diff -r 474f8be55943 -r ab66d6d1f1f4 includes/pageprocess.php --- a/includes/pageprocess.php Fri Dec 07 18:47:37 2007 -0500 +++ b/includes/pageprocess.php Wed Dec 19 22:55:40 2007 -0500 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.0.3 (Dyrad) * pageprocess.php - intelligent retrieval of pages * Copyright (C) 2006-2007 Dan Fuhry * @@ -15,6 +15,7 @@ /** * Class to handle fetching page text (possibly from a cache) and formatting it. + * As of 1.0.4, this also handles the fetching and editing of certain data for pages. * @package Enano * @subpackage UI * @copyright 2007 Dan Fuhry @@ -113,6 +114,13 @@ ); /** + * The list of errors raised in the class. + * @var array + */ + + var $_errors = array(); + + /** * Constructor. * @param string The page ID (urlname) of the page * @param string The namespace of the page @@ -313,6 +321,177 @@ } /** + * Fetches the wikitext or HTML source for the page. + * @return string + */ + + function fetch_source() + { + if ( !$this->perms->get_permissions('view_source') ) + { + return false; + } + if ( !$this->page_exists ) + { + return ''; + } + return $this->fetch_text(); + } + + /** + * Updates the content of the page. + * @param string The new text for the page + * @param string A summary of edits made to the page. + * @return bool True on success, false on failure + */ + + function update_page($text, $edit_summary = false) + { + global $db, $session, $paths, $template, $plugins; // Common objects + + // Create the page if it doesn't exist + if ( !$this->page_exists ) + { + if ( !$this->create_page() ) + { + return false; + } + } + + // + // Validation + // + + $page_id = $db->escape($this->page_id); + $namespace = $db->escape($this->namespace); + + $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';"); + if ( !$q ) + $db->_die('PageProcess updating page content'); + if ( $db->numrows() < 1 ) + { + $this->raise_error('Page doesn\'t exist in the database'); + return false; + } + + // Do we have permission to edit the page? + if ( !$this->perms->get_permissions('edit_page') ) + { + $this->raise_error('You do not have permission to edit this page.'); + return false; + } + + list($protection) = $db->fetchrow_num(); + $db->free_result(); + + if ( $protection == 1 ) + { + // The page is protected - do we have permission to edit protected pages? + if ( !$this->perms->get_permissions('even_when_protected') ) + { + $this->raise_error('This page is protected, and you do not have permission to edit protected pages.'); + return false; + } + } + else if ( $protection == 2 ) + { + // The page is semi-protected. + if ( + ( !$session->user_logged_in || // Is the user logged in? + ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days? + && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection? + { + $this->raise_error('This page is protected, and you do not have permission to edit protected pages.'); + return false; + } + } + + // Protection validated + + } + + /** + * Creates the page if it doesn't already exist. + * @return bool True on success, false on failure. + */ + + function create_page() + { + global $db, $session, $paths, $template, $plugins; // Common objects + + // Do we have permission to create the page? + if ( !$this->perms->get_permissions('create_page') ) + { + $this->raise_error('You do not have permission to create this page.'); + return false; + } + + // Does it already exist? + if ( $this->page_exists ) + { + $this->raise_error('The page already exists.'); + return false; + } + + // It's not in there. Perform validation. + + // We can't create special, admin, or external pages. + if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'Anonymous' ) + { + $this->raise_error('You cannot create Special or Admin pages - they can\'t be stored in the database.'); + return false; + } + + // Guess the proper title + $name = dirtify_page_id($this->page_id); + + // Check for the restricted Project: prefix + if ( substr($this->page_id, 0, 8) == 'Project:' ) + { + $this->raise_error('The prefix "Project:" is reserved for internal links and can\'t be used on a page name.'); + return false; + } + + // Validation successful - insert the page + + $metadata = array( + 'urlname' => $this->page_id, + 'namespace' => $this->namespace, + 'name' => $name, + 'special' => 0, + 'visible' => 1, + 'comments_on' => 1, + 'protected' => ( $this->namespace == 'System' ? 1 : 0 ), + 'delvotes' => 0, + 'delvote_ips' => serialize(array()), + 'wiki_mode' => 2 + ); + + $paths->add_page($metadata); + + $page_id = $db->escape($this->page_id); + $namespace = $db->escape($this->namespace); + $name = $db->escape($name); + $protect = ( $this->namespace == 'System' ) ? '1' : '0'; + $blank_array = $db->escape(serialize(array())); + + // Query 1: Metadata entry + $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, protected, delvotes, delvote_ips, wiki_mode)\n" + . "VALUES ( '$name', '$page_id', '$namespace', $protect, 0, '$blank_array', 2 );"); + if ( !$q ) + $db->_die('PageProcessor page creation - metadata stage'); + + // Query 2: Text insertion + $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n" + . "VALUES ( '$page_id', '$namespace', '' );"); + if ( !$q ) + $db->_die('PageProcessor page creation - text stage'); + + // Page created. We're good! + return true; + } + + /** * Sets internal variables. * @access private */ @@ -337,7 +516,7 @@ } // Does the page "exist"? - if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) + if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) { $this->page_exists = false; } @@ -355,7 +534,7 @@ { $page_id = str_replace('.2e', '.', $page_id); - if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) + if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) { $this->page_exists = false; } @@ -457,7 +636,7 @@ if ( $this->revision_id ) { - echo '
Notice:
The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.
View current version | Restore this version

'; + echo '
Notice:
The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.
View current version | Restore this version

'; } if ( $redir_enabled ) @@ -628,7 +807,7 @@ global $email; $page_urlname = dirtify_page_id($this->page_id); - if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace ) + if ( $this->page_id == $paths->page_id && $this->namespace == $paths->namespace ) { $page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id; } @@ -667,7 +846,7 @@ LEFT JOIN '.table_prefix.'comments AS c ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) ) WHERE u.username=\'' . $db->escape($target_username) . '\' - GROUP BY u.user_id;'); + GROUP BY u.username, u.user_id, u.real_name, u.email, u.reg_time,x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;'); if ( !$q ) $db->_die(); @@ -805,7 +984,13 @@ echo ''; echo ''; - + + $code = $plugins->setHook('userpage_sidebar_left'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + echo ' '; @@ -921,6 +1106,12 @@ echo '' . htmlspecialchars($target_username) . ' hasn\'t posted any real-life contact information.'; } + $code = $plugins->setHook('userpage_sidebar_right'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + echo ' '; @@ -1247,6 +1438,30 @@ } + /** + * Raises an error. + * @param string Error string + */ + + function raise_error($string) + { + if ( !is_string($string) ) + return false; + $this->_errors[] = $string; + } + + /** + * Retrieves the latest error from the error stack and returns it ('pops' the error stack) + * @return string + */ + + function pop_error() + { + if ( count($this->_errors) < 1 ) + return false; + return array_pop($this->_errors); + } + } // class PageProcessor ?>