1
+ − 1
<?php
+ − 2
/*
+ − 3
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 4
* Version 1.0.1 (Loch Ness)
1
+ − 5
* Copyright (C) 2006-2007 Dan Fuhry
+ − 6
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class PageUtils {
+ − 16
+ − 17
/**
+ − 18
* List possible username completions
+ − 19
* @param $name the name to check for
+ − 20
* @return array
+ − 21
*/
+ − 22
+ − 23
function checkusername($name)
+ − 24
{
+ − 25
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 26
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE username=\''.$db->escape(rawurldecode($name)).'\'');
+ − 27
if(!$q) die(mysql_error());
+ − 28
if($db->numrows() < 1) { $db->free_result(); return('good'); }
+ − 29
else { $db->free_result(); return('bad'); }
+ − 30
}
+ − 31
+ − 32
/**
+ − 33
* Get the wiki formatting source for a page
+ − 34
* @param $page the full page id (Namespace:Pagename)
+ − 35
* @return string
+ − 36
* @todo (DONE) Make it require a password (just for security purposes)
+ − 37
*/
+ − 38
+ − 39
function getsource($page, $password = false)
+ − 40
{
+ − 41
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 42
if(!isset($paths->pages[$page]))
+ − 43
{
+ − 44
return '';
+ − 45
}
+ − 46
+ − 47
if(strlen($paths->pages[$page]['password']) == 40)
+ − 48
{
+ − 49
if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 50
{
+ − 51
return 'invalid_password';
+ − 52
}
+ − 53
}
+ − 54
+ − 55
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 56
return 'access_denied';
+ − 57
$pid = RenderMan::strToPageID($page);
+ − 58
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 59
{
+ − 60
die('This type of page ('.$paths->nslist[$pid[1]].') cannot be edited because the page source code is not stored in the database.');
+ − 61
}
+ − 62
+ − 63
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$pid[0].'\' AND namespace=\''.$pid[1].'\'');
+ − 64
if ( !$e )
+ − 65
{
+ − 66
$db->_die('The page text could not be selected.');
+ − 67
}
+ − 68
if( $db->numrows() < 1 )
+ − 69
{
+ − 70
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 71
}
+ − 72
+ − 73
$r = $db->fetchrow();
+ − 74
$db->free_result();
+ − 75
$message = $r['page_text'];
+ − 76
+ − 77
return htmlspecialchars($message);
+ − 78
}
+ − 79
+ − 80
/**
+ − 81
* Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 82
* @param $page the full page id (Namespace:Pagename)
+ − 83
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 84
* @return string
+ − 85
*/
+ − 86
+ − 87
function getpage($page, $send_headers = false, $hist_id = false)
+ − 88
{
+ − 89
die('PageUtils->getpage is deprecated.');
+ − 90
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 91
ob_start();
+ − 92
$pid = RenderMan::strToPageID($page);
+ − 93
//die('<pre>'.print_r($pid, true).'</pre>');
+ − 94
if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 95
{
+ − 96
password_prompt($page);
+ − 97
}
+ − 98
if(isset($paths->pages[$page]))
+ − 99
{
+ − 100
doStats($pid[0], $pid[1]);
+ − 101
}
+ − 102
if($paths->custom_page || $pid[1] == 'Special')
+ − 103
{
+ − 104
// If we don't have access to the page, get out and quick!
+ − 105
if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 106
{
+ − 107
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 108
+ − 109
if ( $send_headers )
+ − 110
{
+ − 111
$template->header();
+ − 112
}
+ − 113
+ − 114
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 115
+ − 116
if ( $send_headers )
+ − 117
{
+ − 118
$template->footer();
+ − 119
}
+ − 120
+ − 121
$r = ob_get_contents();
+ − 122
ob_end_clean();
+ − 123
return $r;
+ − 124
}
+ − 125
+ − 126
$fname = 'page_'.$pid[1].'_'.$paths->pages[$page]['urlname_nons'];
+ − 127
@call_user_func($fname);
+ − 128
+ − 129
}
+ − 130
else if ( $pid[1] == 'Admin' )
+ − 131
{
+ − 132
// If we don't have access to the page, get out and quick!
+ − 133
if(!$session->get_permissions('read'))
+ − 134
{
+ − 135
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 136
if ( $send_headers )
+ − 137
{
+ − 138
$template->header();
+ − 139
}
+ − 140
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 141
if ( $send_headers )
+ − 142
{
+ − 143
$template->footer();
+ − 144
}
+ − 145
$r = ob_get_contents();
+ − 146
ob_end_clean();
+ − 147
return $r;
+ − 148
}
+ − 149
+ − 150
$fname = 'page_'.$pid[1].'_'.$pid[0];
+ − 151
if ( !function_exists($fname) )
+ − 152
{
+ − 153
$title = 'Page backend not found';
+ − 154
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 155
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 156
if ( $send_headers )
+ − 157
{
+ − 158
die_friendly($title, "<p>$message</p>");
+ − 159
}
+ − 160
else
+ − 161
{
+ − 162
echo "<h2>$title</h2>\n<p>$message</p>";
+ − 163
}
+ − 164
}
+ − 165
@call_user_func($fname);
+ − 166
}
+ − 167
else if ( !isset( $paths->pages[$page] ) )
+ − 168
{
+ − 169
ob_start();
+ − 170
$code = $plugins->setHook('page_not_found');
+ − 171
foreach ( $code as $cmd )
+ − 172
{
+ − 173
eval($cmd);
+ − 174
}
+ − 175
$text = ob_get_contents();
+ − 176
if ( $text != '' )
+ − 177
{
+ − 178
ob_end_clean();
+ − 179
return $text;
+ − 180
}
+ − 181
$template->header();
+ − 182
if($m = $paths->sysmsg('Page_not_found'))
+ − 183
{
+ − 184
eval('?>'.RenderMan::render($m));
+ − 185
}
+ − 186
else
+ − 187
{
+ − 188
header('HTTP/1.1 404 Not Found');
+ − 189
echo '<h3>There is no page with this title yet.</h3>
+ − 190
<p>You have requested a page that doesn\'t exist yet.';
+ − 191
if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 192
else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 193
if($session->get_permissions('history_rollback')) {
+ − 194
$e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;');
+ − 195
if(!$e) $db->_die('The deletion log could not be selected.');
+ − 196
if($db->numrows() > 0) {
+ − 197
$r = $db->fetchrow();
+ − 198
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ − 199
}
+ − 200
$db->free_result();
+ − 201
}
+ − 202
echo '<p>
+ − 203
HTTP Error: 404 Not Found
+ − 204
</p>';
+ − 205
}
+ − 206
$template->footer();
+ − 207
}
+ − 208
else
+ − 209
{
+ − 210
+ − 211
// If we don't have access to the page, get out and quick!
+ − 212
if(!$session->get_permissions('read'))
+ − 213
{
+ − 214
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 215
if($send_headers) $template->header();
+ − 216
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 217
if($send_headers) $template->footer();
+ − 218
$r = ob_get_contents();
+ − 219
ob_end_clean();
+ − 220
return $r;
+ − 221
}
+ − 222
+ − 223
ob_start();
+ − 224
$code = $plugins->setHook('page_custom_handler');
+ − 225
foreach ( $code as $cmd )
+ − 226
{
+ − 227
eval($cmd);
+ − 228
}
+ − 229
$text = ob_get_contents();
+ − 230
if ( $text != '' )
+ − 231
{
+ − 232
ob_end_clean();
+ − 233
return $text;
+ − 234
}
+ − 235
+ − 236
if($hist_id) {
+ − 237
$e = $db->sql_query('SELECT page_text,date_string,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$paths->pages[$page]['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' AND log_type=\'page\' AND action=\'edit\' AND time_id='.$db->escape($hist_id).'');
+ − 238
if($db->numrows() < 1)
+ − 239
{
+ − 240
$db->_die('There were no rows in the text table that matched the page text query.');
+ − 241
}
+ − 242
$r = $db->fetchrow();
+ − 243
$db->free_result();
+ − 244
$message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.$r['date_string'].'.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id='.$hist_id).'" onclick="ajaxRollback(\''.$hist_id.'\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
+ − 245
+ − 246
if( !$paths->pages[$page]['special'] )
+ − 247
{
+ − 248
if($send_headers)
+ − 249
{
+ − 250
$template->header();
+ − 251
}
+ − 252
display_page_headers();
+ − 253
}
+ − 254
+ − 255
eval('?>'.$message);
+ − 256
+ − 257
if( !$paths->pages[$page]['special'] )
+ − 258
{
+ − 259
display_page_footers();
+ − 260
if($send_headers)
+ − 261
{
+ − 262
$template->footer();
+ − 263
}
+ − 264
}
+ − 265
+ − 266
} else {
+ − 267
if(!$paths->pages[$page]['special'])
+ − 268
{
+ − 269
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 270
}
+ − 271
else
+ − 272
{
+ − 273
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 274
}
+ − 275
// This line is used to debug wikiformatted code
+ − 276
// die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 277
+ − 278
if( !$paths->pages[$page]['special'] )
+ − 279
{
+ − 280
if($send_headers)
+ − 281
{
+ − 282
$template->header();
+ − 283
}
+ − 284
display_page_headers();
+ − 285
}
+ − 286
+ − 287
// This is it, this is what all of Enano has been working up to...
+ − 288
+ − 289
eval('?>'.$message);
+ − 290
+ − 291
if( !$paths->pages[$page]['special'] )
+ − 292
{
+ − 293
display_page_footers();
+ − 294
if($send_headers)
+ − 295
{
+ − 296
$template->footer();
+ − 297
}
+ − 298
}
+ − 299
}
+ − 300
}
+ − 301
$ret = ob_get_contents();
+ − 302
ob_end_clean();
+ − 303
return $ret;
+ − 304
}
+ − 305
+ − 306
/**
+ − 307
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 308
* @param $page_id the page ID
+ − 309
* @param $namespace the namespace
+ − 310
* @param $message the text to save
+ − 311
* @return string
+ − 312
*/
+ − 313
+ − 314
function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 315
{
+ − 316
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 317
$uid = sha1(microtime());
+ − 318
$pname = $paths->nslist[$namespace] . $page_id;
+ − 319
+ − 320
if(!$session->get_permissions('edit_page'))
+ − 321
return 'Access to edit pages is denied.';
+ − 322
+ − 323
if(!isset($paths->pages[$pname]))
+ − 324
{
+ − 325
if(!PageUtils::createPage($page_id, $namespace))
+ − 326
return 'The page did not exist, and I was not able to create it. Permissions problem?';
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 327
$paths->page_exists = true;
1
+ − 328
}
+ − 329
+ − 330
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 331
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 332
if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
+ − 333
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 334
// Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 335
$message = RenderMan::preprocess_text($message, false, false);
+ − 336
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 337
$msg = $db->escape($message);
1
+ − 338
+ − 339
$minor = $minor ? 'true' : 'false';
+ − 340
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
+ − 341
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 342
+ − 343
$q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';';
+ − 344
$e = $db->sql_query($q);
+ − 345
if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 346
+ − 347
$paths->rebuild_page_index($page_id, $namespace);
+ − 348
+ − 349
return 'good';
+ − 350
}
+ − 351
+ − 352
/**
+ − 353
* Creates a page, both in memory and in the database.
+ − 354
* @param string $page_id
+ − 355
* @param string $namespace
+ − 356
* @return bool true on success, false on failure
+ − 357
*/
+ − 358
+ − 359
function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 360
{
+ − 361
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 362
if(in_array($namespace, Array('Special', 'Admin')))
+ − 363
{
+ − 364
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
+ − 365
return false; // Can't create a special page
+ − 366
}
+ − 367
+ − 368
if(!isset($paths->nslist[$namespace]))
+ − 369
{
+ − 370
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
+ − 371
return false; // Couldn't look up namespace
+ − 372
}
+ − 373
+ − 374
$pname = $paths->nslist[$namespace] . $page_id;
+ − 375
if(isset($paths->pages[$pname]))
+ − 376
{
+ − 377
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
+ − 378
return false; // Page already exists
+ − 379
}
+ − 380
+ − 381
if(!$session->get_permissions('create_page'))
+ − 382
{
+ − 383
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
+ − 384
return false; // Access denied
+ − 385
}
+ − 386
+ − 387
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 388
{
+ − 389
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
+ − 390
return false; // Not authorized to create system messages
+ − 391
}
+ − 392
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 393
$page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 394
1
+ − 395
if ( !$name )
+ − 396
$name = str_replace('_', ' ', $page_id);
+ − 397
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
+ − 398
if(!preg_match($regex, $page))
+ − 399
{
+ − 400
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
+ − 401
return false; // Name contains invalid characters
+ − 402
}
+ − 403
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 404
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 405
1
+ − 406
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 407
112
+ − 408
$ips = array(
+ − 409
'ip' => array(),
+ − 410
'u' => array()
+ − 411
);
+ − 412
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 413
$page_data = Array(
1
+ − 414
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 415
'urlname'=>$page_id,
1
+ − 416
'namespace'=>$namespace,
112
+ − 417
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 418
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 419
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 420
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 421
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 422
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 423
112
+ − 424
$qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');');
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 425
$qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 426
$qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
1
+ − 427
+ − 428
if($qa && $qb && $qc)
+ − 429
return true;
+ − 430
else
+ − 431
{
+ − 432
echo $db->get_error();
+ − 433
return false;
+ − 434
}
+ − 435
}
+ − 436
+ − 437
/**
+ − 438
* Sets the protection level on a page.
+ − 439
* @param $page_id string the page ID
+ − 440
* @param $namespace string the namespace
+ − 441
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 442
* @param $reason string why the page is being (un)protected
+ − 443
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 444
*/
+ − 445
function protect($page_id, $namespace, $level, $reason)
+ − 446
{
+ − 447
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 448
+ − 449
$pname = $paths->nslist[$namespace] . $page_id;
+ − 450
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 451
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 452
+ − 453
if(!$session->get_permissions('protect')) return('Insufficient access rights');
+ − 454
if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.');
+ − 455
if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.');
+ − 456
+ − 457
if($reason!='NO_REASON') {
+ − 458
switch($level)
+ − 459
{
+ − 460
case 0:
+ − 461
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 462
break;
+ − 463
case 1:
+ − 464
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 465
break;
+ − 466
case 2:
+ − 467
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 468
break;
+ − 469
default:
+ − 470
return 'PageUtils::protect(): Invalid value for $level';
+ − 471
break;
+ − 472
}
+ − 473
if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
+ − 474
}
+ − 475
+ − 476
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 477
if(!$q) $db->_die('The pages table was not updated.');
+ − 478
+ − 479
return('good');
+ − 480
}
+ − 481
+ − 482
/**
+ − 483
* Generates an HTML table with history information in it.
+ − 484
* @param $page_id the page ID
+ − 485
* @param $namespace the namespace
+ − 486
* @return string
+ − 487
*/
+ − 488
+ − 489
function histlist($page_id, $namespace)
+ − 490
{
+ − 491
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 492
+ − 493
if(!$session->get_permissions('history_view'))
+ − 494
return 'Access denied';
+ − 495
+ − 496
ob_start();
+ − 497
+ − 498
$pname = $paths->nslist[$namespace] . $page_id;
+ − 499
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 500
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 501
+ − 502
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' ORDER BY time_id DESC;';
+ − 503
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 504
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 505
$numrows = $db->numrows();
+ − 506
if($numrows < 1) echo 'No history entries in this category.';
+ − 507
else
+ − 508
{
+ − 509
+ − 510
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
+ − 511
<input type="submit" value="Compare selected revisions" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 512
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 513
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 514
<input type="hidden" name="do" value="diff" />
1
+ − 515
<br /><span> </span>
+ − 516
<div class="tblholder">
+ − 517
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 518
<tr>
+ − 519
<th colspan="2">Diff</th>
+ − 520
<th>Date/time</th>
+ − 521
<th>User</th>
+ − 522
<th>Edit summary</th>
+ − 523
<th>Minor</th>
+ − 524
<th colspan="3">Actions</th>
+ − 525
</tr>'."\n"."\n";
+ − 526
$cls = 'row2';
+ − 527
$ticker = 0;
+ − 528
+ − 529
while($r = $db->fetchrow()) {
+ − 530
+ − 531
$ticker++;
+ − 532
+ − 533
if($cls == 'row2') $cls = 'row1';
+ − 534
else $cls = 'row2';
+ − 535
+ − 536
echo '<tr>'."\n";
+ − 537
+ − 538
// Diff selection
+ − 539
if($ticker == 1)
+ − 540
{
+ − 541
$s1 = '';
+ − 542
$s2 = 'checked="checked" ';
+ − 543
}
+ − 544
elseif($ticker == 2)
+ − 545
{
+ − 546
$s1 = 'checked="checked" ';
+ − 547
$s2 = '';
+ − 548
}
+ − 549
else
+ − 550
{
+ − 551
$s1 = '';
+ − 552
$s2 = '';
+ − 553
}
+ − 554
if($ticker > 1) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
+ − 555
if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
+ − 556
+ − 557
// Date and time
+ − 558
echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n";
+ − 559
+ − 560
// User
+ − 561
if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"';
+ − 562
else $rc = '';
+ − 563
echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" ';
+ − 564
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
+ − 565
echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n";
+ − 566
+ − 567
// Edit summary
+ − 568
echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n";
+ − 569
+ − 570
// Minor edit
+ − 571
echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
+ − 572
+ − 573
// Actions!
+ − 574
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n";
+ − 575
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n";
+ − 576
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n";
+ − 577
+ − 578
echo '</tr>'."\n"."\n";
+ − 579
+ − 580
}
+ − 581
echo '</table>
+ − 582
</div>
+ − 583
<br />
+ − 584
<input type="hidden" name="do" value="diff" />
+ − 585
<input type="submit" value="Compare selected revisions" />
+ − 586
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 587
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 588
}
+ − 589
$db->free_result();
+ − 590
echo '<h3>Other changes:</h3>';
+ − 591
$q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\' ORDER BY time_id DESC;';
+ − 592
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 593
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 594
else {
+ − 595
+ − 596
echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ − 597
$cls = 'row2';
+ − 598
while($r = $db->fetchrow()) {
+ − 599
+ − 600
if($cls == 'row2') $cls = 'row1';
+ − 601
else $cls = 'row2';
+ − 602
+ − 603
echo '<tr>';
+ − 604
+ − 605
// Date and time
+ − 606
echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">';
+ − 607
+ − 608
// User
+ − 609
echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" ';
+ − 610
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
+ − 611
echo '>'.$r['author'].'</a></td class="'.$cls.'">';
+ − 612
+ − 613
+ − 614
// Minor edit
+ − 615
echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
+ − 616
+ − 617
// Action taken
+ − 618
echo '<td class="'.$cls.'">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 619
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
1
+ − 620
if ($r['action']=='prot') echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+ − 621
elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+ − 622
elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 623
elseif($r['action']=='rename') echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
1
+ − 624
elseif($r['action']=='create') echo 'Created page</td><td class="'.$cls.'">';
28
+ − 625
elseif($r['action']=='delete') echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 626
elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
1
+ − 627
echo '</td>';
+ − 628
+ − 629
// Actions!
+ − 630
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>';
+ − 631
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>';
+ − 632
+ − 633
//echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): ';
+ − 634
+ − 635
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 636
echo '<br />';
+ − 637
+ − 638
echo '</tr>';
+ − 639
}
+ − 640
echo '</table></div>';
+ − 641
}
+ − 642
$db->free_result();
+ − 643
$ret = ob_get_contents();
+ − 644
ob_end_clean();
+ − 645
return $ret;
+ − 646
}
+ − 647
+ − 648
/**
+ − 649
* Rolls back a logged action
+ − 650
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 651
* @return string
+ − 652
*/
+ − 653
+ − 654
function rollback($id)
+ − 655
{
+ − 656
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 657
if(!$session->get_permissions('history_rollback')) return('You are not authorized to perform rollbacks.');
+ − 658
if(!preg_match('#^([0-9]+)$#', (string)$id)) return('The value "id" on the query string must be an integer.');
+ − 659
$e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
+ − 660
if(!$e) $db->_die('The rollback data could not be selected.');
+ − 661
$rb = $db->fetchrow();
+ − 662
$db->free_result();
+ − 663
switch($rb['log_type']) {
+ − 664
case "page":
+ − 665
switch($rb['action']) {
+ − 666
case "edit":
+ − 667
$t = $db->escape($rb['page_text']);
+ − 668
$e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
+ − 669
if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 670
else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.');
+ − 671
break;
+ − 672
case "rename":
+ − 673
$t = $db->escape($rb['edit_summary']);
+ − 674
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
+ − 675
if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 676
else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.');
+ − 677
break;
+ − 678
case "prot":
+ − 679
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
+ − 680
if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 681
else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
+ − 682
break;
+ − 683
case "semiprot":
+ − 684
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
+ − 685
if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 686
else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
+ − 687
break;
+ − 688
case "unprot":
+ − 689
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
+ − 690
if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 691
else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.');
+ − 692
break;
+ − 693
case "delete":
+ − 694
if(!$session->get_permissions('history_rollback_extra')) return('Administrative privileges are required for page undeletion.');
+ − 695
if(isset($paths->pages[$paths->cpage['urlname']])) return('You cannot raise a dead page that is alive.');
+ − 696
$name = str_replace('_', ' ', $rb['page_id']);
+ − 697
$e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 698
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 699
$r = $db->fetchrow();
+ − 700
$e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 701
return('The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.');
+ − 702
break;
+ − 703
case "reupload":
+ − 704
if(!$session->get_permissions('history_rollbacks_extra')) return('Administrative privileges are required for file rollbacks.');
+ − 705
$newtime = time();
+ − 706
$newdate = date('d M Y h:i a');
+ − 707
if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
+ − 708
if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
+ − 709
return('The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.');
+ − 710
break;
+ − 711
default:
+ − 712
return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
+ − 713
break;
+ − 714
}
+ − 715
break;
+ − 716
case "security":
+ − 717
case "login":
+ − 718
return('A '.$rb['log_type'].'-related log entry cannot be rolled back.');
+ − 719
break;
+ − 720
default:
+ − 721
return('Unknown log entry type: "'.$rb['log_type'].'"');
+ − 722
}
+ − 723
}
+ − 724
+ − 725
/**
+ − 726
* Posts a comment.
+ − 727
* @param $page_id the page ID
+ − 728
* @param $namespace the namespace
+ − 729
* @param $name the name of the person posting, defaults to current username/IP
+ − 730
* @param $subject the subject line of the comment
+ − 731
* @param $text the comment text
+ − 732
* @return string javascript code
+ − 733
*/
+ − 734
+ − 735
function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 736
{
+ − 737
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 738
$_ob = '';
+ − 739
if(!$session->get_permissions('post_comments'))
+ − 740
return 'Access denied';
+ − 741
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 742
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 743
{
+ − 744
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 745
$result = $session->get_captcha($captcha_id);
+ − 746
if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 747
}
+ − 748
$text = RenderMan::preprocess_text($text);
+ − 749
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 750
$subj = RenderMan::preprocess_text($subject);
+ − 751
if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
+ − 752
$q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')';
+ − 753
$e = $db->sql_query($q);
+ − 754
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))');
+ − 755
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 756
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 757
}
+ − 758
+ − 759
/**
+ − 760
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 761
* @param $page_id the page ID
+ − 762
* @param $namespace the namespace
+ − 763
* @param $action administrative action to perform, default is false
+ − 764
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 765
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 766
* @return array
+ − 767
* @access private
+ − 768
*/
+ − 769
+ − 770
function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 771
{
+ − 772
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 773
+ − 774
$pname = $paths->nslist[$namespace] . $page_id;
+ − 775
+ − 776
ob_start();
+ − 777
+ − 778
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 779
{
+ − 780
switch($action) {
+ − 781
case "delete":
+ − 782
if(isset($flags['id']))
+ − 783
{
+ − 784
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
+ − 785
} else {
+ − 786
$n = $db->escape($flags['name']);
+ − 787
$s = $db->escape($flags['subj']);
+ − 788
$t = $db->escape($flags['text']);
+ − 789
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ − 790
}
+ − 791
$e=$db->sql_query($q);
+ − 792
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 793
break;
+ − 794
case "approve":
+ − 795
if(isset($flags['id']))
+ − 796
{
+ − 797
$where = 'comment_id='.intval($flags['id']);
+ − 798
} else {
+ − 799
$n = $db->escape($flags['name']);
+ − 800
$s = $db->escape($flags['subj']);
+ − 801
$t = $db->escape($flags['text']);
+ − 802
$where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\'';
+ − 803
}
+ − 804
$q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;';
+ − 805
$e = $db->sql_query($q);
+ − 806
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 807
$r = $db->fetchrow();
+ − 808
$db->free_result();
+ − 809
$a = ( $r['approved'] ) ? '0' : '1';
+ − 810
$q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';';
+ − 811
$e=$db->sql_query($q);
+ − 812
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 813
if($a=='1') $v = 'Unapprove';
+ − 814
else $v = 'Approve';
+ − 815
echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";';
+ − 816
break;
+ − 817
}
+ − 818
}
+ − 819
+ − 820
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 821
{
+ − 822
$template->load_theme($session->theme, $session->style);
+ − 823
}
+ − 824
+ − 825
$tpl = $template->makeParser('comment.tpl');
+ − 826
+ − 827
$e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;');
+ − 828
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 829
$num_unapp = $db->numrows();
+ − 830
$db->free_result();
+ − 831
$e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;');
+ − 832
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 833
$num_app = $db->numrows();
+ − 834
$db->free_result();
+ − 835
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
+ − 836
FROM '.table_prefix.'comments AS c
+ − 837
LEFT JOIN '.table_prefix.'users AS u
+ − 838
ON c.user_id=u.user_id
+ − 839
WHERE page_id=\''.$page_id.'\'
+ − 840
AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;');
+ − 841
if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
+ − 842
$_ob .= '<h3>Article Comments</h3>';
+ − 843
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
+ − 844
if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments';
+ − 845
if($n < 1)
+ − 846
{
+ − 847
$_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
+ − 848
if($namespace != 'Article') $_ob .= ' page';
+ − 849
$_ob .= '.</p>';
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 850
} else $_ob .= '<p>There '.$s.' on this article.';
1
+ − 851
if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>';
+ − 852
elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 853
$_ob .= '</p>';
1
+ − 854
$list = 'list = { ';
+ − 855
// _die(htmlspecialchars($ttext));
+ − 856
$i = -1;
+ − 857
while($row = $db->fetchrow($lq))
+ − 858
{
+ − 859
$i++;
+ − 860
$strings = Array();
+ − 861
$bool = Array();
+ − 862
if($session->get_permissions('mod_comments') || $row['approved']) {
+ − 863
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 864
+ − 865
// Comment ID (used in the Javascript apps)
+ − 866
$strings['ID'] = (string)$i;
+ − 867
+ − 868
// Determine the name, and whether to link to the user page or not
+ − 869
$name = '';
+ − 870
if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
+ − 871
$name .= $row['name'];
+ − 872
if($row['user_id'] > 0) $name .= '</a>';
+ − 873
$strings['NAME'] = $name; unset($name);
+ − 874
+ − 875
// Subject
+ − 876
$s = $row['subject'];
+ − 877
if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ − 878
$strings['SUBJECT'] = $s;
+ − 879
+ − 880
// Date and time
+ − 881
$strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 882
+ − 883
// User level
+ − 884
switch($row['user_level'])
+ − 885
{
+ − 886
default:
+ − 887
case USER_LEVEL_GUEST:
+ − 888
$l = 'Guest';
+ − 889
break;
+ − 890
case USER_LEVEL_MEMBER:
+ − 891
$l = 'Member';
+ − 892
break;
+ − 893
case USER_LEVEL_MOD:
+ − 894
$l = 'Moderator';
+ − 895
break;
+ − 896
case USER_LEVEL_ADMIN:
+ − 897
$l = 'Administrator';
+ − 898
break;
+ − 899
}
+ − 900
$strings['USER_LEVEL'] = $l; unset($l);
+ − 901
+ − 902
// The actual comment data
+ − 903
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 904
+ − 905
if($session->get_permissions('edit_comments'))
+ − 906
{
+ − 907
// Edit link
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 908
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id='.$row['comment_id']).'" id="editbtn_'.$i.'">edit</a>';
1
+ − 909
+ − 910
// Delete link
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 911
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id='.$row['comment_id']).'">delete</a>';
1
+ − 912
}
+ − 913
else
+ − 914
{
+ − 915
// Edit link
+ − 916
$strings['EDIT_LINK'] = '';
+ − 917
+ − 918
// Delete link
+ − 919
$strings['DELETE_LINK'] = '';
+ − 920
}
+ − 921
+ − 922
// Send PM link
+ − 923
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : '';
+ − 924
+ − 925
// Add Buddy link
+ − 926
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : '';
+ − 927
+ − 928
// Mod links
+ − 929
$applink = '';
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 930
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">';
1
+ − 931
if($row['approved']) $applink .= 'Unapprove';
+ − 932
else $applink .= 'Approve';
+ − 933
$applink .= '</a>';
+ − 934
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 935
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id='.$row['comment_id']).'">Delete</a>';
1
+ − 936
+ − 937
// Signature
+ − 938
$strings['SIGNATURE'] = '';
+ − 939
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 940
+ − 941
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 942
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 943
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 944
+ − 945
// Done processing and compiling, now let's cook it into HTML
+ − 946
$tpl->assign_vars($strings);
+ − 947
$tpl->assign_bool($bool);
+ − 948
$_ob .= $tpl->run();
+ − 949
}
+ − 950
}
+ − 951
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 952
{
+ − 953
if(!$session->get_permissions('post_comments'))
+ − 954
{
+ − 955
$_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
+ − 956
}
+ − 957
else
+ − 958
{
+ − 959
$_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
+ − 960
if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
+ − 961
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
+ − 962
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
+ − 963
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ − 964
<div id="mdgCommentForm">
+ − 965
<h3>Comment form</h3>
+ − 966
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 967
<table border="0">
+ − 968
<tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr>
+ − 969
<tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ − 970
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 971
{
+ − 972
$session->kill_captcha();
+ − 973
$captcha = $session->make_captcha();
+ − 974
$_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
+ − 975
}
+ − 976
$_ob .= '
+ − 977
<tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 978
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ − 979
</table>
+ − 980
</form>
+ − 981
</div>';
+ − 982
}
+ − 983
} else {
+ − 984
$_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>';
+ − 985
}
+ − 986
$list .= '};';
+ − 987
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 988
' . $list;
+ − 989
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 990
+ − 991
$ret = ob_get_contents();
+ − 992
ob_end_clean();
+ − 993
return Array($ret, $_ob);
+ − 994
+ − 995
}
+ − 996
+ − 997
/**
+ − 998
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 999
* @param $page_id the page ID
+ − 1000
* @param $namespace the namespace
+ − 1001
* @param $action administrative action to perform, default is false
+ − 1002
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1003
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1004
* @return string
+ − 1005
*/
+ − 1006
+ − 1007
function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1008
{
+ − 1009
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1010
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1011
return $r[0];
+ − 1012
}
+ − 1013
+ − 1014
/**
+ − 1015
* Generates HTML code for comments - used in browser compatibility mode
+ − 1016
* @param $page_id the page ID
+ − 1017
* @param $namespace the namespace
+ − 1018
* @param $action administrative action to perform, default is false
+ − 1019
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1020
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1021
* @return string
+ − 1022
*/
+ − 1023
+ − 1024
function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1025
{
+ − 1026
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1027
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1028
return $r[1];
+ − 1029
}
+ − 1030
+ − 1031
/**
+ − 1032
* Updates comment data.
+ − 1033
* @param $page_id the page ID
+ − 1034
* @param $namespace the namespace
+ − 1035
* @param $subject new subject
+ − 1036
* @param $text new text
+ − 1037
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1038
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1039
* @param $id the javascript list ID, used internally by the client-side app
+ − 1040
* @return string
+ − 1041
*/
+ − 1042
+ − 1043
function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1044
{
+ − 1045
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1046
if(!$session->get_permissions('edit_comments'))
+ − 1047
return 'result="BAD";error="Access denied"';
+ − 1048
// Avoid SQL injection
+ − 1049
$old_text = $db->escape($old_text);
+ − 1050
$old_subject = $db->escape($old_subject);
+ − 1051
// Safety check - username/login
+ − 1052
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1053
{
+ − 1054
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1055
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1056
$s = $db->sql_query($q);
+ − 1057
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1058
$r = $db->fetchrow($s);
+ − 1059
$db->free_result();
+ − 1060
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1061
}
+ − 1062
$s = RenderMan::preprocess_text($subject);
+ − 1063
$t = RenderMan::preprocess_text($text);
+ − 1064
$sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1065
$result = $db->sql_query($sql);
+ − 1066
if($result)
+ − 1067
{
+ − 1068
return 'result="GOOD";
+ − 1069
list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
+ − 1070
list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.';
+ − 1071
s = unescape(\''.rawurlencode($s).'\');
+ − 1072
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1073
}
+ − 1074
else
+ − 1075
{
+ − 1076
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1077
Performed SQL:
+ − 1078
'.$sql.'
+ − 1079
+ − 1080
Error returned by MySQL: '.mysql_error()).'");';
+ − 1081
}
+ − 1082
}
+ − 1083
+ − 1084
/**
+ − 1085
* Updates comment data using the comment_id column instead of the old, messy way
+ − 1086
* @param $page_id the page ID
+ − 1087
* @param $namespace the namespace
+ − 1088
* @param $subject new subject
+ − 1089
* @param $text new text
+ − 1090
* @param $id the comment ID (primary key in enano_comments table)
+ − 1091
* @return string
+ − 1092
*/
+ − 1093
+ − 1094
function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1095
{
+ − 1096
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1097
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1098
if(!$session->get_permissions('edit_comments'))
+ − 1099
return 'Access denied';
+ − 1100
// Safety check - username/login
+ − 1101
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1102
{
+ − 1103
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1104
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1105
$s = $db->sql_query($q);
+ − 1106
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1107
$r = $db->fetchrow($s);
+ − 1108
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1109
$db->free_result();
+ − 1110
}
+ − 1111
$s = RenderMan::preprocess_text($subject);
+ − 1112
$t = RenderMan::preprocess_text($text);
+ − 1113
$sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1114
$result = $db->sql_query($sql);
+ − 1115
if($result)
+ − 1116
return 'good';
+ − 1117
else return 'Enano encountered a problem whilst saving the comment.
+ − 1118
Performed SQL:
+ − 1119
'.$sql.'
+ − 1120
+ − 1121
Error returned by MySQL: '.mysql_error();
+ − 1122
}
+ − 1123
+ − 1124
/**
+ − 1125
* Deletes a comment.
+ − 1126
* @param $page_id the page ID
+ − 1127
* @param $namespace the namespace
+ − 1128
* @param $name the name the user posted under
+ − 1129
* @param $subj the subject of the comment to be deleted
+ − 1130
* @param $text the text of the comment to be deleted
+ − 1131
* @param $id the javascript list ID, used internally by the client-side app
+ − 1132
* @return string
+ − 1133
*/
+ − 1134
+ − 1135
function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1136
{
+ − 1137
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1138
+ − 1139
if(!$session->get_permissions('edit_comments'))
+ − 1140
return 'alert("Access to delete/edit comments is denied");';
+ − 1141
+ − 1142
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1143
$n = $db->escape($name);
+ − 1144
$s = $db->escape($subj);
+ − 1145
$t = $db->escape($text);
+ − 1146
+ − 1147
// Safety check - username/login
+ − 1148
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1149
{
+ − 1150
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1151
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1152
$s = $db->sql_query($q);
+ − 1153
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1154
$r = $db->fetchrow($s);
+ − 1155
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1156
$db->free_result();
+ − 1157
}
+ − 1158
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ − 1159
$e=$db->sql_query($q);
+ − 1160
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 1161
return('good');
+ − 1162
}
+ − 1163
+ − 1164
/**
+ − 1165
* Deletes a comment in a cleaner fashion.
+ − 1166
* @param $page_id the page ID
+ − 1167
* @param $namespace the namespace
+ − 1168
* @param $id the comment ID (primary key)
+ − 1169
* @return string
+ − 1170
*/
+ − 1171
+ − 1172
function deletecomment_neater($page_id, $namespace, $id)
+ − 1173
{
+ − 1174
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1175
+ − 1176
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1177
+ − 1178
if(!$session->get_permissions('edit_comments'))
+ − 1179
return 'alert("Access to delete/edit comments is denied");';
+ − 1180
+ − 1181
// Safety check - username/login
+ − 1182
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1183
{
+ − 1184
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1185
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1186
$s = $db->sql_query($q);
+ − 1187
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1188
$r = $db->fetchrow($s);
+ − 1189
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1190
$db->free_result();
+ − 1191
}
+ − 1192
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;';
+ − 1193
$e=$db->sql_query($q);
+ − 1194
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 1195
return('good');
+ − 1196
}
+ − 1197
+ − 1198
/**
+ − 1199
* Renames a page.
+ − 1200
* @param $page_id the page ID
+ − 1201
* @param $namespace the namespace
+ − 1202
* @param $name the new name for the page
+ − 1203
* @return string error string or success message
+ − 1204
*/
+ − 1205
+ − 1206
function rename($page_id, $namespace, $name)
+ − 1207
{
+ − 1208
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1209
+ − 1210
$pname = $paths->nslist[$namespace] . $page_id;
+ − 1211
+ − 1212
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1213
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1214
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1215
if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1216
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1217
die('Name is too short');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1218
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1219
if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1220
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1221
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1222
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1223
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1224
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1225
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1226
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1227
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1228
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1229
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1230
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1231
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1232
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1233
return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1234
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1235
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1236
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1237
{
1
+ − 1238
return('Access is denied.');
+ − 1239
}
+ − 1240
}
+ − 1241
+ − 1242
/**
+ − 1243
* Flushes (clears) the action logs for a given page
+ − 1244
* @param $page_id the page ID
+ − 1245
* @param $namespace the namespace
+ − 1246
* @return string error/success string
+ − 1247
*/
+ − 1248
+ − 1249
function flushlogs($page_id, $namespace)
+ − 1250
{
+ − 1251
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1252
if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1253
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
1
+ − 1254
if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1255
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1256
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1257
// If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1258
if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1259
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1260
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1261
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1262
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1263
$db->free_result();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1264
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1265
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1266
}
1
+ − 1267
return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ − 1268
}
+ − 1269
+ − 1270
/**
+ − 1271
* Deletes a page.
28
+ − 1272
* @param string $page_id the condemned page ID
+ − 1273
* @param string $namespace the condemned namespace
+ − 1274
* @param string The reason for deleting the page in question
1
+ − 1275
* @return string
+ − 1276
*/
+ − 1277
28
+ − 1278
function deletepage($page_id, $namespace, $reason)
1
+ − 1279
{
+ − 1280
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1281
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1282
$x = trim($reason);
+ − 1283
if ( empty($x) )
+ − 1284
{
+ − 1285
return 'Invalid reason for deletion passed';
+ − 1286
}
+ − 1287
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
+ − 1288
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1289
if(!$e) $db->_die('The page log entry could not be inserted.');
+ − 1290
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1291
if(!$e) $db->_die('The page categorization entries could not be deleted.');
+ − 1292
$e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1293
if(!$e) $db->_die('The page comments could not be deleted.');
+ − 1294
$e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1295
if(!$e) $db->_die('The page text entry could not be deleted.');
+ − 1296
$e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1297
if(!$e) $db->_die('The page entry could not be deleted.');
+ − 1298
$e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\'');
+ − 1299
if(!$e) $db->_die('The file entry could not be deleted.');
+ − 1300
return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ − 1301
}
+ − 1302
+ − 1303
/**
+ − 1304
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1305
* @param $page_id the page ID
+ − 1306
* @param $namespace the namespace
+ − 1307
* @return string
+ − 1308
*/
+ − 1309
+ − 1310
function delvote($page_id, $namespace)
+ − 1311
{
+ − 1312
global $db, $session, $paths, $template, $plugins; // Common objects
112
+ − 1313
if ( !$session->get_permissions('vote_delete') )
+ − 1314
{
1
+ − 1315
return 'Access denied';
112
+ − 1316
}
+ − 1317
+ − 1318
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1319
{
+ − 1320
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1321
}
+ − 1322
+ − 1323
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1324
+ − 1325
if ( !isset($paths->pages[$pname]) )
+ − 1326
{
+ − 1327
return 'The page does not exist.';
+ − 1328
}
+ − 1329
+ − 1330
$cv =& $paths->pages[$pname]['delvotes'];
+ − 1331
$ips = $paths->pages[$pname]['delvote_ips'];
+ − 1332
+ − 1333
if ( empty($ips) )
+ − 1334
{
+ − 1335
$ips = array(
+ − 1336
'ip' => array(),
+ − 1337
'u' => array()
+ − 1338
);
+ − 1339
}
+ − 1340
else
+ − 1341
{
+ − 1342
$ips = @unserialize($ips);
+ − 1343
if ( !$ips )
+ − 1344
{
+ − 1345
$ips = array(
+ − 1346
'ip' => array(),
+ − 1347
'u' => array()
+ − 1348
);
+ − 1349
}
+ − 1350
}
+ − 1351
+ − 1352
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1353
{
+ − 1354
return 'It appears that you have already voted to have this page deleted.';
+ − 1355
}
+ − 1356
+ − 1357
$ips['u'][] = $session->username;
+ − 1358
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1359
$ips = $db->escape( serialize($ips) );
+ − 1360
1
+ − 1361
$cv++;
112
+ − 1362
1
+ − 1363
$q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1364
$w = $db->sql_query($q);
112
+ − 1365
+ − 1366
return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
1
+ − 1367
}
+ − 1368
+ − 1369
/**
+ − 1370
* Resets the number of votes against a page to 0.
+ − 1371
* @param $page_id the page ID
+ − 1372
* @param $namespace the namespace
+ − 1373
* @return string
+ − 1374
*/
+ − 1375
+ − 1376
function resetdelvotes($page_id, $namespace)
+ − 1377
{
+ − 1378
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1379
if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
112
+ − 1380
$q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
1
+ − 1381
$e = $db->sql_query($q);
+ − 1382
if(!$e) $db->_die('The number of delete votes was not reset.');
+ − 1383
else return('The number of votes for having this page deleted has been reset to zero.');
+ − 1384
}
+ − 1385
+ − 1386
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1387
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1388
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1389
* @return string JSON string with an array containing a list of themes
1
+ − 1390
*/
+ − 1391
+ − 1392
function getstyles()
+ − 1393
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1394
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1395
1
+ − 1396
$dir = './themes/'.$_GET['id'].'/css/';
+ − 1397
$list = Array();
+ − 1398
// Open a known directory, and proceed to read its contents
+ − 1399
if (is_dir($dir)) {
+ − 1400
if ($dh = opendir($dir)) {
+ − 1401
while (($file = readdir($dh)) !== false) {
+ − 1402
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { // _printable.css should be included with every theme
+ − 1403
// it should be a copy of the original style, but
+ − 1404
// mostly black and white
+ − 1405
// Note to self: document this
+ − 1406
$list[] = substr($file, 0, strlen($file)-4);
+ − 1407
}
+ − 1408
}
+ − 1409
closedir($dh);
+ − 1410
}
+ − 1411
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1412
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1413
{
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1414
return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1415
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1416
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1417
return $json->encode($list);
1
+ − 1418
}
+ − 1419
+ − 1420
/**
+ − 1421
* Assembles a Javascript app with category information
+ − 1422
* @param $page_id the page ID
+ − 1423
* @param $namespace the namespace
+ − 1424
* @return string Javascript code
+ − 1425
*/
+ − 1426
+ − 1427
function catedit($page_id, $namespace)
+ − 1428
{
+ − 1429
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1430
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1431
}
+ − 1432
+ − 1433
/**
+ − 1434
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1435
* @access private
+ − 1436
*/
+ − 1437
+ − 1438
function catedit_raw($page_id, $namespace)
+ − 1439
{
+ − 1440
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1441
ob_start();
+ − 1442
$_ob = '';
+ − 1443
$e = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
+ − 1444
if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1445
$cat_current = Array();
+ − 1446
while($r = $db->fetchrow())
+ − 1447
{
+ − 1448
$cat_current[] = $r;
+ − 1449
}
+ − 1450
$db->free_result();
+ − 1451
$cat_all = Array();
+ − 1452
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1453
{
+ − 1454
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1455
}
+ − 1456
+ − 1457
// Make $cat_all an associative array, like $paths->pages
+ − 1458
$sz = sizeof($cat_all);
+ − 1459
for($i=0;$i<$sz;$i++)
+ − 1460
{
+ − 1461
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1462
}
+ − 1463
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1464
$cat_info = $cat_all;
+ − 1465
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1466
{
+ − 1467
$un = $cat_current[$i]['category_id'];
+ − 1468
$cat_info[$un]['member'] = true;
+ − 1469
}
+ − 1470
// Now copy the information we just set into the numerically named keys
+ − 1471
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1472
{
+ − 1473
$un = $cat_info[$i]['urlname_nons'];
+ − 1474
$cat_info[$i] = $cat_info[$un];
+ − 1475
}
+ − 1476
+ − 1477
echo 'catlist = new Array();'; // Initialize the client-side category list
+ − 1478
$_ob .= '<h3>Select which categories this page should be included in.</h3>
+ − 1479
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1480
if ( sizeof($cat_info) < 1 )
+ − 1481
{
+ − 1482
$_ob .= '<p>There are no categories on this site yet.</p>';
+ − 1483
}
+ − 1484
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1485
{
+ − 1486
// Protection code added 1/3/07
+ − 1487
// Updated 3/4/07
+ − 1488
$is_prot = false;
+ − 1489
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1490
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1491
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1492
$is_prot = true;
+ − 1493
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1494
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
+ − 1495
echo 'catlist['.$i.'] = \''.$cat_info[$i]['urlname_nons'].'\';';
+ − 1496
$_ob .= '<span class="catCheck"><input '.$prot.' name="'.$cat_info[$i]['urlname_nons'].'" id="mdgCat_'.$cat_info[$i]['urlname_nons'].'" type="checkbox"';
+ − 1497
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
+ − 1498
$_ob .= '/> <label for="mdgCat_'.$cat_info[$i]['urlname_nons'].'">'.$cat_info[$i]['name'].$prottext.'</label></span><br />';
+ − 1499
}
+ − 1500
+ − 1501
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1502
+ − 1503
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ − 1504
+ − 1505
$cont = ob_get_contents();
+ − 1506
ob_end_clean();
+ − 1507
return Array($cont, $_ob);
+ − 1508
}
+ − 1509
+ − 1510
/**
+ − 1511
* Saves category information
+ − 1512
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1513
* @param $page_id string the page ID
+ − 1514
* @param $namespace string the namespace
+ − 1515
* @param $which_cats array associative array of categories to put the page in
+ − 1516
* @return string "GOOD" on success, error string on failure
+ − 1517
*/
+ − 1518
+ − 1519
function catsave($page_id, $namespace, $which_cats)
+ − 1520
{
+ − 1521
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1522
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1523
+ − 1524
$page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1525
$page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1526
+ − 1527
$cat_all = Array();
+ − 1528
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1529
{
+ − 1530
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1531
}
+ − 1532
+ − 1533
// Make $cat_all an associative array, like $paths->pages
+ − 1534
$sz = sizeof($cat_all);
+ − 1535
for($i=0;$i<$sz;$i++)
+ − 1536
{
+ − 1537
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1538
}
+ − 1539
+ − 1540
$rowlist = Array();
+ − 1541
+ − 1542
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1543
{
+ − 1544
$auth = true;
+ − 1545
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1546
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1547
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1548
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1549
$auth = false;
+ − 1550
if(!$auth)
+ − 1551
{
+ − 1552
// Find out if the page is currently in the category
+ − 1553
$q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1554
if(!$q)
+ − 1555
return 'MySQL error: '.$db->get_error();
+ − 1556
if($db->numrows() > 0)
+ − 1557
{
+ − 1558
$auth = true;
+ − 1559
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1560
}
+ − 1561
$db->free_result();
+ − 1562
}
+ − 1563
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')';
+ − 1564
}
+ − 1565
if(sizeof($rowlist) > 0)
+ − 1566
{
+ − 1567
$val = implode(',', $rowlist);
+ − 1568
$q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
+ − 1569
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1570
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1571
$e = $db->sql_query($q);
+ − 1572
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1573
return('GOOD');
+ − 1574
}
+ − 1575
else
+ − 1576
{
+ − 1577
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1578
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1579
return('GOOD');
+ − 1580
}
+ − 1581
}
+ − 1582
+ − 1583
/**
+ − 1584
* Sets the wiki mode level for a page.
+ − 1585
* @param $page_id string the page ID
+ − 1586
* @param $namespace string the namespace
+ − 1587
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1588
* @return string "GOOD" on success, error string on failure
+ − 1589
*/
+ − 1590
+ − 1591
function setwikimode($page_id, $namespace, $level)
+ − 1592
{
+ − 1593
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1594
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
+ − 1595
if(!isset($level) || (isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level))) return('Invalid mode string');
+ − 1596
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode='.$level.' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1597
if(!$q) return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ − 1598
return('GOOD');
+ − 1599
}
+ − 1600
+ − 1601
/**
+ − 1602
* Sets the access password for a page.
+ − 1603
* @param $page_id string the page ID
+ − 1604
* @param $namespace string the namespace
+ − 1605
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1606
* @return string
+ − 1607
*/
+ − 1608
+ − 1609
function setpass($page_id, $namespace, $pass)
+ − 1610
{
+ − 1611
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1612
// Determine permissions
+ − 1613
if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1614
$a = $session->get_permissions('password_reset');
+ − 1615
else
+ − 1616
$a = $session->get_permissions('password_set');
+ − 1617
if(!$a)
+ − 1618
return 'Access is denied';
+ − 1619
if(!isset($pass)) return('Password was not set on URL');
+ − 1620
$p = $pass;
+ − 1621
if(!preg_match('#([0-9a-f]){40,40}#', $p)) $p = sha1($p);
+ − 1622
if($p=='da39a3ee5e6b4b0d3255bfef95601890afd80709') $p = '';
+ − 1623
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET password=\''.$p.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1624
if(!$e) die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ − 1625
if($p=='') return('The password for this page has been disabled.');
+ − 1626
else return('The password for this page has been set.');
+ − 1627
}
+ − 1628
+ − 1629
/**
+ − 1630
* Generates some preview HTML
+ − 1631
* @param $text string the wikitext to use
+ − 1632
* @return string
+ − 1633
*/
+ − 1634
+ − 1635
function genPreview($text)
+ − 1636
{
102
+ − 1637
$ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ − 1638
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1639
ob_start();
+ − 1640
eval('?>' . $text);
+ − 1641
$text = ob_get_contents();
+ − 1642
ob_end_clean();
+ − 1643
$ret .= $text;
+ − 1644
$ret .= '</div>';
+ − 1645
return $ret;
1
+ − 1646
}
+ − 1647
+ − 1648
/**
+ − 1649
* Makes a scrollable box
+ − 1650
* @param string $text the inner HTML
+ − 1651
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1652
* @return string
+ − 1653
*/
+ − 1654
+ − 1655
function scrollBox($text, $height = 250)
+ − 1656
{
+ − 1657
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">'.$text.'</div>';
+ − 1658
}
+ − 1659
+ − 1660
/**
+ − 1661
* Generates a diff summary between two page revisions.
+ − 1662
* @param $page_id the page ID
+ − 1663
* @param $namespace the namespace
+ − 1664
* @param $id1 the time ID of the first revision
+ − 1665
* @param $id2 the time ID of the second revision
+ − 1666
* @return string XHTML-formatted diff
+ − 1667
*/
+ − 1668
+ − 1669
function pagediff($page_id, $namespace, $id1, $id2)
+ − 1670
{
+ − 1671
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1672
if(!$session->get_permissions('history_view'))
+ − 1673
return 'Access denied';
+ − 1674
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1675
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1676
// OK we made it through security
+ − 1677
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
+ − 1678
if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
+ − 1679
if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
+ − 1680
$row1 = $db->fetchrow($q1);
+ − 1681
$db->free_result($q1);
+ − 1682
$row2 = $db->fetchrow($q2);
+ − 1683
$db->free_result($q2);
+ − 1684
if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1685
$text1 = $row1['page_text'];
+ − 1686
$text2 = $row2['page_text'];
+ − 1687
$time1 = date('F d, Y h:i a', $id1);
+ − 1688
$time2 = date('F d, Y h:i a', $id2);
+ − 1689
$_ob = "
+ − 1690
<p>Comparing revisions: {$time1} → {$time2}</p>
+ − 1691
";
+ − 1692
// Free some memory
+ − 1693
unset($row1, $row2, $q1, $q2);
+ − 1694
+ − 1695
$_ob .= RenderMan::diff($text1, $text2);
+ − 1696
return $_ob;
+ − 1697
}
+ − 1698
+ − 1699
/**
+ − 1700
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1701
* @param string $page_id The page ID
+ − 1702
* @param string $namespace The namespace
+ − 1703
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1704
* @return array
+ − 1705
*/
+ − 1706
+ − 1707
function acl_editor($parms = Array())
+ − 1708
{
+ − 1709
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1710
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1711
{
+ − 1712
return Array(
+ − 1713
'mode' => 'error',
+ − 1714
'error' => 'You are not authorized to view or edit access control lists.'
+ − 1715
);
+ − 1716
}
1
+ − 1717
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1718
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1719
$page_id =& $parms['page_id'];
+ − 1720
$namespace =& $parms['namespace'];
+ − 1721
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\''.$db->escape($page_id).'\' AND a.namespace=\''.$db->escape($namespace).'\'';
+ − 1722
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\'';
+ − 1723
//die(print_r($page_id,true));
+ − 1724
$template->load_theme();
+ − 1725
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1726
$perms_obj =& $session;
+ − 1727
$return = Array();
+ − 1728
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1729
{
+ − 1730
return Array(
+ − 1731
'mode' => 'error',
+ − 1732
'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ − 1733
);
+ − 1734
}
+ − 1735
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1736
$return['page_id'] = $page_id;
+ − 1737
$return['namespace'] = $namespace;
+ − 1738
if(isset($parms['mode']))
+ − 1739
{
+ − 1740
switch($parms['mode'])
+ − 1741
{
+ − 1742
case 'listgroups':
+ − 1743
$return['groups'] = Array();
+ − 1744
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1745
while($row = $db->fetchrow())
+ − 1746
{
+ − 1747
$return['groups'][] = Array(
+ − 1748
'id' => $row['group_id'],
+ − 1749
'name' => $row['group_name'],
+ − 1750
);
+ − 1751
}
+ − 1752
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1753
$return['page_groups'] = Array();
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1754
$q = $db->sql_query('SELECT pg_id,pg_name FROM '.table_prefix.'page_groups ORDER BY pg_name ASC;');
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1755
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1756
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1757
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1758
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1759
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1760
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1761
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1762
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1763
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1764
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1765
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1766
}
1
+ − 1767
break;
+ − 1768
case 'seltarget':
+ − 1769
$return['mode'] = 'seltarget';
+ − 1770
$return['acl_types'] = $perms_obj->acl_types;
+ − 1771
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1772
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1773
$return['target_type'] = $parms['target_type'];
+ − 1774
$return['target_id'] = $parms['target_id'];
+ − 1775
switch($parms['target_type'])
+ − 1776
{
+ − 1777
case ACL_TYPE_USER:
+ − 1778
$q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u
+ − 1779
LEFT JOIN '.table_prefix.'acl AS a
+ − 1780
ON a.target_id=u.user_id
+ − 1781
WHERE a.target_type='.ACL_TYPE_USER.'
+ − 1782
AND u.username=\''.$db->escape($parms['target_id']).'\'
+ − 1783
'.$page_where_clause.';');
+ − 1784
if(!$q)
+ − 1785
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1786
if($db->numrows() < 1)
+ − 1787
{
+ − 1788
$return['type'] = 'new';
+ − 1789
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';');
+ − 1790
if(!$q)
+ − 1791
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1792
if($db->numrows() < 1)
+ − 1793
return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ − 1794
$row = $db->fetchrow();
+ − 1795
$return['target_name'] = $return['target_id'];
+ − 1796
$return['target_id'] = intval($row['user_id']);
+ − 1797
$return['current_perms'] = $session->acl_types;
+ − 1798
}
+ − 1799
else
+ − 1800
{
+ − 1801
$return['type'] = 'edit';
+ − 1802
$row = $db->fetchrow();
+ − 1803
$return['target_name'] = $return['target_id'];
+ − 1804
$return['target_id'] = intval($row['user_id']);
+ − 1805
$return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 1806
}
+ − 1807
$db->free_result();
+ − 1808
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1809
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1810
{
+ − 1811
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1812
{
+ − 1813
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1814
{
+ − 1815
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1816
unset($return['current_perms'][$i]);
+ − 1817
unset($return['acl_types'][$i]);
+ − 1818
unset($return['acl_descs'][$i]);
+ − 1819
unset($return['acl_deps'][$i]);
+ − 1820
}
+ − 1821
}
+ − 1822
}
+ − 1823
break;
+ − 1824
case ACL_TYPE_GROUP:
+ − 1825
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g
+ − 1826
LEFT JOIN '.table_prefix.'acl AS a
+ − 1827
ON a.target_id=g.group_id
+ − 1828
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1829
AND g.group_id=\''.intval($parms['target_id']).'\'
+ − 1830
'.$page_where_clause.';');
+ − 1831
if(!$q)
+ − 1832
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1833
if($db->numrows() < 1)
+ − 1834
{
+ − 1835
$return['type'] = 'new';
+ − 1836
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
+ − 1837
if(!$q)
+ − 1838
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1839
if($db->numrows() < 1)
+ − 1840
return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ − 1841
$row = $db->fetchrow();
+ − 1842
$return['target_name'] = $row['group_name'];
+ − 1843
$return['target_id'] = intval($row['group_id']);
+ − 1844
$return['current_perms'] = $session->acl_types;
+ − 1845
}
+ − 1846
else
+ − 1847
{
+ − 1848
$return['type'] = 'edit';
+ − 1849
$row = $db->fetchrow();
+ − 1850
$return['target_name'] = $row['group_name'];
+ − 1851
$return['target_id'] = intval($row['group_id']);
+ − 1852
$return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 1853
}
+ − 1854
$db->free_result();
+ − 1855
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1856
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1857
{
+ − 1858
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1859
{
+ − 1860
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1861
{
+ − 1862
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 1863
unset($return['current_perms'][$i]);
+ − 1864
unset($return['acl_types'][$i]);
+ − 1865
unset($return['acl_descs'][$i]);
+ − 1866
unset($return['acl_deps'][$i]);
+ − 1867
}
+ − 1868
}
+ − 1869
}
+ − 1870
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 1871
break;
+ − 1872
default:
+ − 1873
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 1874
break;
+ − 1875
}
+ − 1876
return $return;
+ − 1877
break;
+ − 1878
case 'save_new':
+ − 1879
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1880
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1881
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1882
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1883
}
1
+ − 1884
$q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1885
'.$page_where_clause_lite.';');
+ − 1886
if(!$q)
+ − 1887
return Array('mode'=>'error','error'=>mysql_error());
+ − 1888
$rules = $session->perm_to_string($parms['perms']);
+ − 1889
if ( sizeof ( $rules ) < 1 )
+ − 1890
{
+ − 1891
return array(
+ − 1892
'mode' => 'error',
+ − 1893
'error' => 'Supplied rule list has a length of zero'
+ − 1894
);
+ − 1895
}
+ − 1896
$q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
+ − 1897
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' :
+ − 1898
'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules )
+ − 1899
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )';
+ − 1900
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 1901
return Array(
+ − 1902
'mode' => 'success',
+ − 1903
'target_type' => $parms['target_type'],
+ − 1904
'target_id' => $parms['target_id'],
+ − 1905
'target_name' => $parms['target_name'],
+ − 1906
'page_id' => $page_id,
+ − 1907
'namespace' => $namespace,
+ − 1908
);
+ − 1909
break;
+ − 1910
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1911
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1912
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1913
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1914
}
1
+ − 1915
$q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1916
'.$page_where_clause_lite.';');
+ − 1917
if(!$q)
+ − 1918
return Array('mode'=>'error','error'=>mysql_error());
+ − 1919
return Array(
+ − 1920
'mode' => 'delete',
+ − 1921
'target_type' => $parms['target_type'],
+ − 1922
'target_id' => $parms['target_id'],
+ − 1923
'target_name' => $parms['target_name'],
+ − 1924
'page_id' => $page_id,
+ − 1925
'namespace' => $namespace,
+ − 1926
);
+ − 1927
break;
+ − 1928
default:
+ − 1929
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 1930
break;
+ − 1931
}
+ − 1932
}
+ − 1933
return $return;
+ − 1934
}
+ − 1935
+ − 1936
/**
+ − 1937
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 1938
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 1939
* @return string
+ − 1940
*/
+ − 1941
+ − 1942
function acl_json($parms = '{ }')
+ − 1943
{
+ − 1944
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1945
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 1946
$parms = $json->decode($parms);
+ − 1947
$ret = PageUtils::acl_editor($parms);
+ − 1948
$ret = $json->encode($ret);
+ − 1949
return $ret;
+ − 1950
}
+ − 1951
+ − 1952
/**
+ − 1953
* A non-Javascript frontend for the ACL API.
+ − 1954
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 1955
*/
+ − 1956
+ − 1957
function aclmanager($parms)
+ − 1958
{
+ − 1959
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1960
ob_start();
+ − 1961
// Convenience
+ − 1962
$formstart = '<form
+ − 1963
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 1964
method="post" enctype="multipart/form-data"
+ − 1965
onsubmit="if(!submitAuthorized) return false;"
+ − 1966
>';
+ − 1967
$formend = '</form>';
+ − 1968
$parms = PageUtils::acl_preprocess($parms);
+ − 1969
$response = PageUtils::acl_editor($parms);
+ − 1970
$response = PageUtils::acl_postprocess($response);
+ − 1971
+ − 1972
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 1973
+ − 1974
switch($response['mode'])
+ − 1975
{
+ − 1976
case 'debug':
+ − 1977
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 1978
break;
+ − 1979
case 'stage1':
+ − 1980
echo '<h3>Manage page access</h3>
+ − 1981
<p>Please select who should be affected by this access rule.</p>';
+ − 1982
echo $formstart;
+ − 1983
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ − 1984
<p><select name="data[target_id_grp]">';
+ − 1985
foreach ( $response['groups'] as $group )
+ − 1986
{
+ − 1987
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 1988
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1989
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1990
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1991
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1992
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1993
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1994
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1995
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1996
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1997
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1998
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1999
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2000
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2001
1
+ − 2002
echo '</select></p>
+ − 2003
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ − 2004
<p>' . $template->username_field('data[target_id_user]') . '</p>
+ − 2005
<p>What should this access rule control?</p>
+ − 2006
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2007
' . $groupsel . '
1
+ − 2008
<p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ − 2009
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2010
<input name="data[mode]" value="seltarget" type="hidden" />
+ − 2011
<input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
+ − 2012
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
+ − 2013
<input type="submit" value="Next >" />
+ − 2014
</div>';
+ − 2015
echo $formend;
+ − 2016
break;
+ − 2017
case 'success':
+ − 2018
echo '<div class="info-box">
+ − 2019
<b>Permissions updated</b><br />
+ − 2020
The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ − 2021
' . $formstart . '
+ − 2022
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2023
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2024
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2025
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2026
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2027
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2028
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2029
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2030
' . $formend . '
+ − 2031
</div>';
+ − 2032
break;
+ − 2033
case 'delete':
+ − 2034
echo '<div class="info-box">
+ − 2035
<b>Rule deleted</b><br />
+ − 2036
The selected access rule has been successfully deleted.<br />
+ − 2037
' . $formstart . '
+ − 2038
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2039
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2040
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2041
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2042
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2043
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2044
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2045
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2046
' . $formend . '
+ − 2047
</div>';
+ − 2048
break;
+ − 2049
case 'seltarget':
+ − 2050
if ( $response['type'] == 'edit' )
+ − 2051
{
+ − 2052
echo '<h3>Editing permissions</h3>';
+ − 2053
}
+ − 2054
else
+ − 2055
{
+ − 2056
echo '<h3>Create new rule</h3>';
+ − 2057
}
+ − 2058
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2059
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
1
+ − 2060
echo 'This panel allows you to edit what the '.$type.' "'.$response['target_name'].'" can do on <b>'.$scope.'</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
+ − 2061
echo $formstart;
+ − 2062
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2063
echo $parser->run();
+ − 2064
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2065
$cls = 'row2';
+ − 2066
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2067
{
+ − 2068
$vars = Array(
+ − 2069
'FIELD_DENY_CHECKED' => '',
+ − 2070
'FIELD_DISALLOW_CHECKED' => '',
+ − 2071
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2072
'FIELD_ALLOW_CHECKED' => '',
+ − 2073
);
+ − 2074
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2075
$vars['ROW_CLASS'] = $cls;
+ − 2076
+ − 2077
switch ( $response['current_perms'][$acl_type] )
+ − 2078
{
+ − 2079
case AUTH_ALLOW:
+ − 2080
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2081
break;
+ − 2082
case AUTH_WIKIMODE:
+ − 2083
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2084
break;
+ − 2085
case AUTH_DISALLOW:
+ − 2086
default:
+ − 2087
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2088
break;
+ − 2089
case AUTH_DENY:
+ − 2090
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2091
break;
+ − 2092
}
+ − 2093
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
+ − 2094
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2095
$parser->assign_vars($vars);
+ − 2096
echo $parser->run();
+ − 2097
}
+ − 2098
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2099
echo $parser->run();
+ − 2100
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2101
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2102
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2103
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2104
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2105
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2106
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2107
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
1
+ − 2108
</div>';
+ − 2109
echo $formend;
+ − 2110
break;
+ − 2111
case 'error':
+ − 2112
ob_end_clean();
+ − 2113
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2114
break;
+ − 2115
}
+ − 2116
$ret = ob_get_contents();
+ − 2117
ob_end_clean();
+ − 2118
echo
+ − 2119
$template->getHeader() .
+ − 2120
$ret .
+ − 2121
$template->getFooter();
+ − 2122
}
+ − 2123
+ − 2124
/**
+ − 2125
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2126
* @param array The posted data
+ − 2127
* @return array
+ − 2128
* @access private
+ − 2129
*/
+ − 2130
+ − 2131
function acl_preprocess($parms)
+ − 2132
{
+ − 2133
if ( !isset($parms['mode']) )
+ − 2134
// Nothing to do
+ − 2135
return $parms;
+ − 2136
switch ( $parms['mode'] )
+ − 2137
{
+ − 2138
case 'seltarget':
+ − 2139
+ − 2140
// Who's affected?
+ − 2141
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2142
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2143
+ − 2144
case 'save_edit':
+ − 2145
case 'save_new':
+ − 2146
if ( isset($parms['act_delete_rule']) )
+ − 2147
{
+ − 2148
$parms['mode'] = 'delete';
+ − 2149
}
+ − 2150
+ − 2151
// Scope (just this page or entire site?)
+ − 2152
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2153
{
+ − 2154
$parms['page_id'] = false;
+ − 2155
$parms['namespace'] = false;
+ − 2156
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2157
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2158
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2159
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2160
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2161
}
1
+ − 2162
+ − 2163
break;
+ − 2164
}
+ − 2165
+ − 2166
if ( isset($parms['act_go_stage1']) )
+ − 2167
{
+ − 2168
$parms = array(
+ − 2169
'mode' => 'listgroups'
+ − 2170
);
+ − 2171
}
+ − 2172
+ − 2173
return $parms;
+ − 2174
}
+ − 2175
+ − 2176
function acl_postprocess($response)
+ − 2177
{
+ − 2178
if(!isset($response['mode']))
+ − 2179
{
+ − 2180
if ( isset($response['groups']) )
+ − 2181
$response['mode'] = 'stage1';
+ − 2182
else
+ − 2183
$response = Array(
+ − 2184
'mode' => 'error',
+ − 2185
'error' => 'Invalid action passed by API backend.',
+ − 2186
);
+ − 2187
}
+ − 2188
return $response;
+ − 2189
}
+ − 2190
+ − 2191
}
+ − 2192
+ − 2193
?>