diff -r 663fcf528726 -r d0314575e2f0 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Tue Jun 26 17:28:18 2007 -0400 +++ b/plugins/SpecialAdmin.php Tue Jun 26 20:48:44 2007 -0400 @@ -863,14 +863,16 @@ } else { + $disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : ''; echo('

Edit User Info

- - - + + + + ' . ( ( !empty($disabled) ) ? '' : '' ) . '

Username:

New Password:

E-mail:

Real Name:

New Password:

E-mail:

Real Name:

To change your e-mail address, password, or real name, please use the user control panel.

User level:

Delete user:

I\'m absolutely sure

@@ -890,19 +892,33 @@ { // Get the current session information so the user doesn't get logged out $aes = new AESCrypt(); - $sk = md5($session->sid_super); + $sk = md5(strrev($session->sid_super)); $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); - if(!$qb) die('Error selecting session key info block B: '.$db->get_error()); - if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process'); + if ( !$qb ) + { + die('Error selecting session key info block B: '.$db->get_error()); + } + if ( $db->numrows($qb) < 1 ) + { + die('Error: cannot read admin session info block B, aborting table clear process'); + } $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); - if(!$qa) die('Error selecting session key info block A: '.$db->get_error()); - if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process'); + if ( !$qa ) + { + die('Error selecting session key info block A: '.$db->get_error()); + } + if ( $db->numrows($qa) < 1 ) + { + die('Error: cannot read user session info block A, aborting table clear process'); + } $ra = mysql_fetch_object($qa); $rb = mysql_fetch_object($qb); $db->free_result($qa); $db->free_result($qb); + $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )'); + echo('

The session key table has been cleared. Your database should be a little bit smaller now.

'); @@ -1386,55 +1402,80 @@ $cpage = $paths->pages[$paths->nslist[$_POST['namespace']].$_POST['old_page_id']]; if(isset($_POST['submit'])) { - // Create a list of things to update - $page_info = Array( - 'name'=>$_POST['name'], - 'urlname'=>$_POST['page_id'], - 'namespace'=>$_POST['namespace'], - 'special'=>isset($_POST['special']) ? '1' : '0', - 'visible'=>isset($_POST['visible']) ? '1' : '0', - 'comments_on'=>isset($_POST['comments_on']) ? '1' : '0', - 'protected'=>isset($_POST['protected']) ? '1' : '0' - ); - // Build the query - $q = 'UPDATE '.table_prefix.'pages SET '; - $k = array_keys($page_info); - foreach($k as $c) - { - $q .= $c.'=\''.$db->escape($page_info[$c]).'\','; - } - $q = substr($q, 0, strlen($q)-1); - // Build the WHERE statements - $q .= ' WHERE '; - $k = array_keys($cpage); - foreach($k as $c) + switch(true) { - if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected') $q .= $c.'=\''.$cpage[$c].'\' AND '; - elseif($c == 'urlname') $q .= $c.'=\''.$cpage['urlname_nons'].'\' AND '; + case true: + // Create a list of things to update + $page_info = Array( + 'name'=>$_POST['name'], + 'urlname'=>sanitize_page_id($_POST['page_id']), + 'namespace'=>$_POST['namespace'], + 'special'=>isset($_POST['special']) ? '1' : '0', + 'visible'=>isset($_POST['visible']) ? '1' : '0', + 'comments_on'=>isset($_POST['comments_on']) ? '1' : '0', + 'protected'=>isset($_POST['protected']) ? '1' : '0' + ); + + $updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname'] ); + + if ( !isset($paths->nslist[ $page_info['namespace'] ]) ) + { + echo '

The namespace you selected is not properly registered.

'; + break; + } + if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace ) + { + echo '

There is already a page that exists with that URL string and namespace.

'; + break; + } + // Build the query + $q = 'UPDATE '.table_prefix.'pages SET '; + $k = array_keys($page_info); + foreach($k as $c) + { + $q .= $c.'=\''.$db->escape($page_info[$c]).'\','; + } + $q = substr($q, 0, strlen($q)-1); + // Build the WHERE statements + $q .= ' WHERE '; + $k = array_keys($cpage); + foreach($k as $c) + { + if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected') + { + $q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND '; + } + else if($c == 'urlname') + { + $q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND '; + } + } + // Trim off the last " AND " and append a semicolon + $q = substr($q, 0, strlen($q)-5) . ';'; + // Send the completed query to MySQL + $e = $db->sql_query($q); + if(!$e) $db->_die('The page data could not be updated.'); + // Update any additional tables + $q = Array( + 'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', + 'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', + 'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', + 'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', + ); + foreach($q as $cq) + { + $e = $db->sql_query($cq); + if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); + } + // Update $cpage + $cpage = $page_info; + $cpage['urlname_nons'] = $cpage['urlname']; + $cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname']; + $_POST['old_page_id'] = $page_info['urlname']; + $_POST['old_namespace'] = $page_info['namespace']; + echo '

Your changes have been saved.

'; + break; } - $q = substr($q, 0, strlen($q)-5) . ';'; - // Send the completed query to MySQL - $e = $db->sql_query($q); - if(!$e) $db->_die('The page data could not be updated.'); - // Update any additional tables - $q = Array( - 'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', - 'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', - 'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', - 'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', - ); - foreach($q as $cq) - { - $e = $db->sql_query($cq); - if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); - } - // Update $cpage - $cpage = $page_info; - $cpage['urlname_nons'] = $cpage['urlname']; - $cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname']; - $_POST['old_page_id'] = $page_info['urlname']; - $_POST['old_namespace'] = $page_info['namespace']; - echo '

Your changes have been saved.

'; } elseif(isset($_POST['delete'])) { $q = Array( 'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', @@ -1460,7 +1501,7 @@ - +

Namespace:
Page title:
Page URL string: No spaces, and don't enter the namespace prefix (e.g. User:). Changing this value is usually not a good idea, especially for templates and project pages.
Page URL string: No spaces, and don't enter the namespace prefix (e.g. User:). Changing this value is usually not a good idea, especially for templates and project pages.
	name="comments_on" type="checkbox" id="cmt" /> Enable comments for this page
	name="special" type="checkbox" id="spc" /> Bypass the template engine for this page This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.
	name="visible" type="checkbox" id="vis" /> Allow this page to be shown in page lists Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page nslist['Special']; ?>SearchRebuild.