ajax.php
changeset 334 c72b545f1304
parent 326 ab66d6d1f1f4
child 335 67bd3121a12e
equal deleted inserted replaced
333:32429702305e 334:c72b545f1304
    45     $db = new $dbdriver();
    45     $db = new $dbdriver();
    46     
    46     
    47     $db->connect();
    47     $db->connect();
    48     
    48     
    49     // result is sent using JSON
    49     // result is sent using JSON
    50     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
    51     $return = Array(
    50     $return = Array(
    52         'mode' => 'success',
    51         'mode' => 'success',
    53         'users_real' => Array()
    52         'users_real' => Array()
    54       );
    53       );
    55     
    54     
    59     {
    58     {
    60       $return = array(
    59       $return = array(
    61         'mode' => 'error',
    60         'mode' => 'error',
    62         'error' => 'Invalid URI'
    61         'error' => 'Invalid URI'
    63       );
    62       );
    64       die( $json->encode($return) );
    63       die( enano_json_encode($return) );
    65     }
    64     }
    66     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
    65     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
    67     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
    66     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
    68     if ( !$q )
    67     if ( !$q )
    69     {
    68     {
    78     $db->free_result();
    77     $db->free_result();
    79     
    78     
    80     // all done! :-)
    79     // all done! :-)
    81     $db->close();
    80     $db->close();
    82     
    81     
    83     echo $json->encode( $return );
    82     echo enano_json_encode( $return );
    84     
    83     
    85     exit;
    84     exit;
    86   }
    85   }
    87  
    86  
    88   require('includes/common.php');
    87   require('includes/common.php');
   283       if ( !$e )
   282       if ( !$e )
   284         die( $db->get_error() );
   283         die( $db->get_error() );
   285       die('GOOD');
   284       die('GOOD');
   286       break;
   285       break;
   287     case 'get_tags':
   286     case 'get_tags':
   288       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
   289       
   287       
   290       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   288       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   291       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
   289       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
   292         LEFT JOIN '.table_prefix.'page_groups AS pg
   290         LEFT JOIN '.table_prefix.'page_groups AS pg
   293           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   291           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   319           'can_del' => $can_del,
   317           'can_del' => $can_del,
   320           'acl' => ( $row['used_in_acl'] == 1 )
   318           'acl' => ( $row['used_in_acl'] == 1 )
   321         );
   319         );
   322       }
   320       }
   323       
   321       
   324       echo $json->encode($ret);
   322       echo enano_json_encode($ret);
   325       
   323       
   326       break;
   324       break;
   327     case 'addtag':
   325     case 'addtag':
   328       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
       
   329       $resp = array(
   326       $resp = array(
   330           'success' => false,
   327           'success' => false,
   331           'error' => 'No error',
   328           'error' => 'No error',
   332           'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
   329           'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
   333           'in_acl' => false
   330           'in_acl' => false
   335       
   332       
   336       // first of course, are we allowed to tag pages?
   333       // first of course, are we allowed to tag pages?
   337       if ( !$session->get_permissions('tag_create') )
   334       if ( !$session->get_permissions('tag_create') )
   338       {
   335       {
   339         $resp['error'] = 'You are not permitted to tag pages.';
   336         $resp['error'] = 'You are not permitted to tag pages.';
   340         die($json->encode($resp));
   337         die(enano_json_encode($resp));
   341       }
   338       }
   342       
   339       
   343       // sanitize the tag name
   340       // sanitize the tag name
   344       $tag = sanitize_tag($_POST['tag']);
   341       $tag = sanitize_tag($_POST['tag']);
   345       $tag = $db->escape($tag);
   342       $tag = $db->escape($tag);
   346       
   343       
   347       if ( strlen($tag) < 2 )
   344       if ( strlen($tag) < 2 )
   348       {
   345       {
   349         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
   346         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
   350         die($json->encode($resp));
   347         die(enano_json_encode($resp));
   351       }
   348       }
   352       
   349       
   353       // check if tag is already on page
   350       // check if tag is already on page
   354       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
   351       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
   355       if ( !$q )
   352       if ( !$q )
   356         $db->_die();
   353         $db->_die();
   357       if ( $db->numrows() > 0 )
   354       if ( $db->numrows() > 0 )
   358       {
   355       {
   359         $resp['error'] = 'This page already has this tag.';
   356         $resp['error'] = 'This page already has this tag.';
   360         die($json->encode($resp));
   357         die(enano_json_encode($resp));
   361       }
   358       }
   362       $db->free_result();
   359       $db->free_result();
   363       
   360       
   364       // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
   361       // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
   365       $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
   362       $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
   367       if ( !$q )
   364       if ( !$q )
   368         $db->_die();
   365         $db->_die();
   369       if ( $db->numrows() > 0 && !$can_edit_acl )
   366       if ( $db->numrows() > 0 && !$can_edit_acl )
   370       {
   367       {
   371         $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
   368         $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
   372         die($json->encode($resp));
   369         die(enano_json_encode($resp));
   373       }
   370       }
   374       $resp['in_acl'] = ( $db->numrows() > 0 );
   371       $resp['in_acl'] = ( $db->numrows() > 0 );
   375       $db->free_result();
   372       $db->free_result();
   376       
   373       
   377       // we're good
   374       // we're good
   381       
   378       
   382       $resp['success'] = true;
   379       $resp['success'] = true;
   383       $resp['tag'] = $tag;
   380       $resp['tag'] = $tag;
   384       $resp['tag_id'] = $db->insert_id();
   381       $resp['tag_id'] = $db->insert_id();
   385       
   382       
   386       echo $json->encode($resp);
   383       echo enano_json_encode($resp);
   387       break;
   384       break;
   388     case 'deltag':
   385     case 'deltag':
   389       
   386       
   390       $tag_id = intval($_POST['tag_id']);
   387       $tag_id = intval($_POST['tag_id']);
   391       if ( empty($tag_id) )
   388       if ( empty($tag_id) )