includes/pageutils.php
author Dan
Sat, 19 Dec 2009 16:06:27 -0500
changeset 1190 fa306d7af9ce
parent 1175 1e2c9819ede3
child 1216 4125e19d3b27
permissions -rw-r--r--
Detagged 1.1.7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
166
d53cc29308f4 Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Dan
parents: 158
diff changeset
     2
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
/*
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
     5
 * Copyright (C) 2006-2009 Dan Fuhry
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     7
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     8
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    13
 */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
class PageUtils {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
  /**
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    18
   * Tell if a username is used or not.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    19
   * @param $name the name to check for
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    20
   * @return string
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    21
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
    23
  public static function checkusername($name)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
    global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 260
diff changeset
    26
    $name = str_replace('_', ' ', $name);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    27
    $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    28
    if ( !$q )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    29
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
    30
      die($db->get_error());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    31
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    32
    if ( $db->numrows() < 1)
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    33
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    34
      $db->free_result(); return('good');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    35
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    36
    else
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    37
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    38
      $db->free_result(); return('bad');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    39
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    40
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
   * Get the wiki formatting source for a page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
   * @param $page the full page id (Namespace:Pagename)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
   * @todo (DONE) Make it require a password (just for security purposes)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
    49
  public static function getsource($page, $password = false)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
    global $db, $session, $paths, $template, $plugins; // Common objects
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    52
    if ( !isPage($page) )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
      return '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    56
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    57
    list($page_id, $namespace) = RenderMan::strToPageID($page);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    58
    $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    59
    $cdata = $ns->get_cdata();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    60
    
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    61
    if ( strlen($cdata['password']) == 40 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
    {
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
    63
      if(!$password || ( $password != $cdata['password']))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
        return 'invalid_password';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    67
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
    if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    70
      return 'access_denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    71
    $pid = RenderMan::strToPageID($page);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
    if($pid[1] == 'Special' || $pid[1] == 'Admin')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    73
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    74
      die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    75
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    76
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    77
    $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    78
    if ( !$e )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    79
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    80
      $db->_die('The page text could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    81
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    82
    if( $db->numrows() < 1 )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    83
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    84
      return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    85
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    86
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    87
    $r = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    88
    $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    89
    $message = $r['page_text'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    90
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    91
    return htmlspecialchars($message);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    92
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    93
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    94
  /**
391
85f91037cd4f Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents: 372
diff changeset
    95
   * DEPRECATED. Previously returned the full rendered contents of a page.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    96
   * @param $page the full page id (Namespace:Pagename)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    97
   * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    99
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   100
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   101
  public static function getpage($page, $send_headers = false, $hist_id = false)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
    die('PageUtils->getpage is deprecated.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
   * Writes page data to the database, after verifying permissions and running the XSS filter
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   109
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   110
   * @param $message the text to save
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   111
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   112
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   114
  public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   117
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   118
    $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   119
    $cdata = $page->ns->get_cdata();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   120
    return $page->update_page($message, $summary, $minor, $cdata['page_format']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   122
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   124
   * Creates a page, both in memory and in the database.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   125
   * @param string $page_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   126
   * @param string $namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   127
   * @return bool true on success, false on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   128
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   129
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   130
  public static function createPage($page_id, $namespace, $name = false, $visible = 1)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   131
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   132
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   133
    if(in_array($namespace, Array('Special', 'Admin')))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   134
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   135
      // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   136
      return 'You can\'t create a special page in the database';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   137
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   138
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   139
    if(!isset($paths->nslist[$namespace]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   140
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   141
      // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   142
      return 'Couldn\'t look up the namespace';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   143
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   144
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   145
    $pname = $paths->nslist[$namespace] . $page_id;
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
   146
    if(isPage($pname))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   147
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   148
      // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   149
      return 'Page already exists';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   150
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   151
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   152
    if(!$session->get_permissions('create_page'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   153
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   154
      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   155
      return 'Not authorized to create pages';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   156
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   157
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   158
    if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   159
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   161
      return 'Not authorized to create system messages';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   162
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   163
    
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   164
    if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   165
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   166
      // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   167
      return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   168
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   169
    
361
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   170
    /*
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   171
    // Dunno why this was here. Enano can handle more flexible names than this...
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
    $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
   173
    if(!preg_match($regex, $name))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
      //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   176
      return 'Name contains invalid characters';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
    }
361
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   178
    */
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   179
    
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   180
    $page_id = dirtify_page_id($page_id);
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   181
    
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   182
    if ( !$name )
35ed07abc99e PageUtils::createpage(): $name was being sanitized too strictly
Dan
parents: 360
diff changeset
   183
      $name = str_replace('_', ' ', $page_id);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   184
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   185
    $page_id = sanitize_page_id( $page_id );
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   186
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
    $prot = ( $namespace == 'System' ) ? 1 : 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
    
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   189
    $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   190
      'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   191
      'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   192
      );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   193
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   194
    $page_data = Array(
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
      'name'=>$name,
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   196
      'urlname'=>$page_id,
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
      'namespace'=>$namespace,
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   198
      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   199
    );
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   200
    
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   201
    // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   202
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   203
    $paths->add_page($page_data);
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   204
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   205
    $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   206
    $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   207
    $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   208
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   209
    if($qa && $qb && $qc)
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   210
      return 'good';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   211
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   212
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   213
      return $db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   214
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   215
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   216
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   217
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
   * Sets the protection level on a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   219
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   220
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   221
   * @param $level int level of protection - 0 is off, 1 is full, 2 is semi
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   222
   * @param $reason string why the page is being (un)protected
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   223
   * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   224
   */
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   225
  public static function protect($page_id, $namespace, $level, $reason)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   226
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   227
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   228
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   229
    $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   230
    return $page->protect_page($level, $reason);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   231
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   232
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   233
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   234
   * Generates an HTML table with history information in it.
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   235
   * @param string the page ID
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   236
   * @param string the namespace
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   237
   * @param string page password
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   238
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   239
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   240
  
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   241
  public static function histlist($page_id, $namespace, $password = false)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   244
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
    if(!$session->get_permissions('history_view'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   251
    $pname = $paths->get_pathskey($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   252
    $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   253
    $cdata = $ns->get_cdata();
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   254
    
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   255
    if ( !isPage($pname) )
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   256
    {
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   257
      return 'DNE';
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   258
    }
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   259
    
1121
bf5adc446018 Fixed handling of blank urlname as guest main page / other main page for members
Dan
parents: 1114
diff changeset
   260
    if ( isPage($pname) )
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   261
    {
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   262
      $password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') );
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   263
      if ( $password_exists && $password !== $cdata['password'] )
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   264
      {
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   265
        return '<p>' . $lang->get('history_err_wrong_password') . '</p>';
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   266
      }
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   267
    }
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
   268
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   269
    $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false;
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   270
    $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
    
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   272
    $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   273
       . "  LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   274
       . "    ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   275
       . "  WHERE log_type='page' AND action='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;";
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   276
    
980
d13fad911955 Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
parents: 953
diff changeset
   277
    if ( !($q = $db->sql_query($q)) )
d13fad911955 Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
parents: 953
diff changeset
   278
      $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
d13fad911955 Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
parents: 953
diff changeset
   279
    
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   280
    echo $lang->get('history_page_subtitle') . '
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   281
          <h3>' . $lang->get('history_heading_edits') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
    $numrows = $db->numrows();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   283
    if ( $numrows < 1 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   284
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   285
      echo $lang->get('history_no_entries');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   286
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   288
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   289
      echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   290
            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   291
            ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   292
            ' . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '') . '
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   293
            <input type="hidden" name="do" value="diff" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   294
            <br /><span>&nbsp;</span>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   295
            <div class="tblholder">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   296
            <table border="0" width="100%" cellspacing="1" cellpadding="4">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   297
            <tr>
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   298
              <th colspan="2">' . $lang->get('history_col_diff') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   299
              <th>' . $lang->get('history_col_datetime') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   300
              <th>' . $lang->get('history_col_user') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   301
              <th>' . $lang->get('history_col_summary') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   302
              <th>' . $lang->get('history_col_minor') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   303
              <th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   304
            </tr>'."\n"."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   305
      $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   306
      $ticker = 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   307
      
980
d13fad911955 Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
parents: 953
diff changeset
   308
      while ( $r = $db->fetchrow($q) )
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   309
      {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   310
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   311
        $ticker++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   312
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   313
        if($cls == 'row2') $cls = 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   314
        else $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   315
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   316
        echo '<tr>'."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   317
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   318
        // Diff selection
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   319
        if($ticker == 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   320
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   321
          $s1 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   322
          $s2 = 'checked="checked" ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   323
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   324
        elseif($ticker == 2)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   325
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   326
          $s1 = 'checked="checked" ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   327
          $s2 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   328
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   329
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   330
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   331
          $s1 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   332
          $s2 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   333
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   334
        if($ticker > 1)        echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   335
        if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   336
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   337
        // Date and time
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
   338
        echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   339
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   340
        // User
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   341
        $real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author'];
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   342
        $rank_info = $session->get_user_rank($r['author_uid']);
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   343
        if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 )
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   344
        {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   345
          $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   346
        }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   347
        else
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   348
        {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   349
          $rc = '';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   350
        }
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   351
        echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($real_username)).'" ';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   352
        if ( !isPage($paths->nslist['User'] . sanitize_page_id($real_username)) )
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   353
        {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   354
          echo 'class="wikilink-nonexistent"';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   355
        }
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   356
        echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . '</a></td class="' . $cls . '">'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   357
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   358
        // Edit summary
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   359
        if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   360
        {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   361
          $r['edit_summary'] = $lang->get('history_summary_clearlogs');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   362
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   363
        echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   364
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   365
        // Minor edit
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   366
        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   367
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   368
        // Actions!
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   369
        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   370
        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   371
        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&amp;revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   372
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   373
        echo '</tr>'."\n"."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   374
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   375
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   376
      echo '</table>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   377
            </div>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   378
            <br />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   379
            <input type="hidden" name="do" value="diff" />
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   380
            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   381
            </form>
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 40
diff changeset
   382
            <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   383
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   384
    $db->free_result();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   385
    echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   386
    
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   387
    $sql = 'SELECT log_id,action,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   388
         . "  LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   389
         . "    ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   390
         . "  WHERE log_type='page' AND action!='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;";
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   391
    
1037
61354f877e06 History: Fixed missing $q in fetchrow()
Dan
parents: 1016
diff changeset
   392
    if ( !( $q = $db->sql_query($sql)) )
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   393
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   394
      $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   395
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   396
    if ( $db->numrows() < 1 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   397
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   398
      echo $lang->get('history_no_entries');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   399
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   400
    else
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   401
    {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   402
      
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   403
      echo '<div class="tblholder">
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   404
              <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   405
                <th>' . $lang->get('history_col_datetime') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   406
                <th>' . $lang->get('history_col_user') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   407
                <th>' . $lang->get('history_col_minor') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   408
                <th>' . $lang->get('history_col_action_taken') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   409
                <th>' . $lang->get('history_col_extra') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   410
                <th colspan="2"></th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   411
              </tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   412
      $cls = 'row2';
1037
61354f877e06 History: Fixed missing $q in fetchrow()
Dan
parents: 1016
diff changeset
   413
      while($r = $db->fetchrow($q)) {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   414
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   415
        if($cls == 'row2') $cls = 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   416
        else $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   417
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   418
        echo '<tr>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   419
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   420
        // Date and time
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
   421
        echo '<td class="' . $cls . '">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   422
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   423
        // User
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   424
        $real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author'];
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   425
        $rank_info = $session->get_user_rank($r['author_uid']);
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   426
        if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 )
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   427
        {
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   428
          $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   429
        }
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   430
        else
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   431
        {
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   432
          $rc = '';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   433
        }
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   434
        echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($real_username)).'" ';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   435
        if ( !isPage($paths->nslist['User'] . sanitize_page_id($real_username)) )
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   436
        {
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   437
          echo 'class="wikilink-nonexistent"';
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   438
        }
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
   439
        echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . '</a></td class="' . $cls . '">'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   440
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   441
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   442
        // Minor edit
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   443
        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   444
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   445
        // Action taken
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   446
        echo '<td class="' . $cls . '">';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 78
diff changeset
   447
        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   448
        if    ($r['action']=='prot')     echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">'     . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   449
        elseif($r['action']=='unprot')   echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">'   . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   450
        elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   451
        elseif($r['action']=='rename')   echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   452
        elseif($r['action']=='create')   echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   453
        elseif($r['action']=='delete')   echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
481
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 468
diff changeset
   454
        elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__ROLLBACK__' ? $lang->get('history_extra_upload_reversion') : htmlspecialchars($r['edit_summary']) );
913
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
   455
        elseif($r['action']=='votereset')echo $lang->get('history_log_votereset') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_numvotes') . ' ' . $r['edit_summary'];
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   456
        echo '</td>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   457
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   458
        // Actions!
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   459
        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 458
diff changeset
   460
        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['log_id']) . '" onclick="ajaxRollback(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   461
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   462
        echo '</tr>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   463
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   464
      echo '</table></div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   465
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   466
    $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   467
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   468
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   469
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   470
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   471
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   472
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   473
   * Rolls back a logged action
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   474
   * @param $id the time ID, a.k.a. the primary key in the logs table
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   475
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   476
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   477
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   478
  public static function rollback($id)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   479
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   480
    global $db, $session, $paths, $template, $plugins; // Common objects
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 402
diff changeset
   481
    global $lang;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 402
diff changeset
   482
    
481
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 468
diff changeset
   483
    // placeholder
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 468
diff changeset
   484
    return 'PageUtils->rollback() is deprecated - use PageProcessor instead.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   485
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   486
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   487
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   488
   * Posts a comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   489
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   490
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   491
   * @param $name the name of the person posting, defaults to current username/IP
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   492
   * @param $subject the subject line of the comment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   493
   * @param $text the comment text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   494
   * @return string javascript code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   495
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   496
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   497
  public static function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   498
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   499
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   500
    $_ob = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   501
    if(!$session->get_permissions('post_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   502
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   503
    if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   504
    if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   505
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   506
      if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   507
      $result = $session->get_captcha($captcha_id);
456
e133d321fce4 Made all captcha fields case-insensitive (thanks pkeating)
Dan
parents: 322
diff changeset
   508
      if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   509
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   510
    $text = RenderMan::preprocess_text($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   511
    $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   512
    $subj = RenderMan::preprocess_text($subject);
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
   513
    if(getConfig('approve_comments', '0')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   514
    $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   515
    $e = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   516
    if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   517
    else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   518
    return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   519
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   520
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   521
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   522
   * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   523
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   524
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   525
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   526
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   527
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   528
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   529
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   530
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   531
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   532
  public static function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   533
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   534
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   535
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   536
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   537
    $pname = $paths->nslist[$namespace] . $page_id;
1016
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 980
diff changeset
   538
    $template->init_vars();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   539
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   540
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   541
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   542
    if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   543
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   544
      switch($action) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   545
      case "delete":
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   546
        if(isset($flags['id']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   547
        {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   548
          $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   549
        } else {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   550
          $n = $db->escape($flags['name']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   551
          $s = $db->escape($flags['subj']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   552
          $t = $db->escape($flags['text']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   553
          $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   554
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   555
        $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   556
        if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   557
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   558
      case "approve":
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   559
        if(isset($flags['id']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   560
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   561
          $where = 'comment_id='.intval($flags['id']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   562
        } else {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   563
          $n = $db->escape($flags['name']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   564
          $s = $db->escape($flags['subj']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   565
          $t = $db->escape($flags['text']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   566
          $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   567
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   568
        $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   569
        $e = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   570
        if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   571
        $r = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   572
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   573
        $a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   574
        $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   575
        $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   576
        if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   577
        if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   578
        else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   579
        echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   580
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   581
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   582
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   583
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   584
    if(!defined('ENANO_TEMPLATE_LOADED'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   585
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   586
      $template->load_theme($session->theme, $session->style);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   587
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   588
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   589
    $tpl = $template->makeParser('comment.tpl');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   590
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   591
    $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   592
    if(!$e) $db->_die('The comment text data could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   593
    $num_unapp = $db->numrows();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   594
    $db->free_result();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   595
    $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   596
    if(!$e) $db->_die('The comment text data could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   597
    $num_app = $db->numrows();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   598
    $db->free_result();
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 609
diff changeset
   599
    $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,c.ip_address,u.user_level,u.email,u.signature,u.user_has_avatar,u.avatar_type
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   600
                  FROM ' . table_prefix.'comments AS c
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   601
                  LEFT JOIN ' . table_prefix.'users AS u
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   602
                    ON c.user_id=u.user_id
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   603
                  WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   604
                  AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   605
    if(!$lq) _die('The comment text data could not be selected. '.$db->get_error());
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   606
    $_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   607
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   608
    $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   609
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   610
    $subst = array(
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   611
        'num_comments' => $n,
226
0e6478521004 Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
parents: 219
diff changeset
   612
        'page_type' => $template->namespace_string
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   613
      );
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   614
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   615
    $_ob .= '<p>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   616
    $_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   617
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   618
    if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   619
    {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   620
      $_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   621
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   622
    else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   623
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   624
      $ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   625
      $_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   626
    }
78
4df25dfdde63 Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
parents: 73
diff changeset
   627
    $_ob .= '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   628
    $list = 'list = { ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   629
    // _die(htmlspecialchars($ttext));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   630
    $i = -1;
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   631
    while ( $row = $db->fetchrow($lq) )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   632
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   633
      $i++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   634
      $strings = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   635
      $bool = Array();
825
9d5c04c1414f Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
parents: 801
diff changeset
   636
      if ( $session->get_permissions('mod_comments') || $row['approved'] == COMMENT_APPROVED )
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   637
      {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   638
        $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   639
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   640
        // Comment ID (used in the Javascript apps)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   641
        $strings['ID'] = (string)$i;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   642
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   643
        // Determine the name, and whether to link to the user page or not
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   644
        $name = '';
304
e2cb5f1432c8 Merging in the newly stable Coblynau
Dan
parents: 271 285
diff changeset
   645
        if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   646
        $name .= $row['name'];
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   647
        if($row['user_id'] > 1) $name .= '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   648
        $strings['NAME'] = $name; unset($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   649
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   650
        // Subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   651
        $s = $row['subject'];
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   652
        if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   653
        $strings['SUBJECT'] = $s;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   654
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   655
        // Date and time
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
   656
        $strings['DATETIME'] = enano_date(ED_DATE | ED_TIME, $row['time']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   657
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   658
        // User level
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   659
        switch($row['user_level'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   660
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   661
          default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   662
          case USER_LEVEL_GUEST:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   663
            $l = $lang->get('user_type_guest');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   664
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   665
          case USER_LEVEL_MEMBER:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   666
          case USER_LEVEL_CHPREF:
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   667
            $l = $lang->get('user_type_member');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   668
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   669
          case USER_LEVEL_MOD:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   670
            $l = $lang->get('user_type_mod');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   671
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   672
          case USER_LEVEL_ADMIN:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   673
            $l = $lang->get('user_type_admin');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   674
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   675
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   676
        $strings['USER_LEVEL'] = $l; unset($l);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   677
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   678
        // The actual comment data
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   679
        $strings['DATA'] = RenderMan::render($row['comment_data']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   680
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   681
        if($session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   682
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   683
          // Edit link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   684
          $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=editcomment&amp;id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   685
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   686
          // Delete link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   687
          $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=deletecomment&amp;id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   688
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   689
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   690
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   691
          // Edit link
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   692
          $strings['EDIT_LINK'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   693
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   694
          // Delete link
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   695
          $strings['DELETE_LINK'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   696
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   697
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   698
        // Send PM link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   699
        $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   700
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   701
        // Add Buddy link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   702
        $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   703
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   704
        // Mod links
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   705
        $applink = '';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   706
        $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=approve&amp;id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   707
        if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   708
        else $applink .= $lang->get('comment_btn_mod_approve');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   709
        $applink .= '</a>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   710
        $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   711
        $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=delete&amp;id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
360
fad9bb5c094b Implemented (well stubbed) IP logging in non-AJAX comment interface
Dan
parents: 351
diff changeset
   712
        $strings['MOD_IP_LINK'] = '<span style="opacity: 0.5; filter: alpha(opacity=50);">' . ( ( empty($row['ip_address']) ) ? $lang->get('comment_btn_mod_ip_missing') : $lang->get('comment_btn_mod_ip_notimplemented') ) . '</span>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   713
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   714
        // Signature
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   715
        $strings['SIGNATURE'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   716
        if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   717
        
328
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   718
        // Avatar
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   719
        if ( $row['user_has_avatar'] == 1 )
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   720
        {
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   721
          $bool['user_has_avatar'] = true;
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   722
          $strings['AVATAR_ALT'] = $lang->get('usercp_avatar_image_alt', array('username' => $row['name']));
621
68f8a9cc0a18 Added Gravatar support! And it's really configurable too.
Dan
parents: 609
diff changeset
   723
          $strings['AVATAR_URL'] = make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']);
328
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   724
          $strings['USERPAGE_LINK'] = makeUrlNS('User', $row['name']);
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   725
        }
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
   726
        
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   727
        $bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   728
        $bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   729
        $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   730
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   731
        // Done processing and compiling, now let's cook it into HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   732
        $tpl->assign_vars($strings);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   733
        $tpl->assign_bool($bool);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   734
        $_ob .= $tpl->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   735
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   736
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   737
    if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   738
    {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   739
      if($session->get_permissions('post_comments'))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   740
      {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   741
        $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   742
        $_ob .= $lang->get('comment_postform_blurb');
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
   743
        if(getConfig('approve_comments', '0')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   744
        if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   745
        {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   746
          $_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   747
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   748
        $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   749
        $_ob .= '  <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   750
        <div id="mdgCommentForm">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   751
        <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=postcomment').'" method="post" style="margin-left: 1em">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   752
        <table border="0">
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   753
        <tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   754
        <tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   755
        if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   756
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   757
          $session->kill_captcha();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   758
          $captcha = $session->make_captcha();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   759
          $_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   760
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   761
        $_ob .= '
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   762
        <tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   763
        <tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   764
        </table>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   765
        </form>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   766
        </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   767
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   768
    } else {
1016
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 980
diff changeset
   769
      // FIXME: l10n
6d32d80b2192 Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
parents: 980
diff changeset
   770
      $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   771
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   772
    $list .= '};';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   773
    echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   774
    ' . $list;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   775
    echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   776
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   777
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   778
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   779
    return Array($ret, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   780
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   781
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   782
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   783
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   784
   * Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   785
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   786
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   787
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   788
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   789
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   790
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   791
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   792
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   793
  public static function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   794
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   795
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   796
    $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   797
    return $r[0];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   798
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   799
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   800
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   801
   * Generates HTML code for comments - used in browser compatibility mode
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   802
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   803
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   804
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   805
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   806
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   807
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   808
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   809
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   810
  public static function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   811
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   812
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   813
    $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   814
    return $r[1];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   815
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   816
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   817
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   818
   * Updates comment data.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   819
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   820
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   821
   * @param $subject new subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   822
   * @param $text new text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   823
   * @param $old_subject the old subject, unprocessed and identical to the value in the DB
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   824
   * @param $old_text the old text, unprocessed and identical to the value in the DB
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   825
   * @param $id the javascript list ID, used internally by the client-side app
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   826
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   827
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   828
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   829
  public static function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   830
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   831
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   832
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   833
      return 'result="BAD";error="Access denied"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   834
    // Avoid SQL injection
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   835
    $old_text    = $db->escape($old_text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   836
    $old_subject = $db->escape($old_subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   837
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   838
    if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   839
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   840
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   841
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   842
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   843
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   844
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   845
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   846
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   847
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   848
    $s = RenderMan::preprocess_text($subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   849
    $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   850
    $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   851
    $result = $db->sql_query($sql);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   852
    if($result)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   853
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   854
      return 'result="GOOD";
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   855
                      list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   856
                      list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   857
      s = unescape(\''.rawurlencode($s).'\');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   858
      t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   859
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   860
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   861
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   862
      return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   863
      Performed SQL:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   864
      ' . $sql . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   865
    
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   866
      Error returned by MySQL: '.$db->get_error()).'");';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   867
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   868
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   869
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   870
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   871
   * Updates comment data using the comment_id column instead of the old, messy way
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   872
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   873
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   874
   * @param $subject new subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   875
   * @param $text new text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   876
   * @param $id the comment ID (primary key in enano_comments table)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   877
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   878
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   879
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   880
  public static function savecomment_neater($page_id, $namespace, $subject, $text, $id)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   881
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   882
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   883
    if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   884
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   885
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   886
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   887
    if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   888
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   889
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   890
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   891
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   892
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   893
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   894
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   895
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   896
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   897
    $s = RenderMan::preprocess_text($subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   898
    $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   899
    $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   900
    $result = $db->sql_query($sql);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   901
    if($result)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   902
    return 'good';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   903
    else return 'Enano encountered a problem whilst saving the comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   904
    Performed SQL:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   905
    ' . $sql . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   906
    
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   907
    Error returned by MySQL: '.$db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   908
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   909
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   910
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   911
   * Deletes a comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   912
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   913
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   914
   * @param $name the name the user posted under
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   915
   * @param $subj the subject of the comment to be deleted
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   916
   * @param $text the text of the comment to be deleted
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   917
   * @param $id the javascript list ID, used internally by the client-side app
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   918
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   919
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   920
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   921
  public static function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   922
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   923
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   924
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   925
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   926
      return 'alert("Access to delete/edit comments is denied");';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   927
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   928
    if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   929
    $n = $db->escape($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   930
    $s = $db->escape($subj);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   931
    $t = $db->escape($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   932
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   933
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   934
    if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   935
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   936
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   937
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   938
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   939
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   940
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   941
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   942
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   943
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   944
    $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   945
    $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   946
    if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   947
    return('good');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   948
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   949
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   950
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   951
   * Deletes a comment in a cleaner fashion.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   952
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   953
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   954
   * @param $id the comment ID (primary key)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   955
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   956
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   957
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   958
  public static function deletecomment_neater($page_id, $namespace, $id)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   959
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   960
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   961
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   962
    if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   963
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   964
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   965
      return 'alert("Access to delete/edit comments is denied");';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   966
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   967
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   968
    if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   969
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   970
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   971
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   972
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   973
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   974
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   975
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   976
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   977
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   978
    $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   979
    $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   980
    if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   981
    return('good');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   982
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   983
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   984
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   985
   * Renames a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   986
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   987
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   988
   * @param $name the new name for the page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   989
   * @return string error string or success message
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   990
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   991
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
   992
  public static function rename($page_id, $namespace, $name)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   993
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   994
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
   995
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   996
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   997
    $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
   998
    return $page->rename_page($name);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   999
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1000
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1001
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1002
   * Flushes (clears) the action logs for a given page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1003
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1004
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1005
   * @return string error/success string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1006
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1007
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1008
  public static function flushlogs($page_id, $namespace)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1009
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1010
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1011
    global $lang;
240
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1012
    if ( !is_object($lang) && defined('IN_ENANO_INSTALL') )
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1013
    {
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1014
      // This is a special exception for the Enano installer, which doesn't init languages yet.
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1015
      $lang = new Language('eng');
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1016
    }
351
8978cb3541ca Initlogs stage of installer now working
Dan
parents: 345
diff changeset
  1017
    if(!$session->get_permissions('clear_logs') && !defined('IN_ENANO_INSTALL'))
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1018
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1019
      return $lang->get('etc_access_denied');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1020
    }
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1021
    if ( !$session->sid_super )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1022
    {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1023
      return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1024
    }
1114
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1025
    
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1026
    $page_id_db = $db->escape($page_id);
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1027
    $namespace_db = $db->escape($namespace);
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1028
    
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1029
    // If we're flushing a file, also clear all revisions before the current
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1030
    if ( $namespace == 'File' )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1031
    {
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1032
      $q = $db->sql_query('SELECT file_id FROM ' . table_prefix . "files WHERE page_id='$page_id_db' ORDER BY time_id DESC;");
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1033
      if ( !$q )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1034
        $db->_die();
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1035
      // discard first row (current revision)
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1036
      $db->fetchrow();
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1037
      $id_list = array();
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1038
      while ( $row = $db->fetchrow() )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1039
        $id_list[] = $row['file_id'];
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1040
      
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1041
      require_once(ENANO_ROOT . '/includes/namespaces/file.php');
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1042
      
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1043
      // clear out each file
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1044
      foreach ( $id_list as $id )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1045
        Namespace_File::delete_file($id);
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1046
    }
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1047
    
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1048
    $q = $db->sql_query('DELETE FROM ' . table_prefix . "logs WHERE page_id='$page_id_db' AND namespace='$namespace';");
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1049
    if ( !$q )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1050
      $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1051
    
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1052
    // If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1053
    // If not, the admin's probably deleting a trash page
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1054
    if ( isPage($paths->get_pathskey($page_id, $namespace)) )
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1055
    {
1114
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1056
      $q = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix . "page_text WHERE page_id='$page_id_db' AND namespace='$namespace_db';");
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1057
      if ( !$q )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1058
        $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1059
      $row = $db->fetchrow();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1060
      $db->free_result();
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
  1061
      $minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
1114
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1062
      $username = $db->escape($session->username);
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1063
      $q = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, date_string, page_id, namespace, page_text, char_tag, author, edit_summary, minor_edit ) VALUES\n"
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1064
         . "  ('page', 'edit', " . time() . ", 'DEPRECATED', '$page_id', '$namespace', '" . $db->escape($row['page_text']) . "', '', '{$username}', '" . $lang->get('page_flushlogs_backup_summary') . "', $minor_edit);";
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1065
      if ( !$db->sql_query($q) )
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1066
        $db->_die('The history (log) entry could not be inserted into the logs table.');
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1067
    }
1114
4f4d63a281cd Fixed (well, implemented) log clearing functionality on uploaded files.
Dan
parents: 1081
diff changeset
  1068
    
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1069
    return $lang->get('ajax_clearlogs_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1070
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1071
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1072
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1073
   * Deletes a page.
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1074
   * @param string $page_id the condemned page ID
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1075
   * @param string $namespace the condemned namespace
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1076
   * @param string The reason for deleting the page in question
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1077
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1078
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1079
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1080
  public static function deletepage($page_id, $namespace, $reason)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1081
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1082
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1083
    global $lang;
609
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1084
    global $cache;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1085
    $perms = $session->fetch_page_acl($page_id, $namespace);
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1086
    $x = trim($reason);
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1087
    if ( empty($x) )
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1088
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1089
      return $lang->get('ajax_delete_need_reason');
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1090
    }
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1091
    if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1092
    
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1093
    if ( !$session->sid_super )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1094
    {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1095
      return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1096
    }
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1097
    
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1153
diff changeset
  1098
    $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,author_uid,edit_summary) VALUES('.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1099
    if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1100
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1101
    if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1102
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1103
    if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1104
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1105
    if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1106
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1107
    if(!$e) $db->_die('The page entry could not be deleted.');
609
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1108
    if ( $namespace == 'File' )
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1109
    {
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1110
      $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1111
      if(!$e) $db->_die('The file entry could not be deleted.');
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1112
    }
ffa5decbb305 Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents: 593
diff changeset
  1113
    $cache->purge('page_meta');
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1114
    return $lang->get('ajax_delete_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1115
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1116
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1117
  /**
898
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1118
   * Deletes files associated with a File page.
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1119
   * @param string Page ID
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1120
   */
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1121
  
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1122
  public static function delete_page_files($page_id)
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1123
  {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1124
    global $db, $session, $paths, $template, $plugins; // Common objects
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1125
    
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1126
    $q = $db->sql_query('SELECT file_id, filename, file_key, time_id, file_extension FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1127
    if ( !$q )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1128
      $db->_die();
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1129
    
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1130
    while ( $row = $db->fetchrow() )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1131
    {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1132
      // wipe original file
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1133
      foreach ( array(
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1134
          ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}",
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1135
          ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}"
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1136
        ) as $orig_file )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1137
      {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1138
        if ( file_exists($orig_file) )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1139
          @unlink($orig_file);
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1140
      }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1141
      
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1142
      // wipe cached files
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1143
      if ( $dr = @opendir(ENANO_ROOT . '/cache/') )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1144
      {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1145
        // lol404.jpg-1217958283-200x320.jpg
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1146
        while ( $dh = @readdir($dr) )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1147
        {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1148
          $regexp = ':^' . preg_quote("{$row['filename']}-{$row['time_id']}-") . '[0-9]+x[0-9]+\.' . ltrim($row['file_extension'], '.') . '$:';
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1149
          if ( preg_match($regexp, $dh) )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1150
          {
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1151
            @unlink(ENANO_ROOT . "/cache/$dh");
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1152
          }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1153
        }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1154
        @closedir($dr);
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1155
      }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1156
    }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1157
    
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1158
    $q = $db->sql_query('DELETE FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1159
    if ( !$q )
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1160
      $db->die();
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1161
    
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1162
    return true;
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1163
  }
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1164
  
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1165
  /**
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1166
   * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1167
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1168
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1169
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1170
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1171
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1172
  public static function delvote($page_id, $namespace)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1173
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1174
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1175
    global $lang;
696
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1176
    global $cache;
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1177
    
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1178
    if ( !$session->get_permissions('vote_delete') )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1179
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1180
      return $lang->get('etc_access_denied');
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1181
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1182
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1183
    if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1184
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1185
      return 'Special pages and system messages can\'t be voted for deletion.';
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1186
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1187
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1188
    $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1189
    
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 825
diff changeset
  1190
    if ( !isPage($pname) )
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1191
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1192
      return 'The page does not exist.';
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1193
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1194
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1195
    $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1196
    $cdata = $ns->get_cdata();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1197
    
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1198
    $cv  =& $cdata['delvotes'];
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1199
    $ips =& $cdata['delvote_ips'];
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1200
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1201
    if ( empty($ips) )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1202
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1203
      $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1204
        'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1205
        'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1206
        );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1207
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1208
    else
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1209
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1210
      $ips = @unserialize($ips);
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1211
      if ( !$ips )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1212
      {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1213
        $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1214
        'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1215
        'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1216
        );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1217
      }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1218
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1219
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1220
    if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1221
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1222
      return $lang->get('ajax_delvote_already_voted');
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1223
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1224
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1225
    $ips['u'][] = $session->username;
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1226
    $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1227
    $ips = $db->escape( serialize($ips) );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1228
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1229
    $cv++;
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1230
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1231
    $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1232
    $w = $db->sql_query($q);
696
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1233
    if ( !$w )
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1234
      $db->_die();
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1235
    
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1236
    // all done, flush page cache to mark it up
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1237
    $cache->purge('page_meta');
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1238
    
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1239
    return $lang->get('ajax_delvote_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1240
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1241
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1242
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1243
   * Resets the number of votes against a page to 0.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1244
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1245
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1246
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1247
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1248
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1249
  public static function resetdelvotes($page_id, $namespace)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1250
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1251
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1252
    global $lang;
696
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1253
    global $cache;
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1254
    
913
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1255
    if ( !$session->get_permissions('vote_reset') )
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1256
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1257
      return $lang->get('etc_access_denied');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1258
    }
913
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1259
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1260
    $page_id = $db->escape($page_id);
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1261
    $namespace = $db->escape($namespace);
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1262
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1263
    // pull existing info
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1264
    $q = $db->sql_query('SELECT delvotes, delvote_ips FROM ' . table_prefix . "pages WHERE urlname = '$page_id' AND namespace = '$namespace'");
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1265
    if ( !$q )
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1266
      $db->_die();
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1267
    if ( $db->numrows() < 1 )
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1268
      return $lang->get('page_err_page_not_exist');
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1269
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1270
    list($delvotes, $delvote_ips) = $db->fetchrow_num();
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1271
    $db->free_result();
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1272
    $delvote_ips = $db->escape($delvote_ips);
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1273
    $username = $db->escape($session->username);
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1274
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1275
    // log action
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1276
    $time = time();
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1277
    $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs (time_id, log_type, action, edit_summary, page_text, author, page_id, namespace) VALUES\n"
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1278
                      . "  ( $time, 'page', 'votereset', '$delvotes', '$delvote_ips', '$username', '$page_id', '$namespace' )");
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1279
    if ( !$q )
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1280
      $db->_die();
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1281
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1282
    // reset votes
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1283
    $empty_vote_record = $db->escape(serialize(array('ip'=>array(),'u'=>array())));
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1284
    $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $empty_vote_record . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1285
    $e = $db->sql_query($q);
696
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1286
    if ( !$e )
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1287
    {
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1288
      $db->_die('The number of delete votes was not reset.');
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1289
    }
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1290
    else
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1291
    {
696
bd5069e1f19a Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
parents: 690
diff changeset
  1292
      $cache->purge('page_meta');
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1293
      return $lang->get('ajax_delvote_reset_success');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1294
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1295
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1296
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1297
  /**
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1298
   * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1299
   * @param $id the name of the directory for the theme
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1300
   * @return string JSON string with an array containing a list of themes
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1301
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1302
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1303
  public static function getstyles()
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1304
  {
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1305
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1306
    if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1307
      return enano_json_encode(false);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1308
    
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1309
    $dir = './themes/' . $_GET['id'] . '/css/';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1310
    $list = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1311
    // Open a known directory, and proceed to read its contents
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1312
    if (is_dir($dir)) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1313
      if ($dh = opendir($dir)) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1314
        while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1315
          if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1316
          {                                                                         // it should be a copy of the original style, but
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1317
                                                                                    // mostly black and white
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1318
                                                                                    // Note to self: document this
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1319
            $list[] = substr($file, 0, strlen($file)-4);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1320
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1321
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1322
        closedir($dh);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1323
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1324
    }
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1325
    else
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1326
    {
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1327
      return(enano_json_encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1328
    }
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1329
    
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1330
    return enano_json_encode($list);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1331
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1332
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1333
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1334
   * Assembles a Javascript app with category information
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1335
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1336
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1337
   * @return string Javascript code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1338
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1339
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1340
  public static function catedit($page_id, $namespace)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1341
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1342
    $d = PageUtils::catedit_raw($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1343
    return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1344
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1345
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1346
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1347
   * Does the actual HTML/javascript generation for cat editing, but returns an array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1348
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1349
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1350
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1351
  public static function catedit_raw($page_id, $namespace)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1352
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1353
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1354
    global $lang;
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1355
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1356
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1357
    $_ob = '';
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
  1358
    $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1359
    if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1360
    $cat_current = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1361
    while($r = $db->fetchrow())
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1362
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1363
      $cat_current[] = $r;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1364
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1365
    $db->free_result();
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1366
    
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1367
    $cat_all = array();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1368
    $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1369
    if ( !$q )
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1370
      $db->_die();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1371
    
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1372
    while ( $row = $db->fetchrow() )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1373
    {
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1374
      $cat_all[] = Namespace_Default::bake_cdata($row);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1375
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1376
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1377
    // Make $cat_all an associative array, like $paths->pages
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1378
    $sz = sizeof($cat_all);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1379
    for($i=0;$i<$sz;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1380
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1381
      $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1382
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1383
    // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1384
    $cat_info = $cat_all;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1385
    for($i=0;$i<sizeof($cat_current);$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1386
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1387
      $un = $cat_current[$i]['category_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1388
      $cat_info[$un]['member'] = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1389
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1390
    // Now copy the information we just set into the numerically named keys
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1391
    for($i=0;$i<sizeof($cat_info)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1392
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1393
      $un = $cat_info[$i]['urlname_nons'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1394
      $cat_info[$i] = $cat_info[$un];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1395
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1396
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1397
    echo 'catlist = new Array();'; // Initialize the client-side category list
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1398
    $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1399
             <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1400
    if ( sizeof($cat_info) < 1 )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1401
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1402
      $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1403
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1404
    for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1405
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1406
      // Protection code added 1/3/07
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1407
      // Updated 3/4/07
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1408
      $is_prot = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1409
      $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1410
      if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1411
         ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1412
         $is_prot = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1413
      $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1414
      $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1415
      echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1416
      $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1417
      if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1418
      $_ob .= '/>  <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1419
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1420
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1421
    $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1422
      
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1423
    $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1424
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1425
    $cont = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1426
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1427
    return Array($cont, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1428
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1429
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1430
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1431
   * Saves category information
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1432
   * WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1433
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1434
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1435
   * @param $which_cats array associative array of categories to put the page in
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1436
   * @return string "GOOD" on success, error string on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1437
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1438
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1439
  public static function catsave($page_id, $namespace, $which_cats)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1440
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1441
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1442
    if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1443
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1444
    $page_perms = $session->fetch_page_acl($page_id, $namespace);
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1445
    $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1446
    $page_data = $ns->get_cdata();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1447
    
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1448
    $cat_all = array();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1449
    $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1450
    if ( !$q )
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1451
      $db->_die();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1452
    
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1453
    while ( $row = $db->fetchrow() )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1454
    {
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1455
      $cat_all[] = Namespace_Default::bake_cdata($row);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1456
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1457
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1458
    // Make $cat_all an associative array, like $paths->pages
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1459
    $sz = sizeof($cat_all);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1460
    for($i=0;$i<$sz;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1461
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1462
      $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1463
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1464
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1465
    $rowlist = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1466
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1467
    for($i=0;$i<sizeof($cat_all)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1468
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1469
      $auth = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1470
      $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1471
      if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1472
         ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1473
         ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1474
         $auth = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1475
      if(!$auth)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1476
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1477
        // Find out if the page is currently in the category
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1478
        $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1479
        if(!$q)
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1480
          return 'MySQL error: ' . $db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1481
        if($db->numrows() > 0)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1482
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1483
          $auth = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1484
          $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1485
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1486
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1487
      }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1488
      if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1489
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1490
    if(sizeof($rowlist) > 0)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1491
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1492
      $val = implode(',', $rowlist);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1493
      $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1494
      $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1495
      if(!$e) $db->_die('The old category data could not be deleted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1496
      $e = $db->sql_query($q);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1497
      if(!$e) $db->_die('The new category data could not be inserted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1498
      return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1499
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1500
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1501
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1502
      $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1503
      if(!$e) $db->_die('The old category data could not be deleted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1504
      return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1505
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1506
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1507
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1508
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1509
   * Sets the wiki mode level for a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1510
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1511
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1512
   * @param $level int 0 for off, 1 for on, 2 for use global setting
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1513
   * @return string "GOOD" on success, error string on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1514
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1515
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1516
  public static function setwikimode($page_id, $namespace, $level)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1517
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1518
    global $db, $session, $paths, $template, $plugins; // Common objects
913
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1519
    global $cache;
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1520
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1521
    if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1522
    if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1523
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1524
      return('Invalid mode string');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1525
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1526
    $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1527
    if ( !$q )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1528
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1529
      return('Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1530
    }
913
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1531
    
3ec535acd11e Deletion vote reset is now logged and able to be rolled back
Dan
parents: 909
diff changeset
  1532
    $cache->purge('page_meta');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1533
    return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1534
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1535
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1536
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1537
   * Sets the access password for a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1538
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1539
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1540
   * @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1541
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1542
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1543
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1544
  public static function setpass($page_id, $namespace, $pass)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1545
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1546
    global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 749
diff changeset
  1547
    global $lang, $cache;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1548
    // Determine permissions
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1549
    $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1550
    $cdata = $ns->get_cdata();
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1551
    if ( $cdata['password'] != '' )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1552
      $a = $session->get_permissions('password_reset');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1553
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1554
      $a = $session->get_permissions('password_set');
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1555
    if ( !$a )
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1556
      return $lang->get('etc_access_denied');
953
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1557
    if ( !isset($pass) )
323c4cd1aa37 Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents: 913
diff changeset
  1558
      return('Password was not set on URL');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1559
    $p = $pass;
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1560
    if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1561
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1562
      $p = sha1($p);
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1563
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1564
    if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1565
      // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1566
      $p = '';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1567
    $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1568
    if ( !$e )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1569
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1570
      die('PageUtils::setpass(): Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1571
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1572
    // Is the new password blank?
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1573
    if ( $p == '' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1574
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1575
      return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1576
    }
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1577
    else
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1578
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1579
      return $lang->get('ajax_password_success');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1580
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1581
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1582
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1583
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1584
   * Generates some preview HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1585
   * @param $text string the wikitext to use
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1586
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1587
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1588
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1589
  public static function genPreview($text)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1590
  {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1591
    global $lang;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1592
    $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 10px 0;">';
102
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1593
    $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1594
    ob_start();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1595
    eval('?>' . $text);
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1596
    $text = ob_get_contents();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1597
    ob_end_clean();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1598
    $ret .= $text;
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1599
    $ret .= '</div>';
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1600
    return $ret;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1601
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1602
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1603
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1604
   * Makes a scrollable box
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1605
   * @param string $text the inner HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1606
   * @param int $height Optional - the maximum height. Defaults to 250.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1607
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1608
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1609
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1610
  public static function scrollBox($text, $height = 250)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1611
  {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1612
    return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1613
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1614
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1615
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1616
   * Generates a diff summary between two page revisions.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1617
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1618
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1619
   * @param $id1 the time ID of the first revision
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1620
   * @param $id2 the time ID of the second revision
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1621
   * @return string XHTML-formatted diff
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1622
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1623
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1624
  public static function pagediff($page_id, $namespace, $id1, $id2)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1625
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1626
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1627
    global $lang;
898
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1628
    
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1629
    if ( !$session->get_permissions('history_view') )
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1630
      return $lang->get('etc_access_denied');
898
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1631
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1632
    if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1633
       !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1634
    // OK we made it through security
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1635
    // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
898
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1636
    if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
c75754f5b1da When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents: 832
diff changeset
  1637
    if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1638
    $row1 = $db->fetchrow($q1);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1639
    $db->free_result($q1);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1640
    $row2 = $db->fetchrow($q2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1641
    $db->free_result($q2);
909
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1642
    if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1643
    {
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1644
      if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1645
      if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1646
      $row1 = $db->fetchrow($q1);
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1647
      $db->free_result($q1);
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1648
      $row2 = $db->fetchrow($q2);
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1649
      $db->free_result($q2);
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1650
      if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1651
        return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
94c1ff984286 Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
parents: 907
diff changeset
  1652
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1653
    $text1 = $row1['page_text'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1654
    $text2 = $row2['page_text'];
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
  1655
    $time1 = enano_date(ED_DATE | ED_TIME, $row1['time_id']);
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1037
diff changeset
  1656
    $time2 = enano_date(ED_DATE | ED_TIME, $row2['time_id']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1657
    $_ob = "
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1658
    <p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} &rarr; {$time2}</p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1659
    ";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1660
    // Free some memory
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1661
    unset($row1, $row2, $q1, $q2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1662
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1663
    $_ob .= RenderMan::diff($text1, $text2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1664
    return $_ob;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1665
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1666
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1667
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1668
   * Gets ACL information about the selected page for target type X and target ID Y.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1669
   * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1670
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1671
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1672
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  1673
  public static function acl_editor($parms = Array())
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1674
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1675
    global $db, $session, $paths, $template, $plugins; // Common objects
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1676
    global $lang;
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1677
    
511
f88c8c79d784 Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
parents: 481
diff changeset
  1678
    if(!$session->get_permissions('edit_acl') && ( $session->user_level < USER_LEVEL_ADMIN || !defined('ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL')) )
40
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1679
    {
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1680
      return Array(
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1681
        'mode' => 'error',
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1682
        'error' => $lang->get('acl_err_access_denied')
40
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1683
        );
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1684
    }
907
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1685
    if ( !$session->sid_super )
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1686
    {
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1687
      return Array(
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1688
        'mode' => 'error',
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1689
        'error' => $lang->get('etc_access_denied_need_reauth')
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1690
        );
44851d7e9bda Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents: 898
diff changeset
  1691
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1692
    $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1693
    $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1694
    $page_id =& $parms['page_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1695
    $namespace =& $parms['namespace'];
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1696
    $page_where_clause      = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1697
    $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1698
    //die(print_r($page_id,true));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1699
    $template->load_theme();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1700
    // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1701
    $perms_obj =& $session;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1702
    $return = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1703
    if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1704
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1705
      return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1706
        'mode' => 'error',
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1707
        'error' => $lang->get('acl_err_missing_template'),
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1708
      );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1709
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1710
    $return['template'] = $template->extract_vars('acledit.tpl');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1711
    $return['page_id'] = $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1712
    $return['namespace'] = $namespace;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1713
    if(isset($parms['mode']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1714
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1715
      switch($parms['mode'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1716
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1717
        case 'listgroups':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1718
          $return['groups'] = Array();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1719
          $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1720
          while($row = $db->fetchrow())
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1721
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1722
            $return['groups'][] = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1723
              'id' => $row['group_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1724
              'name' => $row['group_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1725
              );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1726
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1727
          $db->free_result();
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1728
          $return['page_groups'] = Array();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1729
          $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1730
          if ( !$q )
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1731
            return Array(
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1732
              'mode' => 'error',
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1733
              'error' => $db->get_error()
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1734
              );
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1735
          while ( $row = $db->fetchrow() )
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1736
          {
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1737
            $return['page_groups'][] = Array(
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1738
                'id' => $row['pg_id'],
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1739
                'name' => $row['pg_name']
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1740
              );
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1741
          }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1742
          break;
512
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1743
        case 'seltarget_id':
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1744
          if ( !is_int($parms['target_id']) )
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1745
          {
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1746
            return Array(
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1747
              'mode' => 'error',
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1748
              'error' => 'Expected parameter target_id type int'
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1749
              );
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1750
          }
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1751
          $q = $db->sql_query('SELECT target_id, target_type, page_id, namespace, rules FROM ' . table_prefix . "acl WHERE rule_id = {$parms['target_id']};");
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1752
          if ( !$q )
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1753
            return Array(
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1754
              'mode' => 'error',
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1755
              'error' => $db->get_error()
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1756
              );
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1757
          if ( $db->numrows() < 1 )
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1758
            return Array(
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1759
              'mode' => 'error',
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1760
              'error' => "No rule with ID {$parms['target_id']} found"
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1761
              );
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1762
            $parms = $db->fetchrow();
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1763
            $db->free_result();
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1764
            
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1765
            // regenerate page selection
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1766
            $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1767
            $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1768
            $parms['mode'] = 'seltarget_id';
512
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1769
            $page_id =& $parms['page_id'];
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1770
            $namespace =& $parms['namespace'];
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1771
            $page_where_clause      = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1772
            $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1773
            
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1774
            $return['page_id'] = $parms['page_id'];
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1775
            $return['namespace'] = $parms['namespace'];
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1776
            
512
13532b0a223f ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
parents: 511
diff changeset
  1777
            // From here, let the seltarget handler take over
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1778
        case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1779
          $return['mode'] = 'seltarget';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1780
          $return['acl_types'] = $perms_obj->acl_types;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1781
          $return['acl_deps'] = $perms_obj->acl_deps;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1782
          $return['acl_descs'] = $perms_obj->acl_descs;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1783
          $return['target_type'] = $parms['target_type'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1784
          $return['target_id'] = $parms['target_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1785
          switch($parms['target_type'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1786
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1787
            case ACL_TYPE_USER:
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1788
              $user_col = ( $parms['mode'] == 'seltarget_id' ) ? 'user_id' : 'username';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1789
              $q = $db->sql_query('SELECT a.rules,u.user_id,u.username FROM ' . table_prefix.'users AS u
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1790
                  LEFT JOIN ' . table_prefix.'acl AS a
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1791
                    ON a.target_id=u.user_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1792
                  WHERE a.target_type='.ACL_TYPE_USER.'
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1793
                    AND u.' . $user_col . ' = \'' . $db->escape($parms['target_id']) . '\'
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1794
                    ' . $page_where_clause . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1795
              if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1796
                return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1797
              if($db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1798
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1799
                $return['type'] = 'new';
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1800
                $q = $db->sql_query('SELECT user_id,username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1801
                if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1802
                  return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1803
                if($db->numrows() < 1)
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1804
                  return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'),'debug' => $db->sql_backtrace());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1805
                $row = $db->fetchrow();
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1806
                $return['target_name'] = $row['username'];
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1807
                $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1808
                $return['current_perms'] = array();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1809
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1810
              else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1811
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1812
                $return['type'] = 'edit';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1813
                $row = $db->fetchrow();
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1814
                $return['target_name'] = $row['username'];
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1815
                $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1816
                $return['current_perms'] = $session->string_to_perm($row['rules']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1817
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1818
              $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1819
              // Eliminate types that don't apply to this namespace
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1820
              if ( $namespace && $namespace != '__PageGroup' )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1821
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1822
                foreach ( $return['current_perms'] AS $i => $perm )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1823
                {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1824
                  if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1825
                  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1826
                    // echo "// SCOPE CONTROL: eliminating: $i\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1827
                    unset($return['current_perms'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1828
                    unset($return['acl_types'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1829
                    unset($return['acl_descs'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1830
                    unset($return['acl_deps'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1831
                  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1832
                }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1833
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1834
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1835
            case ACL_TYPE_GROUP:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1836
              $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1837
                  LEFT JOIN ' . table_prefix.'acl AS a
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1838
                    ON a.target_id=g.group_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1839
                  WHERE a.target_type='.ACL_TYPE_GROUP.'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1840
                    AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1841
                    ' . $page_where_clause . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1842
              if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1843
                return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1844
              if($db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1845
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1846
                $return['type'] = 'new';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1847
                $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1848
                if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1849
                  return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1850
                if($db->numrows() < 1)
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1851
                  return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1852
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1853
                $return['target_name'] = $row['group_name'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1854
                $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1855
                $return['current_perms'] = array();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1856
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1857
              else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1858
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1859
                $return['type'] = 'edit';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1860
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1861
                $return['target_name'] = $row['group_name'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1862
                $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1863
                $return['current_perms'] = $session->string_to_perm($row['rules']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1864
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1865
              $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1866
              // Eliminate types that don't apply to this namespace
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1867
              if ( $namespace && $namespace != '__PageGroup' )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1868
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1869
                foreach ( $return['current_perms'] AS $i => $perm )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1870
                {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1871
                  if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1872
                  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1873
                    // echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1874
                    unset($return['current_perms'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1875
                    unset($return['acl_types'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1876
                    unset($return['acl_descs'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1877
                    unset($return['acl_deps'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1878
                  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1879
                }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1880
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1881
              //return Array('mode'=>'debug','text'=>print_r($return, true));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1882
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1883
            default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1884
              return Array('mode'=>'error','error','Invalid ACL type ID');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1885
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1886
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1887
          return $return;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1888
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1889
        case 'save_new':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1890
        case 'save_edit':
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1891
          if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1892
          {
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1893
            return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1894
          }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1895
          $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1896
            ' . $page_where_clause_lite . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1897
          if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1898
            return Array('mode'=>'error','error'=>$db->get_error());
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1899
          if ( sizeof ( $parms['perms'] ) < 1 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1900
          {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1901
            // As of 1.1.x, this returns success because the rule length is zero if the user selected "inherit" in all columns
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1902
            return Array(
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1903
              'mode' => 'success',
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1904
              'target_type' => $parms['target_type'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1905
              'target_id' => $parms['target_id'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1906
              'target_name' => $parms['target_name'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1907
              'page_id' => $page_id,
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1908
              'namespace' => $namespace,
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1909
            );
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1910
          }
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1911
          $rules = $session->perm_to_string($parms['perms']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1912
          $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1913
                                             VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1914
                                          'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1915
                                             VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1916
          if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1917
          return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1918
              'mode' => 'success',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1919
              'target_type' => $parms['target_type'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1920
              'target_id' => $parms['target_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1921
              'target_name' => $parms['target_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1922
              'page_id' => $page_id,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1923
              'namespace' => $namespace,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1924
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1925
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1926
        case 'delete':
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1927
          if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1928
          {
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1929
            return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  1930
          }
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1931
          $sql = 'DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1932
            ' . $page_where_clause_lite . ';';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1933
          $q = $db->sql_query($sql);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1934
          if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1935
            return Array('mode'=>'error','error'=>$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1936
          return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1937
              'mode' => 'delete',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1938
              'target_type' => $parms['target_type'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1939
              'target_id' => $parms['target_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1940
              'target_name' => $parms['target_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1941
              'page_id' => $page_id,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1942
              'namespace' => $namespace,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1943
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1944
          break;
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1945
        case 'list_existing':
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1946
          
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1947
          $return = array(
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1948
              'mode'  => 'list_existing',
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1949
              'key'   => acl_list_draw_key(),
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1950
              'rules' => array()
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1951
            );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1952
          
1153
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1953
          $acl_columns = 'a.' . implode(', a.', $db->columns_in(table_prefix . 'acl'));
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1954
          $users_columns = 'u.' . implode(', u.', $db->columns_in(table_prefix . 'users'));
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1955
          $groups_columns = 'g.' . implode(', g.', $db->columns_in(table_prefix . 'groups'));
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1956
          $pg_columns = 'p.' . implode(', p.', array('pg_id', 'pg_type', 'pg_name', 'pg_target'));
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1957
          
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1958
          $q = $db->sql_query("SELECT a.rule_id, u.username, g.group_name, a.target_type, a.target_id, a.page_id, a.namespace, a.rules, p.pg_name\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1959
                  . "  FROM " . table_prefix . "acl AS a\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1960
                  . "  LEFT JOIN " . table_prefix . "users AS u\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1961
                  . "    ON ( (a.target_type = " . ACL_TYPE_USER . " AND a.target_id = u.user_id) OR (u.user_id IS NULL) )\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1962
                  . "  LEFT JOIN " . table_prefix . "groups AS g\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1963
                  . "    ON ( (a.target_type = " . ACL_TYPE_GROUP . " AND a.target_id = g.group_id) OR (g.group_id IS NULL) )\n"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1964
                  . "  LEFT JOIN " . table_prefix . "page_groups as p\n"
1153
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1965
                  . "    ON ( (a.namespace = '__PageGroup' AND a.page_id = CAST(p.pg_id AS CHAR)) OR (p.pg_id IS NULL) )\n"
690
aeac05b5b7ca Fixed ACL_TYPE_PRESET pseudo-rules being shown in rule list
Dan
parents: 685
diff changeset
  1966
                  . "  WHERE ( a.target_type = " . ACL_TYPE_USER . " OR a.target_type = " . ACL_TYPE_GROUP . " )\n"
1153
124ebcbb6a31 PostgreSQL: bugfix in ACL related SQL query
Dan
parents: 1121
diff changeset
  1967
                  . "  GROUP BY a.rule_id, $acl_columns, $users_columns, $groups_columns, $pg_columns\n"
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1968
                  . "  ORDER BY a.target_type ASC, a.rule_id ASC;"
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1969
                );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1970
          
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1971
          if ( !$q )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1972
            $db->_die();
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1973
          
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1974
          while ( $row = $db->fetchrow($q) )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1975
          {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1976
            if ( $row['target_type'] == ACL_TYPE_USER && empty($row['username']) )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1977
            {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1978
              // This is only done if we have an ACL affecting a user that doesn't exist.
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1979
              // Nice little bit of maintenance to have.
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1980
              if ( !$db->sql_query("DELETE FROM " . table_prefix . "acl WHERE rule_id = {$row['rule_id']};") )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1981
                $db->_die();
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1982
              continue;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1983
            }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1984
            $score = get_acl_rule_score($row['rules']);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1985
            $deep_limit = ACL_SCALE_MINIMAL_SHADE;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1986
            // Determine background color of cell by score
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1987
            if ( $score > 5 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1988
            {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1989
              // high score, show in green
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1990
              $color = 2.5 * $score;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1991
              if ( $color > 255 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1992
                $color = 255;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1993
              $color = round($color);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1994
              // blend with the colordepth limit
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1995
              $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1996
              $color = dechex($color);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1997
              $color = "{$color}ff{$color}";
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1998
            }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  1999
            else if ( $score < -5 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2000
            {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2001
              // low score, show in red
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2002
              $color = 0 - $score;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2003
              $color = 2.5 * $color;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2004
              if ( $color > 255 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2005
                $color = 255;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2006
              $color = round($color);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2007
              // blend with the colordepth limit
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2008
              $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2009
              $color = dechex($color);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2010
              $color = "ff{$color}{$color}";
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2011
            }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2012
            else
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2013
            {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2014
              $color = 'efefef';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2015
            }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2016
            
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2017
            // Rate rule textually based on its score
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2018
            if ( $score >= 70 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2019
              $desc = $lang->get('acl_msg_scale_allow');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2020
            else if ( $score >= 50 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2021
              $desc = $lang->get('acl_msg_scale_mostly_allow');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2022
            else if ( $score >= 25 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2023
              $desc = $lang->get('acl_msg_scale_some_allow');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2024
            else if ( $score >= -25 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2025
              $desc = $lang->get('acl_msg_scale_mixed');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2026
            else if ( $score <= -70 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2027
              $desc = $lang->get('acl_msg_scale_deny');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2028
            else if ( $score <= -50 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2029
              $desc = $lang->get('acl_msg_scale_mostly_deny');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2030
            else if ( $score <= -25 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2031
              $desc = $lang->get('acl_msg_scale_some_deny');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2032
            
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2033
            // group and user target info
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2034
            $info = '';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2035
            if ( $row['target_type'] == ACL_TYPE_USER )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2036
              $info = $lang->get('acl_msg_list_user', array( 'username' => $row['username'] )); // "(User: {$row['username']})";
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2037
            else if ( $row['target_type'] == ACL_TYPE_GROUP )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2038
              $info = $lang->get('acl_msg_list_group', array( 'group' => $row['group_name'] ));
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2039
            
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2040
            // affected pages info
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2041
            if ( $row['page_id'] && $row['namespace'] && $row['namespace'] != '__PageGroup' )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2042
              $info .= $lang->get('acl_msg_list_on_page', array( 'page_name' => "{$row['namespace']}:{$row['page_id']}" ));
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2043
            else if ( $row['page_id'] && $row['namespace'] && $row['namespace'] == '__PageGroup' )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2044
              $info .= $lang->get('acl_msg_list_on_page_group', array( 'page_group' => $row['pg_name'] ));
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2045
            else
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2046
              $info .= $lang->get('acl_msg_list_entire_site');
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2047
              
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2048
            $score_string = $lang->get('acl_msg_list_score', array
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2049
              (
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2050
                'score' => $score,
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2051
                'desc'  => $desc,
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2052
                'info'  => $info
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2053
                ));
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2054
            $return['rules'][] = array(
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2055
              'score_string' => $score_string,
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2056
              'rule_id'      => $row['rule_id'],
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2057
              'color'        => $color
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2058
              );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2059
          }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2060
          
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2061
          break;
679
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2062
        case 'list_presets':
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2063
          $presets = array();
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2064
          $q = $db->sql_query('SELECT page_id AS preset_name, rule_id, rules FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . ";");
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2065
          if ( !$q )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2066
            $db->die_json();
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2067
          
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2068
          while ( $row = $db->fetchrow() )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2069
          {
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2070
            $row['rules'] = $session->string_to_perm($row['rules']);
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2071
            $presets[] = $row;
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2072
          }
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2073
          
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2074
          return array(
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2075
            'mode' => 'list_existing',
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2076
            'presets' => $presets
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2077
          );
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2078
          break;
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2079
        case 'save_preset':
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2080
          if ( empty($parms['preset_name']) )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2081
          {
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2082
            return array(
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2083
              'mode' => 'error',
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2084
              'error' => $lang->get('acl_err_preset_name_empty')
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2085
            );
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2086
          }
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2087
          $preset_name = $db->escape($parms['preset_name']);
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2088
          $q = $db->sql_query('DELETE FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . " AND page_id = '$preset_name';");
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2089
          if ( !$q )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2090
            $db->die_json();
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2091
          
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2092
          $perms = $session->perm_to_string($parms['perms']);
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2093
          if ( !$perms )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2094
          {
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2095
            return array(
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2096
              'mode' => 'error',
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2097
              'error' => $lang->get('acl_err_preset_is_blank')
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2098
            );
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2099
          }
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2100
          
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2101
          $perms = $db->escape($perms);
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2102
          $q = $db->sql_query('INSERT INTO ' . table_prefix . "acl(page_id, target_type, rules) VALUES\n"
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2103
                            . "  ( '$preset_name', " . ACL_TYPE_PRESET . ", '$perms' );");
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2104
          if ( !$q )
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2105
            $db->die_json();
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2106
          
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2107
          return array(
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2108
              'mode' => 'success'
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2109
            );
80bf9b8fe6aa Added preliminary support for ACL presets. Yay!
Dan
parents: 621
diff changeset
  2110
          break;
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2111
        case 'trace':
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2112
          list($targetpid, $targetns) = RenderMan::strToPageID($parms['page']);
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2113
          try
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2114
          {
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2115
            $perms = $session->fetch_page_acl_user($parms['user'], $targetpid, $targetns);
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2116
            $perm_table = array(
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2117
                AUTH_ALLOW => 'acl_lbl_field_allow',
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2118
                AUTH_WIKIMODE => 'acl_lbl_field_wikimode',
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2119
                AUTH_DISALLOW => 'acl_lbl_field_disallow',
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2120
                AUTH_DENY => 'acl_lbl_field_deny'
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2121
              );
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2122
            
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2123
            $return = array(
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2124
              'mode' => 'trace',
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2125
              'perms' => array()
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2126
            );
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2127
            
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2128
            foreach ( $perms->perm_resolve_table as $perm_type => $lookup_data )
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2129
            {
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2130
              if ( !$session->check_acl_scope($perm_type, $targetns) )
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2131
                continue;
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2132
              
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2133
              $src_l10n = $lang->get($session->acl_inherit_lang_table[$lookup_data['src']], $lookup_data);
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2134
              $divclass = preg_replace('/^acl_inherit_/', '', $session->acl_inherit_lang_table[$lookup_data['src']]);
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2135
              $perm_string = $lang->get($perm_table[$perms->perms[$perm_type]]);
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2136
              $perm_name = $lang->get($session->acl_descs[$perm_type]);
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2137
              
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2138
              $return['perms'][$perm_type] = array(
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2139
                  'divclass' => "acl_inherit acl_$divclass",
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2140
                  'perm_type' => $perm_type,
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2141
                  'perm_name' => $perm_name,
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2142
                  'perm_value' => $perm_string,
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2143
                  'perm_src' => $src_l10n,
749
ea3045a3bcbd Added dependency checking in ACL tracer
Dan
parents: 737
diff changeset
  2144
                  'rule_id' => intval($lookup_data['rule_id']),
ea3045a3bcbd Added dependency checking in ACL tracer
Dan
parents: 737
diff changeset
  2145
                  'bad_deps' => $perms->acl_check_deps($perm_type, true)
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2146
                );
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2147
            }
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2148
            
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2149
            // group rules if possible
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2150
            $return['groups'] = array();
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2151
            foreach ( $return['perms'] as $rule )
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2152
            {
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2153
              if ( !isset($return['groups'][$rule['rule_id']]) )
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2154
              {
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2155
                $return['groups'][$rule['rule_id']] = array();
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2156
              }
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2157
              $return['groups'][$rule['rule_id']][] = $rule['perm_type'];
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2158
            }
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2159
          }
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2160
          catch ( Exception $e )
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2161
          {
737
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2162
            $return = array(
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2163
                'mode' => 'error',
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2164
                'error' => $e->getMessage()
919bcdde5f2a Fixed exception handling from session->fetch_page_acl() in ACL trace server side
Dan
parents: 729
diff changeset
  2165
              );
729
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2166
          }
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2167
          
ebac7eeb89eb Merging in the past three months' work on ACL tracing tools.
Dan
parents: 696
diff changeset
  2168
          break;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2169
        default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2170
          return Array('mode'=>'error','error'=>'Hacking attempt');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2171
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2172
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2173
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2174
    return $return;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2175
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2176
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2177
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2178
   * Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2179
   * @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2180
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2181
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2182
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  2183
  public static function acl_json($parms = '{ }')
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2184
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2185
    global $db, $session, $paths, $template, $plugins; // Common objects
582
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2186
    try
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2187
    {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2188
      $parms = enano_json_decode($parms);
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2189
    }
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2190
    catch ( Zend_Json_Exception $e )
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2191
    {
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2192
      $parms = array();
a38876c0793c Majorly reworked Javascript runtime stuff to use on-demand loading.
Dan
parents: 536
diff changeset
  2193
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2194
    $ret = PageUtils::acl_editor($parms);
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  2195
    $ret = enano_json_encode($ret);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2196
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2197
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2198
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2199
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2200
   * A non-Javascript frontend for the ACL API.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2201
   * @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2202
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2203
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  2204
  public static function aclmanager($parms)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2205
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2206
    global $db, $session, $paths, $template, $plugins; // Common objects
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2207
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2208
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2209
    // Convenience
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2210
    $formstart = '<form 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2211
                    action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2212
                    method="post" enctype="multipart/form-data"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2213
                    onsubmit="if(!submitAuthorized) return false;"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2214
                    >';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2215
    $formend   = '</form>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2216
    $parms    = PageUtils::acl_preprocess($parms);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2217
    $response = PageUtils::acl_editor($parms);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2218
    $response = PageUtils::acl_postprocess($response);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2219
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2220
    //die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2221
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2222
    switch($response['mode'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2223
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2224
      case 'debug':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2225
        echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2226
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2227
      case 'stage1':
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2228
        echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2229
              <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2230
        echo $formstart;
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2231
        echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2232
              <p><select name="data[target_id_grp]">';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2233
        foreach ( $response['groups'] as $group )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2234
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2235
          echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2236
        }
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2237
        
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2238
        // page group selector
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2239
        $groupsel = '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2240
        if ( count($response['page_groups']) > 0 )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2241
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2242
          $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2243
                       <p><select name="data[pg_id]">';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2244
          foreach ( $response['page_groups'] as $grp )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2245
          {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2246
            $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2247
          }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2248
          $groupsel .= '</select></p>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2249
        }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2250
        
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2251
        echo '</select></p>
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2252
              <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2253
              <p>' . $template->username_field('data[target_id_user]') . '</p>
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2254
              <p>' . $lang->get('acl_lbl_scope') . '</p>
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2255
              <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2256
              ' . $groupsel . '
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2257
              <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2258
              <div style="margin: 0 auto 0 0; text-align: right;">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2259
                <input name="data[mode]" value="seltarget" type="hidden" />
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
  2260
                <input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2261
                <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2262
                <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2263
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2264
        echo $formend;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2265
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2266
      case 'success':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2267
        echo '<div class="info-box">
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2268
                <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2269
                ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2270
                ' . $formstart . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2271
                <input type="hidden" name="data[mode]" value="seltarget" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2272
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2273
                <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2274
                <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2275
                <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2276
                <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2277
                <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2278
                <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2279
                ' . $formend . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2280
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2281
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2282
      case 'delete':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2283
        echo '<div class="info-box">
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2284
                <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2285
                ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2286
                ' . $formstart . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2287
                <input type="hidden" name="data[mode]" value="seltarget" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2288
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2289
                <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2290
                <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2291
                <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2292
                <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2293
                <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2294
                <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2295
                ' . $formend . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2296
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2297
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2298
      case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2299
        if ( $response['type'] == 'edit' )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2300
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2301
          echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2302
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2303
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2304
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2305
          echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2306
        }
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2307
        $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2308
        $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2309
        $subs = array(
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2310
            'target_type' => $type,
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2311
            'target' => $response['target_name'],
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2312
            'scope_type' => $scope
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2313
          );
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2314
        echo $lang->get('acl_lbl_editwin_body', $subs);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2315
        echo $formstart;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2316
        $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2317
        echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2318
        $parser = $template->makeParserText( $response['template']['acl_field_item'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2319
        $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2320
        foreach ( $response['acl_types'] as $acl_type => $value )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2321
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2322
          $vars = Array(
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2323
              'FIELD_INHERIT_CHECKED' => '',
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2324
              'FIELD_DENY_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2325
              'FIELD_DISALLOW_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2326
              'FIELD_WIKIMODE_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2327
              'FIELD_ALLOW_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2328
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2329
          $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2330
          $vars['ROW_CLASS'] = $cls;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2331
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2332
          switch ( $response['current_perms'][$acl_type] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2333
          {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2334
            case 'i':
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2335
            default:
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2336
              $vars['FIELD_INHERIT_CHECKED'] = 'checked="checked"';
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2337
              break;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2338
            case AUTH_ALLOW:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2339
              $vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2340
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2341
            case AUTH_WIKIMODE:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2342
              $vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2343
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2344
            case AUTH_DISALLOW:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2345
              $vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2346
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2347
             case AUTH_DENY:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2348
              $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2349
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2350
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2351
          $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2352
          if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2353
          {
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2354
            $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2355
          }
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2356
          else
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2357
          {
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2358
            $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2359
          }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2360
          $parser->assign_vars($vars);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2361
          echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2362
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2363
        $parser = $template->makeParserText( $response['template']['acl_field_end'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2364
        echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2365
        echo '<div style="margin: 10px auto 0 0; text-align: right;">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2366
                <input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2367
                <input type="hidden" name="data[page_id]" value="'   . (( $response['page_id']   ) ? $response['page_id']   : 'false') . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2368
                <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2369
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2370
                <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2371
                <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2372
                ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" />&nbsp;&nbsp;<input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2373
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2374
        echo $formend;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2375
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2376
      case 'error':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2377
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2378
        die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2379
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2380
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2381
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2382
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2383
    echo
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2384
      $template->getHeader() .
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2385
      $ret .
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2386
      $template->getFooter();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2387
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2388
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2389
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2390
   * Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2391
   * @param array The posted data
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2392
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2393
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2394
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2395
   
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  2396
  public static function acl_preprocess($parms)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2397
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2398
    if ( !isset($parms['mode']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2399
      // Nothing to do
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2400
      return $parms;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2401
    switch ( $parms['mode'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2402
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2403
      case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2404
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2405
        // Who's affected?
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2406
        $parms['target_type'] = intval( $parms['target_type'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2407
        $parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2408
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2409
      case 'save_edit':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2410
      case 'save_new':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2411
        if ( isset($parms['act_delete_rule']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2412
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2413
          $parms['mode'] = 'delete';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2414
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2415
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2416
        // Scope (just this page or entire site?)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2417
        if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2418
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2419
          $parms['page_id']   = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2420
          $parms['namespace'] = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2421
        }
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2422
        else if ( $parms['scope'] == 'page_group' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2423
        {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2424
          $parms['page_id'] = $parms['pg_id'];
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2425
          $parms['namespace'] = '__PageGroup';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2426
        }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2427
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2428
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2429
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2430
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2431
    if ( isset($parms['act_go_stage1']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2432
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2433
      $parms = array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2434
          'mode' => 'listgroups'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2435
        );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2436
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2437
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2438
    return $parms;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2439
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2440
  
372
5bd429428101 A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents: 361
diff changeset
  2441
  public static function acl_postprocess($response)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2442
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2443
    if(!isset($response['mode']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2444
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2445
      if ( isset($response['groups']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2446
        $response['mode'] = 'stage1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2447
      else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2448
        $response = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2449
            'mode' => 'error',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2450
            'error' => 'Invalid action passed by API backend.',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2451
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2452
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2453
    return $response;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2454
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2455
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2456
}
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2457
513
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2458
/**
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2459
 * Generates a graphical key showing how the ACL rule list works.
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2460
 * @return string
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2461
 */
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2462
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2463
function acl_list_draw_key()
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2464
{
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2465
  $out  = '<div style="width: 460px; margin: 0 auto; text-align: center; margin-bottom: 10px;">';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2466
  $out .= '<div style="float: left;">&larr; Deny</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2467
  $out .= '<div style="float: right;">Allow &rarr;</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2468
  $out .= 'Neutral';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2469
  $out .= '<div style="clear: both;"></div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2470
  // 11 boxes on each side of the center
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2471
  $inc = ceil ( ( 0xFF - ACL_SCALE_MINIMAL_SHADE ) / 11 );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2472
  for ( $i = ACL_SCALE_MINIMAL_SHADE; $i <= 0xFF; $i+= $inc )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2473
  {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2474
    $octet = dechex($i);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2475
    $color = "ff$octet$octet";
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2476
    $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;">&nbsp;</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2477
  }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2478
  $out .= '<div style="background-color: #efefef; float: left; width: 20px;">&nbsp;</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2479
  for ( $i = 0xFF; $i >= ACL_SCALE_MINIMAL_SHADE; $i-= $inc )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2480
  {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2481
    $octet = dechex($i);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2482
    $color = "{$octet}ff{$octet}";
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2483
    $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;">&nbsp;</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2484
  }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2485
  $out .= '<div style="clear: both;"></div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2486
  $out .= '<div style="float: left;">-100</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2487
  $out .= '<div style="float: right;">+100</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2488
  $out .= '0';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2489
  $out .= '</div>';
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2490
  return $out;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2491
}
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2492
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2493
/**
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2494
 * Gets the numerical score for the serialized form of an ACL rule
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2495
 */
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2496
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2497
function get_acl_rule_score($perms)
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2498
{
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2499
  global $db, $session, $paths, $template, $plugins; // Common objects
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2500
  if ( is_string($perms) )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2501
    $perms = $session->string_to_perm($perms);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2502
  else if ( !is_array($perms) )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2503
    return false;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2504
  $score = 0;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2505
  foreach ( $perms as $item )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2506
  {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2507
    switch ( $item )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2508
    {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2509
      case AUTH_ALLOW :
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2510
        $inc = 2;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2511
        break;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2512
      case AUTH_WIKIMODE:
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2513
        $inc = 1;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2514
        break;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2515
      case AUTH_DISALLOW:
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2516
        $inc = -1;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2517
        break;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2518
      case AUTH_DENY:
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2519
        $inc = -2;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2520
        break;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2521
      default:
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2522
        $inc = 0;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2523
        break;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2524
    }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2525
    $score += $inc;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2526
  }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2527
  // this is different from the beta; calculate highest score and
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2528
  // get percentage to be fairer to smaller/less broad rules
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2529
  $divisor = count($perms) * 2;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2530
  if ( $divisor == 0 )
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2531
  {
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2532
    return 0;
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2533
  }
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2534
  $score = 100 * ( $score / $divisor );
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2535
  return round($score);
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2536
}
c15fbf197a54 AJAX interface for listing ACL rules implemented
Dan
parents: 512
diff changeset
  2537
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2538
?>