0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin:
+ − 6
Author: Dan Fuhry
+ − 7
Version: 1.0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 13
* Version 1.0 release candidate 3
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
+ − 31
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
+ − 38
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 39
));
+ − 40
');
+ − 41
+ − 42
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 43
+ − 44
function page_Admin_Home() {
+ − 45
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 46
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 47
{
+ − 48
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 49
return;
+ − 50
}
+ − 51
+ − 52
+ − 53
// Basic information
+ − 54
echo RenderMan::render(
+ − 55
'== Welcome to Runt, the Enano administration panel. ==
+ − 56
+ − 57
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 58
+ − 59
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 60
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 61
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 62
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 63
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 64
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 67
0
+ − 68
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 69
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 70
{
+ − 71
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 72
}
+ − 73
+ − 74
// Inactive users
+ − 75
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 76
if($q)
+ − 77
if($db->numrows() > 0)
+ − 78
{
+ − 79
$n = $db->numrows();
+ − 80
if($n == 1) $s = $n . ' user is';
+ − 81
else $s = $n . ' users are';
+ − 82
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 83
}
+ − 84
$db->free_result();
+ − 85
// Stats
+ − 86
if(getConfig('log_hits') == '1')
+ − 87
{
+ − 88
$stats = stats_top_pages(10);
+ − 89
$c = 0;
+ − 90
$cls = 'row2';
+ − 91
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
+ − 92
foreach($stats as $page => $count)
+ − 93
{
+ − 94
if(isset($paths->pages[$page]))
+ − 95
{
+ − 96
echo '<tr>';
+ − 97
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 98
echo '<td class="'.$cls.'"><a href="'.makeUrl($page).'">'.$paths->pages[$page]['name'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$count.'</td>';
+ − 99
echo '</tr>';
+ − 100
}
+ − 101
}
+ − 102
echo '</table></div>';
+ − 103
}
+ − 104
+ − 105
// Security log
+ − 106
echo '<h3>Security log</h3>';
+ − 107
echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">';
+ − 108
$cls = 'row2';
+ − 109
echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>';
20
+ − 110
require('config.php');
+ − 111
$hash = md5($dbpasswd);
+ − 112
unset($dbname, $dbhost, $dbuser, $dbpasswd);
+ − 113
unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug
+ − 114
if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) )
0
+ − 115
{
20
+ − 116
echo '<tr><td class="row1" colspan="4">Logs are recorded but not displayed for privacy purposes in the demo.</td></tr>';
0
+ − 117
}
+ − 118
else
+ − 119
{
20
+ − 120
if(isset($_GET['fulllog']))
+ − 121
{
+ − 122
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;';
+ − 123
}
+ − 124
else
+ − 125
{
+ − 126
$l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5';
+ − 127
}
+ − 128
$q = $db->sql_query($l);
+ − 129
while($r = $db->fetchrow())
+ − 130
{
+ − 131
if($cls == 'row2') $cls = 'row1';
+ − 132
else $cls = 'row2';
+ − 133
echo '<tr><td class="'.$cls.'">';
+ − 134
switch($r['action']) {
+ − 135
case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break;
+ − 136
case "admin_auth_bad": echo 'Failed elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Attempted auth level: $level</small>"; } break;
+ − 137
case "activ_good": echo 'Successful account activation'; break;
+ − 138
case "auth_good": echo 'Successful regular user logon'; break;
+ − 139
case "activ_bad": echo 'Failed account activation'; break;
+ − 140
case "auth_bad": echo 'Failed regular user logon'; break;
+ − 141
case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
+ − 142
case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
+ − 143
case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
+ − 144
}
+ − 145
echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
+ − 146
}
+ − 147
$db->free_result();
0
+ − 148
}
+ − 149
echo '</table></div>';
+ − 150
if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&fulllog\'); return false;">Full security log</a></p>';
+ − 151
+ − 152
}
+ − 153
+ − 154
function page_Admin_GeneralConfig() {
+ − 155
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 156
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 157
{
+ − 158
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 159
return;
+ − 160
}
+ − 161
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 162
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 163
{
0
+ − 164
+ − 165
// Global site options
+ − 166
setConfig('site_name', $_POST['site_name']);
+ − 167
setConfig('site_desc', $_POST['site_desc']);
+ − 168
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 169
setConfig('copyright_notice', $_POST['copyright']);
+ − 170
setConfig('contact_email', $_POST['contact_email']);
+ − 171
+ − 172
// Wiki mode
+ − 173
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 174
else setConfig('wiki_mode', '0');
+ − 175
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 176
else setConfig('wiki_mode_require_login', '0');
+ − 177
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 178
else setConfig('wiki_edit_notice', '0');
+ − 179
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 180
+ − 181
// Stats
+ − 182
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 183
else setConfig('log_hits', '0');
+ − 184
+ − 185
// Disablement
+ − 186
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 187
else setConfig('site_disabled', '0');
+ − 188
+ − 189
// Account activation
+ − 190
setConfig('account_activation', $_POST['account_activation']);
+ − 191
+ − 192
// W3C compliance buttons
+ − 193
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 194
else setConfig("w3c_vh32", "0");
+ − 195
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 196
else setConfig("w3c_vh40", "0");
+ − 197
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 198
else setConfig("w3c_vh401", "0");
+ − 199
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 200
else setConfig("w3c_vxhtml10", "0");
+ − 201
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 202
else setConfig("w3c_vxhtml11", "0");
+ − 203
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 204
else setConfig("w3c_vcss", "0");
+ − 205
+ − 206
// SourceForge.net logo
+ − 207
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 208
else setConfig('sflogo_enabled', '0');
+ − 209
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 210
setConfig('sflogo_type', $_POST['sflogo']);
+ − 211
+ − 212
// Comment options
+ − 213
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 214
else setConfig('approve_comments', '0');
+ − 215
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 216
else setConfig('enable_comments', '0');
+ − 217
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 218
+ − 219
// Powered by link
+ − 220
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 221
else setConfig('powered_btn', '0');
+ − 222
+ − 223
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 224
else setConfig('dbd_button', '0');
+ − 225
+ − 226
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 227
else setConfig('smtp_enabled', '1');
+ − 228
+ − 229
setConfig('smtp_server', $_POST['smtp_host']);
+ − 230
setConfig('smtp_user', $_POST['smtp_user']);
+ − 231
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 232
+ − 233
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 234
+ − 235
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 236
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 237
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 238
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 239
}
0
+ − 240
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 241
?>
+ − 242
<div class="tblholder">
+ − 243
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 244
+ − 245
<!-- Global options -->
+ − 246
+ − 247
<tr><th colspan="2">Global site options</th></tr>
+ − 248
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 249
+ − 250
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input name="site_name" size="30" value="<?php echo getConfig('site_name'); ?>" /></td></tr>
+ − 251
<tr><td class="row2">Site description:</td> <td class="row2"><input name="site_desc" size="30" value="<?php echo getConfig('site_desc'); ?>" /></td></tr>
+ − 252
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', str_replace('_', ' ', getConfig('main_page'))); ?></td></tr>
+ − 253
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input name="copyright" size="30" value="<?php echo getConfig('copyright_notice'); ?>" /></td></tr>
+ − 254
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 255
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 256
+ − 257
<!-- Wiki mode -->
+ − 258
+ − 259
<tr><th colspan="2">Wiki mode</th></tr>
+ − 260
+ − 261
<tr>
+ − 262
<td class="row3" rowspan="2">
+ − 263
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 264
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 265
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 266
</td>
+ − 267
<td class="row1">
+ − 268
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 269
</td>
+ − 270
</tr>
+ − 271
+ − 272
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 273
+ − 274
<tr>
+ − 275
<td class="row3" rowspan="2">
+ − 276
<b>Edit page notice</b><br />
+ − 277
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 278
</td>
+ − 279
<td class="row1">
+ − 280
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 281
</td>
+ − 282
</tr>
+ − 283
+ − 284
<tr>
+ − 285
<td class="row2">
+ − 286
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 287
</td>
+ − 288
</tr>
+ − 289
+ − 290
<!-- Site statistics -->
+ − 291
+ − 292
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 293
+ − 294
<tr>
+ − 295
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 296
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 297
</tr>
+ − 298
+ − 299
<!-- Comment options -->
+ − 300
+ − 301
<tr><th colspan="2">Comment system</th></tr>
+ − 302
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 303
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 304
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 305
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 306
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 307
+ − 308
<!--
+ − 309
+ − 310
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 311
permissions, select The Entire Website in any permissions editor window.
+ − 312
+ − 313
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 314
+ − 315
<tr>
+ − 316
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 317
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 318
</tr>
+ − 319
+ − 320
-->
+ − 321
+ − 322
<!-- enanocms.org link -->
+ − 323
+ − 324
<tr>
+ − 325
<th colspan="2">Promote Enano</th>
+ − 326
</tr>
+ − 327
<tr>
+ − 328
<td class="row3">
+ − 329
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 330
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 331
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 332
using this link.
+ − 333
</td>
+ − 334
<td class="row1">
+ − 335
<label>
+ − 336
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to www.enanocms.org on the sidebar
+ − 337
</label>
+ − 338
</td>
+ − 339
</tr>
+ − 340
+ − 341
<!-- Site disablement -->
+ − 342
+ − 343
<tr><th colspan="2">Disable all site access</th></tr>
+ − 344
+ − 345
<tr>
+ − 346
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 347
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 348
</tr>
+ − 349
<tr>
+ − 350
<td class="row2">
+ − 351
<div id="site_disabled_notice">
+ − 352
Message to show to users:<br />
+ − 353
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 354
</div>
+ − 355
</td>
+ − 356
</tr>
+ − 357
+ − 358
<!-- Account activation -->
+ − 359
+ − 360
<tr><th colspan="2">User account activation</th></tr>
+ − 361
+ − 362
<tr>
+ − 363
<td class="row3" colspan="2">
+ − 364
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 365
You may also disable registration completely if needed.<br /><br />
+ − 366
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 367
</td>
+ − 368
</tr>
+ − 369
+ − 370
<tr>
+ − 371
<td class="row1">Account activation:</td><td class="row1">
+ − 372
<?php
+ − 373
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
+ − 374
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
+ − 375
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 376
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 377
?>
+ − 378
</td>
+ − 379
</tr>
+ − 380
+ − 381
<!-- E-mail options -->
+ − 382
+ − 383
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 384
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 385
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 386
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 387
</tr>
+ − 388
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 389
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 390
</tr>
+ − 391
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 392
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 393
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 394
</tr>
+ − 395
+ − 396
<!-- SourceForge.net logo -->
+ − 397
+ − 398
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 399
+ − 400
<tr>
+ − 401
<td colspan="2" class="row3">
+ − 402
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 403
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 404
</td>
+ − 405
</tr>
+ − 406
+ − 407
<?php
+ − 408
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 409
else $c='';
+ − 410
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 411
else $g='';
+ − 412
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 413
else $t='1';
+ − 414
?>
+ − 415
+ − 416
<tr>
+ − 417
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 418
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 419
</tr>
+ − 420
+ − 421
<tr>
+ − 422
<td class="row2">Group ID:</td>
+ − 423
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 424
</tr>
+ − 425
+ − 426
<tr>
+ − 427
<td class="row1">Logo style:</td>
+ − 428
<td class="row1">
+ − 429
<select name="sflogo">
+ − 430
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 431
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 432
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 433
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 434
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 435
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 436
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 437
</select>
+ − 438
</td>
+ − 439
</tr>
+ − 440
+ − 441
<!-- W3C validator buttons -->
+ − 442
+ − 443
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 444
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 445
+ − 446
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 447
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 448
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 449
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 450
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 451
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 452
+ − 453
<!-- DefectiveByDesign.org ad -->
+ − 454
+ − 455
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 456
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 457
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 458
+ − 459
<!-- Save button -->
+ − 460
+ − 461
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 462
+ − 463
</table>
+ − 464
</div>
+ − 465
</form>
+ − 466
<?php
+ − 467
}
+ − 468
+ − 469
function page_Admin_UploadConfig()
+ − 470
{
+ − 471
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 472
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 473
{
+ − 474
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 475
return;
+ − 476
}
+ − 477
+ − 478
if(isset($_POST['save']))
+ − 479
{
+ − 480
if(isset($_POST['enable_uploads'])) setConfig('enable_uploads', '1'); else setConfig('enable_uploads', '0');
+ − 481
if(isset($_POST['enable_imagemagick'])) setConfig('enable_imagemagick', '1'); else setConfig('enable_imagemagick', '0');
+ − 482
if(isset($_POST['cache_thumbs'])) setConfig('cache_thumbs', '1'); else setConfig('cache_thumbs', '0');
+ − 483
if(isset($_POST['file_history'])) setConfig('file_history', '1'); else setConfig('file_history', '0');
+ − 484
if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']);
+ − 485
else echo '<span style="color: red"><b>Warning:</b> the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.</span>';
+ − 486
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 487
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 488
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 489
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 490
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 491
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 492
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 493
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 494
}
0
+ − 495
}
+ − 496
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 497
?>
+ − 498
<h3>File upload configuration</h3>
+ − 499
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 500
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 501
and executable files can sometimes be uploaded.</p>
+ − 502
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 503
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 504
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 505
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 506
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 507
large images many times can cost you quite a lot of bandwidth.</p>
+ − 508
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 509
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 510
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 511
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 512
</p>
+ − 513
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 514
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 515
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 516
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 517
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 518
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 519
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 520
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 521
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 522
enabled unless you have less than 250MB of MySQL database space.</p>
+ − 523
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
+ − 524
<hr style="margin-left: 1em;" />
+ − 525
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 526
<?php
+ − 527
echo '</form>';
+ − 528
}
+ − 529
+ − 530
function page_Admin_PluginManager() {
+ − 531
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 532
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 533
{
+ − 534
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 535
return;
+ − 536
}
+ − 537
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 538
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 539
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 540
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 541
{
0
+ − 542
case "enable":
+ − 543
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 544
break;
+ − 545
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 546
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 547
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 548
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 549
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 550
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 551
if ( $_GET['plugin'] != 'SpecialAdmin.php' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 552
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 553
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 554
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 555
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 556
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 557
echo('<h3>Error disabling plugin</h3><p>The administration panel plugin cannot be disabled.</p>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 558
}
0
+ − 559
break;
+ − 560
}
+ − 561
}
+ − 562
$dir = './plugins/';
+ − 563
$plugin_list = Array();
+ − 564
$system = Array();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 565
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 566
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 567
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 568
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 569
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 570
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 571
{
0
+ − 572
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 573
{
+ − 574
if ( in_array($file, $plugins->system_plugins) )
+ − 575
{
+ − 576
$thelist =& $system;
+ − 577
continue;
+ − 578
}
+ − 579
else
+ − 580
{
+ − 581
$thelist =& $plugin_list;
+ − 582
}
+ − 583
$f = file_get_contents($dir . $file);
+ − 584
$f = explode("\n", $f);
+ − 585
$f = array_slice($f, 2, 7);
+ − 586
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 587
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 588
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 589
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 590
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 591
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 592
$thelist[$file] = Array();
+ − 593
$thelist[$file]['name'] = $f[0];
+ − 594
$thelist[$file]['uri'] = $f[1];
+ − 595
$thelist[$file]['desc'] = $f[2];
+ − 596
$thelist[$file]['auth'] = $f[3];
+ − 597
$thelist[$file]['vers'] = $f[4];
+ − 598
$thelist[$file]['aweb'] = $f[5];
+ − 599
}
+ − 600
}
+ − 601
closedir($dh);
+ − 602
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 603
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 604
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 605
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 606
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 608
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 609
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 610
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 611
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 612
return;
0
+ − 613
}
+ − 614
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 615
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
+ − 616
$plugin_files = array_keys($plugin_list);
+ − 617
$cls = 'row2';
+ − 618
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 619
{
+ − 620
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
+ − 621
echo '<tr>
+ − 622
<td class="'.$cls.'">'.$plugin_files[$i].'</td>
+ − 623
<td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['uri'].'">'.$plugin_list[$plugin_files[$i]]['name'].'</a></td>
+ − 624
<td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['desc'].'</td>
+ − 625
<td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['aweb'].'">'.$plugin_list[$plugin_files[$i]]['auth'].'</a></td>
+ − 626
<td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['vers'].'</td>
+ − 627
<td class="'.$cls.'">';
+ − 628
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
+ − 629
{
+ − 630
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
+ − 631
}
+ − 632
else
+ − 633
{
+ − 634
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
+ − 635
}
+ − 636
echo '</td></tr>';
+ − 637
}
+ − 638
echo '</table></div>';
+ − 639
}
+ − 640
+ − 641
function page_Admin_UploadAllowedMimeTypes()
+ − 642
{
+ − 643
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 644
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 645
{
+ − 646
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 647
return;
+ − 648
}
+ − 649
+ − 650
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 651
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 652
{
+ − 653
$bits = '';
+ − 654
$keys = array_keys($mime_types);
+ − 655
foreach($keys as $i => $k)
+ − 656
{
+ − 657
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 658
else $bits .= '0';
+ − 659
}
+ − 660
$bits = compress_bitfield($bits);
+ − 661
setConfig('allowed_mime_types', $bits);
+ − 662
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 663
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 664
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 665
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 666
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 667
}
0
+ − 668
$allowed = fetch_allowed_extensions();
+ − 669
?>
+ − 670
<h3>Allowed file types</h3>
+ − 671
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 672
<?php
+ − 673
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 674
$c = -1;
+ − 675
$t = -1;
+ − 676
$cl = 'row1';
+ − 677
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
+ − 678
foreach($mime_types as $e => $m)
+ − 679
{
+ − 680
$c++;
+ − 681
$t++;
+ − 682
if($c == 3)
+ − 683
{
+ − 684
$c = 0;
+ − 685
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 686
echo '</tr>'."\n".' <tr>'."\n ";
+ − 687
}
+ − 688
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 689
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 690
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 691
}
+ − 692
while($c < 2)
+ − 693
{
+ − 694
$c++;
+ − 695
echo " <td class='{$cl}'></td>\n ";
+ − 696
}
+ − 697
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 698
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 699
echo '</form>';
+ − 700
?>
+ − 701
<?php
+ − 702
}
+ − 703
+ − 704
function page_Admin_Sidebar()
+ − 705
{
+ − 706
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 707
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 708
{
+ − 709
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 710
return;
+ − 711
}
+ − 712
+ − 713
?>
+ − 714
<h2>Editing and managing the Enano sidebar</h2>
+ − 715
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 716
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 717
markup language.
+ − 718
</p>
+ − 719
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 720
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 721
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 722
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 723
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 724
external sites.</p>
+ − 725
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 726
<pre>{slider=Navigation}
+ − 727
[[Main Page|Home]]
+ − 728
[[Enano:Sidebar|Edit the sidebar]]
+ − 729
{/slider}</pre>
+ − 730
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 731
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 732
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 733
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 734
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 735
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 736
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 737
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 738
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 739
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 740
<pre>{slider=$USERNAME}
+ − 741
[[User:$USERNAME|User page]]
+ − 742
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 743
{if user_logged_in}
+ − 744
[[Special:Preferences|Preferences]]
+ − 745
$THEME_LINK
+ − 746
{/if}
+ − 747
{if auth_admin}
+ − 748
[[Special:Administration|Administration]]
+ − 749
{/if}
+ − 750
{if user_logged_in}
+ − 751
$LOGOUT_LINK
+ − 752
{/if}
+ − 753
{!if user_logged_in}
+ − 754
Create an account
+ − 755
Log in
+ − 756
{/if}
+ − 757
{/slider}</pre>
+ − 758
<?php
+ − 759
}
+ − 760
+ − 761
function page_Admin_UserManager() {
+ − 762
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 763
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 764
{
+ − 765
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 766
return;
+ − 767
}
+ − 768
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 769
if(isset($_POST['go']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 770
{
0
+ − 771
// We need the user ID before we can do anything
+ − 772
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 773
if ( !$q )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 774
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 775
die('Error selecting user ID: '.mysql_error());
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 776
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 777
if ( $db->numrows() < 1 )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 778
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 779
echo('User does not exist, please enter another username.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 780
return;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 781
}
0
+ − 782
$r = $db->fetchrow();
+ − 783
$db->free_result();
+ − 784
if(isset($_POST['save']))
+ − 785
{
+ − 786
$_POST['level'] = intval($_POST['level']);
+ − 787
+ − 788
$new_level = $_POST['level'];
+ − 789
$old_level = intval($r['user_level']);
+ − 790
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 791
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 792
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 793
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 794
$re = Array('permission denied');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 795
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 796
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 797
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 798
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 799
}
0
+ − 800
+ − 801
if($re == 'success')
+ − 802
{
+ − 803
+ − 804
if ( $new_level != $old_level )
+ − 805
{
+ − 806
$user_id = intval($r['user_id']);
+ − 807
// We need to update group memberships
+ − 808
if ( $old_level == USER_LEVEL_ADMIN )
+ − 809
{
+ − 810
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
+ − 811
}
+ − 812
else if ( $old_level == USER_LEVEL_MOD )
+ − 813
{
+ − 814
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
+ − 815
}
+ − 816
+ − 817
if ( $new_level == USER_LEVEL_ADMIN )
+ − 818
{
+ − 819
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
+ − 820
}
+ − 821
else if ( $new_level == USER_LEVEL_MOD )
+ − 822
{
+ − 823
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
+ − 824
}
+ − 825
}
+ − 826
+ − 827
echo('<div class="info-box">Your changes have been saved.</div>');
+ − 828
}
+ − 829
else
+ − 830
{
+ − 831
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
+ − 832
}
+ − 833
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
+ − 834
if ( !$q )
+ − 835
{
+ − 836
die('Error selecting user ID: '.mysql_error());
+ − 837
}
+ − 838
if($db->numrows($q) < 1)
+ − 839
{
+ − 840
die('User does not exist, please enter another username.');
+ − 841
}
+ − 842
$r = mysql_fetch_object($q);
+ − 843
$db->free_result();
+ − 844
}
+ − 845
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
+ − 846
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 847
if ( defined('ENANO_DEMO_MODE') )
0
+ − 848
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 849
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
0
+ − 850
}
+ − 851
else
+ − 852
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 853
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 854
if($q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 855
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 856
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 857
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 858
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 859
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 860
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 861
}
0
+ − 862
}
+ − 863
}
+ − 864
else
+ − 865
{
22
+ − 866
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
0
+ − 867
echo('
+ − 868
<h3>Edit User Info</h3>
+ − 869
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 870
<table border="0" style="margin-left: 0.2in;">
+ − 871
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
22
+ − 872
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" /></td></tr>
+ − 873
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
+ − 874
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
+ − 875
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
0
+ − 876
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
+ − 877
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
+ − 878
<tr><td align="center" colspan="2">
+ − 879
<input type="submit" name="save" value="Save Changes" /></td></tr>
+ − 880
</table>
+ − 881
</form>
+ − 882
');
+ − 883
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 884
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 885
else if(isset($_POST['clearsessions']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 886
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 887
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 888
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 889
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 890
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 891
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 892
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 893
// Get the current session information so the user doesn't get logged out
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 894
$aes = new AESCrypt();
22
+ − 895
$sk = md5(strrev($session->sid_super));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 896
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
22
+ − 897
if ( !$qb )
+ − 898
{
+ − 899
die('Error selecting session key info block B: '.$db->get_error());
+ − 900
}
+ − 901
if ( $db->numrows($qb) < 1 )
+ − 902
{
+ − 903
die('Error: cannot read admin session info block B, aborting table clear process');
+ − 904
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 905
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
22
+ − 906
if ( !$qa )
+ − 907
{
+ − 908
die('Error selecting session key info block A: '.$db->get_error());
+ − 909
}
+ − 910
if ( $db->numrows($qa) < 1 )
+ − 911
{
+ − 912
die('Error: cannot read user session info block A, aborting table clear process');
+ − 913
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 914
$ra = mysql_fetch_object($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 915
$rb = mysql_fetch_object($qb);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 916
$db->free_result($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 917
$db->free_result($qb);
22
+ − 918
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 919
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 920
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
22
+ − 921
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 922
echo('
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 923
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 924
');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 925
}
0
+ − 926
}
+ − 927
echo('
+ − 928
<h3>User Management</h3>
+ − 929
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 930
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
+ − 931
<h3>Clear session keys table</h3>
+ − 932
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
+ − 933
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
+ − 934
</form>
+ − 935
');
+ − 936
if(isset($_GET['action']) && isset($_GET['user']))
+ − 937
{
+ − 938
switch($_GET['action'])
+ − 939
{
+ − 940
case "activate":
+ − 941
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
+ − 942
if($e)
+ − 943
{
+ − 944
$row = $db->fetchrow();
+ − 945
$db->free_result();
+ − 946
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 947
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ − 948
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
+ − 949
break;
+ − 950
case "sendemail":
+ − 951
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 952
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ − 953
break;
+ − 954
case "deny":
+ − 955
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ − 956
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
+ − 957
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ − 958
break;
+ − 959
}
+ − 960
}
+ − 961
$q = $db->sql_query('SELECT log_type, action, time_id, date_string, author, edit_summary FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
+ − 962
if($q)
+ − 963
{
+ − 964
if($db->numrows() > 0)
+ − 965
{
+ − 966
$n = $db->numrows();
+ − 967
if($n == 1) $s = $n . ' user is';
+ − 968
else $s = $n . ' users are';
+ − 969
echo '<h3>'.$s . ' awaiting account activation</h3>';
+ − 970
echo '<div class="tblholder">
+ − 971
<table border="0" cellspacing="1" cellpadding="4" width="100%">
+ − 972
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th colspan="3">Actions</th></tr>';
+ − 973
$cls = 'row2';
+ − 974
while($row = $db->fetchrow())
+ − 975
{
+ − 976
if($cls == 'row2') $cls = 'row1';
+ − 977
else $cls = 'row2';
+ − 978
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
+ − 979
}
+ − 980
echo '</table>';
+ − 981
}
+ − 982
$db->free_result();
+ − 983
}
+ − 984
}
+ − 985
+ − 986
function page_Admin_GroupManager()
+ − 987
{
+ − 988
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 989
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 990
{
+ − 991
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 992
return;
+ − 993
}
+ − 994
+ − 995
if(isset($_POST['do_create_stage1']))
+ − 996
{
+ − 997
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 998
{
+ − 999
echo '<p>The group name you chose is invalid.</p>';
+ − 1000
return;
+ − 1001
}
+ − 1002
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1003
echo '<div class="tblholder">
+ − 1004
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1005
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 1006
<tr>
+ − 1007
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 1008
</tr>
+ − 1009
<tr><td class="row2">Group status</td><td class="row2">
+ − 1010
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 1011
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 1012
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 1013
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 1014
</td></tr>
+ − 1015
<tr>
+ − 1016
<th class="subhead" colspan="2">
+ − 1017
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 1018
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 1019
</th>
+ − 1020
</tr>
+ − 1021
</table>
+ − 1022
</div>';
+ − 1023
echo '</form>';
+ − 1024
return;
+ − 1025
}
+ − 1026
elseif(isset($_POST['do_create_stage2']))
+ − 1027
{
+ − 1028
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1029
{
+ − 1030
echo '<p>The group name you chose is invalid.</p>';
+ − 1031
return;
+ − 1032
}
+ − 1033
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 1034
{
+ − 1035
echo '<p>Hacking attempt</p>';
+ − 1036
return;
+ − 1037
}
+ − 1038
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1039
if(!$e)
+ − 1040
{
+ − 1041
echo $db->get_error();
+ − 1042
return;
+ − 1043
}
+ − 1044
if($db->numrows() > 0)
+ − 1045
{
+ − 1046
echo '<p>The group name you entered already exists.</p>';
+ − 1047
return;
+ − 1048
}
+ − 1049
$db->free_result();
+ − 1050
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 1051
if(!$q)
+ − 1052
{
+ − 1053
echo $db->get_error();
+ − 1054
return;
+ − 1055
}
+ − 1056
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 1057
if(!$e)
+ − 1058
{
+ − 1059
echo $db->get_error();
+ − 1060
return;
+ − 1061
}
+ − 1062
if($db->numrows() < 1)
+ − 1063
{
+ − 1064
echo '<p>The username you entered could not be found.</p>';
+ − 1065
return;
+ − 1066
}
+ − 1067
$row = $db->fetchrow();
+ − 1068
$id = $row['user_id'];
+ − 1069
$db->free_result();
+ − 1070
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1071
if(!$e)
+ − 1072
{
+ − 1073
echo $db->get_error();
+ − 1074
return;
+ − 1075
}
+ − 1076
if($db->numrows() < 1)
+ − 1077
{
+ − 1078
echo '<p>The group ID could not be looked up.</p>';
+ − 1079
return;
+ − 1080
}
+ − 1081
$row = $db->fetchrow();
+ − 1082
$gid = $row['group_id'];
+ − 1083
$db->free_result();
+ − 1084
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 1085
if(!$e)
+ − 1086
{
+ − 1087
echo $db->get_error();
+ − 1088
return;
+ − 1089
}
+ − 1090
echo "<div class='info-box'>
+ − 1091
<b>Information</b><br />
+ − 1092
The group {$_POST['create_group_name']} has been created successfully.
+ − 1093
</div>";
+ − 1094
}
+ − 1095
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 1096
{
+ − 1097
// Fetch the group name
+ − 1098
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1099
if(!$q)
+ − 1100
{
+ − 1101
echo $db->get_error();
+ − 1102
return;
+ − 1103
}
+ − 1104
if($db->numrows() < 1)
+ − 1105
{
+ − 1106
echo '<p>Error: couldn\'t look up group name</p>';
+ − 1107
}
+ − 1108
$row = $db->fetchrow();
+ − 1109
$name = $row['group_name'];
+ − 1110
$db->free_result();
+ − 1111
if(isset($_POST['edit_do']))
+ − 1112
{
+ − 1113
if(isset($_POST['edit_do']['del_group']))
+ − 1114
{
+ − 1115
if ( $row['system_group'] == 1 )
+ − 1116
{
+ − 1117
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 1118
}
+ − 1119
else
+ − 1120
{
+ − 1121
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1122
if(!$q)
+ − 1123
{
+ − 1124
echo $db->get_error();
+ − 1125
return;
+ − 1126
}
+ − 1127
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1128
if(!$q)
+ − 1129
{
+ − 1130
echo $db->get_error();
+ − 1131
return;
+ − 1132
}
+ − 1133
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1134
return;
+ − 1135
}
+ − 1136
}
+ − 1137
if(isset($_POST['edit_do']['save_name']))
+ − 1138
{
+ − 1139
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1140
{
+ − 1141
echo '<p>The group name you chose is invalid.</p>';
+ − 1142
return;
+ − 1143
}
+ − 1144
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1145
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1146
if(!$q)
+ − 1147
{
+ − 1148
echo $db->get_error();
+ − 1149
return;
+ − 1150
}
+ − 1151
else
+ − 1152
{
+ − 1153
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1154
The group name has been updated.
+ − 1155
</div>';
+ − 1156
}
+ − 1157
$name = $_POST['group_name'];
+ − 1158
+ − 1159
}
+ − 1160
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1161
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1162
if(!$q)
+ − 1163
{
+ − 1164
echo $db->get_error();
+ − 1165
return;
+ − 1166
}
+ − 1167
if($db->numrows() > 0)
+ − 1168
{
+ − 1169
while($row = $db->fetchrow($q))
+ − 1170
{
+ − 1171
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1172
{
+ − 1173
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1174
if(!$e)
+ − 1175
{
+ − 1176
echo $db->get_error();
+ − 1177
return;
+ − 1178
}
+ − 1179
}
+ − 1180
}
+ − 1181
}
+ − 1182
$db->free_result();
+ − 1183
if(isset($_POST['edit_do']['add_member']))
+ − 1184
{
+ − 1185
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1186
if(!$q)
+ − 1187
{
+ − 1188
echo $db->get_error();
+ − 1189
return;
+ − 1190
}
+ − 1191
if($db->numrows() > 0)
+ − 1192
{
+ − 1193
$row = $db->fetchrow();
+ − 1194
$user_id = $row['user_id'];
+ − 1195
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1196
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1197
if(!$q)
+ − 1198
{
+ − 1199
echo $db->get_error();
+ − 1200
return;
+ − 1201
}
+ − 1202
else
+ − 1203
{
+ − 1204
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1205
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1206
</div>';
+ − 1207
}
+ − 1208
}
+ − 1209
else
+ − 1210
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1211
}
+ − 1212
}
+ − 1213
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1214
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1215
echo '<div class="tblholder">
+ − 1216
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1217
<tr><th>Edit group name</th></tr>
+ − 1218
<tr>
+ − 1219
<td class="row1">
+ − 1220
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1221
</td>
+ − 1222
</tr>
+ − 1223
<tr>
+ − 1224
<th class="subhead">
+ − 1225
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1226
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1227
</th>
+ − 1228
</tr>
+ − 1229
</table>
+ − 1230
</div>
+ − 1231
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1232
echo '</form>';
+ − 1233
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1234
echo '<div class="tblholder">
+ − 1235
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1236
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1237
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1238
LEFT JOIN '.table_prefix.'users AS u
+ − 1239
ON u.user_id=m.user_id
+ − 1240
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1241
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1242
if(!$q)
+ − 1243
{
+ − 1244
echo $db->get_error();
+ − 1245
return;
+ − 1246
}
+ − 1247
if($db->numrows() < 1)
+ − 1248
{
+ − 1249
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1250
}
+ − 1251
else
+ − 1252
{
+ − 1253
$cls = 'row2';
+ − 1254
while($row = $db->fetchrow())
+ − 1255
{
+ − 1256
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1257
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1258
echo '<tr>
+ − 1259
<td class="'.$cls.'" style="width: 100%;">
+ − 1260
' . $row['username'] . '
+ − 1261
</td>
+ − 1262
<td class="'.$cls.'">
+ − 1263
'.$mod.'
+ − 1264
</td>
+ − 1265
<td class="'.$cls.'">
+ − 1266
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1267
</td>
+ − 1268
</tr>';
+ − 1269
}
+ − 1270
}
+ − 1271
$db->free_result();
+ − 1272
echo '</table>
+ − 1273
</div>
+ − 1274
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1275
echo '</form>';
+ − 1276
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1277
echo '<div class="tblholder">
+ − 1278
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1279
<tr>
+ − 1280
<th>Add a new member</th>
+ − 1281
</tr>
+ − 1282
<tr>
+ − 1283
<td class="row1">
+ − 1284
Username: ' . $template->username_field('edit_add_username') . '
+ − 1285
</td>
+ − 1286
</tr>
+ − 1287
<tr>
+ − 1288
<td class="row2">
+ − 1289
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1290
</td>
+ − 1291
</tr>
+ − 1292
<tr>
+ − 1293
<th class="subhead">
+ − 1294
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1295
</th>
+ − 1296
</tr>
+ − 1297
</table>
+ − 1298
</div>
+ − 1299
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1300
echo '</form>';
+ − 1301
return;
+ − 1302
}
+ − 1303
echo '<h3>Manage Usergroups</h3>';
+ − 1304
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1305
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1306
if(!$q)
+ − 1307
{
+ − 1308
echo $db->get_error();
+ − 1309
}
+ − 1310
else
+ − 1311
{
+ − 1312
echo '<div class="tblholder">
+ − 1313
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1314
<tr>
+ − 1315
<th>Edit an existing group</th>
+ − 1316
</tr>';
+ − 1317
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1318
while ( $row = $db->fetchrow() )
+ − 1319
{
+ − 1320
if ( $row['group_name'] != 'Everyone' )
+ − 1321
{
+ − 1322
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1323
}
+ − 1324
}
+ − 1325
$db->free_result();
+ − 1326
echo '</select></td></tr>';
+ − 1327
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1328
</table>
+ − 1329
</div>
+ − 1330
</form><br />';
+ − 1331
}
+ − 1332
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1333
echo '<div class="tblholder">
+ − 1334
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1335
<tr>
+ − 1336
<th colspan="2">Create a new group</th>
+ − 1337
</tr>';
+ − 1338
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1339
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1340
</table>
+ − 1341
</div>';
+ − 1342
echo '</form>';
+ − 1343
}
+ − 1344
+ − 1345
function page_Admin_PageManager()
+ − 1346
{
+ − 1347
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1348
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1349
{
+ − 1350
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1351
return;
+ − 1352
}
+ − 1353
+ − 1354
+ − 1355
echo '<h2>Page management</h2>';
+ − 1356
+ − 1357
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1358
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1359
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1360
if ( $source == 'ajax' )
+ − 1361
{
+ − 1362
$_POST['search'] = true;
+ − 1363
$_POST['page_url'] = $_GET['page_id'];
+ − 1364
}
+ − 1365
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1366
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1367
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1368
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1369
$k = array_keys($paths->nslist);
+ − 1370
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1371
{
+ − 1372
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1373
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1374
{
+ − 1375
$ns = $k[$i];
+ − 1376
$page_id = substr($pid, $ln, strlen($pid));
+ − 1377
}
+ − 1378
}
+ − 1379
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1380
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1381
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1382
{
+ − 1383
if(!isset($final_pid))
+ − 1384
{
+ − 1385
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1386
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1387
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1388
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1389
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1390
}
+ − 1391
}
+ − 1392
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1393
$_POST['namespace'] = $ns;
+ − 1394
$_POST['old_namespace'] = $ns;
+ − 1395
$_POST['page_id'] = $final_pid;
+ − 1396
$_POST['old_page_id'] = $final_pid;
+ − 1397
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1398
}
+ − 1399
+ − 1400
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1401
{
+ − 1402
$cpage = $paths->pages[$paths->nslist[$_POST['namespace']].$_POST['old_page_id']];
+ − 1403
if(isset($_POST['submit']))
+ − 1404
{
22
+ − 1405
switch(true)
0
+ − 1406
{
22
+ − 1407
case true:
+ − 1408
// Create a list of things to update
+ − 1409
$page_info = Array(
+ − 1410
'name'=>$_POST['name'],
+ − 1411
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1412
'namespace'=>$_POST['namespace'],
+ − 1413
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1414
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1415
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1416
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1417
);
+ − 1418
+ − 1419
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname'] );
+ − 1420
+ − 1421
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1422
{
+ − 1423
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1424
break;
+ − 1425
}
+ − 1426
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1427
{
+ − 1428
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1429
break;
+ − 1430
}
+ − 1431
// Build the query
+ − 1432
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1433
$k = array_keys($page_info);
+ − 1434
foreach($k as $c)
+ − 1435
{
+ − 1436
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1437
}
+ − 1438
$q = substr($q, 0, strlen($q)-1);
+ − 1439
// Build the WHERE statements
+ − 1440
$q .= ' WHERE ';
+ − 1441
$k = array_keys($cpage);
+ − 1442
foreach($k as $c)
+ − 1443
{
+ − 1444
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1445
{
+ − 1446
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1447
}
+ − 1448
else if($c == 'urlname')
+ − 1449
{
+ − 1450
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1451
}
+ − 1452
}
+ − 1453
// Trim off the last " AND " and append a semicolon
+ − 1454
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1455
// Send the completed query to MySQL
+ − 1456
$e = $db->sql_query($q);
+ − 1457
if(!$e) $db->_die('The page data could not be updated.');
+ − 1458
// Update any additional tables
+ − 1459
$q = Array(
+ − 1460
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1461
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1462
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1463
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1464
);
+ − 1465
foreach($q as $cq)
+ − 1466
{
+ − 1467
$e = $db->sql_query($cq);
+ − 1468
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1469
}
+ − 1470
// Update $cpage
+ − 1471
$cpage = $page_info;
+ − 1472
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1473
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1474
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1475
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1476
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1477
break;
0
+ − 1478
}
+ − 1479
} elseif(isset($_POST['delete'])) {
+ − 1480
$q = Array(
+ − 1481
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1482
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1483
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1484
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1485
);
+ − 1486
foreach($q as $cq)
+ − 1487
{
+ − 1488
$e = $db->sql_query($cq);
+ − 1489
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1490
}
+ − 1491
+ − 1492
if(!$db->sql_query(
+ − 1493
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1494
)) $db->_die('The page could not be deleted.');
+ − 1495
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1496
return;
+ − 1497
}
+ − 1498
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration'.htmlspecialchars(urlSeparator).(( isset($_GET['sqldbg']) ) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1499
?>
+ − 1500
<h3>Modify page: <?php echo $_POST['name']; ?></h3>
+ − 1501
<table border="0">
+ − 1502
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
+ − 1503
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo $cpage['name']; ?>" /></td></tr>
22
+ − 1504
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1505
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1506
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1507
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1508
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1509
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1510
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1511
<tr><td colspan="2" style="text-align: right;">
+ − 1512
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1513
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1514
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1515
</table>
+ − 1516
<?php
+ − 1517
echo '</form>';
+ − 1518
} else {
+ − 1519
echo '<h3>Please select a page</h3>';
+ − 1520
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1521
?>
+ − 1522
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1523
<p>Select page title from a list: <select name="page_force_url">
+ − 1524
<?php
+ − 1525
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1526
{
+ − 1527
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1528
}
+ − 1529
?>
+ − 1530
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1531
<?php
+ − 1532
echo '</form>';
+ − 1533
+ − 1534
}
+ − 1535
}
+ − 1536
+ − 1537
function page_Admin_PageEditor()
+ − 1538
{
+ − 1539
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1540
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1541
{
+ − 1542
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1543
return;
+ − 1544
}
+ − 1545
+ − 1546
+ − 1547
echo '<h2>Edit page content</h2>';
+ − 1548
+ − 1549
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1550
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1551
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1552
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1553
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1554
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1555
$k = array_keys($paths->nslist);
+ − 1556
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1557
{
+ − 1558
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1559
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1560
{
+ − 1561
$ns = $k[$i];
+ − 1562
$page_id = substr($pid, $ln, strlen($pid));
+ − 1563
}
+ − 1564
}
+ − 1565
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1566
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1567
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1568
{
+ − 1569
if(!isset($final_pid))
+ − 1570
{
+ − 1571
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1572
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1573
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1574
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1575
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1576
}
+ − 1577
}
+ − 1578
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1579
$_POST['namespace'] = $ns;
+ − 1580
$_POST['page_id'] = $final_pid;
+ − 1581
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1582
}
+ − 1583
+ − 1584
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1585
{
+ − 1586
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1587
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1588
else $content = $_POST['content'];
+ − 1589
if(isset($_POST['save']))
+ − 1590
{
+ − 1591
$data = $content;
+ − 1592
$id = md5( microtime() . mt_rand() );
+ − 1593
+ − 1594
$minor = isset($_POST['minor']) ? 'true' : 'false';
+ − 1595
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
+ − 1596
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1597
+ − 1598
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1599
$e = $db->sql_query($query);
+ − 1600
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1601
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1602
} elseif(isset($_POST['preview'])) {
+ − 1603
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1604
}
+ − 1605
?>
+ − 1606
<p>
+ − 1607
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
+ − 1608
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br />
+ − 1609
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1610
</p>
+ − 1611
<p>
+ − 1612
<input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" />
+ − 1613
<input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" />
+ − 1614
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1615
</p>
+ − 1616
<?php
+ − 1617
echo '</form>';
+ − 1618
} else {
+ − 1619
echo '<h3>Please select a page</h3>';
+ − 1620
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1621
?>
+ − 1622
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1623
<p>Select page title from a list: <select name="page_force_url">
+ − 1624
<?php
+ − 1625
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1626
{
+ − 1627
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1628
}
+ − 1629
?>
+ − 1630
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1631
<?php
+ − 1632
echo '</form>';
+ − 1633
}
+ − 1634
}
+ − 1635
+ − 1636
function page_Admin_ThemeManager()
+ − 1637
{
+ − 1638
+ − 1639
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1640
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1641
{
+ − 1642
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1643
return;
+ − 1644
}
+ − 1645
+ − 1646
+ − 1647
// Get the list of styles in the themes/ dir
+ − 1648
$h = opendir('./themes');
+ − 1649
$l = Array();
+ − 1650
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1651
while(false !== ($n = readdir($h))) {
+ − 1652
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1653
$l[] = $n;
+ − 1654
}
+ − 1655
closedir($h);
+ − 1656
echo('
+ − 1657
<h3>Theme Management</h3>
+ − 1658
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1659
');
+ − 1660
if(isset($_POST['disenable'])) {
+ − 1661
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1662
$s = $db->sql_query($q);
+ − 1663
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1664
$r = $db->fetchrow_num($s);
+ − 1665
$db->free_result();
+ − 1666
if($r[0] == 1) $e = 0;
+ − 1667
else $e = 1;
+ − 1668
$s=true;
+ − 1669
if($e==0)
+ − 1670
{
+ − 1671
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1672
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1673
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1674
}
+ − 1675
$db->free_result();
+ − 1676
if($s) {
+ − 1677
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1678
$a = $db->sql_query($q);
+ − 1679
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1680
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1681
}
+ − 1682
}
+ − 1683
elseif(isset($_POST['edit'])) {
+ − 1684
+ − 1685
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1686
$list = Array();
+ − 1687
// Open a known directory, and proceed to read its contents
+ − 1688
if (is_dir($dir)) {
+ − 1689
if ($dh = opendir($dir)) {
+ − 1690
while (($file = readdir($dh)) !== false) {
+ − 1691
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1692
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1693
}
+ − 1694
}
+ − 1695
closedir($dh);
+ − 1696
}
+ − 1697
}
+ − 1698
$lk = array_keys($list);
+ − 1699
+ − 1700
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1701
$s = $db->sql_query($q);
+ − 1702
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1703
$r = $db->fetchrow_num($s);
+ − 1704
$db->free_result();
+ − 1705
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1706
echo('<div class="question-box">
+ − 1707
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1708
Default stylesheet: <select name="defaultcss">');
+ − 1709
foreach ($lk as $l)
+ − 1710
{
+ − 1711
if($r[1] == $l) $v = ' selected="selected"';
+ − 1712
else $v = '';
+ − 1713
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1714
}
+ − 1715
echo('</select><br /><br />
+ − 1716
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1717
</div>');
+ − 1718
echo('</form>');
+ − 1719
}
+ − 1720
elseif(isset($_POST['editsave'])) {
+ − 1721
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1722
$s = $db->sql_query($q);
+ − 1723
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1724
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1725
}
+ − 1726
elseif(isset($_POST['up'])) {
+ − 1727
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1728
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1729
$s = $db->sql_query($q);
+ − 1730
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1731
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1732
$sn = $db->sql_query($q);
+ − 1733
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1734
$r = $db->fetchrow_num($sn);
+ − 1735
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1736
// Get the order IDs of the selected theme and the theme before it
+ − 1737
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1738
$s = $db->sql_query($q);
+ − 1739
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1740
$r = $db->fetchrow_num($s);
+ − 1741
$r = $r[0];
+ − 1742
$rb = $r - 1;
+ − 1743
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1744
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1745
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1746
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1747
echo('<div class="info-box">Theme moved up.</div>');
+ − 1748
}
+ − 1749
$db->free_result($s);
+ − 1750
$db->free_result($sn);
+ − 1751
}
+ − 1752
elseif(isset($_POST['down'])) {
+ − 1753
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1754
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1755
$s = $db->sql_query($q);
+ − 1756
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1757
$r = $db->fetchrow_num($s);
+ − 1758
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1759
// Get the order IDs of the selected theme and the theme before it
+ − 1760
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1761
$s = $db->sql_query($q);
+ − 1762
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1763
$r = $db->fetchrow_num($s);
+ − 1764
$r = $r[0];
+ − 1765
$rb = $r + 1;
+ − 1766
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1767
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1768
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1769
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1770
echo('<div class="info-box">Theme moved down.</div>');
+ − 1771
}
+ − 1772
}
+ − 1773
else if(isset($_POST['uninstall']))
+ − 1774
{
+ − 1775
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1776
$s = $db->sql_query($q);
+ − 1777
if ( !$s )
+ − 1778
{
+ − 1779
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1780
}
+ − 1781
$n = $db->numrows($s);
+ − 1782
$db->free_result();
+ − 1783
+ − 1784
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1785
{
+ − 1786
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1787
}
+ − 1788
else
+ − 1789
{
+ − 1790
if($n < 2)
+ − 1791
{
+ − 1792
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1793
}
+ − 1794
else
+ − 1795
{
+ − 1796
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 1797
$s = $db->sql_query($q);
+ − 1798
if ( !$s )
+ − 1799
{
+ − 1800
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1801
}
+ − 1802
else
+ − 1803
{
+ − 1804
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 1805
}
+ − 1806
}
+ − 1807
}
+ − 1808
}
+ − 1809
elseif(isset($_POST['install'])) {
+ − 1810
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1811
$s = $db->sql_query($q);
+ − 1812
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1813
$n = $db->numrows($s);
+ − 1814
$n++;
+ − 1815
$theme_id = $_POST['theme_id'];
+ − 1816
$theme = Array();
+ − 1817
include('./themes/'.$theme_id.'/theme.cfg');
+ − 1818
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled) VALUES(\''.$theme['theme_id'].'\', \''.$theme['theme_name'].'\', '.$n.', 1)';
+ − 1819
$s = $db->sql_query($q);
+ − 1820
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1821
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
+ − 1822
}
+ − 1823
echo('
+ − 1824
<h3>Currently installed themes</h3>
+ − 1825
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 1826
<p>
+ − 1827
<select name="theme_id">
+ − 1828
');
+ − 1829
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 1830
$s = $db->sql_query($q);
+ − 1831
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1832
while ( $r = $db->fetchrow_num($s) ) {
+ − 1833
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 1834
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 1835
}
+ − 1836
$db->free_result();
+ − 1837
echo('
+ − 1838
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 1839
</p>
+ − 1840
</form>
+ − 1841
<h3>Install a new theme</h3>
+ − 1842
');
+ − 1843
$theme = Array();
+ − 1844
$obb = '';
+ − 1845
for($i=0;$i<sizeof($l);$i++) {
+ − 1846
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 1847
include('./themes/'.$l[$i].'/theme.cfg');
+ − 1848
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 1849
$s = $db->sql_query($q);
+ − 1850
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 1851
if($db->numrows($s) < 1) {
+ − 1852
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 1853
}
+ − 1854
$db->free_result();
+ − 1855
}
+ − 1856
}
+ − 1857
if($obb != '') {
+ − 1858
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 1859
echo('<select name="theme_id">');
+ − 1860
echo($obb);
+ − 1861
echo('</select>');
+ − 1862
echo('
+ − 1863
<input type="submit" name="install" value="Install this theme" />
+ − 1864
</p></form>');
+ − 1865
} else echo('<p>All themes are currently installed.</p>');
+ − 1866
}
+ − 1867
+ − 1868
function page_Admin_BanControl()
+ − 1869
{
+ − 1870
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1871
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1872
{
+ − 1873
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1874
return;
+ − 1875
}
+ − 1876
+ − 1877
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 1878
{
+ − 1879
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 1880
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 1881
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1882
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 1883
{
+ − 1884
$q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\'';
+ − 1885
if(isset($_POST['regex'])) $q .= ', 1';
+ − 1886
else $q .= ', 0';
+ − 1887
$q .= ');';
+ − 1888
$e = $db->sql_query($q);
+ − 1889
if(!$e) $db->_die('The banlist could not be updated.');
+ − 1890
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1891
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1892
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1893
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1894
}
0
+ − 1895
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 1896
if(!$q) $db->_die('The banlist data could not be selected.');
+ − 1897
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1898
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
+ − 1899
if($db->numrows() < 1) echo '<td colspan="4">No ban rules yet.</td>';
+ − 1900
while($r = $db->fetchrow())
+ − 1901
{
+ − 1902
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 1903
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 1904
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 1905
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
+ − 1906
echo '<tr><td>'.$t.'</td><td>'.$r['ban_value'].'</td><td>'.$g.'</td><td><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
+ − 1907
}
+ − 1908
$db->free_result();
+ − 1909
echo '</table>';
+ − 1910
echo '<h3>Create new ban rule</h3>';
+ − 1911
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1912
?>
+ − 1913
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 1914
Rule: <input type="text" name="value" size="30" /><br />
+ − 1915
Reason to show to the banned user: <textarea name="reason" rows="7" cols="20"></textarea><br />
+ − 1916
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 1917
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 1918
<?php
+ − 1919
echo '</form>';
+ − 1920
}
+ − 1921
+ − 1922
function page_Admin_MassEmail()
+ − 1923
{
+ − 1924
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1925
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1926
{
+ − 1927
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1928
return;
+ − 1929
}
+ − 1930
+ − 1931
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1932
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 1933
{
+ − 1934
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 1935
+ − 1936
//
+ − 1937
// Let's do some checking to make sure that mass mail functions
+ − 1938
// are working in win32 versions of php. (copied from phpBB)
+ − 1939
//
+ − 1940
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 1941
{
+ − 1942
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 1943
+ − 1944
// We are running on windows, force delivery to use our smtp functions
+ − 1945
// since php's are broken by default
+ − 1946
$use_smtp = true;
+ − 1947
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 1948
}
+ − 1949
+ − 1950
$mail = new emailer( !empty($use_smtp) );
+ − 1951
+ − 1952
// Validate subject/message body
+ − 1953
$subject = stripslashes(trim($_POST['subject']));
+ − 1954
$message = stripslashes(trim($_POST['message']));
+ − 1955
+ − 1956
if ( empty($subject) )
+ − 1957
$errors[] = 'Please enter a subject.';
+ − 1958
if ( empty($message) )
+ − 1959
$errors[] = 'Please enter a message.';
+ − 1960
+ − 1961
// Get list of members
+ − 1962
if ( !empty($_POST['userlist']) )
+ − 1963
{
+ − 1964
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 1965
$userlist = explode(',', $userlist);
+ − 1966
foreach ( $userlist as $k => $u )
+ − 1967
{
+ − 1968
if ( $u == $session->username )
+ − 1969
{
+ − 1970
// Message is automatically sent to the sender
+ − 1971
unset($userlist[$k]);
+ − 1972
}
+ − 1973
else
+ − 1974
{
+ − 1975
$userlist[$k] = $db->escape($u);
+ − 1976
}
+ − 1977
}
+ − 1978
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 1979
+ − 1980
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 1981
if ( !$q )
+ − 1982
$db->_die();
+ − 1983
+ − 1984
if ( $row = $db->fetchrow() )
+ − 1985
{
+ − 1986
do {
+ − 1987
$mail->cc($row['email']);
+ − 1988
} while ( $row = $db->fetchrow() );
+ − 1989
}
+ − 1990
+ − 1991
$db->free_result();
+ − 1992
+ − 1993
}
+ − 1994
else
+ − 1995
{
+ − 1996
// Sending to a usergroup
+ − 1997
+ − 1998
$group_id = intval($_POST['group_id']);
+ − 1999
if ( $group_id < 1 )
+ − 2000
{
+ − 2001
$errors[] = 'Invalid group ID';
+ − 2002
}
+ − 2003
else
+ − 2004
{
+ − 2005
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2006
LEFT JOIN '.table_prefix.'users AS u
+ − 2007
ON (u.user_id=g.user_id)
+ − 2008
WHERE g.group_id=' . $group_id . ';');
+ − 2009
if ( !$q )
+ − 2010
$db->_die();
+ − 2011
+ − 2012
if ( $row = $db->fetchrow() )
+ − 2013
{
+ − 2014
do {
+ − 2015
$mail->cc($row['email']);
+ − 2016
} while ( $row = $db->fetchrow() );
+ − 2017
}
+ − 2018
+ − 2019
$db->free_result();
+ − 2020
}
+ − 2021
}
+ − 2022
+ − 2023
if ( sizeof($errors) < 1 )
+ − 2024
{
+ − 2025
+ − 2026
$mail->from(getConfig('contact_email'));
+ − 2027
$mail->replyto(getConfig('contact_email'));
+ − 2028
$mail->set_subject($subject);
+ − 2029
$mail->email_address(getConfig('contact_email'));
+ − 2030
+ − 2031
// Copied/modified from phpBB
+ − 2032
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2033
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2034
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2035
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2036
+ − 2037
$mail->extra_headers($email_headers);
+ − 2038
+ − 2039
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2040
+ − 2041
{CONTACT_EMAIL}
+ − 2042
+ − 2043
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2044
{MESSAGE}
+ − 2045
';
+ − 2046
+ − 2047
$mail->use_template($tpl);
+ − 2048
+ − 2049
$mail->assign_vars(array(
+ − 2050
'SENDER' => $session->username,
+ − 2051
'SITE_NAME' => getConfig('site_name'),
+ − 2052
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2053
'MESSAGE' => $message
+ − 2054
));
+ − 2055
+ − 2056
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2057
+ − 2058
// All done
+ − 2059
$mail->send();
+ − 2060
$mail->reset();
+ − 2061
+ − 2062
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2063
+ − 2064
}
+ − 2065
else
+ − 2066
{
+ − 2067
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2068
}
+ − 2069
+ − 2070
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2071
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2072
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2073
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2074
}
0
+ − 2075
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2076
?>
+ − 2077
<div class="tblholder">
+ − 2078
<table border="0" cellspacing="1" cellpadding="4">
+ − 2079
<tr>
+ − 2080
<th colspan="2">Send mass e-mail</th>
+ − 2081
</tr>
+ − 2082
<tr>
+ − 2083
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2084
Send message to:<br />
+ − 2085
<small>
+ − 2086
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2087
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2088
</small>
+ − 2089
</td>
+ − 2090
<td class="row1">
+ − 2091
<select name="group_id">
+ − 2092
<?php
+ − 2093
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2094
if ( !$q )
+ − 2095
$db->_die();
+ − 2096
while ( $row = $db->fetchrow() )
+ − 2097
{
+ − 2098
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2099
}
+ − 2100
?>
+ − 2101
</select>
+ − 2102
</td>
+ − 2103
</tr>
+ − 2104
<tr>
+ − 2105
<td class="row1">
+ − 2106
Usernames: <input type="text" name="userlist" size="50" />
+ − 2107
</td>
+ − 2108
</tr>
+ − 2109
<tr>
+ − 2110
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2111
Subject:
+ − 2112
</td>
+ − 2113
<td class="row1">
+ − 2114
<input name="subject" type="text" size="50" />
+ − 2115
</td>
+ − 2116
</tr>
+ − 2117
<tr>
+ − 2118
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2119
Message:
+ − 2120
</td>
+ − 2121
<td class="row1">
+ − 2122
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2123
</td>
+ − 2124
</tr>
+ − 2125
<tr>
+ − 2126
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2127
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2128
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2129
</th>
+ − 2130
</tr>
+ − 2131
+ − 2132
</table>
+ − 2133
</div>
+ − 2134
<?php
+ − 2135
echo '</form>';
+ − 2136
}
+ − 2137
+ − 2138
function page_Admin_DBBackup()
+ − 2139
{
+ − 2140
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2141
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2142
{
+ − 2143
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2144
return;
+ − 2145
}
+ − 2146
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2147
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2148
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2149
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2150
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2151
0
+ − 2152
global $system_table_list;
+ − 2153
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2154
{
+ − 2155
+ − 2156
if(defined('SQL_BACKUP_CRYPT'))
+ − 2157
// Try to increase our time limit
+ − 2158
@set_time_limit(300); // five minutes
+ − 2159
// Do the actual export
+ − 2160
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
+ − 2161
$filename = 'enano_backup_' . date('dmy') . '.sql' . $aesext;
+ − 2162
ob_start();
+ − 2163
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2164
header('Content-type: application/transact-sql');
+ − 2165
// Spew some headers
+ − 2166
$headdate = date('F d, Y \a\t h:i a');
+ − 2167
echo <<<HEADER
+ − 2168
-- Enano CMS SQL backup
+ − 2169
-- Generated on {$headdate} by {$session->username}
+ − 2170
+ − 2171
HEADER;
+ − 2172
// build the table list
+ − 2173
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2174
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2175
$tables = array_merge($base, $add);
+ − 2176
+ − 2177
// Log it!
+ − 2178
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2179
if ( !$e )
+ − 2180
$db->_die();
+ − 2181
+ − 2182
foreach($tables as $i => $t)
+ − 2183
{
+ − 2184
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2185
die('Hacking attempt');
+ − 2186
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2187
// unset($tables[$i]);
+ − 2188
}
+ − 2189
foreach($tables as $t)
+ − 2190
{
+ − 2191
// Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables.
+ − 2192
// If encryption is enabled the log data will be excluded too.
+ − 2193
echo export_table(
+ − 2194
$t,
+ − 2195
isset($_POST['do_struct']),
+ − 2196
( isset($_POST['do_data']) /* && $t != table_prefix.'files' && $t != table_prefix.'search_index' && $t != table_prefix.'search_cache' && ( !defined('SQL_BACKUP_CRYPT') || ( defined('SQL_BACKUP_CRYPT') && $t != table_prefix.'logs' ) ) */ ),
+ − 2197
false
+ − 2198
) . "\n";
+ − 2199
}
+ − 2200
$data = ob_get_contents();
+ − 2201
ob_end_clean();
+ − 2202
if(defined('SQL_BACKUP_CRYPT'))
+ − 2203
{
+ − 2204
// Free some memory, we don't need this stuff any more
+ − 2205
$db->close();
+ − 2206
unset($paths, $db, $template, $plugins);
+ − 2207
$tea = new TEACrypt();
+ − 2208
$data = $tea->encrypt($data, $session->private_key);
+ − 2209
}
+ − 2210
header('Content-length: '.strlen($data));
+ − 2211
echo $data;
+ − 2212
exit;
+ − 2213
}
+ − 2214
else
+ − 2215
{
+ − 2216
// Show the UI
+ − 2217
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2218
?>
+ − 2219
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2220
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2221
<p>Additional tables to export:</p>
+ − 2222
<p><select name="additional_tables[]" multiple="multiple">
+ − 2223
<?php
+ − 2224
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2225
while($row = $db->fetchrow_num())
+ − 2226
{
+ − 2227
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2228
}
+ − 2229
?>
+ − 2230
</select>
+ − 2231
</p>
+ − 2232
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2233
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2234
</p>
+ − 2235
<p><input type="submit" value="Create backup" /></p>
+ − 2236
<?php
+ − 2237
echo '</form>';
+ − 2238
}
+ − 2239
}
+ − 2240
+ − 2241
function page_Admin_AdminLogout()
+ − 2242
{
+ − 2243
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2244
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2245
{
+ − 2246
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2247
return;
+ − 2248
}
+ − 2249
+ − 2250
$session->logout(USER_LEVEL_ADMIN);
+ − 2251
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2252
}
+ − 2253
+ − 2254
function page_Special_Administration()
+ − 2255
{
+ − 2256
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2257
+ − 2258
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2259
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2260
exit;
+ − 2261
}
+ − 2262
else
+ − 2263
{
+ − 2264
$template->load_theme('admin', 'default');
+ − 2265
$template->init_vars();
+ − 2266
if( !isset( $_GET['noheaders'] ) )
+ − 2267
{
+ − 2268
$template->header();
+ − 2269
}
+ − 2270
echo 'Administer your Enano website.';
+ − 2271
?>
+ − 2272
<script type="text/javascript">
+ − 2273
function ajaxPage(t)
+ − 2274
{
+ − 2275
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2276
{
+ − 2277
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2278
mb.onclick['Yes'] = function() {
+ − 2279
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2280
var tigraobj = $(tigraentry);
+ − 2281
var div = document.createElement('div');
+ − 2282
div.style.backgroundColor = '#FFFFFF';
+ − 2283
domObjChangeOpac(70, div);
+ − 2284
div.style.position = 'absolute';
+ − 2285
var top = tigraobj.Top();
+ − 2286
var left = tigraobj.Left();
+ − 2287
var width = tigraobj.Width();
+ − 2288
var height = tigraobj.Height();
+ − 2289
div.style.top = top + 'px';
+ − 2290
div.style.left = left + 'px';
+ − 2291
div.style.width = width + 'px';
+ − 2292
div.style.height = height + 'px';
+ − 2293
var body = document.getElementsByTagName('body')[0];
+ − 2294
enlighten(true);
+ − 2295
body.appendChild(div);
+ − 2296
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2297
}
+ − 2298
return;
+ − 2299
}
+ − 2300
ajaxPageBin(t);
+ − 2301
}
+ − 2302
function ajaxPageBin(t)
+ − 2303
{
+ − 2304
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2305
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2306
if(ajax.readyState == 4) {
+ − 2307
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2308
fadeInfoBoxes();
+ − 2309
}
+ − 2310
});
+ − 2311
}
+ − 2312
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2313
var TREE_TPL = {
+ − 2314
'target' : '_self', // name of the frame links will be opened in
+ − 2315
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2316
+ − 2317
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2318
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2319
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2320
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2321
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2322
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2323
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2324
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2325
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2326
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2327
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2328
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2329
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2330
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2331
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2332
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2333
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2334
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2335
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2336
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2337
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2338
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2339
};
+ − 2340
<?php
+ − 2341
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2342
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2343
</script>
+ − 2344
<table border="0" width="100%">
+ − 2345
<tr>
+ − 2346
<td class="holder" valign="top">
+ − 2347
<div class="pad" style="padding-right: 20px;">
+ − 2348
<script type="text/javascript">
+ − 2349
new tree(TREE_ITEMS, TREE_TPL);
+ − 2350
</script>
+ − 2351
</div>
+ − 2352
</td>
+ − 2353
<td width="100%" valign="top">
+ − 2354
<div class="pad" id="ajaxPageContainer">
+ − 2355
<?php
+ − 2356
if(isset($_GET['module']))
+ − 2357
{
+ − 2358
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2359
$k = array_keys($paths->nslist);
+ − 2360
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2361
{
+ − 2362
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2363
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2364
{
+ − 2365
$ns = $k[$i];
+ − 2366
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2367
}
+ − 2368
}
+ − 2369
$fname = 'page_'.$ns.'_'.$nm;
+ − 2370
$s = strpos($fname, '?noheaders');
+ − 2371
if($s) $fname = substr($fname, 0, $s);
+ − 2372
$paths->cpage['module'] = $_GET['module'];
+ − 2373
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2374
{
+ − 2375
eval($fname.'();');
+ − 2376
}
+ − 2377
}
+ − 2378
else
+ − 2379
{
+ − 2380
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2381
}
+ − 2382
?>
+ − 2383
</div>
+ − 2384
</td>
+ − 2385
</tr>
+ − 2386
</table>
+ − 2387
+ − 2388
<?php
+ − 2389
}
+ − 2390
if(!isset($_GET['noheaders']))
+ − 2391
{
+ − 2392
$template->footer();
+ − 2393
}
+ − 2394
}
+ − 2395
+ − 2396
function page_Special_EditSidebar()
+ − 2397
{
+ − 2398
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2399
+ − 2400
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2401
{
+ − 2402
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2403
exit;
+ − 2404
}
+ − 2405
else
+ − 2406
{
+ − 2407
+ − 2408
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2409
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2410
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2411
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2412
+ − 2413
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2414
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2415
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2416
+ − 2417
$template->load_theme('oxygen', 'bleu');
+ − 2418
$template->init_vars();
+ − 2419
+ − 2420
$template->header();
+ − 2421
+ − 2422
if(isset($_POST['save']))
+ − 2423
{
+ − 2424
// Write the new block order to the database
+ − 2425
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2426
// Anyone know a better way to do this?
+ − 2427
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2428
if ( !$q )
+ − 2429
{
+ − 2430
$db->_die('The sidebar order data could not be selected.');
+ − 2431
}
+ − 2432
$orders = Array();
+ − 2433
while($row = $db->fetchrow())
+ − 2434
{
+ − 2435
$orders[] = Array(
+ − 2436
count($orders),
+ − 2437
$row['item_id'],
+ − 2438
$row['sidebar_id'],
+ − 2439
);
+ − 2440
}
+ − 2441
$db->free_result();
+ − 2442
+ − 2443
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2444
$ol = explode(',', $_POST['order_left']);
+ − 2445
$odr = explode(',', $_POST['order_right']);
+ − 2446
$om = array_merge($ol, $odr);
+ − 2447
unset($ol, $odr);
+ − 2448
$queries = Array();
+ − 2449
foreach($orders as $k => $v)
+ − 2450
{
+ − 2451
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2452
}
+ − 2453
foreach($queries as $sql)
+ − 2454
{
+ − 2455
$q = $db->sql_query($sql);
+ − 2456
if(!$q)
+ − 2457
{
+ − 2458
$t = $db->get_error();
+ − 2459
echo $t;
+ − 2460
$template->footer();
+ − 2461
exit;
+ − 2462
}
+ − 2463
}
+ − 2464
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2465
}
+ − 2466
elseif(isset($_POST['create']))
+ − 2467
{
+ − 2468
switch((int)$_POST['type'])
+ − 2469
{
+ − 2470
case BLOCK_WIKIFORMAT:
+ − 2471
$content = $_POST['wikiformat_content'];
+ − 2472
break;
+ − 2473
case BLOCK_TEMPLATEFORMAT:
+ − 2474
$content = $_POST['templateformat_content'];
+ − 2475
break;
+ − 2476
case BLOCK_HTML:
+ − 2477
$content = $_POST['html_content'];
+ − 2478
break;
+ − 2479
case BLOCK_PHP:
+ − 2480
$content = $_POST['php_content'];
+ − 2481
break;
+ − 2482
case BLOCK_PLUGIN:
+ − 2483
$content = $_POST['plugin_id'];
+ − 2484
break;
+ − 2485
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2486
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2487
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2488
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2489
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2490
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2491
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2492
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2493
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2494
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2495
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2496
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2497
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2498
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2499
0
+ − 2500
// Get the value of item_order
+ − 2501
+ − 2502
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2503
if(!$q) $db->_die('The order number could not be selected');
+ − 2504
$io = $db->numrows();
+ − 2505
+ − 2506
$db->free_result();
+ − 2507
+ − 2508
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2509
$result = $db->sql_query($q);
+ − 2510
if(!$result)
+ − 2511
{
+ − 2512
echo $db->get_error();
+ − 2513
$template->footer();
+ − 2514
exit;
+ − 2515
}
+ − 2516
+ − 2517
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2518
+ − 2519
}
+ − 2520
+ − 2521
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2522
{
+ − 2523
if(preg_match('#^([0-9]*)$#', $_GET['id']))
+ − 2524
{
+ − 2525
} else {
+ − 2526
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2527
}
+ − 2528
switch($_GET['action'])
+ − 2529
{
+ − 2530
case 'new':
+ − 2531
?>
+ − 2532
<script type="text/javascript">
+ − 2533
function setType(input)
+ − 2534
{
+ − 2535
val = input.value;
+ − 2536
if(!val)
+ − 2537
{
+ − 2538
return false;
+ − 2539
}
+ − 2540
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2541
for(var i in divs)
+ − 2542
{
+ − 2543
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2544
else divs[i].style.display = 'none';
+ − 2545
}
+ − 2546
}
+ − 2547
</script>
+ − 2548
+ − 2549
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2550
+ − 2551
<p>
+ − 2552
What type of block should this be?
+ − 2553
</p>
+ − 2554
<p>
+ − 2555
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2556
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2557
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2558
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2559
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2560
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2561
</select>
+ − 2562
</p>
+ − 2563
+ − 2564
<p>
+ − 2565
+ − 2566
Block title: <input name="title" type="text" size="40" /><br />
+ − 2567
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2568
+ − 2569
</p>
+ − 2570
+ − 2571
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2572
<p>
+ − 2573
Wikitext:
+ − 2574
</p>
+ − 2575
<p>
+ − 2576
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2577
</p>
+ − 2578
</div>
+ − 2579
+ − 2580
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2581
<p>
+ − 2582
Template code:
+ − 2583
</p>
+ − 2584
<p>
+ − 2585
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2586
</p>
+ − 2587
</div>
+ − 2588
+ − 2589
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2590
<p>
+ − 2591
HTML to place inside the sidebar:
+ − 2592
</p>
+ − 2593
<p>
+ − 2594
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2595
</p>
+ − 2596
</div>
+ − 2597
+ − 2598
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2599
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2600
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2601
<?php } else { ?>
0
+ − 2602
<p>
+ − 2603
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2604
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2605
</p>
+ − 2606
<p>
+ − 2607
<span style="color: red;">
+ − 2608
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2609
</span> You have been warned.
+ − 2610
</p>
+ − 2611
<p>
+ − 2612
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2613
</p>
+ − 2614
<p>
+ − 2615
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2616
</p>
+ − 2617
<p>
+ − 2618
PHP code:
+ − 2619
</p>
+ − 2620
<p>
+ − 2621
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2622
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2623
<?php } ?>
0
+ − 2624
</div>
+ − 2625
+ − 2626
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2627
<p>
+ − 2628
Plugin:
+ − 2629
</p>
+ − 2630
<p>
+ − 2631
<select name="plugin_id">
+ − 2632
<?php
+ − 2633
foreach($template->plugin_blocks as $k => $c)
+ − 2634
{
+ − 2635
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2636
}
+ − 2637
?>
+ − 2638
</select>
+ − 2639
</p>
+ − 2640
</div>
+ − 2641
+ − 2642
<p>
+ − 2643
+ − 2644
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2645
<input type="submit" name="cancel" value="Cancel" />
+ − 2646
+ − 2647
</p>
+ − 2648
+ − 2649
</form>
+ − 2650
+ − 2651
<script type="text/javascript">
+ − 2652
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2653
for(var i in divs)
+ − 2654
{
+ − 2655
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2656
}
+ − 2657
</script>
+ − 2658
+ − 2659
<?php
+ − 2660
$template->footer();
+ − 2661
return;
+ − 2662
break;
+ − 2663
case 'move':
+ − 2664
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2665
{
+ − 2666
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2667
break;
+ − 2668
}
+ − 2669
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2670
if(!$query)
+ − 2671
{
+ − 2672
echo $db->get_error();
+ − 2673
$template->footer();
+ − 2674
exit;
+ − 2675
}
+ − 2676
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2677
break;
+ − 2678
case 'delete':
+ − 2679
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
+ − 2680
if(!$query)
+ − 2681
{
+ − 2682
echo $db->get_error();
+ − 2683
$template->footer();
+ − 2684
exit;
+ − 2685
}
+ − 2686
if(isset($_GET['ajax']))
+ − 2687
{
+ − 2688
ob_end_clean();
+ − 2689
die('GOOD');
+ − 2690
}
+ − 2691
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 2692
break;
+ − 2693
case 'disenable';
+ − 2694
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2695
if(!$q)
+ − 2696
{
+ − 2697
echo $db->get_error();
+ − 2698
$template->footer();
+ − 2699
exit;
+ − 2700
}
+ − 2701
$r = $db->fetchrow();
+ − 2702
$db->free_result();
+ − 2703
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
+ − 2704
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2705
if(!$q)
+ − 2706
{
+ − 2707
echo $db->get_error();
+ − 2708
$template->footer();
+ − 2709
exit;
+ − 2710
}
+ − 2711
if(isset($_GET['ajax']))
+ − 2712
{
+ − 2713
ob_end_clean();
+ − 2714
die('GOOD');
+ − 2715
}
+ − 2716
break;
+ − 2717
case 'getsource':
+ − 2718
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2719
if(!$q)
+ − 2720
{
+ − 2721
echo $db->get_error();
+ − 2722
$template->footer();
+ − 2723
exit;
+ − 2724
}
+ − 2725
ob_end_clean();
+ − 2726
$r = $db->fetchrow();
+ − 2727
$db->free_result();
+ − 2728
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 2729
die($r['block_content']);
+ − 2730
break;
+ − 2731
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2732
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2733
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2734
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2735
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2736
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2737
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2738
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2739
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2740
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2741
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2742
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2743
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2744
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2745
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2746
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2747
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2748
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2749
}
0
+ − 2750
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2751
if(!$q)
+ − 2752
{
+ − 2753
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2754
exit;
+ − 2755
}
+ − 2756
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ − 2757
if(!$q)
+ − 2758
{
+ − 2759
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 2760
exit;
+ − 2761
}
+ − 2762
$row = $db->fetchrow();
+ − 2763
$db->free_result();
+ − 2764
switch($row['block_type'])
+ − 2765
{
+ − 2766
case BLOCK_WIKIFORMAT:
+ − 2767
default:
+ − 2768
$c = RenderMan::render($row['block_content']);
+ − 2769
break;
+ − 2770
case BLOCK_TEMPLATEFORMAT:
+ − 2771
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2772
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2773
break;
+ − 2774
case BLOCK_HTML:
+ − 2775
$c = $row['block_content'];
+ − 2776
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2777
break;
+ − 2778
case BLOCK_PHP:
+ − 2779
ob_start();
+ − 2780
eval($row['block_content']);
+ − 2781
$c = ob_get_contents();
+ − 2782
ob_end_clean();
+ − 2783
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2784
break;
+ − 2785
case BLOCK_PLUGIN:
+ − 2786
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2787
break;
+ − 2788
}
+ − 2789
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 2790
break;
+ − 2791
}
+ − 2792
}
+ − 2793
+ − 2794
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2795
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 2796
+ − 2797
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 2798
+ − 2799
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 2800
$parser->assign_vars(Array(
+ − 2801
'HREF'=>'#',
+ − 2802
'FLAGS'=>'onclick="return false;"',
+ − 2803
'TEXT'=>'Change theme'
+ − 2804
));
+ − 2805
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 2806
$parser->assign_vars(Array(
+ − 2807
'TEXT'=>'Log out',
+ − 2808
));
+ − 2809
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 2810
+ − 2811
$n1 = Array();
+ − 2812
$n2 = Array();
+ − 2813
$n =& $n1;
+ − 2814
+ − 2815
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 2816
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2817
+ − 2818
// Time for the loop
+ − 2819
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 2820
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 2821
while($row = $db->fetchrow())
+ − 2822
{
+ − 2823
if(isset($current_side))
+ − 2824
{
+ − 2825
if($current_side != $row['sidebar_id'])
+ − 2826
{
+ − 2827
// Time to switch!
+ − 2828
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2829
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 2830
//echo '</td><td valign="top">';
+ − 2831
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 2832
$n =& $n2;
+ − 2833
}
+ − 2834
}
+ − 2835
$n[] = count($n);
+ − 2836
$current_side = $row['sidebar_id'];
+ − 2837
switch($row['block_type'])
+ − 2838
{
+ − 2839
case BLOCK_WIKIFORMAT:
+ − 2840
default:
+ − 2841
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2842
$c = RenderMan::render($row['block_content']);
+ − 2843
break;
+ − 2844
case BLOCK_TEMPLATEFORMAT:
+ − 2845
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 2846
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 2847
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2848
break;
+ − 2849
case BLOCK_HTML:
+ − 2850
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2851
$c = $row['block_content'];
+ − 2852
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2853
break;
+ − 2854
case BLOCK_PHP:
+ − 2855
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2856
ob_start();
+ − 2857
eval($row['block_content']);
+ − 2858
$c = ob_get_contents();
+ − 2859
ob_end_clean();
+ − 2860
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 2861
break;
+ − 2862
case BLOCK_PLUGIN:
+ − 2863
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 2864
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 2865
break;
+ − 2866
}
+ − 2867
$t = $template->tplWikiFormat($row['block_name']);
+ − 2868
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 2869
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 2870
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 2871
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 2872
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 2873
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 2874
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 2875
$as = '';
+ − 2876
$ae = ' '.$tb;
+ − 2877
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 2878
echo $parser->run();
+ − 2879
unset($parser);
+ − 2880
+ − 2881
}
+ − 2882
$db->free_result();
+ − 2883
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 2884
echo '</div></td></tr></table>';
+ − 2885
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 2886
$order = implode(',', $n1);
+ − 2887
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 2888
$order = implode(',', $n2);
+ − 2889
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 2890
echo '
+ − 2891
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 2892
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 2893
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 2894
<br />
+ − 2895
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 2896
</div>
+ − 2897
</form>
+ − 2898
';
+ − 2899
}
+ − 2900
+ − 2901
$template->footer();
+ − 2902
}
+ − 2903
+ − 2904
?>