0
+ − 908
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
+ − 909
}
+ − 910
+ − 911
if ( $new_level == USER_LEVEL_ADMIN )
+ − 912
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 913
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 914
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 915
$db->_die();
0
+ − 916
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
+ − 917
}
+ − 918
else if ( $new_level == USER_LEVEL_MOD )
+ − 919
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 920
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 921
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 922
$db->_die();
0
+ − 923
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
+ − 924
}
+ − 925
}
+ − 926
102
+ − 927
// update account activation
+ − 928
if ( isset($_POST['account_active']) )
+ − 929
{
+ − 930
// activate account
+ − 931
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');
+ − 932
if ( !$q )
+ − 933
$db->_die();
+ − 934
}
+ − 935
else
+ − 936
{
+ − 937
// deactivate account and throw away the old key
+ − 938
$actkey = sha1 ( microtime() . mt_rand() );
+ − 939
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');
+ − 940
if ( !$q )
+ − 941
$db->_die();
+ − 942
}
+ − 943
0
+ − 944
echo('<div class="info-box">Your changes have been saved.</div>');
+ − 945
}
+ − 946
else
+ − 947
{
+ − 948
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
+ − 949
}
102
+ − 950
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
0
+ − 951
if ( !$q )
+ − 952
{
+ − 953
die('Error selecting user ID: '.mysql_error());
+ − 954
}
+ − 955
if($db->numrows($q) < 1)
+ − 956
{
+ − 957
die('User does not exist, please enter another username.');
+ − 958
}
+ − 959
$r = mysql_fetch_object($q);
+ − 960
$db->free_result();
+ − 961
}
+ − 962
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
+ − 963
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 964
if ( defined('ENANO_DEMO_MODE') )
0
+ − 965
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 966
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
0
+ − 967
}
+ − 968
else
+ − 969
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 970
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 971
if($q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 972
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 973
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 974
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 975
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 976
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 977
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 978
}
0
+ − 979
}
+ − 980
}
+ − 981
else
+ − 982
{
22
+ − 983
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 984
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 985
$meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';
0
+ − 986
echo('
+ − 987
<h3>Edit User Info</h3>
+ − 988
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 989
<table border="0" style="margin-left: 0.2in;">
+ − 990
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 991
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 992
'.$meter.'
22
+ − 993
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
+ − 994
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
+ − 995
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
0
+ − 996
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
102
+ − 997
<tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>
0
+ − 998
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
+ − 999
<tr><td align="center" colspan="2">
+ − 1000
<input type="submit" name="save" value="Save Changes" /></td></tr>
+ − 1001
</table>
+ − 1002
</form>
+ − 1003
');
+ − 1004
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1005
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1006
else if(isset($_POST['clearsessions']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1007
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1008
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1009
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1010
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1011
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1012
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1013
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1014
// Get the current session information so the user doesn't get logged out
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1015
$aes = new AESCrypt();
22
+ − 1016
$sk = md5(strrev($session->sid_super));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1017
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
22
+ − 1018
if ( !$qb )
+ − 1019
{
+ − 1020
die('Error selecting session key info block B: '.$db->get_error());
+ − 1021
}
+ − 1022
if ( $db->numrows($qb) < 1 )
+ − 1023
{
+ − 1024
die('Error: cannot read admin session info block B, aborting table clear process');
+ − 1025
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1026
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
22
+ − 1027
if ( !$qa )
+ − 1028
{
+ − 1029
die('Error selecting session key info block A: '.$db->get_error());
+ − 1030
}
+ − 1031
if ( $db->numrows($qa) < 1 )
+ − 1032
{
+ − 1033
die('Error: cannot read user session info block A, aborting table clear process');
+ − 1034
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1035
$ra = mysql_fetch_object($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1036
$rb = mysql_fetch_object($qb);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1037
$db->free_result($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1038
$db->free_result($qb);
22
+ − 1039
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1040
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1041
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
22
+ − 1042
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1043
echo('
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1044
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1045
');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1046
}
0
+ − 1047
}
+ − 1048
echo('
+ − 1049
<h3>User Management</h3>
+ − 1050
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 1051
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
+ − 1052
<h3>Clear session keys table</h3>
+ − 1053
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
+ − 1054
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
+ − 1055
</form>
+ − 1056
');
+ − 1057
if(isset($_GET['action']) && isset($_GET['user']))
+ − 1058
{
+ − 1059
switch($_GET['action'])
+ − 1060
{
+ − 1061
case "activate":
+ − 1062
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
+ − 1063
if($e)
+ − 1064
{
+ − 1065
$row = $db->fetchrow();
+ − 1066
$db->free_result();
+ − 1067
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 1068
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ − 1069
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
+ − 1070
break;
+ − 1071
case "sendemail":
+ − 1072
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 1073
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ − 1074
break;
+ − 1075
case "deny":
+ − 1076
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ − 1077
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
+ − 1078
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ − 1079
break;
+ − 1080
}
+ − 1081
}
30
+ − 1082
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
+ − 1083
LEFT JOIN '.table_prefix.'users AS u
+ − 1084
ON ( u.username = l.edit_summary OR u.username IS NULL )
+ − 1085
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
0
+ − 1086
if($q)
+ − 1087
{
+ − 1088
if($db->numrows() > 0)
+ − 1089
{
+ − 1090
$n = $db->numrows();
+ − 1091
if($n == 1) $s = $n . ' user is';
+ − 1092
else $s = $n . ' users are';
+ − 1093
echo '<h3>'.$s . ' awaiting account activation</h3>';
+ − 1094
echo '<div class="tblholder">
+ − 1095
<table border="0" cellspacing="1" cellpadding="4" width="100%">
30
+ − 1096
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
0
+ − 1097
$cls = 'row2';
+ − 1098
while($row = $db->fetchrow())
+ − 1099
{
+ − 1100
if($cls == 'row2') $cls = 'row1';
+ − 1101
else $cls = 'row2';
30
+ − 1102
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
+ − 1103
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
0
+ − 1104
}
+ − 1105
echo '</table>';
+ − 1106
}
+ − 1107
$db->free_result();
+ − 1108
}
+ − 1109
}
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 1110
*/
0
+ − 1111
+ − 1112
function page_Admin_GroupManager()
+ − 1113
{
+ − 1114
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1115
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1116
{
+ − 1117
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1118
return;
+ − 1119
}
+ − 1120
+ − 1121
if(isset($_POST['do_create_stage1']))
+ − 1122
{
+ − 1123
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1124
{
+ − 1125
echo '<p>The group name you chose is invalid.</p>';
+ − 1126
return;
+ − 1127
}
+ − 1128
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1129
echo '<div class="tblholder">
+ − 1130
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1131
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 1132
<tr>
+ − 1133
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 1134
</tr>
+ − 1135
<tr><td class="row2">Group status</td><td class="row2">
+ − 1136
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 1137
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 1138
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 1139
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 1140
</td></tr>
+ − 1141
<tr>
+ − 1142
<th class="subhead" colspan="2">
+ − 1143
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 1144
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 1145
</th>
+ − 1146
</tr>
+ − 1147
</table>
+ − 1148
</div>';
+ − 1149
echo '</form>';
+ − 1150
return;
+ − 1151
}
+ − 1152
elseif(isset($_POST['do_create_stage2']))
+ − 1153
{
+ − 1154
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1155
{
+ − 1156
echo '<p>The group name you chose is invalid.</p>';
+ − 1157
return;
+ − 1158
}
+ − 1159
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 1160
{
+ − 1161
echo '<p>Hacking attempt</p>';
+ − 1162
return;
+ − 1163
}
+ − 1164
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1165
if(!$e)
+ − 1166
{
+ − 1167
echo $db->get_error();
+ − 1168
return;
+ − 1169
}
+ − 1170
if($db->numrows() > 0)
+ − 1171
{
+ − 1172
echo '<p>The group name you entered already exists.</p>';
+ − 1173
return;
+ − 1174
}
+ − 1175
$db->free_result();
+ − 1176
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 1177
if(!$q)
+ − 1178
{
+ − 1179
echo $db->get_error();
+ − 1180
return;
+ − 1181
}
+ − 1182
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 1183
if(!$e)
+ − 1184
{
+ − 1185
echo $db->get_error();
+ − 1186
return;
+ − 1187
}
+ − 1188
if($db->numrows() < 1)
+ − 1189
{
+ − 1190
echo '<p>The username you entered could not be found.</p>';
+ − 1191
return;
+ − 1192
}
+ − 1193
$row = $db->fetchrow();
+ − 1194
$id = $row['user_id'];
+ − 1195
$db->free_result();
+ − 1196
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1197
if(!$e)
+ − 1198
{
+ − 1199
echo $db->get_error();
+ − 1200
return;
+ − 1201
}
+ − 1202
if($db->numrows() < 1)
+ − 1203
{
+ − 1204
echo '<p>The group ID could not be looked up.</p>';
+ − 1205
return;
+ − 1206
}
+ − 1207
$row = $db->fetchrow();
+ − 1208
$gid = $row['group_id'];
+ − 1209
$db->free_result();
+ − 1210
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 1211
if(!$e)
+ − 1212
{
+ − 1213
echo $db->get_error();
+ − 1214
return;
+ − 1215
}
+ − 1216
echo "<div class='info-box'>
+ − 1217
<b>Information</b><br />
+ − 1218
The group {$_POST['create_group_name']} has been created successfully.
+ − 1219
</div>";
+ − 1220
}
+ − 1221
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 1222
{
+ − 1223
// Fetch the group name
+ − 1224
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1225
if(!$q)
+ − 1226
{
+ − 1227
echo $db->get_error();
+ − 1228
return;
+ − 1229
}
+ − 1230
if($db->numrows() < 1)
+ − 1231
{
+ − 1232
echo '<p>Error: couldn\'t look up group name</p>';
+ − 1233
}
+ − 1234
$row = $db->fetchrow();
+ − 1235
$name = $row['group_name'];
+ − 1236
$db->free_result();
+ − 1237
if(isset($_POST['edit_do']))
+ − 1238
{
+ − 1239
if(isset($_POST['edit_do']['del_group']))
+ − 1240
{
+ − 1241
if ( $row['system_group'] == 1 )
+ − 1242
{
+ − 1243
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 1244
}
+ − 1245
else
+ − 1246
{
+ − 1247
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1248
if(!$q)
+ − 1249
{
+ − 1250
echo $db->get_error();
+ − 1251
return;
+ − 1252
}
+ − 1253
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1254
if(!$q)
+ − 1255
{
+ − 1256
echo $db->get_error();
+ − 1257
return;
+ − 1258
}
+ − 1259
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1260
return;
+ − 1261
}
+ − 1262
}
+ − 1263
if(isset($_POST['edit_do']['save_name']))
+ − 1264
{
+ − 1265
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1266
{
+ − 1267
echo '<p>The group name you chose is invalid.</p>';
+ − 1268
return;
+ − 1269
}
+ − 1270
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1271
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1272
if(!$q)
+ − 1273
{
+ − 1274
echo $db->get_error();
+ − 1275
return;
+ − 1276
}
+ − 1277
else
+ − 1278
{
+ − 1279
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1280
The group name has been updated.
+ − 1281
</div>';
+ − 1282
}
+ − 1283
$name = $_POST['group_name'];
+ − 1284
+ − 1285
}
+ − 1286
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1287
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1288
if(!$q)
+ − 1289
{
+ − 1290
echo $db->get_error();
+ − 1291
return;
+ − 1292
}
+ − 1293
if($db->numrows() > 0)
+ − 1294
{
+ − 1295
while($row = $db->fetchrow($q))
+ − 1296
{
+ − 1297
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1298
{
+ − 1299
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1300
if(!$e)
+ − 1301
{
+ − 1302
echo $db->get_error();
+ − 1303
return;
+ − 1304
}
+ − 1305
}
+ − 1306
}
+ − 1307
}
+ − 1308
$db->free_result();
+ − 1309
if(isset($_POST['edit_do']['add_member']))
+ − 1310
{
+ − 1311
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1312
if(!$q)
+ − 1313
{
+ − 1314
echo $db->get_error();
+ − 1315
return;
+ − 1316
}
+ − 1317
if($db->numrows() > 0)
+ − 1318
{
+ − 1319
$row = $db->fetchrow();
+ − 1320
$user_id = $row['user_id'];
+ − 1321
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1322
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1323
if(!$q)
+ − 1324
{
+ − 1325
echo $db->get_error();
+ − 1326
return;
+ − 1327
}
+ − 1328
else
+ − 1329
{
+ − 1330
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1331
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1332
</div>';
+ − 1333
}
+ − 1334
}
+ − 1335
else
+ − 1336
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1337
}
+ − 1338
}
+ − 1339
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1340
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1341
echo '<div class="tblholder">
+ − 1342
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1343
<tr><th>Edit group name</th></tr>
+ − 1344
<tr>
+ − 1345
<td class="row1">
+ − 1346
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1347
</td>
+ − 1348
</tr>
+ − 1349
<tr>
+ − 1350
<th class="subhead">
+ − 1351
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1352
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1353
</th>
+ − 1354
</tr>
+ − 1355
</table>
+ − 1356
</div>
+ − 1357
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1358
echo '</form>';
+ − 1359
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1360
echo '<div class="tblholder">
+ − 1361
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1362
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1363
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1364
LEFT JOIN '.table_prefix.'users AS u
+ − 1365
ON u.user_id=m.user_id
+ − 1366
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1367
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1368
if(!$q)
+ − 1369
{
+ − 1370
echo $db->get_error();
+ − 1371
return;
+ − 1372
}
+ − 1373
if($db->numrows() < 1)
+ − 1374
{
+ − 1375
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1376
}
+ − 1377
else
+ − 1378
{
+ − 1379
$cls = 'row2';
+ − 1380
while($row = $db->fetchrow())
+ − 1381
{
+ − 1382
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1383
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1384
echo '<tr>
+ − 1385
<td class="'.$cls.'" style="width: 100%;">
+ − 1386
' . $row['username'] . '
+ − 1387
</td>
+ − 1388
<td class="'.$cls.'">
+ − 1389
'.$mod.'
+ − 1390
</td>
+ − 1391
<td class="'.$cls.'">
+ − 1392
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1393
</td>
+ − 1394
</tr>';
+ − 1395
}
+ − 1396
}
+ − 1397
$db->free_result();
+ − 1398
echo '</table>
+ − 1399
</div>
+ − 1400
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1401
echo '</form>';
+ − 1402
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1403
echo '<div class="tblholder">
+ − 1404
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1405
<tr>
+ − 1406
<th>Add a new member</th>
+ − 1407
</tr>
+ − 1408
<tr>
+ − 1409
<td class="row1">
+ − 1410
Username: ' . $template->username_field('edit_add_username') . '
+ − 1411
</td>
+ − 1412
</tr>
+ − 1413
<tr>
+ − 1414
<td class="row2">
+ − 1415
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1416
</td>
+ − 1417
</tr>
+ − 1418
<tr>
+ − 1419
<th class="subhead">
+ − 1420
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1421
</th>
+ − 1422
</tr>
+ − 1423
</table>
+ − 1424
</div>
+ − 1425
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1426
echo '</form>';
+ − 1427
return;
+ − 1428
}
+ − 1429
echo '<h3>Manage Usergroups</h3>';
+ − 1430
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1431
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1432
if(!$q)
+ − 1433
{
+ − 1434
echo $db->get_error();
+ − 1435
}
+ − 1436
else
+ − 1437
{
+ − 1438
echo '<div class="tblholder">
+ − 1439
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1440
<tr>
+ − 1441
<th>Edit an existing group</th>
+ − 1442
</tr>';
+ − 1443
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1444
while ( $row = $db->fetchrow() )
+ − 1445
{
+ − 1446
if ( $row['group_name'] != 'Everyone' )
+ − 1447
{
+ − 1448
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1449
}
+ − 1450
}
+ − 1451
$db->free_result();
+ − 1452
echo '</select></td></tr>';
+ − 1453
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1454
</table>
+ − 1455
</div>
+ − 1456
</form><br />';
+ − 1457
}
+ − 1458
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1459
echo '<div class="tblholder">
+ − 1460
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1461
<tr>
+ − 1462
<th colspan="2">Create a new group</th>
+ − 1463
</tr>';
+ − 1464
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1465
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1466
</table>
+ − 1467
</div>';
+ − 1468
echo '</form>';
+ − 1469
}
+ − 1470
30
+ − 1471
function page_Admin_COPPA()
+ − 1472
{
+ − 1473
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1474
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1475
{
+ − 1476
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1477
return;
+ − 1478
}
+ − 1479
+ − 1480
echo '<h2>Background information</h2>';
+ − 1481
echo '<p>
+ − 1482
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
+ − 1483
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
+ − 1484
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano
+ − 1485
provides an easy way to allow you, as the website administrator, to obtain this authorization.
+ − 1486
</p>';
+ − 1487
+ − 1488
// Start form
+ − 1489
+ − 1490
if ( isset($_POST['coppa_address']) )
+ − 1491
{
+ − 1492
// Saving changes
+ − 1493
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
+ − 1494
setConfig('enable_coppa', $enable_coppa);
+ − 1495
+ − 1496
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
+ − 1497
setConfig('coppa_address', $address);
+ − 1498
+ − 1499
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1500
}
+ − 1501
+ − 1502
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1503
+ − 1504
echo '<div class="tblholder">';
+ − 1505
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1506
echo '<tr>
+ − 1507
<th colspan="2">
+ − 1508
COPPA support
+ − 1509
</th>
+ − 1510
</tr>';
+ − 1511
+ − 1512
echo '<tr>
+ − 1513
<td class="row1">
+ − 1514
Enable COPPA support:
+ − 1515
</td>
+ − 1516
<td class="row2">
+ − 1517
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
+ − 1518
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
+ − 1519
</td>
+ − 1520
</tr>';
+ − 1521
+ − 1522
echo '<tr>
+ − 1523
<td class="row1">
+ − 1524
Your mailing address:<br />
+ − 1525
<small>This is the address to which parents will send authorization forms.</small>
+ − 1526
</td>
+ − 1527
<td class="row2">
+ − 1528
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
+ − 1529
</td>
+ − 1530
</tr>';
+ − 1531
+ − 1532
echo '<tr>
+ − 1533
<th colspan="2" class="subhead">
+ − 1534
<input type="submit" value="Save changes" />
+ − 1535
</th>
+ − 1536
</tr>';
+ − 1537
+ − 1538
echo '</table>';
+ − 1539
+ − 1540
echo '</form>';
+ − 1541
+ − 1542
}
+ − 1543
0
+ − 1544
function page_Admin_PageManager()
+ − 1545
{
+ − 1546
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1547
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1548
{
+ − 1549
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1550
return;
+ − 1551
}
+ − 1552
+ − 1553
+ − 1554
echo '<h2>Page management</h2>';
+ − 1555
+ − 1556
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1557
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1558
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1559
if ( $source == 'ajax' )
+ − 1560
{
+ − 1561
$_POST['search'] = true;
+ − 1562
$_POST['page_url'] = $_GET['page_id'];
+ − 1563
}
+ − 1564
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1565
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1566
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1567
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1568
$k = array_keys($paths->nslist);
+ − 1569
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1570
{
+ − 1571
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1572
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1573
{
+ − 1574
$ns = $k[$i];
+ − 1575
$page_id = substr($pid, $ln, strlen($pid));
+ − 1576
}
+ − 1577
}
+ − 1578
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1579
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1580
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1581
{
+ − 1582
if(!isset($final_pid))
+ − 1583
{
+ − 1584
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1585
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1586
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1587
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1588
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1589
}
+ − 1590
}
+ − 1591
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1592
$_POST['namespace'] = $ns;
+ − 1593
$_POST['old_namespace'] = $ns;
+ − 1594
$_POST['page_id'] = $final_pid;
+ − 1595
$_POST['old_page_id'] = $final_pid;
+ − 1596
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1597
}
+ − 1598
+ − 1599
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1600
{
40
+ − 1601
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
0
+ − 1602
if(isset($_POST['submit']))
+ − 1603
{
22
+ − 1604
switch(true)
0
+ − 1605
{
22
+ − 1606
case true:
+ − 1607
// Create a list of things to update
+ − 1608
$page_info = Array(
+ − 1609
'name'=>$_POST['name'],
+ − 1610
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1611
'namespace'=>$_POST['namespace'],
+ − 1612
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1613
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1614
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1615
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1616
);
+ − 1617
40
+ − 1618
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
22
+ − 1619
+ − 1620
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1621
{
+ − 1622
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1623
break;
+ − 1624
}
+ − 1625
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1626
{
+ − 1627
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1628
break;
+ − 1629
}
+ − 1630
// Build the query
+ − 1631
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1632
$k = array_keys($page_info);
+ − 1633
foreach($k as $c)
+ − 1634
{
+ − 1635
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1636
}
+ − 1637
$q = substr($q, 0, strlen($q)-1);
+ − 1638
// Build the WHERE statements
+ − 1639
$q .= ' WHERE ';
+ − 1640
$k = array_keys($cpage);
40
+ − 1641
if ( !isset($cpage) )
110
+ − 1642
die('[internal] no cpage');
22
+ − 1643
foreach($k as $c)
+ − 1644
{
+ − 1645
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1646
{
+ − 1647
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1648
}
+ − 1649
else if($c == 'urlname')
+ − 1650
{
+ − 1651
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1652
}
+ − 1653
}
+ − 1654
// Trim off the last " AND " and append a semicolon
+ − 1655
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1656
// Send the completed query to MySQL
+ − 1657
$e = $db->sql_query($q);
+ − 1658
if(!$e) $db->_die('The page data could not be updated.');
+ − 1659
// Update any additional tables
+ − 1660
$q = Array(
+ − 1661
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1662
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1663
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1664
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
72
bda11e521e8a
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Dan
diff
changeset
+ − 1665
'UPDATE '.table_prefix.'acl SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';'
22
+ − 1666
);
+ − 1667
foreach($q as $cq)
+ − 1668
{
+ − 1669
$e = $db->sql_query($cq);
+ − 1670
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1671
}
+ − 1672
// Update $cpage
+ − 1673
$cpage = $page_info;
+ − 1674
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1675
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1676
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1677
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1678
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1679
break;
0
+ − 1680
}
+ − 1681
} elseif(isset($_POST['delete'])) {
+ − 1682
$q = Array(
+ − 1683
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1684
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1685
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1686
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1687
);
+ − 1688
foreach($q as $cq)
+ − 1689
{
+ − 1690
$e = $db->sql_query($cq);
+ − 1691
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1692
}
+ − 1693
+ − 1694
if(!$db->sql_query(
+ − 1695
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1696
)) $db->_die('The page could not be deleted.');
+ − 1697
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1698
return;
+ − 1699
}
130
+ − 1700
$url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true);
+ − 1701
echo '<form action="'.$url.'" method="post">';
0
+ − 1702
?>
89
+ − 1703
<h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
0
+ − 1704
<table border="0">
+ − 1705
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
89
+ − 1706
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr>
22
+ − 1707
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1708
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1709
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1710
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1711
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1712
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1713
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1714
<tr><td colspan="2" style="text-align: right;">
+ − 1715
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1716
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1717
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1718
</table>
+ − 1719
<?php
+ − 1720
echo '</form>';
+ − 1721
} else {
+ − 1722
echo '<h3>Please select a page</h3>';
+ − 1723
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1724
?>
+ − 1725
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1726
<p>Select page title from a list: <select name="page_force_url">
+ − 1727
<?php
+ − 1728
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1729
{
89
+ − 1730
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.htmlspecialchars($paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name']).'</option>'."\n";
0
+ − 1731
}
+ − 1732
?>
+ − 1733
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1734
<?php
+ − 1735
echo '</form>';
+ − 1736
+ − 1737
}
+ − 1738
}
+ − 1739
+ − 1740
function page_Admin_PageEditor()
+ − 1741
{
+ − 1742
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1743
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1744
{
+ − 1745
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1746
return;
+ − 1747
}
+ − 1748
+ − 1749
+ − 1750
echo '<h2>Edit page content</h2>';
+ − 1751
+ − 1752
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1753
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1754
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1755
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1756
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1757
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1758
$k = array_keys($paths->nslist);
+ − 1759
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1760
{
+ − 1761
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1762
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1763
{
+ − 1764
$ns = $k[$i];
+ − 1765
$page_id = substr($pid, $ln, strlen($pid));
+ − 1766
}
+ − 1767
}
+ − 1768
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1769
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1770
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1771
{
+ − 1772
if(!isset($final_pid))
+ − 1773
{
+ − 1774
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1775
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1776
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1777
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1778
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1779
}
+ − 1780
}
+ − 1781
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1782
$_POST['namespace'] = $ns;
+ − 1783
$_POST['page_id'] = $final_pid;
+ − 1784
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1785
}
+ − 1786
+ − 1787
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1788
{
+ − 1789
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1790
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1791
else $content = $_POST['content'];
+ − 1792
if(isset($_POST['save']))
+ − 1793
{
+ − 1794
$data = $content;
+ − 1795
$id = md5( microtime() . mt_rand() );
+ − 1796
+ − 1797
$minor = isset($_POST['minor']) ? 'true' : 'false';
+ − 1798
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
+ − 1799
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1800
+ − 1801
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1802
$e = $db->sql_query($query);
+ − 1803
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1804
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1805
} elseif(isset($_POST['preview'])) {
+ − 1806
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1807
}
+ − 1808
?>
+ − 1809
<p>
+ − 1810
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
+ − 1811
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br />
+ − 1812
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1813
</p>
+ − 1814
<p>
+ − 1815
<input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" />
+ − 1816
<input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" />
+ − 1817
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1818
</p>
+ − 1819
<?php
+ − 1820
echo '</form>';
+ − 1821
} else {
+ − 1822
echo '<h3>Please select a page</h3>';
+ − 1823
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1824
?>
+ − 1825
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1826
<p>Select page title from a list: <select name="page_force_url">
+ − 1827
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1828
for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ )
0
+ − 1829
{
+ − 1830
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1831
}
+ − 1832
?>
+ − 1833
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1834
<?php
+ − 1835
echo '</form>';
+ − 1836
}
+ − 1837
}
+ − 1838
+ − 1839
function page_Admin_ThemeManager()
+ − 1840
{
+ − 1841
+ − 1842
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1843
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1844
{
+ − 1845
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1846
return;
+ − 1847
}
+ − 1848
+ − 1849
+ − 1850
// Get the list of styles in the themes/ dir
+ − 1851
$h = opendir('./themes');
+ − 1852
$l = Array();
+ − 1853
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1854
while(false !== ($n = readdir($h))) {
+ − 1855
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1856
$l[] = $n;
+ − 1857
}
+ − 1858
closedir($h);
+ − 1859
echo('
+ − 1860
<h3>Theme Management</h3>
+ − 1861
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1862
');
+ − 1863
if(isset($_POST['disenable'])) {
+ − 1864
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1865
$s = $db->sql_query($q);
+ − 1866
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1867
$r = $db->fetchrow_num($s);
+ − 1868
$db->free_result();
+ − 1869
if($r[0] == 1) $e = 0;
+ − 1870
else $e = 1;
+ − 1871
$s=true;
+ − 1872
if($e==0)
+ − 1873
{
+ − 1874
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1875
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1876
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1877
}
+ − 1878
$db->free_result();
+ − 1879
if($s) {
+ − 1880
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1881
$a = $db->sql_query($q);
+ − 1882
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1883
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1884
}
+ − 1885
}
+ − 1886
elseif(isset($_POST['edit'])) {
+ − 1887
+ − 1888
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1889
$list = Array();
+ − 1890
// Open a known directory, and proceed to read its contents
+ − 1891
if (is_dir($dir)) {
+ − 1892
if ($dh = opendir($dir)) {
+ − 1893
while (($file = readdir($dh)) !== false) {
+ − 1894
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1895
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1896
}
+ − 1897
}
+ − 1898
closedir($dh);
+ − 1899
}
+ − 1900
}
+ − 1901
$lk = array_keys($list);
+ − 1902
+ − 1903
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1904
$s = $db->sql_query($q);
+ − 1905
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1906
$r = $db->fetchrow_num($s);
+ − 1907
$db->free_result();
+ − 1908
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1909
echo('<div class="question-box">
+ − 1910
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1911
Default stylesheet: <select name="defaultcss">');
+ − 1912
foreach ($lk as $l)
+ − 1913
{
+ − 1914
if($r[1] == $l) $v = ' selected="selected"';
+ − 1915
else $v = '';
+ − 1916
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1917
}
+ − 1918
echo('</select><br /><br />
+ − 1919
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1920
</div>');
+ − 1921
echo('</form>');
+ − 1922
}
+ − 1923
elseif(isset($_POST['editsave'])) {
+ − 1924
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1925
$s = $db->sql_query($q);
+ − 1926
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1927
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1928
}
+ − 1929
elseif(isset($_POST['up'])) {
+ − 1930
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1931
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1932
$s = $db->sql_query($q);
+ − 1933
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1934
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1935
$sn = $db->sql_query($q);
+ − 1936
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1937
$r = $db->fetchrow_num($sn);
+ − 1938
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1939
// Get the order IDs of the selected theme and the theme before it
+ − 1940
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1941
$s = $db->sql_query($q);
+ − 1942
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1943
$r = $db->fetchrow_num($s);
+ − 1944
$r = $r[0];
+ − 1945
$rb = $r - 1;
+ − 1946
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1947
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1948
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1949
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1950
echo('<div class="info-box">Theme moved up.</div>');
+ − 1951
}
+ − 1952
$db->free_result($s);
+ − 1953
$db->free_result($sn);
+ − 1954
}
+ − 1955
elseif(isset($_POST['down'])) {
+ − 1956
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1957
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1958
$s = $db->sql_query($q);
+ − 1959
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1960
$r = $db->fetchrow_num($s);
+ − 1961
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1962
// Get the order IDs of the selected theme and the theme before it
+ − 1963
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1964
$s = $db->sql_query($q);
+ − 1965
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1966
$r = $db->fetchrow_num($s);
+ − 1967
$r = $r[0];
+ − 1968
$rb = $r + 1;
+ − 1969
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1970
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1971
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1972
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1973
echo('<div class="info-box">Theme moved down.</div>');
+ − 1974
}
+ − 1975
}
+ − 1976
else if(isset($_POST['uninstall']))
+ − 1977
{
+ − 1978
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1979
$s = $db->sql_query($q);
+ − 1980
if ( !$s )
+ − 1981
{
+ − 1982
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1983
}
+ − 1984
$n = $db->numrows($s);
+ − 1985
$db->free_result();
+ − 1986
+ − 1987
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1988
{
+ − 1989
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1990
}
+ − 1991
else
+ − 1992
{
+ − 1993
if($n < 2)
+ − 1994
{
+ − 1995
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1996
}
+ − 1997
else
+ − 1998
{
+ − 1999
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 2000
$s = $db->sql_query($q);
+ − 2001
if ( !$s )
+ − 2002
{
+ − 2003
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 2004
}
+ − 2005
else
+ − 2006
{
+ − 2007
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 2008
}
+ − 2009
}
+ − 2010
}
+ − 2011
}
+ − 2012
elseif(isset($_POST['install'])) {
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2013
$q = 'SELECT theme_id FROM '.table_prefix.'themes;';
0
+ − 2014
$s = $db->sql_query($q);
+ − 2015
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 2016
$n = $db->numrows($s);
+ − 2017
$n++;
+ − 2018
$theme_id = $_POST['theme_id'];
+ − 2019
$theme = Array();
+ − 2020
include('./themes/'.$theme_id.'/theme.cfg');
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2021
if ( !isset($theme['theme_id']) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2022
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2023
echo '<div class="error-box">Could not load theme.cfg (theme metadata file)</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2024
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2025
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2026
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2027
$default_style = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2028
if ( $dh = opendir('./themes/' . $theme_id . '/css') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2029
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2030
while ( $file = readdir($dh) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2031
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2032
if ( $file != '_printable.css' && preg_match('/\.css$/i', $file) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2033
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2034
$default_style = $file;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2035
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2036
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2037
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2038
closedir($dh);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2039
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2040
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2041
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2042
die('The /css subdirectory could not be located in the theme\'s directory');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2043
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2044
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2045
if ( $default_style )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2046
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2047
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled,default_style) VALUES(\''.$db->escape($theme['theme_id']).'\', \''.$db->escape($theme['theme_name']).'\', '.$n.', 1, \'' . $db->escape($default_style) . '\')';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2048
$s = $db->sql_query($q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2049
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2050
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2051
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2052
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2053
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2054
echo '<div class="error-box">Could not determine the default style for the theme.</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2055
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2056
}
0
+ − 2057
}
+ − 2058
echo('
+ − 2059
<h3>Currently installed themes</h3>
+ − 2060
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 2061
<p>
+ − 2062
<select name="theme_id">
+ − 2063
');
+ − 2064
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 2065
$s = $db->sql_query($q);
+ − 2066
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 2067
while ( $r = $db->fetchrow_num($s) ) {
+ − 2068
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 2069
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 2070
}
+ − 2071
$db->free_result();
+ − 2072
echo('
+ − 2073
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 2074
</p>
+ − 2075
</form>
+ − 2076
<h3>Install a new theme</h3>
+ − 2077
');
+ − 2078
$theme = Array();
+ − 2079
$obb = '';
+ − 2080
for($i=0;$i<sizeof($l);$i++) {
+ − 2081
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 2082
include('./themes/'.$l[$i].'/theme.cfg');
+ − 2083
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 2084
$s = $db->sql_query($q);
+ − 2085
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 2086
if($db->numrows($s) < 1) {
+ − 2087
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 2088
}
+ − 2089
$db->free_result();
+ − 2090
}
+ − 2091
}
+ − 2092
if($obb != '') {
+ − 2093
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 2094
echo('<select name="theme_id">');
+ − 2095
echo($obb);
+ − 2096
echo('</select>');
+ − 2097
echo('
+ − 2098
<input type="submit" name="install" value="Install this theme" />
+ − 2099
</p></form>');
+ − 2100
} else echo('<p>All themes are currently installed.</p>');
+ − 2101
}
+ − 2102
+ − 2103
function page_Admin_BanControl()
+ − 2104
{
+ − 2105
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2106
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2107
{
+ − 2108
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2109
return;
+ − 2110
}
+ − 2111
+ − 2112
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 2113
{
+ − 2114
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 2115
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 2116
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2117
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 2118
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2119
$type = intval($_POST['type']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2120
$value = trim($_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2121
if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2122
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2123
echo '<div class="error-box">Hacking attempt.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2124
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2125
else if ( empty($value) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2126
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2127
echo '<div class="error-box">Please enter something to ban.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2128
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2129
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2130
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2131
$entries = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2132
$input = explode(',', $_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2133
$error = false;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2134
foreach ( $input as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2135
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2136
$entry = trim($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2137
if ( empty($entry) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2138
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2139
echo '<div class="error-box">Malformed entry.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2140
$error = true;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2141
break;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2142
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2143
if ( $type == BAN_IP )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2144
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2145
// parse a range of addresses
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2146
$range = parse_ip_range($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2147
if ( !$range )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2148
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2149
$error = true;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2150
echo '<div class="error-box">Malformed IP address expression.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2151
break;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2152
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2153
foreach ($range as $ip)
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2154
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2155
$entries[] = $ip;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2156
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2157
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2158
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2159
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2160
$entries[] = $entry;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2161
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2162
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2163
if ( !$error )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2164
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2165
$regex = ( isset($_POST['regex']) ) ? '1' : '0';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2166
$to_insert = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2167
$reason = $db->escape($_POST['reason']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2168
foreach ( $entries as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2169
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2170
$entry = $db->escape($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2171
$to_insert[] = "($type, '$entry', '$reason', $regex)";
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2172
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2173
$q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2174
@set_time_limit(0);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2175
$e = $db->sql_query($q);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2176
if(!$e) $db->_die('The banlist could not be updated.');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2177
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2178
}
0
+ − 2179
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2180
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2181
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2182
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2183
}
0
+ − 2184
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 2185
if(!$q) $db->_die('The banlist data could not be selected.');
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2186
echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2187
<table border="0" cellspacing="1" cellpadding="4">';
0
+ − 2188
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2189
if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2190
$cls = 'row2';
0
+ − 2191
while($r = $db->fetchrow())
+ − 2192
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2193
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
0
+ − 2194
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 2195
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 2196
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 2197
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2198
echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
0
+ − 2199
}
+ − 2200
$db->free_result();
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2201
echo '</table></div>';
0
+ − 2202
echo '<h3>Create new ban rule</h3>';
+ − 2203
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2204
?>
+ − 2205
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 2206
Rule: <input type="text" name="value" size="30" /><br />
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2207
<small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses. Don't specify large ranges (like the example one here) at once or you risk temporarily (~60sec) overloading the server.</small><br />
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2208
Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br />
0
+ − 2209
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 2210
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 2211
<?php
+ − 2212
echo '</form>';
+ − 2213
}
+ − 2214
+ − 2215
function page_Admin_MassEmail()
+ − 2216
{
+ − 2217
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2218
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2219
{
+ − 2220
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2221
return;
+ − 2222
}
+ − 2223
+ − 2224
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2225
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 2226
{
+ − 2227
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 2228
+ − 2229
//
+ − 2230
// Let's do some checking to make sure that mass mail functions
+ − 2231
// are working in win32 versions of php. (copied from phpBB)
+ − 2232
//
+ − 2233
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 2234
{
+ − 2235
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 2236
+ − 2237
// We are running on windows, force delivery to use our smtp functions
+ − 2238
// since php's are broken by default
+ − 2239
$use_smtp = true;
+ − 2240
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 2241
}
+ − 2242
+ − 2243
$mail = new emailer( !empty($use_smtp) );
+ − 2244
+ − 2245
// Validate subject/message body
+ − 2246
$subject = stripslashes(trim($_POST['subject']));
+ − 2247
$message = stripslashes(trim($_POST['message']));
+ − 2248
+ − 2249
if ( empty($subject) )
+ − 2250
$errors[] = 'Please enter a subject.';
+ − 2251
if ( empty($message) )
+ − 2252
$errors[] = 'Please enter a message.';
+ − 2253
+ − 2254
// Get list of members
+ − 2255
if ( !empty($_POST['userlist']) )
+ − 2256
{
+ − 2257
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 2258
$userlist = explode(',', $userlist);
+ − 2259
foreach ( $userlist as $k => $u )
+ − 2260
{
+ − 2261
if ( $u == $session->username )
+ − 2262
{
+ − 2263
// Message is automatically sent to the sender
+ − 2264
unset($userlist[$k]);
+ − 2265
}
+ − 2266
else
+ − 2267
{
+ − 2268
$userlist[$k] = $db->escape($u);
+ − 2269
}
+ − 2270
}
+ − 2271
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 2272
+ − 2273
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 2274
if ( !$q )
+ − 2275
$db->_die();
+ − 2276
+ − 2277
if ( $row = $db->fetchrow() )
+ − 2278
{
+ − 2279
do {
+ − 2280
$mail->cc($row['email']);
+ − 2281
} while ( $row = $db->fetchrow() );
+ − 2282
}
+ − 2283
+ − 2284
$db->free_result();
+ − 2285
+ − 2286
}
+ − 2287
else
+ − 2288
{
+ − 2289
// Sending to a usergroup
+ − 2290
+ − 2291
$group_id = intval($_POST['group_id']);
+ − 2292
if ( $group_id < 1 )
+ − 2293
{
+ − 2294
$errors[] = 'Invalid group ID';
+ − 2295
}
+ − 2296
else
+ − 2297
{
+ − 2298
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2299
LEFT JOIN '.table_prefix.'users AS u
+ − 2300
ON (u.user_id=g.user_id)
+ − 2301
WHERE g.group_id=' . $group_id . ';');
+ − 2302
if ( !$q )
+ − 2303
$db->_die();
+ − 2304
+ − 2305
if ( $row = $db->fetchrow() )
+ − 2306
{
+ − 2307
do {
+ − 2308
$mail->cc($row['email']);
+ − 2309
} while ( $row = $db->fetchrow() );
+ − 2310
}
+ − 2311
+ − 2312
$db->free_result();
+ − 2313
}
+ − 2314
}
+ − 2315
+ − 2316
if ( sizeof($errors) < 1 )
+ − 2317
{
+ − 2318
+ − 2319
$mail->from(getConfig('contact_email'));
+ − 2320
$mail->replyto(getConfig('contact_email'));
+ − 2321
$mail->set_subject($subject);
+ − 2322
$mail->email_address(getConfig('contact_email'));
+ − 2323
+ − 2324
// Copied/modified from phpBB
+ − 2325
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2326
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2327
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2328
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2329
+ − 2330
$mail->extra_headers($email_headers);
+ − 2331
+ − 2332
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2333
+ − 2334
{CONTACT_EMAIL}
+ − 2335
+ − 2336
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2337
{MESSAGE}
+ − 2338
';
+ − 2339
+ − 2340
$mail->use_template($tpl);
+ − 2341
+ − 2342
$mail->assign_vars(array(
+ − 2343
'SENDER' => $session->username,
+ − 2344
'SITE_NAME' => getConfig('site_name'),
+ − 2345
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2346
'MESSAGE' => $message
+ − 2347
));
+ − 2348
+ − 2349
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2350
+ − 2351
// All done
+ − 2352
$mail->send();
+ − 2353
$mail->reset();
+ − 2354
+ − 2355
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2356
+ − 2357
}
+ − 2358
else
+ − 2359
{
+ − 2360
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2361
}
+ − 2362
+ − 2363
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2364
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2365
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2366
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2367
}
0
+ − 2368
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2369
?>
+ − 2370
<div class="tblholder">
+ − 2371
<table border="0" cellspacing="1" cellpadding="4">
+ − 2372
<tr>
+ − 2373
<th colspan="2">Send mass e-mail</th>
+ − 2374
</tr>
+ − 2375
<tr>
+ − 2376
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2377
Send message to:<br />
+ − 2378
<small>
+ − 2379
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2380
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2381
</small>
+ − 2382
</td>
+ − 2383
<td class="row1">
+ − 2384
<select name="group_id">
+ − 2385
<?php
+ − 2386
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2387
if ( !$q )
+ − 2388
$db->_die();
+ − 2389
while ( $row = $db->fetchrow() )
+ − 2390
{
+ − 2391
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2392
}
+ − 2393
?>
+ − 2394
</select>
+ − 2395
</td>
+ − 2396
</tr>
+ − 2397
<tr>
+ − 2398
<td class="row1">
+ − 2399
Usernames: <input type="text" name="userlist" size="50" />
+ − 2400
</td>
+ − 2401
</tr>
+ − 2402
<tr>
+ − 2403
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2404
Subject:
+ − 2405
</td>
+ − 2406
<td class="row1">
+ − 2407
<input name="subject" type="text" size="50" />
+ − 2408
</td>
+ − 2409
</tr>
+ − 2410
<tr>
+ − 2411
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2412
Message:
+ − 2413
</td>
+ − 2414
<td class="row1">
+ − 2415
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2416
</td>
+ − 2417
</tr>
+ − 2418
<tr>
+ − 2419
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2420
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2421
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2422
</th>
+ − 2423
</tr>
+ − 2424
+ − 2425
</table>
+ − 2426
</div>
+ − 2427
<?php
+ − 2428
echo '</form>';
+ − 2429
}
+ − 2430
+ − 2431
function page_Admin_DBBackup()
+ − 2432
{
+ − 2433
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2434
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2435
{
+ − 2436
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2437
return;
+ − 2438
}
+ − 2439
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2440
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2441
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2442
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2443
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2444
0
+ − 2445
global $system_table_list;
+ − 2446
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2447
{
+ − 2448
+ − 2449
if(defined('SQL_BACKUP_CRYPT'))
+ − 2450
// Try to increase our time limit
+ − 2451
@set_time_limit(300); // five minutes
+ − 2452
// Do the actual export
+ − 2453
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2454
$filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext;
0
+ − 2455
ob_start();
+ − 2456
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2457
header('Content-type: application/transact-sql');
+ − 2458
// Spew some headers
+ − 2459
$headdate = date('F d, Y \a\t h:i a');
+ − 2460
echo <<<HEADER
+ − 2461
-- Enano CMS SQL backup
+ − 2462
-- Generated on {$headdate} by {$session->username}
+ − 2463
+ − 2464
HEADER;
+ − 2465
// build the table list
+ − 2466
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2467
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2468
$tables = array_merge($base, $add);
+ − 2469
+ − 2470
// Log it!
+ − 2471
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2472
if ( !$e )
+ − 2473
$db->_die();
+ − 2474
+ − 2475
foreach($tables as $i => $t)
+ − 2476
{
+ − 2477
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2478
die('Hacking attempt');
+ − 2479
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2480
// unset($tables[$i]);
+ − 2481
}
+ − 2482
foreach($tables as $t)
+ − 2483
{
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2484
// THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0.
0
+ − 2485
// Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables.
+ − 2486
// If encryption is enabled the log data will be excluded too.
+ − 2487
echo export_table(
+ − 2488
$t,
+ − 2489
isset($_POST['do_struct']),
+ − 2490
( isset($_POST['do_data']) /* && $t != table_prefix.'files' && $t != table_prefix.'search_index' && $t != table_prefix.'search_cache' && ( !defined('SQL_BACKUP_CRYPT') || ( defined('SQL_BACKUP_CRYPT') && $t != table_prefix.'logs' ) ) */ ),
+ − 2491
false
+ − 2492
) . "\n";
+ − 2493
}
+ − 2494
$data = ob_get_contents();
+ − 2495
ob_end_clean();
+ − 2496
if(defined('SQL_BACKUP_CRYPT'))
+ − 2497
{
+ − 2498
// Free some memory, we don't need this stuff any more
+ − 2499
$db->close();
+ − 2500
unset($paths, $db, $template, $plugins);
+ − 2501
$tea = new TEACrypt();
+ − 2502
$data = $tea->encrypt($data, $session->private_key);
+ − 2503
}
+ − 2504
header('Content-length: '.strlen($data));
+ − 2505
echo $data;
+ − 2506
exit;
+ − 2507
}
+ − 2508
else
+ − 2509
{
+ − 2510
// Show the UI
+ − 2511
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2512
?>
+ − 2513
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2514
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2515
<p>Additional tables to export:</p>
+ − 2516
<p><select name="additional_tables[]" multiple="multiple">
+ − 2517
<?php
+ − 2518
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2519
while($row = $db->fetchrow_num())
+ − 2520
{
+ − 2521
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2522
}
+ − 2523
?>
+ − 2524
</select>
+ − 2525
</p>
+ − 2526
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2527
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2528
</p>
+ − 2529
<p><input type="submit" value="Create backup" /></p>
+ − 2530
<?php
+ − 2531
echo '</form>';
+ − 2532
}
+ − 2533
}
+ − 2534
+ − 2535
function page_Admin_AdminLogout()
+ − 2536
{
+ − 2537
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2538
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2539
{
+ − 2540
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2541
return;
+ − 2542
}
+ − 2543
+ − 2544
$session->logout(USER_LEVEL_ADMIN);
+ − 2545
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2546
}
+ − 2547
+ − 2548
function page_Special_Administration()
+ − 2549
{
+ − 2550
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2551
+ − 2552
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2553
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2554
exit;
+ − 2555
}
+ − 2556
else
+ − 2557
{
+ − 2558
$template->load_theme('admin', 'default');
+ − 2559
$template->init_vars();
+ − 2560
if( !isset( $_GET['noheaders'] ) )
+ − 2561
{
+ − 2562
$template->header();
+ − 2563
}
+ − 2564
echo 'Administer your Enano website.';
+ − 2565
?>
+ − 2566
<script type="text/javascript">
+ − 2567
function ajaxPage(t)
+ − 2568
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2569
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2570
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2571
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2572
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2573
}
0
+ − 2574
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2575
{
+ − 2576
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2577
mb.onclick['Yes'] = function() {
+ − 2578
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2579
var tigraobj = $(tigraentry);
+ − 2580
var div = document.createElement('div');
+ − 2581
div.style.backgroundColor = '#FFFFFF';
+ − 2582
domObjChangeOpac(70, div);
+ − 2583
div.style.position = 'absolute';
+ − 2584
var top = tigraobj.Top();
+ − 2585
var left = tigraobj.Left();
+ − 2586
var width = tigraobj.Width();
+ − 2587
var height = tigraobj.Height();
+ − 2588
div.style.top = top + 'px';
+ − 2589
div.style.left = left + 'px';
+ − 2590
div.style.width = width + 'px';
+ − 2591
div.style.height = height + 'px';
+ − 2592
var body = document.getElementsByTagName('body')[0];
+ − 2593
enlighten(true);
+ − 2594
body.appendChild(div);
+ − 2595
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2596
}
+ − 2597
return;
+ − 2598
}
+ − 2599
ajaxPageBin(t);
+ − 2600
}
+ − 2601
function ajaxPageBin(t)
+ − 2602
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2603
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2604
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2605
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2606
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2607
}
0
+ − 2608
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2609
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2610
if(ajax.readyState == 4) {
+ − 2611
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2612
fadeInfoBoxes();
+ − 2613
}
+ − 2614
});
+ − 2615
}
+ − 2616
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2617
var TREE_TPL = {
+ − 2618
'target' : '_self', // name of the frame links will be opened in
+ − 2619
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2620
+ − 2621
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2622
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2623
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2624
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2625
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2626
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2627
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2628
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2629
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2630
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2631
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2632
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2633
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2634
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2635
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2636
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2637
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2638
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2639
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2640
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2641
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2642
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2643
};
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 2644
addOnloadHook(keepalive_onload);
0
+ − 2645
<?php
+ − 2646
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2647
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2648
</script>
+ − 2649
<table border="0" width="100%">
+ − 2650
<tr>
+ − 2651
<td class="holder" valign="top">
+ − 2652
<div class="pad" style="padding-right: 20px;">
+ − 2653
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2654
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2655
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2656
new tree(TREE_ITEMS, TREE_TPL);
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2657
}
0
+ − 2658
</script>
+ − 2659
</div>
+ − 2660
</td>
+ − 2661
<td width="100%" valign="top">
+ − 2662
<div class="pad" id="ajaxPageContainer">
+ − 2663
<?php
+ − 2664
if(isset($_GET['module']))
+ − 2665
{
+ − 2666
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2667
$k = array_keys($paths->nslist);
+ − 2668
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2669
{
+ − 2670
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2671
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2672
{
+ − 2673
$ns = $k[$i];
+ − 2674
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2675
}
+ − 2676
}
+ − 2677
$fname = 'page_'.$ns.'_'.$nm;
+ − 2678
$s = strpos($fname, '?noheaders');
+ − 2679
if($s) $fname = substr($fname, 0, $s);
+ − 2680
$paths->cpage['module'] = $_GET['module'];
+ − 2681
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2682
{
+ − 2683
eval($fname.'();');
+ − 2684
}
+ − 2685
}
+ − 2686
else
+ − 2687
{
+ − 2688
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2689
}
+ − 2690
?>
+ − 2691
</div>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2692
<script type="text/javascript">
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2693
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2694
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2695
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2696
}
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2697
</script>
0
+ − 2698
</td>
+ − 2699
</tr>
+ − 2700
</table>
+ − 2701
+ − 2702
<?php
+ − 2703
}
+ − 2704
if(!isset($_GET['noheaders']))
+ − 2705
{
+ − 2706
$template->footer();
+ − 2707
}
+ − 2708
}
+ − 2709
+ − 2710
function page_Special_EditSidebar()
+ − 2711
{
+ − 2712
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2713
+ − 2714
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2715
{
+ − 2716
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2717
exit;
+ − 2718
}
+ − 2719
else
+ − 2720
{
+ − 2721
+ − 2722
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2723
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2724
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2725
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2726
+ − 2727
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2728
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2729
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2730
+ − 2731
$template->load_theme('oxygen', 'bleu');
+ − 2732
$template->init_vars();
+ − 2733
+ − 2734
$template->header();
+ − 2735
+ − 2736
if(isset($_POST['save']))
+ − 2737
{
+ − 2738
// Write the new block order to the database
+ − 2739
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2740
// Anyone know a better way to do this?
+ − 2741
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2742
if ( !$q )
+ − 2743
{
+ − 2744
$db->_die('The sidebar order data could not be selected.');
+ − 2745
}
+ − 2746
$orders = Array();
+ − 2747
while($row = $db->fetchrow())
+ − 2748
{
+ − 2749
$orders[] = Array(
+ − 2750
count($orders),
+ − 2751
$row['item_id'],
+ − 2752
$row['sidebar_id'],
+ − 2753
);
+ − 2754
}
+ − 2755
$db->free_result();
+ − 2756
+ − 2757
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2758
$ol = explode(',', $_POST['order_left']);
+ − 2759
$odr = explode(',', $_POST['order_right']);
+ − 2760
$om = array_merge($ol, $odr);
+ − 2761
unset($ol, $odr);
+ − 2762
$queries = Array();
+ − 2763
foreach($orders as $k => $v)
+ − 2764
{
+ − 2765
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2766
}
+ − 2767
foreach($queries as $sql)
+ − 2768
{
+ − 2769
$q = $db->sql_query($sql);
+ − 2770
if(!$q)
+ − 2771
{
+ − 2772
$t = $db->get_error();
+ − 2773
echo $t;
+ − 2774
$template->footer();
+ − 2775
exit;
+ − 2776
}
+ − 2777
}
+ − 2778
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2779
}
+ − 2780
elseif(isset($_POST['create']))
+ − 2781
{
+ − 2782
switch((int)$_POST['type'])
+ − 2783
{
+ − 2784
case BLOCK_WIKIFORMAT:
+ − 2785
$content = $_POST['wikiformat_content'];
+ − 2786
break;
+ − 2787
case BLOCK_TEMPLATEFORMAT:
+ − 2788
$content = $_POST['templateformat_content'];
+ − 2789
break;
+ − 2790
case BLOCK_HTML:
+ − 2791
$content = $_POST['html_content'];
+ − 2792
break;
+ − 2793
case BLOCK_PHP:
+ − 2794
$content = $_POST['php_content'];
+ − 2795
break;
+ − 2796
case BLOCK_PLUGIN:
+ − 2797
$content = $_POST['plugin_id'];
+ − 2798
break;
+ − 2799
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2800
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2801
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2802
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2803
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2804
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2805
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2806
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2807
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2808
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2809
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2810
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2811
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2812
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2813
0
+ − 2814
// Get the value of item_order
+ − 2815
+ − 2816
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2817
if(!$q) $db->_die('The order number could not be selected');
+ − 2818
$io = $db->numrows();
+ − 2819
+ − 2820
$db->free_result();
+ − 2821
+ − 2822
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2823
$result = $db->sql_query($q);
+ − 2824
if(!$result)
+ − 2825
{
+ − 2826
echo $db->get_error();
+ − 2827
$template->footer();
+ − 2828
exit;
+ − 2829
}
+ − 2830
+ − 2831
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2832
+ − 2833
}
+ − 2834
+ − 2835
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2836
{
161
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 2837
if(!preg_match('#^([0-9]*)$#', $_GET['id']))
0
+ − 2838
{
+ − 2839
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2840
}
+ − 2841
switch($_GET['action'])
+ − 2842
{
+ − 2843
case 'new':
+ − 2844
?>
+ − 2845
<script type="text/javascript">
+ − 2846
function setType(input)
+ − 2847
{
+ − 2848
val = input.value;
+ − 2849
if(!val)
+ − 2850
{
+ − 2851
return false;
+ − 2852
}
+ − 2853
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2854
for(var i in divs)
+ − 2855
{
+ − 2856
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2857
else divs[i].style.display = 'none';
+ − 2858
}
+ − 2859
}
+ − 2860
</script>
+ − 2861
+ − 2862
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2863
+ − 2864
<p>
+ − 2865
What type of block should this be?
+ − 2866
</p>
+ − 2867
<p>
+ − 2868
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2869
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2870
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2871
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2872
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2873
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2874
</select>
+ − 2875
</p>
+ − 2876
+ − 2877
<p>
+ − 2878
+ − 2879
Block title: <input name="title" type="text" size="40" /><br />
+ − 2880
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2881
+ − 2882
</p>
+ − 2883
+ − 2884
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2885
<p>
+ − 2886
Wikitext:
+ − 2887
</p>
+ − 2888
<p>
+ − 2889
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2890
</p>
+ − 2891
</div>
+ − 2892
+ − 2893
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2894
<p>
+ − 2895
Template code:
+ − 2896
</p>
+ − 2897
<p>
+ − 2898
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2899
</p>
+ − 2900
</div>
+ − 2901
+ − 2902
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2903
<p>
+ − 2904
HTML to place inside the sidebar:
+ − 2905
</p>
+ − 2906
<p>
+ − 2907
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2908
</p>
+ − 2909
</div>
+ − 2910
+ − 2911
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2912
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2913
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2914
<?php } else { ?>
0
+ − 2915
<p>
+ − 2916
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2917
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2918
</p>
+ − 2919
<p>
+ − 2920
<span style="color: red;">
+ − 2921
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2922
</span> You have been warned.
+ − 2923
</p>
+ − 2924
<p>
+ − 2925
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2926
</p>
+ − 2927
<p>
+ − 2928
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2929
</p>
+ − 2930
<p>
+ − 2931
PHP code:
+ − 2932
</p>
+ − 2933
<p>
+ − 2934
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2935
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2936
<?php } ?>
0
+ − 2937
</div>
+ − 2938
+ − 2939
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2940
<p>
+ − 2941
Plugin:
+ − 2942
</p>
+ − 2943
<p>
+ − 2944
<select name="plugin_id">
+ − 2945
<?php
+ − 2946
foreach($template->plugin_blocks as $k => $c)
+ − 2947
{
+ − 2948
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2949
}
+ − 2950
?>
+ − 2951
</select>
+ − 2952
</p>
+ − 2953
</div>
+ − 2954
+ − 2955
<p>
+ − 2956
+ − 2957
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2958
<input type="submit" name="cancel" value="Cancel" />
+ − 2959
+ − 2960
</p>
+ − 2961
+ − 2962
</form>
+ − 2963
+ − 2964
<script type="text/javascript">
+ − 2965
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2966
for(var i in divs)
+ − 2967
{
+ − 2968
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2969
}
+ − 2970
</script>
+ − 2971
+ − 2972
<?php
+ − 2973
$template->footer();
+ − 2974
return;
+ − 2975
break;
+ − 2976
case 'move':
+ − 2977
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2978
{
+ − 2979
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2980
break;
+ − 2981
}
179
+ − 2982
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2983
if(!$query)
+ − 2984
{
+ − 2985
echo $db->get_error();
+ − 2986
$template->footer();
+ − 2987
exit;
+ − 2988
}
+ − 2989
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2990
break;
+ − 2991
case 'delete':
179
+ − 2992
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
0
+ − 2993
if(!$query)
+ − 2994
{
+ − 2995
echo $db->get_error();
+ − 2996
$template->footer();
+ − 2997
exit;
+ − 2998
}
+ − 2999
if(isset($_GET['ajax']))
+ − 3000
{
+ − 3001
ob_end_clean();
+ − 3002
die('GOOD');
+ − 3003
}
+ − 3004
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 3005
break;
+ − 3006
case 'disenable';
179
+ − 3007
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3008
if(!$q)
+ − 3009
{
+ − 3010
echo $db->get_error();
+ − 3011
$template->footer();
+ − 3012
exit;
+ − 3013
}
+ − 3014
$r = $db->fetchrow();
+ − 3015
$db->free_result();
+ − 3016
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
179
+ − 3017
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
+ − 3018
if(!$q)
+ − 3019
{
+ − 3020
echo $db->get_error();
+ − 3021
$template->footer();
+ − 3022
exit;
+ − 3023
}
+ − 3024
if(isset($_GET['ajax']))
+ − 3025
{
+ − 3026
ob_end_clean();
+ − 3027
die('GOOD');
+ − 3028
}
+ − 3029
break;
+ − 3030
case 'rename';
+ − 3031
$newname = $db->escape($_POST['newname']);
+ − 3032
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3033
if(!$q)
+ − 3034
{
+ − 3035
echo $db->get_error();
+ − 3036
$template->footer();
+ − 3037
exit;
+ − 3038
}
+ − 3039
if(isset($_GET['ajax']))
+ − 3040
{
+ − 3041
ob_end_clean();
+ − 3042
die('GOOD');
+ − 3043
}
+ − 3044
break;
+ − 3045
case 'getsource':
179
+ − 3046
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3047
if(!$q)
+ − 3048
{
+ − 3049
echo $db->get_error();
+ − 3050
$template->footer();
+ − 3051
exit;
+ − 3052
}
+ − 3053
ob_end_clean();
+ − 3054
$r = $db->fetchrow();
+ − 3055
$db->free_result();
+ − 3056
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 3057
die($r['block_content']);
+ − 3058
break;
+ − 3059
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3060
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3061
{
179
+ − 3062
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3063
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3064
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3065
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3066
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3067
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3068
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3069
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3070
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3071
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3072
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3073
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3074
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3075
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3076
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3077
}
179
+ − 3078
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3079
if(!$q)
+ − 3080
{
+ − 3081
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 3082
exit;
+ − 3083
}
179
+ − 3084
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3085
if(!$q)
+ − 3086
{
+ − 3087
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 3088
exit;
+ − 3089
}
+ − 3090
$row = $db->fetchrow();
+ − 3091
$db->free_result();
+ − 3092
switch($row['block_type'])
+ − 3093
{
+ − 3094
case BLOCK_WIKIFORMAT:
+ − 3095
default:
+ − 3096
$c = RenderMan::render($row['block_content']);
+ − 3097
break;
+ − 3098
case BLOCK_TEMPLATEFORMAT:
+ − 3099
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 3100
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3101
break;
+ − 3102
case BLOCK_HTML:
+ − 3103
$c = $row['block_content'];
+ − 3104
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3105
break;
+ − 3106
case BLOCK_PHP:
+ − 3107
ob_start();
+ − 3108
eval($row['block_content']);
+ − 3109
$c = ob_get_contents();
+ − 3110
ob_end_clean();
+ − 3111
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3112
break;
+ − 3113
case BLOCK_PLUGIN:
+ − 3114
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 3115
break;
+ − 3116
}
+ − 3117
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 3118
break;
+ − 3119
}
+ − 3120
}
+ − 3121
+ − 3122
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 3123
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 3124
+ − 3125
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 3126
+ − 3127
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 3128
$parser->assign_vars(Array(
+ − 3129
'HREF'=>'#',
+ − 3130
'FLAGS'=>'onclick="return false;"',
+ − 3131
'TEXT'=>'Change theme'
+ − 3132
));
+ − 3133
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 3134
$parser->assign_vars(Array(
+ − 3135
'TEXT'=>'Log out',
+ − 3136
));
+ − 3137
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 3138
+ − 3139
$n1 = Array();
+ − 3140
$n2 = Array();
+ − 3141
$n =& $n1;
+ − 3142
+ − 3143
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 3144
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 3145
+ − 3146
// Time for the loop
+ − 3147
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 3148
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 3149
while($row = $db->fetchrow())
+ − 3150
{
+ − 3151
if(isset($current_side))
+ − 3152
{
+ − 3153
if($current_side != $row['sidebar_id'])
+ − 3154
{
+ − 3155
// Time to switch!
+ − 3156
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 3157
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 3158
//echo '</td><td valign="top">';
+ − 3159
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 3160
$n =& $n2;
+ − 3161
}
+ − 3162
}
+ − 3163
$n[] = count($n);
+ − 3164
$current_side = $row['sidebar_id'];
+ − 3165
switch($row['block_type'])
+ − 3166
{
+ − 3167
case BLOCK_WIKIFORMAT:
+ − 3168
default:
+ − 3169
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 3170
$c = RenderMan::render($row['block_content']);
+ − 3171
break;
+ − 3172
case BLOCK_TEMPLATEFORMAT:
+ − 3173
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 3174
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 3175
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
173
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 3176
// fix for the "Administration" link that somehow didn't get rendered properly
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 3177
$c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
0
+ − 3178
break;
+ − 3179
case BLOCK_HTML:
+ − 3180
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3181
$c = $row['block_content'];
+ − 3182
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3183
break;
+ − 3184
case BLOCK_PHP:
+ − 3185
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3186
ob_start();
+ − 3187
eval($row['block_content']);
+ − 3188
$c = ob_get_contents();
+ − 3189
ob_end_clean();
+ − 3190
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3191
break;
+ − 3192
case BLOCK_PLUGIN:
+ − 3193
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3194
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 3195
break;
+ − 3196
}
179
+ − 3197
$t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $template->tplWikiFormat($row['block_name']) . '</span>';
0
+ − 3198
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 3199
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 3200
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 3201
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 3202
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 3203
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 3204
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 3205
$as = '';
+ − 3206
$ae = ' '.$tb;
+ − 3207
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 3208
echo $parser->run();
+ − 3209
unset($parser);
+ − 3210
+ − 3211
}
+ − 3212
$db->free_result();
+ − 3213
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 3214
echo '</div></td></tr></table>';
+ − 3215
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 3216
$order = implode(',', $n1);
+ − 3217
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 3218
$order = implode(',', $n2);
+ − 3219
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 3220
echo '
+ − 3221
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 3222
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 3223
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 3224
<br />
+ − 3225
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 3226
</div>
+ − 3227
</form>
+ − 3228
';
+ − 3229
}
+ − 3230
+ − 3231
$template->footer();
+ − 3232
}
+ − 3233
+ − 3234
?>