59 { |
58 { |
60 $return = array( |
59 $return = array( |
61 'mode' => 'error', |
60 'mode' => 'error', |
62 'error' => 'Invalid URI' |
61 'error' => 'Invalid URI' |
63 ); |
62 ); |
64 die( $json->encode($return) ); |
63 die( enano_json_encode($return) ); |
65 } |
64 } |
66 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; |
65 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; |
67 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); |
66 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); |
68 if ( !$q ) |
67 if ( !$q ) |
69 { |
68 { |
283 if ( !$e ) |
282 if ( !$e ) |
284 die( $db->get_error() ); |
283 die( $db->get_error() ); |
285 die('GOOD'); |
284 die('GOOD'); |
286 break; |
285 break; |
287 case 'get_tags': |
286 case 'get_tags': |
288 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
289 |
287 |
290 $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); |
288 $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); |
291 $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t |
289 $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t |
292 LEFT JOIN '.table_prefix.'page_groups AS pg |
290 LEFT JOIN '.table_prefix.'page_groups AS pg |
293 ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) |
291 ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) |
319 'can_del' => $can_del, |
317 'can_del' => $can_del, |
320 'acl' => ( $row['used_in_acl'] == 1 ) |
318 'acl' => ( $row['used_in_acl'] == 1 ) |
321 ); |
319 ); |
322 } |
320 } |
323 |
321 |
324 echo $json->encode($ret); |
322 echo enano_json_encode($ret); |
325 |
323 |
326 break; |
324 break; |
327 case 'addtag': |
325 case 'addtag': |
328 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
|
329 $resp = array( |
326 $resp = array( |
330 'success' => false, |
327 'success' => false, |
331 'error' => 'No error', |
328 'error' => 'No error', |
332 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ), |
329 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ), |
333 'in_acl' => false |
330 'in_acl' => false |
335 |
332 |
336 // first of course, are we allowed to tag pages? |
333 // first of course, are we allowed to tag pages? |
337 if ( !$session->get_permissions('tag_create') ) |
334 if ( !$session->get_permissions('tag_create') ) |
338 { |
335 { |
339 $resp['error'] = 'You are not permitted to tag pages.'; |
336 $resp['error'] = 'You are not permitted to tag pages.'; |
340 die($json->encode($resp)); |
337 die(enano_json_encode($resp)); |
341 } |
338 } |
342 |
339 |
343 // sanitize the tag name |
340 // sanitize the tag name |
344 $tag = sanitize_tag($_POST['tag']); |
341 $tag = sanitize_tag($_POST['tag']); |
345 $tag = $db->escape($tag); |
342 $tag = $db->escape($tag); |
346 |
343 |
347 if ( strlen($tag) < 2 ) |
344 if ( strlen($tag) < 2 ) |
348 { |
345 { |
349 $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.'; |
346 $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.'; |
350 die($json->encode($resp)); |
347 die(enano_json_encode($resp)); |
351 } |
348 } |
352 |
349 |
353 // check if tag is already on page |
350 // check if tag is already on page |
354 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); |
351 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); |
355 if ( !$q ) |
352 if ( !$q ) |
356 $db->_die(); |
353 $db->_die(); |
357 if ( $db->numrows() > 0 ) |
354 if ( $db->numrows() > 0 ) |
358 { |
355 { |
359 $resp['error'] = 'This page already has this tag.'; |
356 $resp['error'] = 'This page already has this tag.'; |
360 die($json->encode($resp)); |
357 die(enano_json_encode($resp)); |
361 } |
358 } |
362 $db->free_result(); |
359 $db->free_result(); |
363 |
360 |
364 // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access |
361 // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access |
365 $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ); |
362 $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ); |
367 if ( !$q ) |
364 if ( !$q ) |
368 $db->_die(); |
365 $db->_die(); |
369 if ( $db->numrows() > 0 && !$can_edit_acl ) |
366 if ( $db->numrows() > 0 && !$can_edit_acl ) |
370 { |
367 { |
371 $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.'; |
368 $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.'; |
372 die($json->encode($resp)); |
369 die(enano_json_encode($resp)); |
373 } |
370 } |
374 $resp['in_acl'] = ( $db->numrows() > 0 ); |
371 $resp['in_acl'] = ( $db->numrows() > 0 ); |
375 $db->free_result(); |
372 $db->free_result(); |
376 |
373 |
377 // we're good |
374 // we're good |