Mercurial Mercurial > repos > enano-1.0 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ajax.php
changeset 259 112debff64bd
parent 256 f8356d9c3481
child 260 c0d855cfaf0e
child 261 5f1cd51bf1be
equal deleted inserted replaced
258:8be996c3740d 259:112debff64bd 
    16  
    16  
    17   // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
 
    17   // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
 
    18   if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
 
    18   if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
 
    19   {
 
    19   {
 
    20     // setup and load a very basic, specialized instance of the Enano API
 
    20     // setup and load a very basic, specialized instance of the Enano API
 
    21     function dc_here($m)     { return false; }
 
       
    22     function dc_dump($a, $g) { return false; }
 
       
    23     function dc_watch($n)    { return false; }
 
       
    24     function dc_start_timer($u) { return false; }
 
       
    25     function dc_stop_timer($m) { return false; }
 
       
    26     function microtime_float()
 
    21     function microtime_float()
 
    27     {
 
    22     {
 
    28       list($usec, $sec) = explode(" ", microtime());
 
    23       list($usec, $sec) = explode(" ", microtime());
 
    29       return ((float)$usec + (float)$sec);
 
    24       return ((float)$usec + (float)$sec);
 
    30     }
 
    25     }
 
    39     }
 
    34     }
 
    40     define('ENANO_ROOT', dirname($filename));
 
    35     define('ENANO_ROOT', dirname($filename));
 
    41     require(ENANO_ROOT.'/includes/functions.php');
 
    36     require(ENANO_ROOT.'/includes/functions.php');
 
    42     require(ENANO_ROOT.'/includes/dbal.php');
 
    37     require(ENANO_ROOT.'/includes/dbal.php');
 
    43     require(ENANO_ROOT.'/includes/json.php');
 
    38     require(ENANO_ROOT.'/includes/json.php');
 
    44     $db = new mysql();
 
    39     
       
    40     require(ENANO_ROOT . '/config.php');
 
       
    41     unset($dbuser, $dbpasswd);
 
       
    42     if ( !isset($dbdriver) )
 
       
    43       $dbdriver = 'mysql';
 
       
    44     
       
    45     $db = new $dbdriver();
 
       
    46     
    45     $db->connect();
 
    47     $db->connect();
 
    46     
    48     
    47     // result is sent using JSON
 
    49     // result is sent using JSON
 
    48     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
 
    50     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
 
    49     $return = Array(
 
    51     $return = Array(
 
    60         'error' => 'Invalid URI'
 
    62         'error' => 'Invalid URI'
 
    61       );
 
    63       );
 
    62       die( $json->encode($return) );
 
    64       die( $json->encode($return) );
 
    63     }
 
    65     }
 
    64     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
 
    66     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
 
    65     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
 
    67     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
 
    66     if ( !$q )
 
    68     if ( !$q )
 
    67     {
 
    69     {
 
    68       $return = array(
 
    70       $db->die_json();
 
    69         'mode' => 'error',
 
       
    70         'error' => 'MySQL error selecting username data: '.addslashes(mysql_error())
 
       
    71       );
 
       
    72       die( $json->encode($return) );
 
       
    73     }
 
    71     }
 
    74     $i = 0;
 
    72     $i = 0;
 
    75     while($r = $db->fetchrow())
 
    73     while($r = $db->fetchrow())
 
    76     {
 
    74     {
 
    77       $return['users_real'][] = $r['username'];
 
    75       $return['users_real'][] = $r['username'];
 
   275       break;
 
   273       break;
 
   276     case 'get_tags':
 
   274     case 'get_tags':
 
   277       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
 
   275       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
 
   278       
   276       
   279       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
 
   277       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
 
   280       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
 
   278       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
 
   281         LEFT JOIN '.table_prefix.'page_groups AS pg
 
   279         LEFT JOIN '.table_prefix.'page_groups AS pg
 
   282           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
 
   280           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
 
   283         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
 
   281         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
 
   284       if ( !$q )
 
   282       if ( !$q )
 
   285         $db->_die();
 
   283         $db->_die();
 
   286       
   284       
   287       while ( $row = $db->fetchrow() )
 
   285       while ( $row = $db->fetchrow() )
 
   288       {
 
   286       {
 
   289         $can_del = true;
 
   287         $can_del = true;
 
   290         
   288         
   291         $perm = ( $row['user'] != $session->user_id ) ?
 
   289         $perm = ( $row['user_id'] != $session->user_id ) ?
 
   292                 'tag_delete_other' :
 
   290                 'tag_delete_other' :
 
   293                 'tag_delete_own';
 
   291                 'tag_delete_own';
 
   294         
   292         
   295         if ( $row['user'] == 1 && !$session->user_logged_in )
 
   293         if ( $row['user_id'] == 1 && !$session->user_logged_in )
 
   296           // anonymous user trying to delete tag (hardcode blacklisted)
 
   294           // anonymous user trying to delete tag (hardcode blacklisted)
 
   297           $can_del = false;
 
   295           $can_del = false;
 
   298           
   296           
   299         if ( !$session->get_permissions($perm) )
 
   297         if ( !$session->get_permissions($perm) )
 
   300           $can_del = false;
 
   298           $can_del = false;
 
   362       }
 
   360       }
 
   363       $resp['in_acl'] = ( $db->numrows() > 0 );
 
   361       $resp['in_acl'] = ( $db->numrows() > 0 );
 
   364       $db->free_result();
 
   362       $db->free_result();
 
   365       
   363       
   366       // we're good
 
   364       // we're good
 
   367       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
 
   365       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
 
   368       if ( !$q )
 
   366       if ( !$q )
 
   369         $db->_die();
 
   367         $db->_die();
 
   370       
   368       
   371       $resp['success'] = true;
 
   369       $resp['success'] = true;
 
   372       $resp['tag'] = $tag;
 
   370       $resp['tag'] = $tag;
 
   378       
   376       
   379       $tag_id = intval($_POST['tag_id']);
 
   377       $tag_id = intval($_POST['tag_id']);
 
   380       if ( empty($tag_id) )
 
   378       if ( empty($tag_id) )
 
   381         die('Invalid tag ID');
 
   379         die('Invalid tag ID');
 
   382       
   380       
   383       $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
 
   381       $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
 
   384   LEFT JOIN '.table_prefix.'page_groups AS pg
 
   382   LEFT JOIN '.table_prefix.'page_groups AS pg
 
   385     ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
 
   383     ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
 
   386   WHERE t.tag_id=' . $tag_id . ';');
 
   384   WHERE t.tag_id=' . $tag_id . ';');
 
   387       
   385       
   388       if ( !$q )
 
   386       if ( !$q )
 
   397       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
 
   395       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
 
   398         $perms =& $session;
 
   396         $perms =& $session;
 
   399       else
 
   397       else
 
   400         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
 
   398         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
 
   401         
   399         
   402       $perm = ( $row['user'] != $session->user_id ) ?
 
   400       $perm = ( $row['user_id'] != $session->user_id ) ?
 
   403                 'tag_delete_other' :
 
   401                 'tag_delete_other' :
 
   404                 'tag_delete_own';
 
   402                 'tag_delete_own';
 
   405       
   403       
   406       if ( $row['user'] == 1 && !$session->user_logged_in )
 
   404       if ( $row['user_id'] == 1 && !$session->user_logged_in )
 
   407         // anonymous user trying to delete tag (hardcode blacklisted)
 
   405         // anonymous user trying to delete tag (hardcode blacklisted)
 
   408         die('You are not authorized to delete this tag.');
 
   406         die('You are not authorized to delete this tag.');
 
   409         
   407         
   410       if ( !$perms->get_permissions($perm) )
 
   408       if ( !$perms->get_permissions($perm) )
 
   411         die('You are not authorized to delete this tag.');
 
   409         die('You are not authorized to delete this tag.');
Enano CMS (1.0.x)