0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin:
+ − 6
Author: Dan Fuhry
+ − 7
Version: 1.0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
diff
changeset
+ − 13
* Version 1.0 (Banshee)
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
+ − 38
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 39
));
+ − 40
');
+ − 41
+ − 42
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 43
+ − 44
function page_Admin_Home() {
+ − 45
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 46
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 47
{
+ − 48
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 49
return;
+ − 50
}
+ − 51
+ − 52
// Basic information
+ − 53
echo RenderMan::render(
+ − 54
'== Welcome to Runt, the Enano administration panel. ==
+ − 55
+ − 56
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 57
+ − 58
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 59
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 60
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 61
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 62
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 63
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 64
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
0
+ − 67
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 68
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 69
{
+ − 70
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 71
}
+ − 72
+ − 73
// Inactive users
+ − 74
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 75
if($q)
+ − 76
if($db->numrows() > 0)
+ − 77
{
+ − 78
$n = $db->numrows();
+ − 79
if($n == 1) $s = $n . ' user is';
+ − 80
else $s = $n . ' users are';
+ − 81
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 82
}
+ − 83
$db->free_result();
+ − 84
// Stats
+ − 85
if(getConfig('log_hits') == '1')
+ − 86
{
+ − 87
$stats = stats_top_pages(10);
+ − 88
$c = 0;
+ − 89
$cls = 'row2';
+ − 90
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
+ − 91
foreach($stats as $page => $count)
+ − 92
{
+ − 93
if(isset($paths->pages[$page]))
+ − 94
{
+ − 95
echo '<tr>';
+ − 96
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 97
echo '<td class="'.$cls.'"><a href="'.makeUrl($page).'">'.$paths->pages[$page]['name'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$count.'</td>';
+ − 98
echo '</tr>';
+ − 99
}
+ − 100
}
+ − 101
echo '</table></div>';
+ − 102
}
+ − 103
+ − 104
// Security log
+ − 105
echo '<h3>Security log</h3>';
+ − 106
echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
+ − 107
$cls = 'row2';
+ − 108
echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
20
+ − 109
require('config.php');
+ − 110
$hash = md5($dbpasswd);
+ − 111
unset($dbname, $dbhost, $dbuser, $dbpasswd);
+ − 112
unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 113
if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' )
0
+ − 114
{
20
+ − 115
echo '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
0
+ − 116
}
+ − 117
else
+ − 118
{
20
+ − 119
if(isset($_GET['fulllog']))
+ − 120
{
+ − 121
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
+ − 122
}
+ − 123
else
+ − 124
{
+ − 125
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5';
+ − 126
}
+ − 127
$q = $db->sql_query($l);
+ − 128
while($r = $db->fetchrow())
+ − 129
{
+ − 130
if($cls == 'row2') $cls = 'row1';
+ − 131
else $cls = 'row2';
+ − 132
echo '<tr><td class="'.$cls.'">';
+ − 133
switch($r['action']) {
+ − 134
case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break;
+ − 135
case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break;
+ − 136
case "activ_good": echo 'Successful account activation'; break;
+ − 137
case "auth_good": echo 'Successful regular user logon'; break;
+ − 138
case "activ_bad": echo 'Failed account activation'; break;
+ − 139
case "auth_bad": echo 'Failed regular user logon'; break;
+ − 140
case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
+ − 141
case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
+ − 142
case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
+ − 143
}
+ − 144
echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
+ − 145
}
+ − 146
$db->free_result();
0
+ − 147
}
+ − 148
echo '</table></div>';
+ − 149
if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&fulllog\'); return false;">Full security log</a></p>';
+ − 150
+ − 151
}
+ − 152
+ − 153
function page_Admin_GeneralConfig() {
+ − 154
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 155
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 156
{
+ − 157
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 158
return;
+ − 159
}
+ − 160
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 161
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 162
{
0
+ − 163
+ − 164
// Global site options
+ − 165
setConfig('site_name', $_POST['site_name']);
+ − 166
setConfig('site_desc', $_POST['site_desc']);
+ − 167
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 168
setConfig('copyright_notice', $_POST['copyright']);
+ − 169
setConfig('contact_email', $_POST['contact_email']);
+ − 170
+ − 171
// Wiki mode
+ − 172
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 173
else setConfig('wiki_mode', '0');
+ − 174
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 175
else setConfig('wiki_mode_require_login', '0');
+ − 176
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 177
else setConfig('wiki_edit_notice', '0');
+ − 178
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 179
+ − 180
// Stats
+ − 181
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 182
else setConfig('log_hits', '0');
+ − 183
+ − 184
// Disablement
+ − 185
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 186
else setConfig('site_disabled', '0');
+ − 187
+ − 188
// Account activation
+ − 189
setConfig('account_activation', $_POST['account_activation']);
+ − 190
+ − 191
// W3C compliance buttons
+ − 192
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 193
else setConfig("w3c_vh32", "0");
+ − 194
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 195
else setConfig("w3c_vh40", "0");
+ − 196
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 197
else setConfig("w3c_vh401", "0");
+ − 198
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 199
else setConfig("w3c_vxhtml10", "0");
+ − 200
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 201
else setConfig("w3c_vxhtml11", "0");
+ − 202
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 203
else setConfig("w3c_vcss", "0");
+ − 204
+ − 205
// SourceForge.net logo
+ − 206
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 207
else setConfig('sflogo_enabled', '0');
+ − 208
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 209
setConfig('sflogo_type', $_POST['sflogo']);
+ − 210
+ − 211
// Comment options
+ − 212
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 213
else setConfig('approve_comments', '0');
+ − 214
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 215
else setConfig('enable_comments', '0');
+ − 216
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 217
+ − 218
// Powered by link
+ − 219
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 220
else setConfig('powered_btn', '0');
+ − 221
+ − 222
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 223
else setConfig('dbd_button', '0');
+ − 224
+ − 225
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 226
else setConfig('smtp_enabled', '1');
+ − 227
+ − 228
setConfig('smtp_server', $_POST['smtp_host']);
+ − 229
setConfig('smtp_user', $_POST['smtp_user']);
+ − 230
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 231
+ − 232
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 233
+ − 234
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 235
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 236
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 237
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 238
}
0
+ − 239
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 240
?>
+ − 241
<div class="tblholder">
+ − 242
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 243
+ − 244
<!-- Global options -->
+ − 245
+ − 246
<tr><th colspan="2">Global site options</th></tr>
+ − 247
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 248
40
+ − 249
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ − 250
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ − 251
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ − 252
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
0
+ − 253
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 254
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 255
+ − 256
<!-- Wiki mode -->
+ − 257
+ − 258
<tr><th colspan="2">Wiki mode</th></tr>
+ − 259
+ − 260
<tr>
+ − 261
<td class="row3" rowspan="2">
+ − 262
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 263
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 264
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 265
</td>
+ − 266
<td class="row1">
+ − 267
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 268
</td>
+ − 269
</tr>
+ − 270
+ − 271
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 272
+ − 273
<tr>
+ − 274
<td class="row3" rowspan="2">
+ − 275
<b>Edit page notice</b><br />
+ − 276
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 277
</td>
+ − 278
<td class="row1">
+ − 279
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 280
</td>
+ − 281
</tr>
+ − 282
+ − 283
<tr>
+ − 284
<td class="row2">
+ − 285
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 286
</td>
+ − 287
</tr>
+ − 288
+ − 289
<!-- Site statistics -->
+ − 290
+ − 291
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 292
+ − 293
<tr>
+ − 294
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 295
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 296
</tr>
+ − 297
+ − 298
<!-- Comment options -->
+ − 299
+ − 300
<tr><th colspan="2">Comment system</th></tr>
+ − 301
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 302
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 303
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 304
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 305
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 306
+ − 307
<!--
+ − 308
+ − 309
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 310
permissions, select The Entire Website in any permissions editor window.
+ − 311
+ − 312
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 313
+ − 314
<tr>
+ − 315
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 316
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 317
</tr>
+ − 318
+ − 319
-->
+ − 320
+ − 321
<!-- enanocms.org link -->
+ − 322
+ − 323
<tr>
+ − 324
<th colspan="2">Promote Enano</th>
+ − 325
</tr>
+ − 326
<tr>
+ − 327
<td class="row3">
+ − 328
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 329
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 330
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 331
using this link.
+ − 332
</td>
+ − 333
<td class="row1">
+ − 334
<label>
36
+ − 335
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar
0
+ − 336
</label>
+ − 337
</td>
+ − 338
</tr>
+ − 339
+ − 340
<!-- Site disablement -->
+ − 341
+ − 342
<tr><th colspan="2">Disable all site access</th></tr>
+ − 343
+ − 344
<tr>
+ − 345
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 346
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 347
</tr>
+ − 348
<tr>
+ − 349
<td class="row2">
30
+ − 350
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
0
+ − 351
Message to show to users:<br />
+ − 352
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 353
</div>
+ − 354
</td>
+ − 355
</tr>
+ − 356
+ − 357
<!-- Account activation -->
+ − 358
+ − 359
<tr><th colspan="2">User account activation</th></tr>
+ − 360
+ − 361
<tr>
+ − 362
<td class="row3" colspan="2">
+ − 363
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 364
You may also disable registration completely if needed.<br /><br />
+ − 365
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 366
</td>
+ − 367
</tr>
+ − 368
+ − 369
<tr>
+ − 370
<td class="row1">Account activation:</td><td class="row1">
+ − 371
<?php
+ − 372
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
+ − 373
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
+ − 374
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 375
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 376
?>
+ − 377
</td>
+ − 378
</tr>
+ − 379
+ − 380
<!-- E-mail options -->
+ − 381
+ − 382
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 383
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 384
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 385
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 386
</tr>
+ − 387
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 388
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 389
</tr>
+ − 390
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 391
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 392
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 393
</tr>
+ − 394
+ − 395
<!-- SourceForge.net logo -->
+ − 396
+ − 397
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 398
+ − 399
<tr>
+ − 400
<td colspan="2" class="row3">
+ − 401
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 402
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 403
</td>
+ − 404
</tr>
+ − 405
+ − 406
<?php
+ − 407
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 408
else $c='';
+ − 409
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 410
else $g='';
+ − 411
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 412
else $t='1';
+ − 413
?>
+ − 414
+ − 415
<tr>
+ − 416
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 417
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 418
</tr>
+ − 419
+ − 420
<tr>
+ − 421
<td class="row2">Group ID:</td>
+ − 422
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 423
</tr>
+ − 424
+ − 425
<tr>
+ − 426
<td class="row1">Logo style:</td>
+ − 427
<td class="row1">
+ − 428
<select name="sflogo">
+ − 429
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 430
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 431
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 432
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 433
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 434
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 435
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 436
</select>
+ − 437
</td>
+ − 438
</tr>
+ − 439
+ − 440
<!-- W3C validator buttons -->
+ − 441
+ − 442
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 443
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 444
+ − 445
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 446
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 447
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 448
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 449
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 450
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 451
+ − 452
<!-- DefectiveByDesign.org ad -->
+ − 453
+ − 454
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 455
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 456
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 457
+ − 458
<!-- Save button -->
+ − 459
+ − 460
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 461
+ − 462
</table>
+ − 463
</div>
+ − 464
</form>
+ − 465
<?php
+ − 466
}
+ − 467
+ − 468
function page_Admin_UploadConfig()
+ − 469
{
+ − 470
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 471
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 472
{
+ − 473
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 474
return;
+ − 475
}
+ − 476
+ − 477
if(isset($_POST['save']))
+ − 478
{
+ − 479
if(isset($_POST['enable_uploads'])) setConfig('enable_uploads', '1'); else setConfig('enable_uploads', '0');
+ − 480
if(isset($_POST['enable_imagemagick'])) setConfig('enable_imagemagick', '1'); else setConfig('enable_imagemagick', '0');
+ − 481
if(isset($_POST['cache_thumbs'])) setConfig('cache_thumbs', '1'); else setConfig('cache_thumbs', '0');
+ − 482
if(isset($_POST['file_history'])) setConfig('file_history', '1'); else setConfig('file_history', '0');
+ − 483
if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']);
+ − 484
else echo '<span style="color: red"><b>Warning:</b> the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.</span>';
+ − 485
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 486
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 487
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 488
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 489
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 490
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 491
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 492
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 493
}
0
+ − 494
}
+ − 495
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 496
?>
+ − 497
<h3>File upload configuration</h3>
+ − 498
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 499
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 500
and executable files can sometimes be uploaded.</p>
+ − 501
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 502
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 503
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 504
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 505
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 506
large images many times can cost you quite a lot of bandwidth.</p>
+ − 507
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 508
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 509
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 510
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 511
</p>
+ − 512
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 513
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 514
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 515
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 516
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 517
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 518
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 519
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 520
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 521
enabled unless you have less than 250MB of MySQL database space.</p>
+ − 522
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
+ − 523
<hr style="margin-left: 1em;" />
+ − 524
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 525
<?php
+ − 526
echo '</form>';
+ − 527
}
+ − 528
+ − 529
function page_Admin_PluginManager() {
+ − 530
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 531
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 532
{
+ − 533
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 534
return;
+ − 535
}
+ − 536
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 537
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 538
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 539
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 540
{
0
+ − 541
case "enable":
+ − 542
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 543
break;
+ − 544
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 545
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 546
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 547
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 548
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 549
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 550
if ( $_GET['plugin'] != 'SpecialAdmin.php' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 551
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 552
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 553
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 554
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 555
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 556
echo('<h3>Error disabling plugin</h3><p>The administration panel plugin cannot be disabled.</p>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 557
}
0
+ − 558
break;
+ − 559
}
+ − 560
}
+ − 561
$dir = './plugins/';
+ − 562
$plugin_list = Array();
+ − 563
$system = Array();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 564
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 565
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 566
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 567
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 568
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 569
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 570
{
0
+ − 571
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 572
{
+ − 573
if ( in_array($file, $plugins->system_plugins) )
+ − 574
{
+ − 575
$thelist =& $system;
+ − 576
continue;
+ − 577
}
+ − 578
else
+ − 579
{
+ − 580
$thelist =& $plugin_list;
+ − 581
}
+ − 582
$f = file_get_contents($dir . $file);
+ − 583
$f = explode("\n", $f);
+ − 584
$f = array_slice($f, 2, 7);
+ − 585
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 586
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 587
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 588
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 589
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 590
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 591
$thelist[$file] = Array();
+ − 592
$thelist[$file]['name'] = $f[0];
+ − 593
$thelist[$file]['uri'] = $f[1];
+ − 594
$thelist[$file]['desc'] = $f[2];
+ − 595
$thelist[$file]['auth'] = $f[3];
+ − 596
$thelist[$file]['vers'] = $f[4];
+ − 597
$thelist[$file]['aweb'] = $f[5];
+ − 598
}
+ − 599
}
+ − 600
closedir($dh);
+ − 601
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 602
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 603
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 604
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 605
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 606
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 608
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 609
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 610
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 611
return;
0
+ − 612
}
+ − 613
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 614
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
+ − 615
$plugin_files = array_keys($plugin_list);
+ − 616
$cls = 'row2';
+ − 617
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 618
{
+ − 619
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
+ − 620
echo '<tr>
+ − 621
<td class="'.$cls.'">'.$plugin_files[$i].'</td>
+ − 622
<td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['uri'].'">'.$plugin_list[$plugin_files[$i]]['name'].'</a></td>
+ − 623
<td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['desc'].'</td>
+ − 624
<td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['aweb'].'">'.$plugin_list[$plugin_files[$i]]['auth'].'</a></td>
+ − 625
<td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['vers'].'</td>
+ − 626
<td class="'.$cls.'">';
+ − 627
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
+ − 628
{
+ − 629
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
+ − 630
}
+ − 631
else
+ − 632
{
+ − 633
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
+ − 634
}
+ − 635
echo '</td></tr>';
+ − 636
}
+ − 637
echo '</table></div>';
+ − 638
}
+ − 639
+ − 640
function page_Admin_UploadAllowedMimeTypes()
+ − 641
{
+ − 642
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 643
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 644
{
+ − 645
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 646
return;
+ − 647
}
+ − 648
+ − 649
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 650
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 651
{
+ − 652
$bits = '';
+ − 653
$keys = array_keys($mime_types);
+ − 654
foreach($keys as $i => $k)
+ − 655
{
+ − 656
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 657
else $bits .= '0';
+ − 658
}
+ − 659
$bits = compress_bitfield($bits);
+ − 660
setConfig('allowed_mime_types', $bits);
+ − 661
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 662
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 663
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 664
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 665
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 666
}
0
+ − 667
$allowed = fetch_allowed_extensions();
+ − 668
?>
+ − 669
<h3>Allowed file types</h3>
+ − 670
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 671
<?php
+ − 672
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 673
$c = -1;
+ − 674
$t = -1;
+ − 675
$cl = 'row1';
+ − 676
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
+ − 677
foreach($mime_types as $e => $m)
+ − 678
{
+ − 679
$c++;
+ − 680
$t++;
+ − 681
if($c == 3)
+ − 682
{
+ − 683
$c = 0;
+ − 684
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 685
echo '</tr>'."\n".' <tr>'."\n ";
+ − 686
}
+ − 687
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 688
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 689
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 690
}
+ − 691
while($c < 2)
+ − 692
{
+ − 693
$c++;
+ − 694
echo " <td class='{$cl}'></td>\n ";
+ − 695
}
+ − 696
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 697
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 698
echo '</form>';
+ − 699
?>
+ − 700
<?php
+ − 701
}
+ − 702
+ − 703
function page_Admin_Sidebar()
+ − 704
{
+ − 705
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 706
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 707
{
+ − 708
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 709
return;
+ − 710
}
+ − 711
+ − 712
?>
+ − 713
<h2>Editing and managing the Enano sidebar</h2>
+ − 714
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 715
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 716
markup language.
+ − 717
</p>
+ − 718
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 719
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 720
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 721
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 722
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 723
external sites.</p>
+ − 724
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 725
<pre>{slider=Navigation}
+ − 726
[[Main Page|Home]]
+ − 727
[[Enano:Sidebar|Edit the sidebar]]
+ − 728
{/slider}</pre>
+ − 729
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 730
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 731
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 732
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 733
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 734
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 735
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 736
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 737
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 738
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 739
<pre>{slider=$USERNAME}
+ − 740
[[User:$USERNAME|User page]]
+ − 741
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 742
{if user_logged_in}
+ − 743
[[Special:Preferences|Preferences]]
+ − 744
$THEME_LINK
+ − 745
{/if}
+ − 746
{if auth_admin}
+ − 747
[[Special:Administration|Administration]]
+ − 748
{/if}
+ − 749
{if user_logged_in}
+ − 750
$LOGOUT_LINK
+ − 751
{/if}
+ − 752
{!if user_logged_in}
+ − 753
Create an account
+ − 754
Log in
+ − 755
{/if}
+ − 756
{/slider}</pre>
+ − 757
<?php
+ − 758
}
+ − 759
+ − 760
function page_Admin_UserManager() {
+ − 761
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 762
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 763
{
+ − 764
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 765
return;
+ − 766
}
+ − 767
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 768
if(isset($_POST['go']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 769
{
0
+ − 770
// We need the user ID before we can do anything
+ − 771
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 772
if ( !$q )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 773
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 774
die('Error selecting user ID: '.mysql_error());
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 775
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 776
if ( $db->numrows() < 1 )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 777
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 778
echo('User does not exist, please enter another username.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 779
return;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 780
}
0
+ − 781
$r = $db->fetchrow();
+ − 782
$db->free_result();
+ − 783
if(isset($_POST['save']))
+ − 784
{
+ − 785
$_POST['level'] = intval($_POST['level']);
+ − 786
+ − 787
$new_level = $_POST['level'];
+ − 788
$old_level = intval($r['user_level']);
+ − 789
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 790
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 791
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 792
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 793
$re = Array('permission denied');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 794
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 795
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 796
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 797
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 798
}
0
+ − 799
+ − 800
if($re == 'success')
+ − 801
{
+ − 802
+ − 803
if ( $new_level != $old_level )
+ − 804
{
+ − 805
$user_id = intval($r['user_id']);
+ − 806
// We need to update group memberships
+ − 807
if ( $old_level == USER_LEVEL_ADMIN )
+ − 808
{
+ − 809
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
+ − 810
}
+ − 811
else if ( $old_level == USER_LEVEL_MOD )
+ − 812
{
+ − 813
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
+ − 814
}
+ − 815
+ − 816
if ( $new_level == USER_LEVEL_ADMIN )
+ − 817
{
+ − 818
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
+ − 819
}
+ − 820
else if ( $new_level == USER_LEVEL_MOD )
+ − 821
{
+ − 822
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
+ − 823
}
+ − 824
}
+ − 825
+ − 826
echo('<div class="info-box">Your changes have been saved.</div>');
+ − 827
}
+ − 828
else
+ − 829
{
+ − 830
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
+ − 831
}
+ − 832
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
+ − 833
if ( !$q )
+ − 834
{
+ − 835
die('Error selecting user ID: '.mysql_error());
+ − 836
}
+ − 837
if($db->numrows($q) < 1)
+ − 838
{
+ − 839
die('User does not exist, please enter another username.');
+ − 840
}
+ − 841
$r = mysql_fetch_object($q);
+ − 842
$db->free_result();
+ − 843
}
+ − 844
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
+ − 845
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 846
if ( defined('ENANO_DEMO_MODE') )
0
+ − 847
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 848
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
0
+ − 849
}
+ − 850
else
+ − 851
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 852
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 853
if($q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 854
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 855
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 856
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 857
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 858
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 859
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 860
}
0
+ − 861
}
+ − 862
}
+ − 863
else
+ − 864
{
22
+ − 865
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
0
+ − 866
echo('
+ − 867
<h3>Edit User Info</h3>
+ − 868
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 869
<table border="0" style="margin-left: 0.2in;">
+ − 870
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
22
+ − 871
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" /></td></tr>
+ − 872
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
+ − 873
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
+ − 874
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
0
+ − 875
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
+ − 876
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
+ − 877
<tr><td align="center" colspan="2">
+ − 878
<input type="submit" name="save" value="Save Changes" /></td></tr>
+ − 879
</table>
+ − 880
</form>
+ − 881
');
+ − 882
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 883
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 884
else if(isset($_POST['clearsessions']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 885
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 886
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 887
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 888
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 889
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 890
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 891
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 892
// Get the current session information so the user doesn't get logged out
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 893
$aes = new AESCrypt();
22
+ − 894
$sk = md5(strrev($session->sid_super));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 895
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
22
+ − 896
if ( !$qb )
+ − 897
{
+ − 898
die('Error selecting session key info block B: '.$db->get_error());
+ − 899
}
+ − 900
if ( $db->numrows($qb) < 1 )
+ − 901
{
+ − 902
die('Error: cannot read admin session info block B, aborting table clear process');
+ − 903
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 904
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
22
+ − 905
if ( !$qa )
+ − 906
{
+ − 907
die('Error selecting session key info block A: '.$db->get_error());
+ − 908
}
+ − 909
if ( $db->numrows($qa) < 1 )
+ − 910
{
+ − 911
die('Error: cannot read user session info block A, aborting table clear process');
+ − 912
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 913
$ra = mysql_fetch_object($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 914
$rb = mysql_fetch_object($qb);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 915
$db->free_result($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 916
$db->free_result($qb);
22
+ − 917
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 918
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 919
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
22
+ − 920
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 921
echo('
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 922
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 923
');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 924
}
0
+ − 925
}
+ − 926
echo('
+ − 927
<h3>User Management</h3>
+ − 928
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 929
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
+ − 930
<h3>Clear session keys table</h3>
+ − 931
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
+ − 932
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
+ − 933
</form>
+ − 934
');
+ − 935
if(isset($_GET['action']) && isset($_GET['user']))
+ − 936
{
+ − 937
switch($_GET['action'])
+ − 938
{
+ − 939
case "activate":
+ − 940
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
+ − 941
if($e)
+ − 942
{
+ − 943
$row = $db->fetchrow();
+ − 944
$db->free_result();
+ − 945
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 946
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ − 947
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
+ − 948
break;
+ − 949
case "sendemail":
+ − 950
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 951
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ − 952
break;
+ − 953
case "deny":
+ − 954
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ − 955
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
+ − 956
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ − 957
break;
+ − 958
}
+ − 959
}
30
+ − 960
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
+ − 961
LEFT JOIN '.table_prefix.'users AS u
+ − 962
ON ( u.username = l.edit_summary OR u.username IS NULL )
+ − 963
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
0
+ − 964
if($q)
+ − 965
{
+ − 966
if($db->numrows() > 0)
+ − 967
{
+ − 968
$n = $db->numrows();
+ − 969
if($n == 1) $s = $n . ' user is';
+ − 970
else $s = $n . ' users are';
+ − 971
echo '<h3>'.$s . ' awaiting account activation</h3>';
+ − 972
echo '<div class="tblholder">
+ − 973
<table border="0" cellspacing="1" cellpadding="4" width="100%">
30
+ − 974
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
0
+ − 975
$cls = 'row2';
+ − 976
while($row = $db->fetchrow())
+ − 977
{
+ − 978
if($cls == 'row2') $cls = 'row1';
+ − 979
else $cls = 'row2';
30
+ − 980
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
+ − 981
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
0
+ − 982
}
+ − 983
echo '</table>';
+ − 984
}
+ − 985
$db->free_result();
+ − 986
}
+ − 987
}
+ − 988
+ − 989
function page_Admin_GroupManager()
+ − 990
{
+ − 991
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 992
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 993
{
+ − 994
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 995
return;
+ − 996
}
+ − 997
+ − 998
if(isset($_POST['do_create_stage1']))
+ − 999
{
+ − 1000
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1001
{
+ − 1002
echo '<p>The group name you chose is invalid.</p>';
+ − 1003
return;
+ − 1004
}
+ − 1005
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1006
echo '<div class="tblholder">
+ − 1007
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1008
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 1009
<tr>
+ − 1010
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 1011
</tr>
+ − 1012
<tr><td class="row2">Group status</td><td class="row2">
+ − 1013
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 1014
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 1015
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 1016
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 1017
</td></tr>
+ − 1018
<tr>
+ − 1019
<th class="subhead" colspan="2">
+ − 1020
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 1021
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 1022
</th>
+ − 1023
</tr>
+ − 1024
</table>
+ − 1025
</div>';
+ − 1026
echo '</form>';
+ − 1027
return;
+ − 1028
}
+ − 1029
elseif(isset($_POST['do_create_stage2']))
+ − 1030
{
+ − 1031
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1032
{
+ − 1033
echo '<p>The group name you chose is invalid.</p>';
+ − 1034
return;
+ − 1035
}
+ − 1036
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 1037
{
+ − 1038
echo '<p>Hacking attempt</p>';
+ − 1039
return;
+ − 1040
}
+ − 1041
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1042
if(!$e)
+ − 1043
{
+ − 1044
echo $db->get_error();
+ − 1045
return;
+ − 1046
}
+ − 1047
if($db->numrows() > 0)
+ − 1048
{
+ − 1049
echo '<p>The group name you entered already exists.</p>';
+ − 1050
return;
+ − 1051
}
+ − 1052
$db->free_result();
+ − 1053
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 1054
if(!$q)
+ − 1055
{
+ − 1056
echo $db->get_error();
+ − 1057
return;
+ − 1058
}
+ − 1059
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 1060
if(!$e)
+ − 1061
{
+ − 1062
echo $db->get_error();
+ − 1063
return;
+ − 1064
}
+ − 1065
if($db->numrows() < 1)
+ − 1066
{
+ − 1067
echo '<p>The username you entered could not be found.</p>';
+ − 1068
return;
+ − 1069
}
+ − 1070
$row = $db->fetchrow();
+ − 1071
$id = $row['user_id'];
+ − 1072
$db->free_result();
+ − 1073
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1074
if(!$e)
+ − 1075
{
+ − 1076
echo $db->get_error();
+ − 1077
return;
+ − 1078
}
+ − 1079
if($db->numrows() < 1)
+ − 1080
{
+ − 1081
echo '<p>The group ID could not be looked up.</p>';
+ − 1082
return;
+ − 1083
}
+ − 1084
$row = $db->fetchrow();
+ − 1085
$gid = $row['group_id'];
+ − 1086
$db->free_result();
+ − 1087
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 1088
if(!$e)
+ − 1089
{
+ − 1090
echo $db->get_error();
+ − 1091
return;
+ − 1092
}
+ − 1093
echo "<div class='info-box'>
+ − 1094
<b>Information</b><br />
+ − 1095
The group {$_POST['create_group_name']} has been created successfully.
+ − 1096
</div>";
+ − 1097
}
+ − 1098
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 1099
{
+ − 1100
// Fetch the group name
+ − 1101
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1102
if(!$q)
+ − 1103
{
+ − 1104
echo $db->get_error();
+ − 1105
return;
+ − 1106
}
+ − 1107
if($db->numrows() < 1)
+ − 1108
{
+ − 1109
echo '<p>Error: couldn\'t look up group name</p>';
+ − 1110
}
+ − 1111
$row = $db->fetchrow();
+ − 1112
$name = $row['group_name'];
+ − 1113
$db->free_result();
+ − 1114
if(isset($_POST['edit_do']))
+ − 1115
{
+ − 1116
if(isset($_POST['edit_do']['del_group']))
+ − 1117
{
+ − 1118
if ( $row['system_group'] == 1 )
+ − 1119
{
+ − 1120
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 1121
}
+ − 1122
else
+ − 1123
{
+ − 1124
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1125
if(!$q)
+ − 1126
{
+ − 1127
echo $db->get_error();
+ − 1128
return;
+ − 1129
}
+ − 1130
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1131
if(!$q)
+ − 1132
{
+ − 1133
echo $db->get_error();
+ − 1134
return;
+ − 1135
}
+ − 1136
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1137
return;
+ − 1138
}
+ − 1139
}
+ − 1140
if(isset($_POST['edit_do']['save_name']))
+ − 1141
{
+ − 1142
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1143
{
+ − 1144
echo '<p>The group name you chose is invalid.</p>';
+ − 1145
return;
+ − 1146
}
+ − 1147
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1148
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1149
if(!$q)
+ − 1150
{
+ − 1151
echo $db->get_error();
+ − 1152
return;
+ − 1153
}
+ − 1154
else
+ − 1155
{
+ − 1156
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1157
The group name has been updated.
+ − 1158
</div>';
+ − 1159
}
+ − 1160
$name = $_POST['group_name'];
+ − 1161
+ − 1162
}
+ − 1163
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1164
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1165
if(!$q)
+ − 1166
{
+ − 1167
echo $db->get_error();
+ − 1168
return;
+ − 1169
}
+ − 1170
if($db->numrows() > 0)
+ − 1171
{
+ − 1172
while($row = $db->fetchrow($q))
+ − 1173
{
+ − 1174
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1175
{
+ − 1176
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1177
if(!$e)
+ − 1178
{
+ − 1179
echo $db->get_error();
+ − 1180
return;
+ − 1181
}
+ − 1182
}
+ − 1183
}
+ − 1184
}
+ − 1185
$db->free_result();
+ − 1186
if(isset($_POST['edit_do']['add_member']))
+ − 1187
{
+ − 1188
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1189
if(!$q)
+ − 1190
{
+ − 1191
echo $db->get_error();
+ − 1192
return;
+ − 1193
}
+ − 1194
if($db->numrows() > 0)
+ − 1195
{
+ − 1196
$row = $db->fetchrow();
+ − 1197
$user_id = $row['user_id'];
+ − 1198
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1199
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1200
if(!$q)
+ − 1201
{
+ − 1202
echo $db->get_error();
+ − 1203
return;
+ − 1204
}
+ − 1205
else
+ − 1206
{
+ − 1207
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1208
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1209
</div>';
+ − 1210
}
+ − 1211
}
+ − 1212
else
+ − 1213
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1214
}
+ − 1215
}
+ − 1216
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1217
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1218
echo '<div class="tblholder">
+ − 1219
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1220
<tr><th>Edit group name</th></tr>
+ − 1221
<tr>
+ − 1222
<td class="row1">
+ − 1223
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1224
</td>
+ − 1225
</tr>
+ − 1226
<tr>
+ − 1227
<th class="subhead">
+ − 1228
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1229
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1230
</th>
+ − 1231
</tr>
+ − 1232
</table>
+ − 1233
</div>
+ − 1234
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1235
echo '</form>';
+ − 1236
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1237
echo '<div class="tblholder">
+ − 1238
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1239
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1240
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1241
LEFT JOIN '.table_prefix.'users AS u
+ − 1242
ON u.user_id=m.user_id
+ − 1243
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1244
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1245
if(!$q)
+ − 1246
{
+ − 1247
echo $db->get_error();
+ − 1248
return;
+ − 1249
}
+ − 1250
if($db->numrows() < 1)
+ − 1251
{
+ − 1252
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1253
}
+ − 1254
else
+ − 1255
{
+ − 1256
$cls = 'row2';
+ − 1257
while($row = $db->fetchrow())
+ − 1258
{
+ − 1259
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1260
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1261
echo '<tr>
+ − 1262
<td class="'.$cls.'" style="width: 100%;">
+ − 1263
' . $row['username'] . '
+ − 1264
</td>
+ − 1265
<td class="'.$cls.'">
+ − 1266
'.$mod.'
+ − 1267
</td>
+ − 1268
<td class="'.$cls.'">
+ − 1269
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1270
</td>
+ − 1271
</tr>';
+ − 1272
}
+ − 1273
}
+ − 1274
$db->free_result();
+ − 1275
echo '</table>
+ − 1276
</div>
+ − 1277
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1278
echo '</form>';
+ − 1279
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1280
echo '<div class="tblholder">
+ − 1281
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1282
<tr>
+ − 1283
<th>Add a new member</th>
+ − 1284
</tr>
+ − 1285
<tr>
+ − 1286
<td class="row1">
+ − 1287
Username: ' . $template->username_field('edit_add_username') . '
+ − 1288
</td>
+ − 1289
</tr>
+ − 1290
<tr>
+ − 1291
<td class="row2">
+ − 1292
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1293
</td>
+ − 1294
</tr>
+ − 1295
<tr>
+ − 1296
<th class="subhead">
+ − 1297
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1298
</th>
+ − 1299
</tr>
+ − 1300
</table>
+ − 1301
</div>
+ − 1302
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1303
echo '</form>';
+ − 1304
return;
+ − 1305
}
+ − 1306
echo '<h3>Manage Usergroups</h3>';
+ − 1307
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1308
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1309
if(!$q)
+ − 1310
{
+ − 1311
echo $db->get_error();
+ − 1312
}
+ − 1313
else
+ − 1314
{
+ − 1315
echo '<div class="tblholder">
+ − 1316
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1317
<tr>
+ − 1318
<th>Edit an existing group</th>
+ − 1319
</tr>';
+ − 1320
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1321
while ( $row = $db->fetchrow() )
+ − 1322
{
+ − 1323
if ( $row['group_name'] != 'Everyone' )
+ − 1324
{
+ − 1325
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1326
}
+ − 1327
}
+ − 1328
$db->free_result();
+ − 1329
echo '</select></td></tr>';
+ − 1330
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1331
</table>
+ − 1332
</div>
+ − 1333
</form><br />';
+ − 1334
}
+ − 1335
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1336
echo '<div class="tblholder">
+ − 1337
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1338
<tr>
+ − 1339
<th colspan="2">Create a new group</th>
+ − 1340
</tr>';
+ − 1341
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1342
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1343
</table>
+ − 1344
</div>';
+ − 1345
echo '</form>';
+ − 1346
}
+ − 1347
30
+ − 1348
function page_Admin_COPPA()
+ − 1349
{
+ − 1350
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1351
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1352
{
+ − 1353
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1354
return;
+ − 1355
}
+ − 1356
+ − 1357
echo '<h2>Background information</h2>';
+ − 1358
echo '<p>
+ − 1359
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
+ − 1360
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
+ − 1361
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano
+ − 1362
provides an easy way to allow you, as the website administrator, to obtain this authorization.
+ − 1363
</p>';
+ − 1364
+ − 1365
// Start form
+ − 1366
+ − 1367
if ( isset($_POST['coppa_address']) )
+ − 1368
{
+ − 1369
// Saving changes
+ − 1370
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
+ − 1371
setConfig('enable_coppa', $enable_coppa);
+ − 1372
+ − 1373
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
+ − 1374
setConfig('coppa_address', $address);
+ − 1375
+ − 1376
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1377
}
+ − 1378
+ − 1379
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1380
+ − 1381
echo '<div class="tblholder">';
+ − 1382
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1383
echo '<tr>
+ − 1384
<th colspan="2">
+ − 1385
COPPA support
+ − 1386
</th>
+ − 1387
</tr>';
+ − 1388
+ − 1389
echo '<tr>
+ − 1390
<td class="row1">
+ − 1391
Enable COPPA support:
+ − 1392
</td>
+ − 1393
<td class="row2">
+ − 1394
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
+ − 1395
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
+ − 1396
</td>
+ − 1397
</tr>';
+ − 1398
+ − 1399
echo '<tr>
+ − 1400
<td class="row1">
+ − 1401
Your mailing address:<br />
+ − 1402
<small>This is the address to which parents will send authorization forms.</small>
+ − 1403
</td>
+ − 1404
<td class="row2">
+ − 1405
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
+ − 1406
</td>
+ − 1407
</tr>';
+ − 1408
+ − 1409
echo '<tr>
+ − 1410
<th colspan="2" class="subhead">
+ − 1411
<input type="submit" value="Save changes" />
+ − 1412
</th>
+ − 1413
</tr>';
+ − 1414
+ − 1415
echo '</table>';
+ − 1416
+ − 1417
echo '</form>';
+ − 1418
+ − 1419
}
+ − 1420
0
+ − 1421
function page_Admin_PageManager()
+ − 1422
{
+ − 1423
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1424
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1425
{
+ − 1426
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1427
return;
+ − 1428
}
+ − 1429
+ − 1430
+ − 1431
echo '<h2>Page management</h2>';
+ − 1432
+ − 1433
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1434
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1435
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1436
if ( $source == 'ajax' )
+ − 1437
{
+ − 1438
$_POST['search'] = true;
+ − 1439
$_POST['page_url'] = $_GET['page_id'];
+ − 1440
}
+ − 1441
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1442
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1443
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1444
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1445
$k = array_keys($paths->nslist);
+ − 1446
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1447
{
+ − 1448
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1449
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1450
{
+ − 1451
$ns = $k[$i];
+ − 1452
$page_id = substr($pid, $ln, strlen($pid));
+ − 1453
}
+ − 1454
}
+ − 1455
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1456
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1457
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1458
{
+ − 1459
if(!isset($final_pid))
+ − 1460
{
+ − 1461
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1462
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1463
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1464
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1465
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1466
}
+ − 1467
}
+ − 1468
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1469
$_POST['namespace'] = $ns;
+ − 1470
$_POST['old_namespace'] = $ns;
+ − 1471
$_POST['page_id'] = $final_pid;
+ − 1472
$_POST['old_page_id'] = $final_pid;
+ − 1473
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1474
}
+ − 1475
+ − 1476
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1477
{
40
+ − 1478
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
0
+ − 1479
if(isset($_POST['submit']))
+ − 1480
{
22
+ − 1481
switch(true)
0
+ − 1482
{
22
+ − 1483
case true:
+ − 1484
// Create a list of things to update
+ − 1485
$page_info = Array(
+ − 1486
'name'=>$_POST['name'],
+ − 1487
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1488
'namespace'=>$_POST['namespace'],
+ − 1489
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1490
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1491
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1492
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1493
);
+ − 1494
40
+ − 1495
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
22
+ − 1496
+ − 1497
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1498
{
+ − 1499
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1500
break;
+ − 1501
}
+ − 1502
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1503
{
+ − 1504
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1505
break;
+ − 1506
}
+ − 1507
// Build the query
+ − 1508
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1509
$k = array_keys($page_info);
+ − 1510
foreach($k as $c)
+ − 1511
{
+ − 1512
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1513
}
+ − 1514
$q = substr($q, 0, strlen($q)-1);
+ − 1515
// Build the WHERE statements
+ − 1516
$q .= ' WHERE ';
+ − 1517
$k = array_keys($cpage);
40
+ − 1518
if ( !isset($cpage) )
+ − 1519
die('no cpage');
22
+ − 1520
foreach($k as $c)
+ − 1521
{
+ − 1522
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1523
{
+ − 1524
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1525
}
+ − 1526
else if($c == 'urlname')
+ − 1527
{
+ − 1528
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1529
}
+ − 1530
}
+ − 1531
// Trim off the last " AND " and append a semicolon
+ − 1532
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1533
// Send the completed query to MySQL
+ − 1534
$e = $db->sql_query($q);
+ − 1535
if(!$e) $db->_die('The page data could not be updated.');
+ − 1536
// Update any additional tables
+ − 1537
$q = Array(
+ − 1538
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1539
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1540
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1541
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1542
);
+ − 1543
foreach($q as $cq)
+ − 1544
{
+ − 1545
$e = $db->sql_query($cq);
+ − 1546
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1547
}
+ − 1548
// Update $cpage
+ − 1549
$cpage = $page_info;
+ − 1550
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1551
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1552
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1553
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1554
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1555
break;
0
+ − 1556
}
+ − 1557
} elseif(isset($_POST['delete'])) {
+ − 1558
$q = Array(
+ − 1559
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1560
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1561
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1562
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1563
);
+ − 1564
foreach($q as $cq)
+ − 1565
{
+ − 1566
$e = $db->sql_query($cq);
+ − 1567
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1568
}
+ − 1569
+ − 1570
if(!$db->sql_query(
+ − 1571
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1572
)) $db->_die('The page could not be deleted.');
+ − 1573
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1574
return;
+ − 1575
}
+ − 1576
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration'.htmlspecialchars(urlSeparator).(( isset($_GET['sqldbg']) ) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1577
?>
+ − 1578
<h3>Modify page: <?php echo $_POST['name']; ?></h3>
+ − 1579
<table border="0">
+ − 1580
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
+ − 1581
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo $cpage['name']; ?>" /></td></tr>
22
+ − 1582
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1583
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1584
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1585
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1586
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1587
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1588
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1589
<tr><td colspan="2" style="text-align: right;">
+ − 1590
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1591
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1592
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1593
</table>
+ − 1594
<?php
+ − 1595
echo '</form>';
+ − 1596
} else {
+ − 1597
echo '<h3>Please select a page</h3>';
+ − 1598
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1599
?>
+ − 1600
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1601
<p>Select page title from a list: <select name="page_force_url">
+ − 1602
<?php
+ − 1603
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1604
{
+ − 1605
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1606
}
+ − 1607
?>
+ − 1608
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1609
<?php
+ − 1610
echo '</form>';
+ − 1611
+ − 1612
}
+ − 1613
}
+ − 1614
+ − 1615
function page_Admin_PageEditor()
+ − 1616
{
+ − 1617
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1618
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1619
{
+ − 1620
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1621
return;
+ − 1622
}
+ − 1623
+ − 1624
+ − 1625
echo '<h2>Edit page content</h2>';
+ − 1626
+ − 1627
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1628
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1629
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1630
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1631
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1632
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1633
$k = array_keys($paths->nslist);
+ − 1634
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1635
{
+ − 1636
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1637
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1638
{
+ − 1639
$ns = $k[$i];
+ − 1640
$page_id = substr($pid, $ln, strlen($pid));
+ − 1641
}
+ − 1642
}
+ − 1643
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1644
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1645
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1646
{
+ − 1647
if(!isset($final_pid))
+ − 1648
{
+ − 1649
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1650
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1651
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1652
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1653
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1654
}
+ − 1655
}
+ − 1656
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1657
$_POST['namespace'] = $ns;
+ − 1658
$_POST['page_id'] = $final_pid;
+ − 1659
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1660
}
+ − 1661
+ − 1662
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1663
{
+ − 1664
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1665
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1666
else $content = $_POST['content'];
+ − 1667
if(isset($_POST['save']))
+ − 1668
{
+ − 1669
$data = $content;
+ − 1670
$id = md5( microtime() . mt_rand() );
+ − 1671
+ − 1672
$minor = isset($_POST['minor']) ? 'true' : 'false';
+ − 1673
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
+ − 1674
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1675
+ − 1676
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1677
$e = $db->sql_query($query);
+ − 1678
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1679
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1680
} elseif(isset($_POST['preview'])) {
+ − 1681
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1682
}
+ − 1683
?>
+ − 1684
<p>
+ − 1685
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
+ − 1686
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br />
+ − 1687
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1688
</p>
+ − 1689
<p>
+ − 1690
<input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" />
+ − 1691
<input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" />
+ − 1692
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1693
</p>
+ − 1694
<?php
+ − 1695
echo '</form>';
+ − 1696
} else {
+ − 1697
echo '<h3>Please select a page</h3>';
+ − 1698
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1699
?>
+ − 1700
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1701
<p>Select page title from a list: <select name="page_force_url">
+ − 1702
<?php
+ − 1703
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1704
{
+ − 1705
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1706
}
+ − 1707
?>
+ − 1708
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1709
<?php
+ − 1710
echo '</form>';
+ − 1711
}
+ − 1712
}
+ − 1713
+ − 1714
function page_Admin_ThemeManager()
+ − 1715
{
+ − 1716
+ − 1717
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1718
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1719
{
+ − 1720
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1721
return;
+ − 1722
}
+ − 1723
+ − 1724
+ − 1725
// Get the list of styles in the themes/ dir
+ − 1726
$h = opendir('./themes');
+ − 1727
$l = Array();
+ − 1728
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1729
while(false !== ($n = readdir($h))) {
+ − 1730
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1731
$l[] = $n;
+ − 1732
}
+ − 1733
closedir($h);
+ − 1734
echo('
+ − 1735
<h3>Theme Management</h3>
+ − 1736
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1737
');
+ − 1738
if(isset($_POST['disenable'])) {
+ − 1739
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1740
$s = $db->sql_query($q);
+ − 1741
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1742
$r = $db->fetchrow_num($s);
+ − 1743
$db->free_result();
+ − 1744
if($r[0] == 1) $e = 0;
+ − 1745
else $e = 1;
+ − 1746
$s=true;
+ − 1747
if($e==0)
+ − 1748
{
+ − 1749
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1750
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1751
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1752
}
+ − 1753
$db->free_result();
+ − 1754
if($s) {
+ − 1755
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1756
$a = $db->sql_query($q);
+ − 1757
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1758
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1759
}
+ − 1760
}
+ − 1761
elseif(isset($_POST['edit'])) {
+ − 1762
+ − 1763
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1764
$list = Array();
+ − 1765
// Open a known directory, and proceed to read its contents
+ − 1766
if (is_dir($dir)) {
+ − 1767
if ($dh = opendir($dir)) {
+ − 1768
while (($file = readdir($dh)) !== false) {
+ − 1769
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1770
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1771
}
+ − 1772
}
+ − 1773
closedir($dh);
+ − 1774
}
+ − 1775
}
+ − 1776
$lk = array_keys($list);
+ − 1777
+ − 1778
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1779
$s = $db->sql_query($q);
+ − 1780
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1781
$r = $db->fetchrow_num($s);
+ − 1782
$db->free_result();
+ − 1783
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1784
echo('<div class="question-box">
+ − 1785
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1786
Default stylesheet: <select name="defaultcss">');
+ − 1787
foreach ($lk as $l)
+ − 1788
{
+ − 1789
if($r[1] == $l) $v = ' selected="selected"';
+ − 1790
else $v = '';
+ − 1791
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1792
}
+ − 1793
echo('</select><br /><br />
+ − 1794
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1795
</div>');
+ − 1796
echo('</form>');
+ − 1797
}
+ − 1798
elseif(isset($_POST['editsave'])) {
+ − 1799
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1800
$s = $db->sql_query($q);
+ − 1801
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1802
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1803
}
+ − 1804
elseif(isset($_POST['up'])) {
+ − 1805
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1806
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1807
$s = $db->sql_query($q);
+ − 1808
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1809
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1810
$sn = $db->sql_query($q);
+ − 1811
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1812
$r = $db->fetchrow_num($sn);
+ − 1813
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1814
// Get the order IDs of the selected theme and the theme before it
+ − 1815
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1816
$s = $db->sql_query($q);
+ − 1817
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1818
$r = $db->fetchrow_num($s);
+ − 1819
$r = $r[0];
+ − 1820
$rb = $r - 1;
+ − 1821
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1822
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1823
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1824
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1825
echo('<div class="info-box">Theme moved up.</div>');
+ − 1826
}
+ − 1827
$db->free_result($s);
+ − 1828
$db->free_result($sn);
+ − 1829
}
+ − 1830
elseif(isset($_POST['down'])) {
+ − 1831
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1832
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1833
$s = $db->sql_query($q);
+ − 1834
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1835
$r = $db->fetchrow_num($s);
+ − 1836
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1837
// Get the order IDs of the selected theme and the theme before it
+ − 1838
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1839
$s = $db->sql_query($q);
+ − 1840
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1841
$r = $db->fetchrow_num($s);
+ − 1842
$r = $r[0];
+ − 1843
$rb = $r + 1;
+ − 1844
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1845
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1846
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1847
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1848
echo('<div class="info-box">Theme moved down.</div>');
+ − 1849
}
+ − 1850
}
+ − 1851
else if(isset($_POST['uninstall']))
+ − 1852
{
+ − 1853
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1854
$s = $db->sql_query($q);
+ − 1855
if ( !$s )
+ − 1856
{
+ − 1857
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1858
}
+ − 1859
$n = $db->numrows($s);
+ − 1860
$db->free_result();
+ − 1861
+ − 1862
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1863
{
+ − 1864
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1865
}
+ − 1866
else
+ − 1867
{
+ − 1868
if($n < 2)
+ − 1869
{
+ − 1870
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1871
}
+ − 1872
else
+ − 1873
{
+ − 1874
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 1875
$s = $db->sql_query($q);
+ − 1876
if ( !$s )
+ − 1877
{
+ − 1878
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1879
}
+ − 1880
else
+ − 1881
{
+ − 1882
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 1883
}
+ − 1884
}
+ − 1885
}
+ − 1886
}
+ − 1887
elseif(isset($_POST['install'])) {
+ − 1888
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1889
$s = $db->sql_query($q);
+ − 1890
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1891
$n = $db->numrows($s);
+ − 1892
$n++;
+ − 1893
$theme_id = $_POST['theme_id'];
+ − 1894
$theme = Array();
+ − 1895
include('./themes/'.$theme_id.'/theme.cfg');
+ − 1896
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled) VALUES(\''.$theme['theme_id'].'\', \''.$theme['theme_name'].'\', '.$n.', 1)';
+ − 1897
$s = $db->sql_query($q);
+ − 1898
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1899
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
+ − 1900
}
+ − 1901
echo('
+ − 1902
<h3>Currently installed themes</h3>
+ − 1903
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 1904
<p>
+ − 1905
<select name="theme_id">
+ − 1906
');
+ − 1907
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 1908
$s = $db->sql_query($q);
+ − 1909
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1910
while ( $r = $db->fetchrow_num($s) ) {
+ − 1911
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 1912
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 1913
}
+ − 1914
$db->free_result();
+ − 1915
echo('
+ − 1916
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 1917
</p>
+ − 1918
</form>
+ − 1919
<h3>Install a new theme</h3>
+ − 1920
');
+ − 1921
$theme = Array();
+ − 1922
$obb = '';
+ − 1923
for($i=0;$i<sizeof($l);$i++) {
+ − 1924
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 1925
include('./themes/'.$l[$i].'/theme.cfg');
+ − 1926
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 1927
$s = $db->sql_query($q);
+ − 1928
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1929
if($db->numrows($s) < 1) {
+ − 1930
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 1931
}
+ − 1932
$db->free_result();
+ − 1933
}
+ − 1934
}
+ − 1935
if($obb != '') {
+ − 1936
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 1937
echo('<select name="theme_id">');
+ − 1938
echo($obb);
+ − 1939
echo('</select>');
+ − 1940
echo('
+ − 1941
<input type="submit" name="install" value="Install this theme" />
+ − 1942
</p></form>');
+ − 1943
} else echo('<p>All themes are currently installed.</p>');
+ − 1944
}
+ − 1945
+ − 1946
function page_Admin_BanControl()
+ − 1947
{
+ − 1948
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1949
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1950
{
+ − 1951
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1952
return;
+ − 1953
}
+ − 1954
+ − 1955
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 1956
{
+ − 1957
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 1958
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 1959
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1960
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 1961
{
+ − 1962
$q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\'';
+ − 1963
if(isset($_POST['regex'])) $q .= ', 1';
+ − 1964
else $q .= ', 0';
+ − 1965
$q .= ');';
+ − 1966
$e = $db->sql_query($q);
+ − 1967
if(!$e) $db->_die('The banlist could not be updated.');
+ − 1968
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1969
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1970
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1971
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1972
}
0
+ − 1973
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 1974
if(!$q) $db->_die('The banlist data could not be selected.');
+ − 1975
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1976
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
+ − 1977
if($db->numrows() < 1) echo '<td colspan="4">No ban rules yet.</td>';
+ − 1978
while($r = $db->fetchrow())
+ − 1979
{
+ − 1980
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 1981
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 1982
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 1983
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
+ − 1984
echo '<tr><td>'.$t.'</td><td>'.$r['ban_value'].'</td><td>'.$g.'</td><td><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
+ − 1985
}
+ − 1986
$db->free_result();
+ − 1987
echo '</table>';
+ − 1988
echo '<h3>Create new ban rule</h3>';
+ − 1989
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1990
?>
+ − 1991
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 1992
Rule: <input type="text" name="value" size="30" /><br />
+ − 1993
Reason to show to the banned user: <textarea name="reason" rows="7" cols="20"></textarea><br />
+ − 1994
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 1995
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 1996
<?php
+ − 1997
echo '</form>';
+ − 1998
}
+ − 1999
+ − 2000
function page_Admin_MassEmail()
+ − 2001
{
+ − 2002
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2003
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2004
{
+ − 2005
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2006
return;
+ − 2007
}
+ − 2008
+ − 2009
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2010
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 2011
{
+ − 2012
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 2013
+ − 2014
//
+ − 2015
// Let's do some checking to make sure that mass mail functions
+ − 2016
// are working in win32 versions of php. (copied from phpBB)
+ − 2017
//
+ − 2018
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 2019
{
+ − 2020
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 2021
+ − 2022
// We are running on windows, force delivery to use our smtp functions
+ − 2023
// since php's are broken by default
+ − 2024
$use_smtp = true;
+ − 2025
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 2026
}
+ − 2027
+ − 2028
$mail = new emailer( !empty($use_smtp) );
+ − 2029
+ − 2030
// Validate subject/message body
+ − 2031
$subject = stripslashes(trim($_POST['subject']));
+ − 2032
$message = stripslashes(trim($_POST['message']));
+ − 2033
+ − 2034
if ( empty($subject) )
+ − 2035
$errors[] = 'Please enter a subject.';
+ − 2036
if ( empty($message) )
+ − 2037
$errors[] = 'Please enter a message.';
+ − 2038
+ − 2039
// Get list of members
+ − 2040
if ( !empty($_POST['userlist']) )
+ − 2041
{
+ − 2042
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 2043
$userlist = explode(',', $userlist);
+ − 2044
foreach ( $userlist as $k => $u )
+ − 2045
{
+ − 2046
if ( $u == $session->username )
+ − 2047
{
+ − 2048
// Message is automatically sent to the sender
+ − 2049
unset($userlist[$k]);
+ − 2050
}
+ − 2051
else
+ − 2052
{
+ − 2053
$userlist[$k] = $db->escape($u);
+ − 2054
}
+ − 2055
}
+ − 2056
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 2057
+ − 2058
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 2059
if ( !$q )
+ − 2060
$db->_die();
+ − 2061
+ − 2062
if ( $row = $db->fetchrow() )
+ − 2063
{
+ − 2064
do {
+ − 2065
$mail->cc($row['email']);
+ − 2066
} while ( $row = $db->fetchrow() );
+ − 2067
}
+ − 2068
+ − 2069
$db->free_result();
+ − 2070
+ − 2071
}
+ − 2072
else
+ − 2073
{
+ − 2074
// Sending to a usergroup
+ − 2075
+ − 2076
$group_id = intval($_POST['group_id']);
+ − 2077
if ( $group_id < 1 )
+ − 2078
{
+ − 2079
$errors[] = 'Invalid group ID';
+ − 2080
}
+ − 2081
else
+ − 2082
{
+ − 2083
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2084
LEFT JOIN '.table_prefix.'users AS u
+ − 2085
ON (u.user_id=g.user_id)
+ − 2086
WHERE g.group_id=' . $group_id . ';');
+ − 2087
if ( !$q )
+ − 2088
$db->_die();
+ − 2089
+ − 2090
if ( $row = $db->fetchrow() )
+ − 2091
{
+ − 2092
do {
+ − 2093
$mail->cc($row['email']);
+ − 2094
} while ( $row = $db->fetchrow() );
+ − 2095
}
+ − 2096
+ − 2097
$db->free_result();
+ − 2098
}
+ − 2099
}
+ − 2100
+ − 2101
if ( sizeof($errors) < 1 )
+ − 2102
{
+ − 2103
+ − 2104
$mail->from(getConfig('contact_email'));
+ − 2105
$mail->replyto(getConfig('contact_email'));
+ − 2106
$mail->set_subject($subject);
+ − 2107
$mail->email_address(getConfig('contact_email'));
+ − 2108
+ − 2109
// Copied/modified from phpBB
+ − 2110
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2111
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2112
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2113
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2114
+ − 2115
$mail->extra_headers($email_headers);
+ − 2116
+ − 2117
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2118
+ − 2119
{CONTACT_EMAIL}
+ − 2120
+ − 2121
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2122
{MESSAGE}
+ − 2123
';
+ − 2124
+ − 2125
$mail->use_template($tpl);
+ − 2126
+ − 2127
$mail->assign_vars(array(
+ − 2128
'SENDER' => $session->username,
+ − 2129
'SITE_NAME' => getConfig('site_name'),
+ − 2130
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2131
'MESSAGE' => $message
+ − 2132
));
+ − 2133
+ − 2134
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2135
+ − 2136
// All done
+ − 2137
$mail->send();
+ − 2138
$mail->reset();
+ − 2139
+ − 2140
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2141
+ − 2142
}
+ − 2143
else
+ − 2144
{
+ − 2145
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2146
}
+ − 2147
+ − 2148
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2149
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2150
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2151
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2152
}
0
+ − 2153
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2154
?>
+ − 2155
<div class="tblholder">
+ − 2156
<table border="0" cellspacing="1" cellpadding="4">
+ − 2157
<tr>
+ − 2158
<th colspan="2">Send mass e-mail</th>
+ − 2159
</tr>
+ − 2160
<tr>
+ − 2161
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2162
Send message to:<br />
+ − 2163
<small>
+ − 2164
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2165
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2166
</small>
+ − 2167
</td>
+ − 2168
<td class="row1">
+ − 2169
<select name="group_id">
+ − 2170
<?php
+ − 2171
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2172
if ( !$q )
+ − 2173
$db->_die();
+ − 2174
while ( $row = $db->fetchrow() )
+ − 2175
{
+ − 2176
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2177
}
+ − 2178
?>
+ − 2179
</select>
+ − 2180
</td>
+ − 2181
</tr>
+ − 2182
<tr>
+ − 2183
<td class="row1">
+ − 2184
Usernames: <input type="text" name="userlist" size="50" />
+ − 2185
</td>
+ − 2186
</tr>
+ − 2187
<tr>
+ − 2188
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2189
Subject:
+ − 2190
</td>
+ − 2191
<td class="row1">
+ − 2192
<input name="subject" type="text" size="50" />
+ − 2193
</td>
+ − 2194
</tr>
+ − 2195
<tr>
+ − 2196
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2197
Message:
+ − 2198
</td>
+ − 2199
<td class="row1">
+ − 2200
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2201
</td>
+ − 2202
</tr>
+ − 2203
<tr>
+ − 2204
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2205
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2206
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2207
</th>
+ − 2208
</tr>
+ − 2209
+ − 2210
</table>
+ − 2211
</div>
+ − 2212
<?php
+ − 2213
echo '</form>';
+ − 2214
}
+ − 2215
+ − 2216
function page_Admin_DBBackup()
+ − 2217
{
+ − 2218
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2219
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2220
{
+ − 2221
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2222
return;
+ − 2223
}
+ − 2224
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2225
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2226
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2227
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2228
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2229
0
+ − 2230
global $system_table_list;
+ − 2231
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2232
{
+ − 2233
+ − 2234
if(defined('SQL_BACKUP_CRYPT'))
+ − 2235
// Try to increase our time limit
+ − 2236
@set_time_limit(300); // five minutes
+ − 2237
// Do the actual export
+ − 2238
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
+ − 2239
$filename = 'enano_backup_' . date('dmy') . '.sql' . $aesext;
+ − 2240
ob_start();
+ − 2241
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2242
header('Content-type: application/transact-sql');
+ − 2243
// Spew some headers
+ − 2244
$headdate = date('F d, Y \a\t h:i a');
+ − 2245
echo <<<HEADER
+ − 2246
-- Enano CMS SQL backup
+ − 2247
-- Generated on {$headdate} by {$session->username}
+ − 2248
+ − 2249
HEADER;
+ − 2250
// build the table list
+ − 2251
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2252
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2253
$tables = array_merge($base, $add);
+ − 2254
+ − 2255
// Log it!
+ − 2256
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2257
if ( !$e )
+ − 2258
$db->_die();
+ − 2259
+ − 2260
foreach($tables as $i => $t)
+ − 2261
{
+ − 2262
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2263
die('Hacking attempt');
+ − 2264
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2265
// unset($tables[$i]);
+ − 2266
}
+ − 2267
foreach($tables as $t)
+ − 2268
{
+ − 2269
// Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables.
+ − 2270
// If encryption is enabled the log data will be excluded too.
+ − 2271
echo export_table(
+ − 2272
$t,
+ − 2273
isset($_POST['do_struct']),
+ − 2274
( isset($_POST['do_data']) /* && $t != table_prefix.'files' && $t != table_prefix.'search_index' && $t != table_prefix.'search_cache' && ( !defined('SQL_BACKUP_CRYPT') || ( defined('SQL_BACKUP_CRYPT') && $t != table_prefix.'logs' ) ) */ ),
+ − 2275
false
+ − 2276
) . "\n";
+ − 2277
}
+ − 2278
$data = ob_get_contents();
+ − 2279
ob_end_clean();
+ − 2280
if(defined('SQL_BACKUP_CRYPT'))
+ − 2281
{
+ − 2282
// Free some memory, we don't need this stuff any more
+ − 2283
$db->close();
+ − 2284
unset($paths, $db, $template, $plugins);
+ − 2285
$tea = new TEACrypt();
+ − 2286
$data = $tea->encrypt($data, $session->private_key);
+ − 2287
}
+ − 2288
header('Content-length: '.strlen($data));
+ − 2289
echo $data;
+ − 2290
exit;
+ − 2291
}
+ − 2292
else
+ − 2293
{
+ − 2294
// Show the UI
+ − 2295
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2296
?>
+ − 2297
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2298
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2299
<p>Additional tables to export:</p>
+ − 2300
<p><select name="additional_tables[]" multiple="multiple">
+ − 2301
<?php
+ − 2302
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2303
while($row = $db->fetchrow_num())
+ − 2304
{
+ − 2305
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2306
}
+ − 2307
?>
+ − 2308
</select>
+ − 2309
</p>
+ − 2310
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2311
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2312
</p>
+ − 2313
<p><input type="submit" value="Create backup" /></p>
+ − 2314
<?php
+ − 2315
echo '</form>';
+ − 2316
}
+ − 2317
}
+ − 2318
+ − 2319
function page_Admin_AdminLogout()
+ − 2320
{
+ − 2321
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2322
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2323
{
+ − 2324
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2325
return;
+ − 2326
}
+ − 2327
+ − 2328
$session->logout(USER_LEVEL_ADMIN);
+ − 2329
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2330
}
+ − 2331
+ − 2332
function page_Special_Administration()
+ − 2333
{
+ − 2334
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2335
+ − 2336
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2337
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2338
exit;
+ − 2339
}
+ − 2340
else
+ − 2341
{
+ − 2342
$template->load_theme('admin', 'default');
+ − 2343
$template->init_vars();
+ − 2344
if( !isset( $_GET['noheaders'] ) )
+ − 2345
{
+ − 2346
$template->header();
+ − 2347
}
+ − 2348
echo 'Administer your Enano website.';
+ − 2349
?>
+ − 2350
<script type="text/javascript">
+ − 2351
function ajaxPage(t)
+ − 2352
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2353
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2354
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2355
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2356
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2357
}
0
+ − 2358
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2359
{
+ − 2360
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2361
mb.onclick['Yes'] = function() {
+ − 2362
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2363
var tigraobj = $(tigraentry);
+ − 2364
var div = document.createElement('div');
+ − 2365
div.style.backgroundColor = '#FFFFFF';
+ − 2366
domObjChangeOpac(70, div);
+ − 2367
div.style.position = 'absolute';
+ − 2368
var top = tigraobj.Top();
+ − 2369
var left = tigraobj.Left();
+ − 2370
var width = tigraobj.Width();
+ − 2371
var height = tigraobj.Height();
+ − 2372
div.style.top = top + 'px';
+ − 2373
div.style.left = left + 'px';
+ − 2374
div.style.width = width + 'px';
+ − 2375
div.style.height = height + 'px';
+ − 2376
var body = document.getElementsByTagName('body')[0];
+ − 2377
enlighten(true);
+ − 2378
body.appendChild(div);
+ − 2379
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2380
}
+ − 2381
return;
+ − 2382
}
+ − 2383
ajaxPageBin(t);
+ − 2384
}
+ − 2385
function ajaxPageBin(t)
+ − 2386
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2387
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2388
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2389
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2390
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2391
}
0
+ − 2392
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2393
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2394
if(ajax.readyState == 4) {
+ − 2395
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2396
fadeInfoBoxes();
+ − 2397
}
+ − 2398
});
+ − 2399
}
+ − 2400
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2401
var TREE_TPL = {
+ − 2402
'target' : '_self', // name of the frame links will be opened in
+ − 2403
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2404
+ − 2405
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2406
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2407
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2408
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2409
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2410
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2411
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2412
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2413
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2414
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2415
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2416
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2417
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2418
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2419
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2420
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2421
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2422
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2423
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2424
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2425
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2426
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2427
};
+ − 2428
<?php
+ − 2429
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2430
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2431
</script>
+ − 2432
<table border="0" width="100%">
+ − 2433
<tr>
+ − 2434
<td class="holder" valign="top">
+ − 2435
<div class="pad" style="padding-right: 20px;">
+ − 2436
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2437
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2438
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2439
new tree(TREE_ITEMS, TREE_TPL);
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2440
}
0
+ − 2441
</script>
+ − 2442
</div>
+ − 2443
</td>
+ − 2444
<td width="100%" valign="top">
+ − 2445
<div class="pad" id="ajaxPageContainer">
+ − 2446
<?php
+ − 2447
if(isset($_GET['module']))
+ − 2448
{
+ − 2449
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2450
$k = array_keys($paths->nslist);
+ − 2451
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2452
{
+ − 2453
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2454
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2455
{
+ − 2456
$ns = $k[$i];
+ − 2457
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2458
}
+ − 2459
}
+ − 2460
$fname = 'page_'.$ns.'_'.$nm;
+ − 2461
$s = strpos($fname, '?noheaders');
+ − 2462
if($s) $fname = substr($fname, 0, $s);
+ − 2463
$paths->cpage['module'] = $_GET['module'];
+ − 2464
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2465
{
+ − 2466
eval($fname.'();');
+ − 2467
}
+ − 2468
}
+ − 2469
else
+ − 2470
{
+ − 2471
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2472
}
+ − 2473
?>
+ − 2474
</div>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2475
<script type="text/javascript">
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2476
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2477
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2478
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2479
}
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2480
</script>
0
+ − 2481
</td>
+ − 2482
</tr>
+ − 2483
</table>
+ − 2484
+ − 2485
<?php
+ − 2486
}
+ − 2487
if(!isset($_GET['noheaders']))
+ − 2488
{
+ − 2489
$template->footer();
+ − 2490
}
+ − 2491
}
+ − 2492
+ − 2493
function page_Special_EditSidebar()
+ − 2494
{
+ − 2495
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2496
+ − 2497
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2498
{
+ − 2499
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2500
exit;
+ − 2501
}
+ − 2502
else
+ − 2503
{
+ − 2504
+ − 2505
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2506
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2507
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2508
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2509
+ − 2510
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2511
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2512
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2513
+ − 2514
$template->load_theme('oxygen', 'bleu');
+ − 2515
$template->init_vars();
+ − 2516
+ − 2517
$template->header();
+ − 2518
+ − 2519
if(isset($_POST['save']))
+ − 2520
{
+ − 2521
// Write the new block order to the database
+ − 2522
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2523
// Anyone know a better way to do this?
+ − 2524
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2525
if ( !$q )
+ − 2526
{
+ − 2527
$db->_die('The sidebar order data could not be selected.');
+ − 2528
}
+ − 2529
$orders = Array();
+ − 2530
while($row = $db->fetchrow())
+ − 2531
{
+ − 2532
$orders[] = Array(
+ − 2533
count($orders),
+ − 2534
$row['item_id'],
+ − 2535
$row['sidebar_id'],
+ − 2536
);
+ − 2537
}
+ − 2538
$db->free_result();
+ − 2539
+ − 2540
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2541
$ol = explode(',', $_POST['order_left']);
+ − 2542
$odr = explode(',', $_POST['order_right']);
+ − 2543
$om = array_merge($ol, $odr);
+ − 2544
unset($ol, $odr);
+ − 2545
$queries = Array();
+ − 2546
foreach($orders as $k => $v)
+ − 2547
{
+ − 2548
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2549
}
+ − 2550
foreach($queries as $sql)
+ − 2551
{
+ − 2552
$q = $db->sql_query($sql);
+ − 2553
if(!$q)
+ − 2554
{
+ − 2555
$t = $db->get_error();
+ − 2556
echo $t;
+ − 2557
$template->footer();
+ − 2558
exit;
+ − 2559
}
+ − 2560
}
+ − 2561
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2562
}
+ − 2563
elseif(isset($_POST['create']))
+ − 2564
{
+ − 2565
switch((int)$_POST['type'])
+ − 2566
{
+ − 2567
case BLOCK_WIKIFORMAT:
+ − 2568
$content = $_POST['wikiformat_content'];
+ − 2569
break;
+ − 2570
case BLOCK_TEMPLATEFORMAT:
+ − 2571
$content = $_POST['templateformat_content'];
+ − 2572
break;
+ − 2573
case BLOCK_HTML:
+ − 2574
$content = $_POST['html_content'];
+ − 2575
break;
+ − 2576
case BLOCK_PHP:
+ − 2577
$content = $_POST['php_content'];
+ − 2578
break;
+ − 2579
case BLOCK_PLUGIN:
+ − 2580
$content = $_POST['plugin_id'];
+ − 2581
break;
+ − 2582
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2583
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2584
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2585
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2586
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2587
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2588
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2589
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2590
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2591
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2592
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2593
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2594
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2595
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2596
0
+ − 2597
// Get the value of item_order
+ − 2598
+ − 2599
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2600
if(!$q) $db->_die('The order number could not be selected');
+ − 2601
$io = $db->numrows();
+ − 2602
+ − 2603
$db->free_result();
+ − 2604
+ − 2605
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2606
$result = $db->sql_query($q);
+ − 2607
if(!$result)
+ − 2608
{
+ − 2609
echo $db->get_error();
+ − 2610
$template->footer();
+ − 2611
exit;
+ − 2612
}
+ − 2613
+ − 2614
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2615
+ − 2616
}
+ − 2617
+ − 2618
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2619
{
+ − 2620
if(preg_match('#^([0-9]*)$#', $_GET['id']))
+ − 2621
{
+ − 2622
} else {
+ − 2623
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2624
}
+ − 2625
switch($_GET['action'])
+ − 2626
{
+ − 2627
case 'new':
+ − 2628
?>
+ − 2629
<script type="text/javascript">
+ − 2630
function setType(input)
+ − 2631
{
+ − 2632
val = input.value;
+ − 2633
if(!val)
+ − 2634
{
+ − 2635
return false;
+ − 2636
}
+ − 2637
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2638
for(var i in divs)
+ − 2639
{
+ − 2640
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2641
else divs[i].style.display = 'none';
+ − 2642
}
+ − 2643
}
+ − 2644
</script>
+ − 2645
+ − 2646
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2647
+ − 2648
<p>
+ − 2649
What type of block should this be?
+ − 2650
</p>
+ − 2651
<p>
+ − 2652
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2653
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2654
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2655
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2656
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2657
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2658
</select>
+ − 2659
</p>
+ − 2660
+ − 2661
<p>
+ − 2662
+ − 2663
Block title: <input name="title" type="text" size="40" /><br />
+ − 2664
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2665
+ − 2666
</p>
+ − 2667
+ − 2668
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2669
<p>
+ − 2670
Wikitext:
+ − 2671
</p>
+ − 2672
<p>
+ − 2673
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2674
</p>
+ − 2675
</div>
+ − 2676
+ − 2677
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2678
<p>
+ − 2679
Template code:
+ − 2680
</p>
+ − 2681
<p>
+ − 2682
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2683
</p>
+ − 2684
</div>
+ − 2685
+ − 2686
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2687
<p>
+ − 2688
HTML to place inside the sidebar:
+ − 2689
</p>
+ − 2690
<p>
+ − 2691
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2692
</p>
+ − 2693
</div>
+ − 2694
+ − 2695
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2696
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2697
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2698
<?php } else { ?>
0
+ − 2699
<p>
+ − 2700
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2701
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2702
</p>
+ − 2703
<p>
+ − 2704
<span style="color: red;">
+ − 2705
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2706
</span> You have been warned.
+ − 2707
</p>
+ − 2708
<p>
+ − 2709
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2710
</p>
+ − 2711
<p>
+ − 2712
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2713
</p>
+ − 2714
<p>
+ − 2715
PHP code:
+ − 2716
</p>
+ − 2717
<p>
+ − 2718
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2719
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2720
<?php } ?>
0
+ − 2721
</div>
+ − 2722
+ − 2723
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2724
<p>
+ − 2725
Plugin:
+ − 2726
</p>
+ − 2727
<p>
+ − 2728
<select name="plugin_id">
+ − 2729
<?php
+ − 2730
foreach($template->plugin_blocks as $k => $c)
+ − 2731
{
+ − 2732
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2733
}
+ − 2734
?>
+ − 2735
</select>
+ − 2736
</p>
+ − 2737
</div>
+ − 2738
+ − 2739
<p>
+ − 2740
+ − 2741
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2742
<input type="submit" name="cancel" value="Cancel" />
+ − 2743
+ − 2744
</p>
+ − 2745
+ − 2746
</form>
+ − 2747
+ − 2748
<script type="text/javascript">
+ − 2749
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2750
for(var i in divs)
+ − 2751
{
+ − 2752
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2753
}
+ − 2754
</script>
+ − 2755
+ − 2756
<?php
+ − 2757
$template->footer();
+ − 2758
return;
+ − 2759
break;
+ − 2760
case 'move':
+ − 2761
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2762
{
+ − 2763
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2764
break;
+ − 2765
}
+ − 2766
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2767
if(!$query)
+ − 2768
{
+ − 2769
echo $db->get_error();
+ − 2770
$template->footer();
+ − 2771
exit;
+ − 2772
}
+ − 2773
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2774
break;
+ − 2775
case 'delete':
+ − 2776
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
+ − 2777
if(!$query)
+ − 2778
{
+ − 2779
echo $db->get_error();
+ − 2780
$template->footer();
+ − 2781
exit;
+ − 2782
}
+ − 2783
if(isset($_GET['ajax']))
+ − 2784
{
+ − 2785
ob_end_clean();
+ − 2786
die('GOOD');
+ − 2787
}
+ − 2788
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 2789
break;
+ − 2790
case 'disenable';
+ − 2791
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2792
if(!$q)
+ − 2793
{
+ − 2794
echo $db->get_error();
+ − 2795
$template->footer();
+ − 2796
exit;
+ − 2797
}
+ − 2798
$r = $db->fetchrow();
+ − 2799
$db->free_result();
+ − 2800
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
+ − 2801
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2802
if(!$q)
+ − 2803
{
+ − 2804
echo $db->get_error();
+ − 2805
$template->footer();
+ − 2806
exit;
+ − 2807
}
+ − 2808
if(isset($_GET['ajax']))
+ − 2809
{
+ − 2810
ob_end_clean();
+ − 2811
die('GOOD');
+ − 2812
}
+ − 2813
break;
+ − 2814
case 'getsource':
+ − 2815
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2816
if(!$q)
+ − 2817
{
+ − 2818
echo $db->get_error();
+ − 2819
$template->footer();
+ − 2820
exit;
+ − 2821
}
+ − 2822
ob_end_clean();
+ − 2823
$r = $db->fetchrow();
+ − 2824
$db->free_result();
+ − 2825
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 2826
die($r['block_content']);
+ − 2827
break;
+ − 2828
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2829
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2830
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2831
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2832
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2833
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2834
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2835
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2836
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2837
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2838
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2839
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2840
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2841
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2842
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2843
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2844
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2845
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2846
}
0
+ − 2847
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2848
if(!$q)
+ − 2849
{
+ − 2850
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2851
exit;
+ − 2852
}
+ − 2853
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2854
if(!$q)
+ − 2855
{
+ − 2856
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2857
exit;
+ − 2858
}
+ − 2859
$row = $db->fetchrow();
+ − 2860
$db->free_result();
+ − 2861
switch($row['block_type'])
+ − 2862
{
+ − 2863
case BLOCK_WIKIFORMAT:
+ − 2864
default:
+ − 2865
$c = RenderMan::render($row['block_content']);
+ − 2866
break;
+ − 2867
case BLOCK_TEMPLATEFORMAT:
+ − 2868
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2869
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2870
break;
+ − 2871
case BLOCK_HTML:
+ − 2872
$c = $row['block_content'];
+ − 2873
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2874
break;
+ − 2875
case BLOCK_PHP:
+ − 2876
ob_start();
+ − 2877
eval($row['block_content']);
+ − 2878
$c = ob_get_contents();
+ − 2879
ob_end_clean();
+ − 2880
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2881
break;
+ − 2882
case BLOCK_PLUGIN:
+ − 2883
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2884
break;
+ − 2885
}
+ − 2886
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 2887
break;
+ − 2888
}
+ − 2889
}
+ − 2890
+ − 2891
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2892
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 2893
+ − 2894
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 2895
+ − 2896
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 2897
$parser->assign_vars(Array(
+ − 2898
'HREF'=>'#',
+ − 2899
'FLAGS'=>'onclick="return false;"',
+ − 2900
'TEXT'=>'Change theme'
+ − 2901
));
+ − 2902
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 2903
$parser->assign_vars(Array(
+ − 2904
'TEXT'=>'Log out',
+ − 2905
));
+ − 2906
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 2907
+ − 2908
$n1 = Array();
+ − 2909
$n2 = Array();
+ − 2910
$n =& $n1;
+ − 2911
+ − 2912
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 2913
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2914
+ − 2915
// Time for the loop
+ − 2916
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 2917
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 2918
while($row = $db->fetchrow())
+ − 2919
{
+ − 2920
if(isset($current_side))
+ − 2921
{
+ − 2922
if($current_side != $row['sidebar_id'])
+ − 2923
{
+ − 2924
// Time to switch!
+ − 2925
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2926
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 2927
//echo '</td><td valign="top">';
+ − 2928
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2929
$n =& $n2;
+ − 2930
}
+ − 2931
}
+ − 2932
$n[] = count($n);
+ − 2933
$current_side = $row['sidebar_id'];
+ − 2934
switch($row['block_type'])
+ − 2935
{
+ − 2936
case BLOCK_WIKIFORMAT:
+ − 2937
default:
+ − 2938
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2939
$c = RenderMan::render($row['block_content']);
+ − 2940
break;
+ − 2941
case BLOCK_TEMPLATEFORMAT:
+ − 2942
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2943
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2944
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2945
break;
+ − 2946
case BLOCK_HTML:
+ − 2947
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2948
$c = $row['block_content'];
+ − 2949
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2950
break;
+ − 2951
case BLOCK_PHP:
+ − 2952
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2953
ob_start();
+ − 2954
eval($row['block_content']);
+ − 2955
$c = ob_get_contents();
+ − 2956
ob_end_clean();
+ − 2957
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2958
break;
+ − 2959
case BLOCK_PLUGIN:
+ − 2960
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2961
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2962
break;
+ − 2963
}
+ − 2964
$t = $template->tplWikiFormat($row['block_name']);
+ − 2965
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 2966
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 2967
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 2968
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 2969
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 2970
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 2971
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 2972
$as = '';
+ − 2973
$ae = ' '.$tb;
+ − 2974
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 2975
echo $parser->run();
+ − 2976
unset($parser);
+ − 2977
+ − 2978
}
+ − 2979
$db->free_result();
+ − 2980
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2981
echo '</div></td></tr></table>';
+ − 2982
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 2983
$order = implode(',', $n1);
+ − 2984
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 2985
$order = implode(',', $n2);
+ − 2986
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 2987
echo '
+ − 2988
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 2989
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 2990
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 2991
<br />
+ − 2992
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 2993
</div>
+ − 2994
</form>
+ − 2995
';
+ − 2996
}
+ − 2997
+ − 2998
$template->footer();
+ − 2999
}
+ − 3000
+ − 3001
?>