ajax.php
changeset 592 27377179fe58
parent 555 ac4c6a7f01d8
child 593 4f9bec0d65c1
equal deleted inserted replaced
591:2529833a7731 592:27377179fe58
    12  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    12  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    13  */
    13  */
    14  
    14  
    15   define('ENANO_INTERFACE_AJAX', '');
    15   define('ENANO_INTERFACE_AJAX', '');
    16  
    16  
    17   // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
       
    18   if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
       
    19   {
       
    20     // setup and load a very basic, specialized instance of the Enano API
       
    21     function microtime_float()
       
    22     {
       
    23       list($usec, $sec) = explode(" ", microtime());
       
    24       return ((float)$usec + (float)$sec);
       
    25     }
       
    26     // Determine directory (special case for development servers)
       
    27     if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
       
    28     {
       
    29       $filename = str_replace('/repo/', '/', __FILE__);
       
    30     }
       
    31     else
       
    32     {
       
    33       $filename = __FILE__;
       
    34     }
       
    35     define('ENANO_ROOT', dirname($filename));
       
    36     require(ENANO_ROOT.'/includes/functions.php');
       
    37     require(ENANO_ROOT.'/includes/dbal.php');
       
    38     require(ENANO_ROOT.'/includes/json2.php');
       
    39     
       
    40     require(ENANO_ROOT . '/config.php');
       
    41     unset($dbuser, $dbpasswd);
       
    42     if ( !isset($dbdriver) )
       
    43       $dbdriver = 'mysql';
       
    44     
       
    45     $db = new $dbdriver();
       
    46     
       
    47     $db->connect();
       
    48     
       
    49     // result is sent using JSON
       
    50     $return = Array(
       
    51         'mode' => 'success',
       
    52         'users_real' => Array()
       
    53       );
       
    54     
       
    55     // should be connected to the DB now
       
    56     $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
       
    57     if ( !$name )
       
    58     {
       
    59       $return = array(
       
    60         'mode' => 'error',
       
    61         'error' => 'Invalid URI'
       
    62       );
       
    63       die( enano_json_encode($return) );
       
    64     }
       
    65     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
       
    66     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
       
    67     if ( !$q )
       
    68     {
       
    69       $db->die_json();
       
    70     }
       
    71     $i = 0;
       
    72     while($r = $db->fetchrow())
       
    73     {
       
    74       $return['users_real'][] = $r['username'];
       
    75       $i++;
       
    76     }
       
    77     $db->free_result();
       
    78     
       
    79     // all done! :-)
       
    80     $db->close();
       
    81     
       
    82     echo enano_json_encode( $return );
       
    83     
       
    84     exit;
       
    85   }
       
    86  
       
    87   require('includes/common.php');
    17   require('includes/common.php');
    88   
    18   
    89   global $db, $session, $paths, $template, $plugins; // Common objects
    19   global $db, $session, $paths, $template, $plugins; // Common objects
    90   if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
    20   if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
    91   
    21   
    92   $_ob = '';
    22   $_ob = '';
    93   
    23   
    94   switch($_GET['_mode']) {
    24   switch($_GET['_mode']) {
    95     case "checkusername":
    25     case "checkusername":
       
    26       require_once(ENANO_ROOT.'/includes/pageutils.php');
    96       echo PageUtils::checkusername($_GET['name']);
    27       echo PageUtils::checkusername($_GET['name']);
    97       break;
    28       break;
    98     case "getsource":
    29     case "getsource":
    99       header('Content-type: text/plain');
    30       header('Content-type: text/plain');
   100       $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
    31       $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
   228             
   159             
   229       $page->send();
   160       $page->send();
   230       break;
   161       break;
   231     case "savepage":
   162     case "savepage":
   232       /* **** OBSOLETE **** */
   163       /* **** OBSOLETE **** */
   233       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
   164       
   234       $minor = isset($_POST['minor']);
       
   235       $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
       
   236       if ( $e == 'good' )
       
   237       {
       
   238         $page = new PageProcessor($paths->page_id, $paths->namespace);
       
   239         $page->send();
       
   240       }
       
   241       else
       
   242       {
       
   243         echo '<p>Error saving the page: '.$e.'</p>';
       
   244       }
       
   245       break;
   165       break;
   246     case "savepage_json":
   166     case "savepage_json":
   247       header('Content-type: application/json');
   167       header('Content-type: application/json');
   248       if ( !isset($_POST['r']) )
   168       if ( !isset($_POST['r']) )
   249         die('Invalid request');
   169         die('Invalid request');
   432       
   352       
   433       $result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
   353       $result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
   434       echo enano_json_encode($result);
   354       echo enano_json_encode($result);
   435       break;
   355       break;
   436     case "histlist":
   356     case "histlist":
       
   357       require_once(ENANO_ROOT.'/includes/pageutils.php');
   437       echo PageUtils::histlist($paths->page_id, $paths->namespace);
   358       echo PageUtils::histlist($paths->page_id, $paths->namespace);
   438       break;
   359       break;
   439     case "rollback":
   360     case "rollback":
   440       $id = intval(@$_GET['id']);
   361       $id = intval(@$_GET['id']);
   441       $page = new PageProcessor($paths->page_id, $paths->namespace);
   362       $page = new PageProcessor($paths->page_id, $paths->namespace);
   443       
   364       
   444       $result = $page->rollback_log_entry($id);
   365       $result = $page->rollback_log_entry($id);
   445       echo enano_json_encode($result);
   366       echo enano_json_encode($result);
   446       break;
   367       break;
   447     case "comments":
   368     case "comments":
       
   369       require_once(ENANO_ROOT.'/includes/comment.php');
   448       $comments = new Comments($paths->page_id, $paths->namespace);
   370       $comments = new Comments($paths->page_id, $paths->namespace);
   449       if ( isset($_POST['data']) )
   371       if ( isset($_POST['data']) )
   450       {
   372       {
   451         $comments->process_json($_POST['data']);
   373         $comments->process_json($_POST['data']);
   452       }
   374       }
   461       
   383       
   462       $result = $page->rename_page($_POST['newtitle']);
   384       $result = $page->rename_page($_POST['newtitle']);
   463       echo enano_json_encode($result);
   385       echo enano_json_encode($result);
   464       break;
   386       break;
   465     case "flushlogs":
   387     case "flushlogs":
       
   388       require_once(ENANO_ROOT.'/includes/pageutils.php');
   466       echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
   389       echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
   467       break;
   390       break;
   468     case "deletepage":
   391     case "deletepage":
       
   392       require_once(ENANO_ROOT.'/includes/pageutils.php');
   469       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
   393       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
   470       if ( empty($reason) )
   394       if ( empty($reason) )
   471         die($lang->get('page_err_need_reason'));
   395         die($lang->get('page_err_need_reason'));
   472       echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
   396       echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
   473       break;
   397       break;
   474     case "delvote":
   398     case "delvote":
       
   399       require_once(ENANO_ROOT.'/includes/pageutils.php');
   475       echo PageUtils::delvote($paths->page_id, $paths->namespace);
   400       echo PageUtils::delvote($paths->page_id, $paths->namespace);
   476       break;
   401       break;
   477     case "resetdelvotes":
   402     case "resetdelvotes":
       
   403       require_once(ENANO_ROOT.'/includes/pageutils.php');
   478       echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
   404       echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
   479       break;
   405       break;
   480     case "getstyles":
   406     case "getstyles":
       
   407       require_once(ENANO_ROOT.'/includes/pageutils.php');
   481       echo PageUtils::getstyles($_GET['id']);
   408       echo PageUtils::getstyles($_GET['id']);
   482       break;
   409       break;
   483     case "catedit":
   410     case "catedit":
       
   411       require_once(ENANO_ROOT.'/includes/pageutils.php');
   484       echo PageUtils::catedit($paths->page_id, $paths->namespace);
   412       echo PageUtils::catedit($paths->page_id, $paths->namespace);
   485       break;
   413       break;
   486     case "catsave":
   414     case "catsave":
       
   415       require_once(ENANO_ROOT.'/includes/pageutils.php');
   487       echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
   416       echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
   488       break;
   417       break;
   489     case "setwikimode":
   418     case "setwikimode":
       
   419       require_once(ENANO_ROOT.'/includes/pageutils.php');
   490       echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
   420       echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
   491       break;
   421       break;
   492     case "setpass":
   422     case "setpass":
       
   423       require_once(ENANO_ROOT.'/includes/pageutils.php');
   493       echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
   424       echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
   494       break;
   425       break;
   495     case "fillusername":
   426     case "fillusername":
   496       break;
   427       break;
   497     case "fillpagename":
   428     case "fillpagename":
   535       } else {
   466       } else {
   536         die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
   467         die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
   537       }
   468       }
   538       break;
   469       break;
   539     case "preview":
   470     case "preview":
       
   471       require_once(ENANO_ROOT.'/includes/pageutils.php');
   540       echo PageUtils::genPreview($_POST['text']);
   472       echo PageUtils::genPreview($_POST['text']);
   541       break;
   473       break;
   542     case "pagediff":
   474     case "pagediff":
       
   475       require_once(ENANO_ROOT.'/includes/pageutils.php');
   543       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   476       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   544       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   477       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   545       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
   478       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
   546       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
   479       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
   547          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
   480          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
   556       $rdns = gethostbyaddr($ip);
   489       $rdns = gethostbyaddr($ip);
   557       if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
   490       if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
   558       else echo $rdns;
   491       else echo $rdns;
   559       break;
   492       break;
   560     case 'acljson':
   493     case 'acljson':
       
   494       require_once(ENANO_ROOT.'/includes/pageutils.php');
   561       $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
   495       $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
   562       echo PageUtils::acl_json($parms);
   496       echo PageUtils::acl_json($parms);
   563       break;
   497       break;
   564     case "change_theme":
   498     case "change_theme":
   565       if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
   499       if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )