48 */ |
48 */ |
49 |
49 |
50 public static function getsource($page, $password = false) |
50 public static function getsource($page, $password = false) |
51 { |
51 { |
52 global $db, $session, $paths, $template, $plugins; // Common objects |
52 global $db, $session, $paths, $template, $plugins; // Common objects |
53 if(!isPage($page)) |
53 if ( !isPage($page) ) |
54 { |
54 { |
55 return ''; |
55 return ''; |
56 } |
56 } |
57 |
57 |
58 if(strlen($paths->pages[$page]['password']) == 40) |
58 list($page_id, $namespace) = RenderMan::strToPageID($page); |
59 { |
59 $ns = namespace_factory($page_id, $namespace); |
60 if(!$password || ( $password != $paths->pages[$page]['password'])) |
60 $cdata = $ns->get_cdata(); |
|
61 |
|
62 if ( strlen($cdata['password']) == 40 ) |
|
63 { |
|
64 if(!$password || ( $password != $cdata['password'])) |
61 { |
65 { |
62 return 'invalid_password'; |
66 return 'invalid_password'; |
63 } |
67 } |
64 } |
68 } |
65 |
69 |
109 */ |
113 */ |
110 |
114 |
111 public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false) |
115 public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false) |
112 { |
116 { |
113 global $db, $session, $paths, $template, $plugins; // Common objects |
117 global $db, $session, $paths, $template, $plugins; // Common objects |
114 $uid = sha1(microtime()); |
118 |
115 $pname = $paths->nslist[$namespace] . $page_id; |
119 $page = new PageProcessor($page_id, $namespace); |
116 |
120 $cdata = $page->ns->get_cdata(); |
117 if(!$session->get_permissions('edit_page')) |
121 return $page->update_page($message, $summary, $minor, $cdata['page_format']); |
118 return 'Access to edit pages is denied.'; |
|
119 |
|
120 if(!isPage($pname)) |
|
121 { |
|
122 $create = PageUtils::createPage($page_id, $namespace); |
|
123 if ( $create != 'good' ) |
|
124 return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create; |
|
125 $paths->page_exists = true; |
|
126 } |
|
127 |
|
128 // Check page protection |
|
129 |
|
130 $is_protected = false; |
|
131 $page_data =& $paths->pages[$pname]; |
|
132 // Is the protection semi? |
|
133 if ( $page_data['protected'] == 2 ) |
|
134 { |
|
135 $is_protected = true; |
|
136 // Page is semi-protected. Has the user been here for at least 4 days? |
|
137 // 345600 seconds = 4 days |
|
138 if ( $session->user_logged_in && ( $session->reg_time + 345600 ) <= time() ) |
|
139 $is_protected = false; |
|
140 } |
|
141 // Is the protection full? |
|
142 else if ( $page_data['protected'] == 1 ) |
|
143 { |
|
144 $is_protected = true; |
|
145 } |
|
146 |
|
147 // If it's protected and we DON'T have even_when_protected rights, bail out |
|
148 if ( $is_protected && !$session->get_permissions('even_when_protected') ) |
|
149 { |
|
150 return 'You don\'t have the necessary permissions to edit this page.'; |
|
151 } |
|
152 |
|
153 // We're skipping the wiki mode check here because by default edit_page pemissions are AUTH_WIKIMODE. |
|
154 // The exception here is the user's own userpage, which is overridden at the time of account creation. |
|
155 // At that point it's set to AUTH_ALLOW, but obviously only for the user's own userpage. |
|
156 |
|
157 // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings |
|
158 $message = RenderMan::preprocess_text($message, false, false); |
|
159 |
|
160 $msg = $db->escape($message); |
|
161 |
|
162 $minor = $minor ? ENANO_SQL_BOOLEAN_TRUE : ENANO_SQL_BOOLEAN_FALSE; |
|
163 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $paths->page_id . '\', \'' . $paths->namespace . '\', ' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');'; |
|
164 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
|
165 |
|
166 $q = 'UPDATE ' . table_prefix.'page_text SET page_text=' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'; |
|
167 $e = $db->sql_query($q); |
|
168 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.'); |
|
169 |
|
170 $paths->rebuild_page_index($page_id, $namespace); |
|
171 |
|
172 return 'good'; |
|
173 } |
122 } |
174 |
123 |
175 /** |
124 /** |
176 * Creates a page, both in memory and in the database. |
125 * Creates a page, both in memory and in the database. |
177 * @param string $page_id |
126 * @param string $page_id |
276 */ |
225 */ |
277 public static function protect($page_id, $namespace, $level, $reason) |
226 public static function protect($page_id, $namespace, $level, $reason) |
278 { |
227 { |
279 global $db, $session, $paths, $template, $plugins; // Common objects |
228 global $db, $session, $paths, $template, $plugins; // Common objects |
280 |
229 |
281 $pname = $paths->nslist[$namespace] . $page_id; |
230 $page = new PageProcessor($page_id, $namespace); |
282 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
231 return $page->protect_page($level, $reason); |
283 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
|
284 |
|
285 if ( !$session->get_permissions('protect') ) |
|
286 { |
|
287 return('Insufficient access rights'); |
|
288 } |
|
289 if ( !$wiki ) |
|
290 { |
|
291 return('Page protection only has an effect when Wiki Mode is enabled.'); |
|
292 } |
|
293 if ( !preg_match('#^([0-9]+){1}$#', (string)$level) ) |
|
294 { |
|
295 return('Invalid $level parameter.'); |
|
296 } |
|
297 |
|
298 switch($level) |
|
299 { |
|
300 case 0: |
|
301 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
|
302 break; |
|
303 case 1: |
|
304 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
|
305 break; |
|
306 case 2: |
|
307 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
|
308 break; |
|
309 default: |
|
310 return 'PageUtils::protect(): Invalid value for $level'; |
|
311 break; |
|
312 } |
|
313 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.'); |
|
314 |
|
315 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
|
316 if ( !$q ) |
|
317 { |
|
318 $db->_die('The pages table was not updated.'); |
|
319 } |
|
320 |
|
321 return('good'); |
|
322 } |
232 } |
323 |
233 |
324 /** |
234 /** |
325 * Generates an HTML table with history information in it. |
235 * Generates an HTML table with history information in it. |
326 * @param string the page ID |
236 * @param string the page ID |
337 if(!$session->get_permissions('history_view')) |
247 if(!$session->get_permissions('history_view')) |
338 return 'Access denied'; |
248 return 'Access denied'; |
339 |
249 |
340 ob_start(); |
250 ob_start(); |
341 |
251 |
342 $pname = $paths->nslist[$namespace] . $page_id; |
252 $pname = $paths->get_pathskey($page_id, $namespace); |
|
253 $ns = namespace_factory($page_id, $namespace); |
|
254 $cdata = $ns->get_cdata(); |
343 |
255 |
344 if ( !isPage($pname) ) |
256 if ( !isPage($pname) ) |
345 { |
257 { |
346 return 'DNE'; |
258 return 'DNE'; |
347 } |
259 } |
348 |
260 |
349 if ( isPage($pname['password']) ) |
261 if ( isPage($pname['password']) ) |
350 { |
262 { |
351 $password_exists = ( !empty($paths->pages[$pname]['password']) && $paths->pages[$pname]['password'] !== sha1('') ); |
263 $password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') ); |
352 if ( $password_exists && $password !== $paths->pages[$pname]['password'] ) |
264 if ( $password_exists && $password !== $cdata['password'] ) |
353 { |
265 { |
354 return '<p>' . $lang->get('history_err_wrong_password') . '</p>'; |
266 return '<p>' . $lang->get('history_err_wrong_password') . '</p>'; |
355 } |
267 } |
356 } |
268 } |
357 |
269 |
358 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
270 $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false; |
359 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
271 $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false; |
360 |
272 |
361 $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;'; |
273 $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;'; |
362 if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.'); |
274 if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.'); |
363 echo $lang->get('history_page_subtitle') . ' |
275 echo $lang->get('history_page_subtitle') . ' |
364 <h3>' . $lang->get('history_heading_edits') . '</h3>'; |
276 <h3>' . $lang->get('history_heading_edits') . '</h3>'; |
1053 public static function rename($page_id, $namespace, $name) |
965 public static function rename($page_id, $namespace, $name) |
1054 { |
966 { |
1055 global $db, $session, $paths, $template, $plugins; // Common objects |
967 global $db, $session, $paths, $template, $plugins; // Common objects |
1056 global $lang; |
968 global $lang; |
1057 |
969 |
1058 $pname = $paths->nslist[$namespace] . $page_id; |
970 $page = new PageProcessor($page_id, $namespace); |
1059 |
971 return $page->rename_page($name); |
1060 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
|
1061 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
|
1062 |
|
1063 if( empty($name)) |
|
1064 { |
|
1065 return($lang->get('ajax_rename_too_short')); |
|
1066 } |
|
1067 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )) |
|
1068 { |
|
1069 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->page_id) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')'); |
|
1070 if ( !$e ) |
|
1071 { |
|
1072 $db->_die('The page title could not be updated.'); |
|
1073 } |
|
1074 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
|
1075 if ( !$e ) |
|
1076 { |
|
1077 $db->_die('The page title could not be updated.'); |
|
1078 } |
|
1079 else |
|
1080 { |
|
1081 $subst = array( |
|
1082 'page_name_old' => $paths->pages[$pname]['name'], |
|
1083 'page_name_new' => $name |
|
1084 ); |
|
1085 return $lang->get('ajax_rename_success', $subst); |
|
1086 } |
|
1087 } |
|
1088 else |
|
1089 { |
|
1090 return($lang->get('etc_access_denied')); |
|
1091 } |
|
1092 } |
972 } |
1093 |
973 |
1094 /** |
974 /** |
1095 * Flushes (clears) the action logs for a given page |
975 * Flushes (clears) the action logs for a given page |
1096 * @param $page_id the page ID |
976 * @param $page_id the page ID |
1118 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
998 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
1119 if(!$e) $db->_die('The log entries could not be deleted.'); |
999 if(!$e) $db->_die('The log entries could not be deleted.'); |
1120 |
1000 |
1121 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1001 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1122 // If not, the admin's probably deleting a trash page |
1002 // If not, the admin's probably deleting a trash page |
1123 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) ) |
1003 if ( isPage($paths->get_pathskey($page_id, $namespace)) ) |
1124 { |
1004 { |
1125 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1005 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1126 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1006 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1127 $row = $db->fetchrow(); |
1007 $row = $db->fetchrow(); |
1128 $db->free_result(); |
1008 $db->free_result(); |
1496 { |
1384 { |
1497 global $db, $session, $paths, $template, $plugins; // Common objects |
1385 global $db, $session, $paths, $template, $plugins; // Common objects |
1498 if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information'); |
1386 if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information'); |
1499 |
1387 |
1500 $page_perms = $session->fetch_page_acl($page_id, $namespace); |
1388 $page_perms = $session->fetch_page_acl($page_id, $namespace); |
1501 $page_data =& $paths->pages[$paths->nslist[$namespace].$page_id]; |
1389 $ns = namespace_factory($page_id, $namespace); |
1502 |
1390 $page_data = $ns->get_cdata(); |
1503 $cat_all = Array(); |
1391 |
1504 foreach ( $paths->pages as $i => $_ ) |
1392 $cat_all = array(); |
1505 { |
1393 $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';'); |
1506 if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i]; |
1394 if ( !$q ) |
|
1395 $db->_die(); |
|
1396 |
|
1397 while ( $row = $db->fetchrow() ) |
|
1398 { |
|
1399 $cat_all[] = Namespace_Default::bake_cdata($row); |
1507 } |
1400 } |
1508 |
1401 |
1509 // Make $cat_all an associative array, like $paths->pages |
1402 // Make $cat_all an associative array, like $paths->pages |
1510 $sz = sizeof($cat_all); |
1403 $sz = sizeof($cat_all); |
1511 for($i=0;$i<$sz;$i++) |
1404 for($i=0;$i<$sz;$i++) |
1595 public static function setpass($page_id, $namespace, $pass) |
1488 public static function setpass($page_id, $namespace, $pass) |
1596 { |
1489 { |
1597 global $db, $session, $paths, $template, $plugins; // Common objects |
1490 global $db, $session, $paths, $template, $plugins; // Common objects |
1598 global $lang, $cache; |
1491 global $lang, $cache; |
1599 // Determine permissions |
1492 // Determine permissions |
1600 if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '') |
1493 $ns = namespace_factory($page_id, $namespace); |
|
1494 $cdata = $ns->get_cdata(); |
|
1495 if ( $cdata['password'] != '' ) |
1601 $a = $session->get_permissions('password_reset'); |
1496 $a = $session->get_permissions('password_reset'); |
1602 else |
1497 else |
1603 $a = $session->get_permissions('password_set'); |
1498 $a = $session->get_permissions('password_set'); |
1604 if(!$a) |
1499 if ( !$a ) |
1605 return $lang->get('etc_access_denied'); |
1500 return $lang->get('etc_access_denied'); |
1606 if(!isset($pass)) return('Password was not set on URL'); |
1501 if ( !isset($pass) ) |
|
1502 return('Password was not set on URL'); |
1607 $p = $pass; |
1503 $p = $pass; |
1608 if ( !preg_match('#([0-9a-f]){40,40}#', $p) ) |
1504 if ( !preg_match('#([0-9a-f]){40,40}#', $p) ) |
1609 { |
1505 { |
1610 $p = sha1($p); |
1506 $p = sha1($p); |
1611 } |
1507 } |