<?php

/*

Plugin Name: Runt - the Enano administration panel

Plugin URI: http://enanocms.org/

Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.

Author: Dan Fuhry

Version: 1.0.2

Author URI: http://enanocms.org/

*/

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.1

 * Copyright (C) 2006-2007 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

global $db, $session, $paths, $template, $plugins; // Common objects

$plugins->attachHook('base_classes_initted', '

  global $paths;

    $paths->add_page(Array(

      \'name\'=>\'Administration\',

      \'urlname\'=>\'Administration\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Manage the Sidebar\',

      \'urlname\'=>\'EditSidebar\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

  ');

// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1

require(ENANO_ROOT . '/plugins/admin/PageGroups.php');

require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');

require(ENANO_ROOT . '/plugins/admin/UserManager.php');

// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>

function page_Admin_Home() {

  global $db, $session, $paths, $template, $plugins; // Common objects

  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )

  {

    return;

  }

  // Basic information

  echo RenderMan::render(

'== Welcome to Runt, the Enano administration panel. ==

Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.

Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');

  // Demo mode

  if ( defined('ENANO_DEMO_MODE') )

  {

    echo '<h3>Enano is running in demo mode.</h3>

          <p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';

  }

  // Check for the installer scripts

  if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )

  {

    echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';

  }

  // Inactive users

  $q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');

  if($q)

    if($db->numrows() > 0)

    {

      $n = $db->numrows();

      if($n == 1) $s = $n . ' user is';

      else $s = $n . ' users are';

      echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';

    }

  $db->free_result();

  // Stats

  if(getConfig('log_hits') == '1')

  {

    $stats = stats_top_pages(10);

    //die('<pre>'.print_r($stats,true).'</pre>');

    $c = 0;

    $cls = 'row2';

    echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';

    foreach($stats as $data)

    {

      echo '<tr>';

      $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';

      echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';

      echo '</tr>';

    }

    echo '</table></div>';

  }

  // Security log

  echo '<h3>Security log</h3>';

  $seclog = get_security_log(5);

  echo $seclog;

  echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>';

}

function page_Admin_GeneralConfig() {

  global $db, $session, $paths, $template, $plugins; // Common objects

  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )

  {

    return;

  }

  if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )

  {

    // Global site options

    setConfig('site_name', $_POST['site_name']);

    setConfig('site_desc', $_POST['site_desc']);

    setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));

    setConfig('copyright_notice', $_POST['copyright']);

    setConfig('contact_email', $_POST['contact_email']);

    // Wiki mode

    if(isset($_POST['wikimode']))                setConfig('wiki_mode', '1');

    else                                         setConfig('wiki_mode', '0');

    if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');

    else                                         setConfig('wiki_mode_require_login', '0');

    if(isset($_POST['editmsg']))                 setConfig('wiki_edit_notice', '1');

    else                                         setConfig('wiki_edit_notice', '0');

    setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);

    // Stats

    if(isset($_POST['log_hits']))                setConfig('log_hits', '1');

    else                                         setConfig('log_hits', '0');

    // Disablement

    if(isset($_POST['site_disabled'])) {         setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }

    else                                         setConfig('site_disabled', '0');

    // Account activation

    setConfig('account_activation', $_POST['account_activation']);

    // W3C compliance buttons

    if(isset($_POST['w3c-vh32']))     setConfig("w3c_vh32", "1");

    else                              setConfig("w3c_vh32", "0");

    if(isset($_POST['w3c-vh40']))     setConfig("w3c_vh40", "1");

    else                              setConfig("w3c_vh40", "0");

    if(isset($_POST['w3c-vh401']))    setConfig("w3c_vh401", "1");

    else                              setConfig("w3c_vh401", "0");

    if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");

    else                              setConfig("w3c_vxhtml10", "0");

    if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");

    else                              setConfig("w3c_vxhtml11", "0");

    if(isset($_POST['w3c-vcss']))     setConfig("w3c_vcss", "1");

    else                              setConfig("w3c_vcss", "0");

    // SourceForge.net logo

    if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');

    else                        setConfig('sflogo_enabled', '0');

    setConfig('sflogo_groupid', $_POST['sfgroup']);

    setConfig('sflogo_type', $_POST['sflogo']);

    // Comment options

    if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');

    else                                  setConfig('approve_comments', '0');

    if(isset($_POST['enable-comments']))  setConfig('enable_comments', '1');

    else                                  setConfig('enable_comments', '0');

    setConfig('comments_need_login', $_POST['comments_need_login']);

    // Powered by link

    if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');

    else                                       setConfig('powered_btn', '0');    

    if(isset($_POST['dbdbutton']))        setConfig('dbd_button', '1');

    else                                  setConfig('dbd_button', '0');

    if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');

    else                                   setConfig('smtp_enabled', '1');

    setConfig('smtp_server', $_POST['smtp_host']);

    setConfig('smtp_user', $_POST['smtp_user']);

    if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);

    // Password strength

    if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1');

    else                                       setConfig('pw_strength_enable', '0');

    $strength = intval($_POST['pw_strength_minimum']);

    if ( $strength >= -10 && $strength <= 30 )

    {

      $strength = strval($strength);

      setConfig('pw_strength_minimum', $strength);

    }

    // Account lockout policy

    if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )

      setConfig('lockout_threshold', $_POST['lockout_threshold']);

    if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )

      setConfig('lockout_duration', $_POST['lockout_duration']);

    if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )

      setConfig('lockout_policy', $_POST['lockout_policy']);

    echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';

  }

  else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )

  {

    echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';

  }

  echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');

  ?>

  <div class="tblholder">

    <table border="0" width="100%" cellspacing="1" cellpadding="4">

    <!-- Global options -->

      <tr><th colspan="2">Global site options</th></tr>

      <tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>

      <tr><td class="row1" style="width: 50%;">Site name:</td>  <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>

      <tr><td class="row2">Site description:</td>               <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>

      <tr><td class="row1">Main page:</td>                      <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>

      <tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>

      <tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "&copy;" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>

      <tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>

    <!-- Wiki mode -->

      <tr><th colspan="2">Wiki mode</th></tr>

      <tr>

        <td class="row3" rowspan="2">

          Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />

          In Wiki Mode, certain HTML tags such as &lt;script&gt; and &lt;object&gt; are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />

          Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.

        </td>

        <td class="row1">

          <input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>

        </td>

      </tr>

      <tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>

      <tr>

        <td class="row3" rowspan="2">

          <b>Edit page notice</b><br />

          When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.

        </td>

        <td class="row1">

          <input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>

        </td>

      </tr>

      <tr>

        <td class="row2">

          <textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>

        </td>

      </tr>

    <!-- Site statistics -->

      <tr><th colspan="2">Statistics and hit counting</th></tr>

      <tr>

        <td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>

        <td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/>  Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>

      </tr>

    <!-- Comment options -->

      <tr><th colspan="2">Comment system</th></tr>

      <tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label>                      </td><td class="row1"><input name="enable-comments"  id="enable-comments"  type="checkbox" <?php if(getConfig('enable_comments')=='1')  echo('CHECKED '); ?>/></td></tr>

      <tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>

      <tr><td class="row1">Guest comment posting allowed                                                              </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>

                                                                                                                                            <label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>

    <!-- Default permissions -->                                                                                                            <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>

    <!--

    READ: Do not try to enable this, backend support for it has been disabled. To edit default

          permissions, select The Entire Website in any permissions editor window.

      <tr><th colspan="2">Default permissions for pages</th></tr>

      <tr>

        <td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>

        <td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>

      </tr>

      -->

    <!-- enanocms.org link -->

    <tr>

      <th colspan="2">Promote Enano</th>

    </tr>

    <tr>

      <td class="row3">

        If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano

        homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because

        Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word

        using this link.

      </td>

      <td class="row1">

        <label>

          <input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> />&nbsp;&nbsp;Place a link to enanocms.org on the sidebar

        </label>

      </td>

    </tr>

    <!-- Site disablement -->

      <tr><th colspan="2">Disable all site access</th></tr>

      <tr>

        <td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>

        <td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/>  Disable this site</label></td>

      </tr>

      <tr>

        <td class="row2">

          <div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>

            Message to show to users:<br />

            <textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>

          </div>

        </td>

      </tr>

    <!-- Account activation -->

      <tr><th colspan="2">User account activation</th></tr>

      <tr>

        <td class="row3" colspan="2">

          If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />

          You may also disable registration completely if needed.<br /><br />

          <b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>

        </td>

      </tr>

      <tr>

        <td class="row1">Account activation:</td><td class="row1">

          <?php

          echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';

          echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';

          echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';

          echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';

          ?>

        </td>

      </tr>

    <!-- Account lockout -->

      <tr><th colspan="2">Account lockouts</th></tr>

      <tr><td class="row3" colspan="2">Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times.</td></tr>

      <tr>

        <td class="row2">Lockout threshold:<br />

          <small>How many times can a user enter wrong credentials before a lockout goes into effect?</small>

        </td>

        <td class="row2">

          <input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />

        </td>

      </tr>

      <tr>

        <td class="row1">Lockout duration:<br />

          <small>This is how long an account lockout should last, in minutes.</small>

        </td>

        <td class="row1">

          <input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />

        </td>

      </tr>

      <tr>

        <td class="row2">Lockout policy:<br />

          <small>What should be done when a lockout goes into effect?</small>

        </td>

        <td class="row2">

          <label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> Don't do anything</label><br />

          <label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> Require visual confirmation</label><br />

          <label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> Prevent all login attempts</label>

        </td>

      </tr>

    <!-- Password strength -->

      <tr><th colspan="2">Password strength</th></tr>

      <tr>