diff -r de56132c008d -r bdac73ed481e plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sun Mar 28 21:49:26 2010 -0400 +++ b/plugins/SpecialAdmin.php Sun Mar 28 23:10:46 2010 -0400 @@ -1,12 +1,12 @@ attachHook('base_classes_initted', 'SpecialAdmin_include();'); function SpecialAdmin_include() { - global $db, $session, $paths, $template, $plugins; // Common objects - - // Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1. - // Only load these files if we're looking to load the admin panel - list($pid, $ns) = RenderMan::strToPageID($paths->get_pageid_from_url()); - if ( $ns == 'Admin' || ( $pid == 'Administration' && $ns == 'Special' ) ) - { - require(ENANO_ROOT . '/plugins/admin/Home.php'); - require(ENANO_ROOT . '/plugins/admin/PageManager.php'); - require(ENANO_ROOT . '/plugins/admin/PageEditor.php'); - require(ENANO_ROOT . '/plugins/admin/PageGroups.php'); - require(ENANO_ROOT . '/plugins/admin/GroupManager.php'); - require(ENANO_ROOT . '/plugins/admin/SecurityLog.php'); - require(ENANO_ROOT . '/plugins/admin/UserManager.php'); - require(ENANO_ROOT . '/plugins/admin/UserRanks.php'); - require(ENANO_ROOT . '/plugins/admin/LangManager.php'); - require(ENANO_ROOT . '/plugins/admin/ThemeManager.php'); - require(ENANO_ROOT . '/plugins/admin/PluginManager.php'); - require(ENANO_ROOT . '/plugins/admin/CacheManager.php'); - } + global $db, $session, $paths, $template, $plugins; // Common objects + + // Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1. + // Only load these files if we're looking to load the admin panel + list($pid, $ns) = RenderMan::strToPageID($paths->get_pageid_from_url()); + if ( $ns == 'Admin' || ( $pid == 'Administration' && $ns == 'Special' ) ) + { + require(ENANO_ROOT . '/plugins/admin/Home.php'); + require(ENANO_ROOT . '/plugins/admin/PageManager.php'); + require(ENANO_ROOT . '/plugins/admin/PageEditor.php'); + require(ENANO_ROOT . '/plugins/admin/PageGroups.php'); + require(ENANO_ROOT . '/plugins/admin/GroupManager.php'); + require(ENANO_ROOT . '/plugins/admin/SecurityLog.php'); + require(ENANO_ROOT . '/plugins/admin/UserManager.php'); + require(ENANO_ROOT . '/plugins/admin/UserRanks.php'); + require(ENANO_ROOT . '/plugins/admin/LangManager.php'); + require(ENANO_ROOT . '/plugins/admin/ThemeManager.php'); + require(ENANO_ROOT . '/plugins/admin/PluginManager.php'); + require(ENANO_ROOT . '/plugins/admin/CacheManager.php'); + } } // For convenience and nothing more. function acp_start_form() { - global $db, $session, $paths, $template, $plugins; // Common objects - echo '
'; + global $db, $session, $paths, $template, $plugins; // Common objects + echo ''; } // function names are IMPORTANT!!! The name pattern is: page__ function page_Admin_GeneralConfig() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - global $cache; - - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - // FIXME: is this a bad place for this? I couldn't think of anything much better. Not helped by the fact that I hate misc scripts. - if ( isset($_POST['act']) && $_POST['act'] === 'gzip_check' ) - { - global $is_https; - header('Content-type: application/json'); - require(ENANO_ROOT . '/includes/http.php'); - try - { - if ( !isset($_SERVER['SERVER_ADDR']) ) - throw new Exception('No SERVER_ADDR support - can\'t test server environment'); - - $server_addr = $_SERVER['SERVER_ADDR']; - // cheap ipv6 test - if ( strstr($server_addr, ":") ) - $server_addr = "[$server_addr]"; - - $req = new Request_HTTP($server_addr, makeUrlNS('System', 'GzipTest', 'disable_builtin_gzip'), 'GET', intval($_SERVER['SERVER_PORT']), $is_https); - $req->add_header('Accept-Encoding', 'gzip,deflate'); - $headers = $req->get_response_headers_array(); - $send = array( - 'server_does_it' => ( isset($headers['Content-encoding']) && in_array($headers['Content-encoding'], array('gzip', 'deflate')) ), - 'php_supports_gzip' => function_exists('gzdeflate') - ); - } - catch ( Exception $e ) - { - $send = array( - 'mode' => 'error', - 'error' => "HTTP request exception: 
$e
" - ); - } - echo enano_json_encode($send); - return; - } - - if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') ) - { - - // Global site options - setConfig('site_name', $_POST['site_name']); - setConfig('site_desc', $_POST['site_desc']); - setConfig('main_page', sanitize_page_id($_POST['main_page'])); - setConfig('copyright_notice', $_POST['copyright']); - setConfig('contact_email', $_POST['contact_email']); - - setConfig('main_page_alt_enable', ( isset($_POST['main_page_alt_enable']) && $_POST['main_page_alt_enable'] === '1' ? '1' : '0' )); - if ( !empty($_POST['main_page_alt']) ) - { - setConfig('main_page_alt', sanitize_page_id($_POST['main_page_alt'])); - } - - // Wiki mode - if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1'); - else setConfig('wiki_mode', '0'); - if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1'); - else setConfig('wiki_mode_require_login', '0'); - if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1'); - else setConfig('wiki_edit_notice', '0'); - setConfig('wiki_edit_notice_text', $_POST['editmsg_text']); - $cache->purge('wiki_edit_notice'); - if(isset($_POST['guest_edit_require_captcha'])) setConfig('guest_edit_require_captcha', '1'); - else setConfig('guest_edit_require_captcha', '0'); - - // Stats - if(isset($_POST['log_hits'])) setConfig('log_hits', '1'); - else setConfig('log_hits', '0'); - - // Disablement - if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); } - else setConfig('site_disabled', '0'); - - // Account activation - setConfig('account_activation', $_POST['account_activation']); - - // W3C compliance buttons - if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1"); - else setConfig("w3c_vh32", "0"); - if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1"); - else setConfig("w3c_vh40", "0"); - if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1"); - else setConfig("w3c_vh401", "0"); - if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1"); - else setConfig("w3c_vxhtml10", "0"); - if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1"); - else setConfig("w3c_vxhtml11", "0"); - if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1"); - else setConfig("w3c_vcss", "0"); - - // SourceForge.net logo - if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1'); - else setConfig('sflogo_enabled', '0'); - setConfig('sflogo_groupid', $_POST['sfgroup']); - setConfig('sflogo_type', $_POST['sflogo']); - - // Comment options - if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1'); - else setConfig('approve_comments', '0'); - if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1'); - else setConfig('enable_comments', '0'); - setConfig('comments_need_login', $_POST['comments_need_login']); - if ( in_array($_POST['comment_spam_policy'], array('moderate', 'reject', 'accept')) ) - { - setConfig('comment_spam_policy', $_POST['comment_spam_policy']); - } - - // Powered by link - if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1'); - else setConfig('powered_btn', '0'); - - if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1'); - else setConfig('dbd_button', '0'); - - if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0'); - else setConfig('smtp_enabled', '1'); - - setConfig('smtp_server', $_POST['smtp_host']); - setConfig('smtp_user', $_POST['smtp_user']); - if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']); - - // Password strength - if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1'); - else setConfig('pw_strength_enable', '0'); - - $strength = intval($_POST['pw_strength_minimum']); - if ( $strength >= -10 && $strength <= 30 ) - { - $strength = strval($strength); - setConfig('pw_strength_minimum', $strength); - } - - // Default theme - $default_theme = ( isset($template->named_theme_list[@$_POST['default_theme']]) ) ? $_POST['default_theme'] : $template->theme_list[0]['theme_id']; - setConfig('theme_default', $default_theme); - - // Breadcrumb mode - if ( in_array($_POST['breadcrumb_mode'], array('subpages', 'always', 'never')) ) - { - setConfig('breadcrumb_mode', $_POST['breadcrumb_mode']); - } - - // CDN path - if ( preg_match('/^http:\/\//', $_POST['cdn_path']) || $_POST['cdn_path'] === '' ) - { - // trim off a trailing slash - setConfig('cdn_path', preg_replace('#/$#', '', $_POST['cdn_path'])); - } - - setConfig('register_tou', RenderMan::preprocess_text($_POST['register_tou'], true, false)); - - // Account lockout policy - if ( ctype_digit($_POST['lockout_threshold']) ) - setConfig('lockout_threshold', $_POST['lockout_threshold']); - - if ( ctype_digit($_POST['lockout_duration']) ) - setConfig('lockout_duration', $_POST['lockout_duration']); - - if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) ) - setConfig('lockout_policy', $_POST['lockout_policy']); - - // Session time - foreach ( array('session_short_time', 'session_remember_time') as $k ) - { - if ( strval(intval($_POST[$k])) === $_POST[$k] && intval($_POST[$k]) >= 0 ) - { - setConfig($k, $_POST[$k]); - } - } - - // Avatar settings - setConfig('avatar_enable', ( isset($_POST['avatar_enable']) ? '1' : '0' )); - // for these next three values, set the config value if it's a valid integer; this is - // done by using strval(intval($foo)) === $foo, which flattens $foo to an integer and - // then converts it back to a string. This effectively verifies that var $foo is both - // set and that it's a valid string representing an integer. - setConfig('avatar_max_size', ( strval(intval($_POST['avatar_max_size'])) === $_POST['avatar_max_size'] ? $_POST['avatar_max_size'] : '10240' )); - setConfig('avatar_max_width', ( strval(intval($_POST['avatar_max_width'])) === $_POST['avatar_max_width'] ? $_POST['avatar_max_width'] : '96' )); - setConfig('avatar_max_height', ( strval(intval($_POST['avatar_max_height'])) === $_POST['avatar_max_height'] ? $_POST['avatar_max_height'] : '96' )); - setConfig('avatar_enable_anim', ( isset($_POST['avatar_enable_anim']) ? '1' : '0' )); - setConfig('avatar_upload_file', ( isset($_POST['avatar_upload_file']) ? '1' : '0' )); - setConfig('avatar_upload_http', ( isset($_POST['avatar_upload_http']) ? '1' : '0' )); - setConfig('avatar_upload_gravatar', ( isset($_POST['avatar_upload_gravatar']) ? '1' : '0' )); - if ( in_array($_POST['gravatar_rating'], array('g', 'pg', 'r', 'x')) ) - { - setConfig('gravatar_rating', $_POST['gravatar_rating']); - } - - setConfig('avatar_directory', 'files/avatars'); - - setConfig('userpage_grant_acl', ( isset($_POST['userpage_grant_acl']) ? '1' : '0' )); - setConfig('gzip_output', ( isset($_POST['gzip_output']) ? '1' : '0' )); - - // Allow plugins to save their changes - $code = $plugins->setHook('acp_general_save'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - - echo '
' . $lang->get('acpgc_msg_save_success') . '

'; - - } - else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') ) - { - echo '
Saving the general site configuration is blocked in the administration demo.
'; - } - echo(''); - ?> -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - setHook('acp_general_basic'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - ?> - -
get('acpgc_heading_main'); ?>
get('acpgc_heading_submain'); ?>
- get('acpgc_field_site_name'); ?> - - -
- get('acpgc_field_site_desc'); ?> - - -
- get('acpgc_field_main_page'); ?> - pagename_field('main_page', sanitize_page_id(getConfig('main_page', 'Main_Page'))); ?>
-
- -
- get('acpgc_field_copyright'); ?> - - -
- get('acpgc_field_copyright_hint'); ?> -
- get('acpgc_field_contactemail'); ?>
- get('acpgc_field_contactemail_hint'); ?> - 		- -
get('acpgc_heading_wikimode'); ?>
- get('acpgc_field_wikimode_intro'); ?>

- get('acpgc_field_wikimode_info_sanitize'); ?>

- get('acpgc_field_wikimode_info_history'); ?> - 		- /> -
- get('acpgc_field_editnotice_title'); ?>
- get('acpgc_field_editnotice_info'); ?> - 		- /> - -
- -
- get('acpgc_field_edit_require_captcha_title'); ?>
- get('acpgc_field_edit_require_captcha_hint'); ?> - 		- -
get('acpgc_heading_stats'); ?>
- get('acpgc_stats_intro'); ?>

- get('acpgc_stats_hint_privacy'); ?> - 		-
- get('acpgc_field_stats_hint'); ?> -
- get('acpgc_heading_comments'); ?> -
- - - /> -
- - - /> -
- get('acpgc_field_comment_allow_guests'); ?> - - - - -
- get('acpgc_field_comment_spam_policy'); ?>
- get('acpgc_field_comment_spam_policy_hint'); ?> - 		-
-
- -
get('acpgc_heading_disablesite'); ?>
- get('acpgc_field_disablesite_hint'); ?> - - -
- -
get('acpgc_heading_default_theme'); ?>
- get('acpgc_field_default_theme'); ?> - - -
- get('acpgc_field_breadcrumb_mode'); ?> - - -
-

- get('acpgc_field_cdn_path'); ?>
- get('acpgc_field_cdn_path_hint'); ?> -

-

- get('acpgc_field_cdn_path_example'); ?> -

- 		- -
- get('acpgc_field_gzip'); ?>
- get('acpgc_field_gzip_hint'); ?>
-
- get('acpgc_field_gzip_btn_check'); ?> - 		-
- -
-
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - setHook('acp_general_users'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - ?> - -
get('acpgc_heading_users'); ?>
get('acpgc_heading_activate'); ?>
- get('acpgc_activate_intro_line1'); ?>

- get('acpgc_activate_intro_line2'); ?>

- get('acpgc_activate_intro_sfnet_warning'); ?> -
get('acpgc_field_activate'); ?> - ' . $lang->get('acpgc_field_activate_disable') . '
'; - echo ''; - echo ''; - echo ''; - ?> -
- get('acpgc_heading_tou'); ?> -
- get('acpgc_field_tou'); ?>
- get('acpgc_field_tou_hint'); ?> - 		- tinymce_textarea('register_tou', $terms, 10, 40); - ?> -
get('acpgc_heading_lockout'); ?>
get('acpgc_lockout_intro'); ?>
get('acpgc_field_lockout_threshold'); ?>
- get('acpgc_field_lockout_threshold_hint'); ?> - 		- -
get('acpgc_field_lockout_duration'); ?>
- get('acpgc_field_lockout_duration_hint'); ?> - 		- -
get('acpgc_field_lockout_policy'); ?>
- get('acpgc_field_lockout_policy_hint'); ?> - 		-
-
- -
get('acpgc_heading_passstrength'); ?>
- get('acpgc_field_passstrength_title'); ?>
- get('acpgc_field_passstrength_hint'); ?> - 		- -
- get('acpgc_field_passminimum_title'); ?>
- get('acpgc_field_passminimum_hint'); ?> - 		- -
- get('acpgc_heading_email'); ?> -
- get('acpgc_field_email_method'); ?>
- get('acpgc_field_email_method_hint'); ?> - 		- - -
- - -
- get('acpgc_field_email_smtp_hostname'); ?>
- get('acpgc_field_email_smtp_hostname_hint'); ?> - 		- -
- get('acpgc_field_email_smtp_auth'); ?>
- get('acpgc_field_email_smtp_hostname_hint'); ?> - 		- get('acpgc_field_email_smtp_username'); ?>
- get('acpgc_field_email_smtp_password'); ?> -
get('acpgc_heading_sessions'); ?>
get('acpgc_hint_sessions_noelev'); ?>
- get('acpgc_field_short_time'); ?>
- get('acpgc_field_short_time_hint'); ?> - 		- -
- get('acpgc_field_long_time'); ?>
- get('acpgc_field_long_time_hint'); ?> - 		- -
get('acpgc_heading_avatars'); ?>
- get('acpgc_avatars_intro'); ?> - -
- get('acpgc_field_avatar_enable'); ?>
- get('acpgc_field_avatar_enable_hint'); ?> - 		- -
- get('acpgc_field_avatar_max_filesize'); ?>
- get('acpgc_field_avatar_max_filesize_hint'); ?> - 		- /> get('etc_unit_bytes'); ?> -
- get('acpgc_field_avatar_max_dimensions'); ?>
- get('acpgc_field_avatar_max_dimensions_hint'); ?> - 		- /> × - /> get('etc_unit_pixels'); ?> -
- get('acpgc_field_avatar_allow_anim_title'); ?>
- get('acpgc_field_avatar_allow_anim_hint'); ?> - 		- -
- get('acpgc_field_avatar_upload_methods'); ?>
- - 		- - -
- - - -
- - - -
- -
- - - get('acpgc_field_avatar_gravatar_rating'); ?> - - - - - -
- - -
-
get('acpgc_heading_usermisc'); ?>
- get('acpgc_field_userpage_acl_title'); ?>
- - get('acpgc_field_userpage_acl_hint'); ?> - - 		- -
-
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + global $cache; + + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + // FIXME: is this a bad place for this? I couldn't think of anything much better. Not helped by the fact that I hate misc scripts. + if ( isset($_POST['act']) && $_POST['act'] === 'gzip_check' ) + { + global $is_https; + header('Content-type: application/json'); + require(ENANO_ROOT . '/includes/http.php'); + try + { + if ( !isset($_SERVER['SERVER_ADDR']) ) + throw new Exception('No SERVER_ADDR support - can\'t test server environment'); + + $server_addr = $_SERVER['SERVER_ADDR']; + // cheap ipv6 test + if ( strstr($server_addr, ":") ) + $server_addr = "[$server_addr]"; + + $req = new Request_HTTP($server_addr, makeUrlNS('System', 'GzipTest', 'disable_builtin_gzip'), 'GET', intval($_SERVER['SERVER_PORT']), $is_https); + $req->add_header('Accept-Encoding', 'gzip,deflate'); + $headers = $req->get_response_headers_array(); + $send = array( + 'server_does_it' => ( isset($headers['Content-encoding']) && in_array($headers['Content-encoding'], array('gzip', 'deflate')) ), + 'php_supports_gzip' => function_exists('gzdeflate') + ); + } + catch ( Exception $e ) + { + $send = array( + 'mode' => 'error', + 'error' => "HTTP request exception: 
$e
" + ); + } + echo enano_json_encode($send); + return; + } + + if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') ) + { + + // Global site options + setConfig('site_name', $_POST['site_name']); + setConfig('site_desc', $_POST['site_desc']); + setConfig('main_page', sanitize_page_id($_POST['main_page'])); + setConfig('copyright_notice', $_POST['copyright']); + setConfig('contact_email', $_POST['contact_email']); + + setConfig('main_page_alt_enable', ( isset($_POST['main_page_alt_enable']) && $_POST['main_page_alt_enable'] === '1' ? '1' : '0' )); + if ( !empty($_POST['main_page_alt']) ) + { + setConfig('main_page_alt', sanitize_page_id($_POST['main_page_alt'])); + } + + // Wiki mode + if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1'); + else setConfig('wiki_mode', '0'); + if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1'); + else setConfig('wiki_mode_require_login', '0'); + if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1'); + else setConfig('wiki_edit_notice', '0'); + setConfig('wiki_edit_notice_text', $_POST['editmsg_text']); + $cache->purge('wiki_edit_notice'); + if(isset($_POST['guest_edit_require_captcha'])) setConfig('guest_edit_require_captcha', '1'); + else setConfig('guest_edit_require_captcha', '0'); + + // Stats + if(isset($_POST['log_hits'])) setConfig('log_hits', '1'); + else setConfig('log_hits', '0'); + + // Disablement + if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); } + else setConfig('site_disabled', '0'); + + // Account activation + setConfig('account_activation', $_POST['account_activation']); + + // W3C compliance buttons + if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1"); + else setConfig("w3c_vh32", "0"); + if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1"); + else setConfig("w3c_vh40", "0"); + if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1"); + else setConfig("w3c_vh401", "0"); + if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1"); + else setConfig("w3c_vxhtml10", "0"); + if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1"); + else setConfig("w3c_vxhtml11", "0"); + if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1"); + else setConfig("w3c_vcss", "0"); + + // SourceForge.net logo + if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1'); + else setConfig('sflogo_enabled', '0'); + setConfig('sflogo_groupid', $_POST['sfgroup']); + setConfig('sflogo_type', $_POST['sflogo']); + + // Comment options + if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1'); + else setConfig('approve_comments', '0'); + if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1'); + else setConfig('enable_comments', '0'); + setConfig('comments_need_login', $_POST['comments_need_login']); + if ( in_array($_POST['comment_spam_policy'], array('moderate', 'reject', 'accept')) ) + { + setConfig('comment_spam_policy', $_POST['comment_spam_policy']); + } + + // Powered by link + if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1'); + else setConfig('powered_btn', '0'); + + if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1'); + else setConfig('dbd_button', '0'); + + if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0'); + else setConfig('smtp_enabled', '1'); + + setConfig('smtp_server', $_POST['smtp_host']); + setConfig('smtp_user', $_POST['smtp_user']); + if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']); + + // Password strength + if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1'); + else setConfig('pw_strength_enable', '0'); + + $strength = intval($_POST['pw_strength_minimum']); + if ( $strength >= -10 && $strength <= 30 ) + { + $strength = strval($strength); + setConfig('pw_strength_minimum', $strength); + } + + // Default theme + $default_theme = ( isset($template->named_theme_list[@$_POST['default_theme']]) ) ? $_POST['default_theme'] : $template->theme_list[0]['theme_id']; + setConfig('theme_default', $default_theme); + + // Breadcrumb mode + if ( in_array($_POST['breadcrumb_mode'], array('subpages', 'always', 'never')) ) + { + setConfig('breadcrumb_mode', $_POST['breadcrumb_mode']); + } + + // CDN path + if ( preg_match('/^http:\/\//', $_POST['cdn_path']) || $_POST['cdn_path'] === '' ) + { + // trim off a trailing slash + setConfig('cdn_path', preg_replace('#/$#', '', $_POST['cdn_path'])); + } + + setConfig('register_tou', RenderMan::preprocess_text($_POST['register_tou'], true, false)); + + // Account lockout policy + if ( ctype_digit($_POST['lockout_threshold']) ) + setConfig('lockout_threshold', $_POST['lockout_threshold']); + + if ( ctype_digit($_POST['lockout_duration']) ) + setConfig('lockout_duration', $_POST['lockout_duration']); + + if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) ) + setConfig('lockout_policy', $_POST['lockout_policy']); + + // Session time + foreach ( array('session_short_time', 'session_remember_time') as $k ) + { + if ( strval(intval($_POST[$k])) === $_POST[$k] && intval($_POST[$k]) >= 0 ) + { + setConfig($k, $_POST[$k]); + } + } + + // Avatar settings + setConfig('avatar_enable', ( isset($_POST['avatar_enable']) ? '1' : '0' )); + // for these next three values, set the config value if it's a valid integer; this is + // done by using strval(intval($foo)) === $foo, which flattens $foo to an integer and + // then converts it back to a string. This effectively verifies that var $foo is both + // set and that it's a valid string representing an integer. + setConfig('avatar_max_size', ( strval(intval($_POST['avatar_max_size'])) === $_POST['avatar_max_size'] ? $_POST['avatar_max_size'] : '10240' )); + setConfig('avatar_max_width', ( strval(intval($_POST['avatar_max_width'])) === $_POST['avatar_max_width'] ? $_POST['avatar_max_width'] : '96' )); + setConfig('avatar_max_height', ( strval(intval($_POST['avatar_max_height'])) === $_POST['avatar_max_height'] ? $_POST['avatar_max_height'] : '96' )); + setConfig('avatar_enable_anim', ( isset($_POST['avatar_enable_anim']) ? '1' : '0' )); + setConfig('avatar_upload_file', ( isset($_POST['avatar_upload_file']) ? '1' : '0' )); + setConfig('avatar_upload_http', ( isset($_POST['avatar_upload_http']) ? '1' : '0' )); + setConfig('avatar_upload_gravatar', ( isset($_POST['avatar_upload_gravatar']) ? '1' : '0' )); + if ( in_array($_POST['gravatar_rating'], array('g', 'pg', 'r', 'x')) ) + { + setConfig('gravatar_rating', $_POST['gravatar_rating']); + } + + setConfig('avatar_directory', 'files/avatars'); + + setConfig('userpage_grant_acl', ( isset($_POST['userpage_grant_acl']) ? '1' : '0' )); + setConfig('gzip_output', ( isset($_POST['gzip_output']) ? '1' : '0' )); + + // Allow plugins to save their changes + $code = $plugins->setHook('acp_general_save'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + echo '
' . $lang->get('acpgc_msg_save_success') . '

'; + + } + else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') ) + { + echo '
Saving the general site configuration is blocked in the administration demo.
'; + } + echo(''); + ?> +
+
get('acpgc_heading_sidebar'); ?>
get('acpgc_heading_promoteenano'); ?>
- get('acpgc_field_enano_link_title'); ?>
- get('acpgc_field_enano_link_hint'); ?> - 		- -
get('acpgc_heading_sfnet_logo'); ?>
- get('acpgc_sfnet_intro'); ?> -
get('acpgc_field_sfnet_display'); ?> />
get('acpgc_field_sfnet_group_id'); ?>
get('acpgc_field_sfnet_logo_style'); ?> - -
get('acpgc_heading_w3clogos'); ?>
get('acpgc_w3clogos_intro'); ?>
id="w3c-vh32" name="w3c-vh32" />
id="w3c-vh40" name="w3c-vh40" />
id="w3c-vh401" name="w3c-vh401" />
id="w3c-vxhtml10" name="w3c-vxhtml10" />
id="w3c-vxhtml11" name="w3c-vxhtml11" />
id="w3c-vcss" name="w3c-vcss" />
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + > + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + setHook('acp_general_basic'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + ?> + +
get('acpgc_heading_main'); ?>
get('acpgc_heading_submain'); ?>
+ get('acpgc_field_site_name'); ?> + + +
+ get('acpgc_field_site_desc'); ?> + + +
+ get('acpgc_field_main_page'); ?> + pagename_field('main_page', sanitize_page_id(getConfig('main_page', 'Main_Page'))); ?>
+
+ +
+ get('acpgc_field_copyright'); ?> + + +
+ get('acpgc_field_copyright_hint'); ?> +
+ get('acpgc_field_contactemail'); ?>
+ get('acpgc_field_contactemail_hint'); ?> + 		+ +
get('acpgc_heading_wikimode'); ?>
+ get('acpgc_field_wikimode_intro'); ?>

+ get('acpgc_field_wikimode_info_sanitize'); ?>

+ get('acpgc_field_wikimode_info_history'); ?> + 		+ /> +
+ get('acpgc_field_editnotice_title'); ?>
+ get('acpgc_field_editnotice_info'); ?> + 		+ /> + +
+ +
+ get('acpgc_field_edit_require_captcha_title'); ?>
+ get('acpgc_field_edit_require_captcha_hint'); ?> + 		+ +
get('acpgc_heading_stats'); ?>
+ get('acpgc_stats_intro'); ?>

+ get('acpgc_stats_hint_privacy'); ?> + 		+
+ get('acpgc_field_stats_hint'); ?> +
+ get('acpgc_heading_comments'); ?> +
+ + + /> +
+ + + /> +
+ get('acpgc_field_comment_allow_guests'); ?> + + + + +
+ get('acpgc_field_comment_spam_policy'); ?>
+ get('acpgc_field_comment_spam_policy_hint'); ?> + 		+
+
+ +
get('acpgc_heading_disablesite'); ?>
+ get('acpgc_field_disablesite_hint'); ?> + + +
+ +
get('acpgc_heading_default_theme'); ?>
+ get('acpgc_field_default_theme'); ?> + + +
+ get('acpgc_field_breadcrumb_mode'); ?> + + +
+

+ get('acpgc_field_cdn_path'); ?>
+ get('acpgc_field_cdn_path_hint'); ?> +

+

+ get('acpgc_field_cdn_path_example'); ?> +

+ 		+ +
+ get('acpgc_field_gzip'); ?>
+ get('acpgc_field_gzip_hint'); ?>
+
+ get('acpgc_field_gzip_btn_check'); ?> + 		+
+ +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + setHook('acp_general_users'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + ?> + +
get('acpgc_heading_users'); ?>
get('acpgc_heading_activate'); ?>
+ get('acpgc_activate_intro_line1'); ?>

+ get('acpgc_activate_intro_line2'); ?>

+ get('acpgc_activate_intro_sfnet_warning'); ?> +
get('acpgc_field_activate'); ?> + ' . $lang->get('acpgc_field_activate_disable') . '
'; + echo ''; + echo ''; + echo ''; + ?> +
+ get('acpgc_heading_tou'); ?> +
+ get('acpgc_field_tou'); ?>
+ get('acpgc_field_tou_hint'); ?> + 		+ tinymce_textarea('register_tou', $terms, 10, 40); + ?> +
get('acpgc_heading_lockout'); ?>
get('acpgc_lockout_intro'); ?>
get('acpgc_field_lockout_threshold'); ?>
+ get('acpgc_field_lockout_threshold_hint'); ?> + 		+ +
get('acpgc_field_lockout_duration'); ?>
+ get('acpgc_field_lockout_duration_hint'); ?> + 		+ +
get('acpgc_field_lockout_policy'); ?>
+ get('acpgc_field_lockout_policy_hint'); ?> + 		+
+
+ +
get('acpgc_heading_passstrength'); ?>
+ get('acpgc_field_passstrength_title'); ?>
+ get('acpgc_field_passstrength_hint'); ?> + 		+ +
+ get('acpgc_field_passminimum_title'); ?>
+ get('acpgc_field_passminimum_hint'); ?> + 		+ +
+ get('acpgc_heading_email'); ?> +
+ get('acpgc_field_email_method'); ?>
+ get('acpgc_field_email_method_hint'); ?> + 		+ + +
+ + +
+ get('acpgc_field_email_smtp_hostname'); ?>
+ get('acpgc_field_email_smtp_hostname_hint'); ?> + 		+ +
+ get('acpgc_field_email_smtp_auth'); ?>
+ get('acpgc_field_email_smtp_hostname_hint'); ?> + 		+ get('acpgc_field_email_smtp_username'); ?>
+ get('acpgc_field_email_smtp_password'); ?> +
get('acpgc_heading_sessions'); ?>
get('acpgc_hint_sessions_noelev'); ?>
+ get('acpgc_field_short_time'); ?>
+ get('acpgc_field_short_time_hint'); ?> + 		+ +
+ get('acpgc_field_long_time'); ?>
+ get('acpgc_field_long_time_hint'); ?> + 		+ +
get('acpgc_heading_avatars'); ?>
+ get('acpgc_avatars_intro'); ?> + +
+ get('acpgc_field_avatar_enable'); ?>
+ get('acpgc_field_avatar_enable_hint'); ?> + 		+ +
+ get('acpgc_field_avatar_max_filesize'); ?>
+ get('acpgc_field_avatar_max_filesize_hint'); ?> + 		+ /> get('etc_unit_bytes'); ?> +
+ get('acpgc_field_avatar_max_dimensions'); ?>
+ get('acpgc_field_avatar_max_dimensions_hint'); ?> + 		+ /> × + /> get('etc_unit_pixels'); ?> +
+ get('acpgc_field_avatar_allow_anim_title'); ?>
+ get('acpgc_field_avatar_allow_anim_hint'); ?> + 		+ +
+ get('acpgc_field_avatar_upload_methods'); ?>
+ + 		+ + +
+ + + +
+ + + +
+ +
+ + + get('acpgc_field_avatar_gravatar_rating'); ?> + + + + + +
+ + +
+
get('acpgc_heading_usermisc'); ?>
+ get('acpgc_field_userpage_acl_title'); ?>
+ + get('acpgc_field_userpage_acl_hint'); ?> + + 		+ +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - setHook('acp_general_sidebar'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - ?> - - - -
get('acpgc_heading_sidebar'); ?>
get('acpgc_heading_promoteenano'); ?>
+ get('acpgc_field_enano_link_title'); ?>
+ get('acpgc_field_enano_link_hint'); ?> + 		+ +
get('acpgc_heading_sfnet_logo'); ?>
+ get('acpgc_sfnet_intro'); ?> +
get('acpgc_field_sfnet_display'); ?> />
get('acpgc_field_sfnet_group_id'); ?>
get('acpgc_field_sfnet_logo_style'); ?> + +
get('acpgc_heading_w3clogos'); ?>
get('acpgc_w3clogos_intro'); ?>
id="w3c-vh32" name="w3c-vh32" />
id="w3c-vh40" name="w3c-vh40" />
id="w3c-vh401" name="w3c-vh401" />
id="w3c-vxhtml10" name="w3c-vxhtml10" />
id="w3c-vxhtml11" name="w3c-vxhtml11" />
id="w3c-vcss" name="w3c-vcss" />
- get('acpgc_heading_dbd'); ?> -
- get('acpgc_dbd_intro'); ?> - get('acpgc_dbd_explain'); ?> -
- - - /> -
-
- - - setHook('acp_general_tail'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - ?> - -
- - - - -
-
+ + + + + get('acpgc_heading_dbd'); ?> + + + + + + get('acpgc_dbd_intro'); ?> + get('acpgc_dbd_explain'); ?> + + + + + + + + + /> + + + + + setHook('acp_general_sidebar'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + ?> + + + + + + + + setHook('acp_general_tail'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + ?> + +
+ + + + +
+
- auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if(isset($_POST['save'])) - { - if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('enable_uploads', '1'); - } - else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('enable_uploads', '0'); - } - if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('enable_imagemagick', '1'); - } - else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('enable_imagemagick', '0'); - } - if(isset($_POST['cache_thumbs'])) - { - setConfig('cache_thumbs', '1'); - } - else - { - setConfig('cache_thumbs', '0'); - } - if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('file_history', '1'); - } - else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) - { - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); - if ( !$q ) - $db->_die(); - setConfig('file_history', '0'); - } - if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path')) - { - if ( defined('ENANO_DEMO_MODE') ) - // Hackish but safe. - $_POST['imagemagick_path'] = '/usr/bin/convert'; - $old = getConfig('imagemagick_path'); - $oldnew = "{$old}||{$_POST['imagemagick_path']}"; - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ',\'' . $db->escape($oldnew) . '\');'); - if ( !$q ) - $db->_die(); - setConfig('imagemagick_path', $_POST['imagemagick_path']); - } - else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') ) - { - echo '' . $lang->get('acpup_err_magick_not_found', array('magick_path' => htmlspecialchars($_POST['imagemagick_path']))) . ''; - } - $max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']); - if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') ) - { - echo '
Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.
'; - } - else - { - setConfig('max_file_size', $max_upload.''); - } - } - acp_start_form(); - ?> -

get('acpup_heading_main'); ?>

- -

- get('acpup_intro'); ?> -

-

- -

-

- get('acpup_field_max_size'); ?> - - -

- -

get('acpup_info_magick'); ?>

-

- -
- get('acpup_field_magick_path'); ?>
- get('acpup_field_magick_path_hint'); ?> -

- -

get('acpup_info_cache'); ?>

-

- get('acpup_info_cache_chmod'); ?> - - get('acpup_msg_cache_not_writable'); - ?> -

- -

- -

- -

get('acpup_info_history'); ?>

-

- -

- -
-

- '; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + if(isset($_POST['save'])) + { + if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('enable_uploads', '1'); + } + else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('enable_uploads', '0'); + } + if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('enable_imagemagick', '1'); + } + else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\', ' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('enable_imagemagick', '0'); + } + if(isset($_POST['cache_thumbs'])) + { + setConfig('cache_thumbs', '1'); + } + else + { + setConfig('cache_thumbs', '0'); + } + if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('file_history', '1'); + } + else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ');'); + if ( !$q ) + $db->_die(); + setConfig('file_history', '0'); + } + if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path')) + { + if ( defined('ENANO_DEMO_MODE') ) + // Hackish but safe. + $_POST['imagemagick_path'] = '/usr/bin/convert'; + $old = getConfig('imagemagick_path'); + $oldnew = "{$old}||{$_POST['imagemagick_path']}"; + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',' . $session->user_id . ',\'' . $db->escape($oldnew) . '\');'); + if ( !$q ) + $db->_die(); + setConfig('imagemagick_path', $_POST['imagemagick_path']); + } + else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') ) + { + echo '' . $lang->get('acpup_err_magick_not_found', array('magick_path' => htmlspecialchars($_POST['imagemagick_path']))) . ''; + } + $max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']); + if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') ) + { + echo '
Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.
'; + } + else + { + setConfig('max_file_size', $max_upload.''); + } + } + acp_start_form(); + ?> +

get('acpup_heading_main'); ?>

+ +

+ get('acpup_intro'); ?> +

+

+ +

+

+ get('acpup_field_max_size'); ?> + + +

+ +

get('acpup_info_magick'); ?>

+

+ +
+ get('acpup_field_magick_path'); ?>
+ get('acpup_field_magick_path_hint'); ?> +

+ +

get('acpup_info_cache'); ?>

+

+ get('acpup_info_cache_chmod'); ?> + + get('acpup_msg_cache_not_writable'); + ?> +

+ +

+ +

+ +

get('acpup_info_history'); ?>

+

+ +

+ +
+

+ '; } function page_Admin_UploadAllowedMimeTypes() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - global $mime_types, $mimetype_exps, $mimetype_extlist; - if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE')) - { - $bits = ''; - $keys = array_keys($mime_types); - foreach($keys as $i => $k) - { - if(isset($_POST['ext_'.$k])) $bits .= '1'; - else $bits .= '0'; - } - $bits = compress_bitfield($bits); - setConfig('allowed_mime_types', $bits); - echo '
' . $lang->get('acpft_msg_saved') . '
'; - } - else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') ) - { - echo '
' . $lang->get('acpft_msg_demo_mode') . '
'; - } - $allowed = fetch_allowed_extensions(); - ?> -

get('acpft_heading_main'); ?>

-

get('acpft_hint'); ?>

- '."\n".' '."\n".' '."\n "; - ksort($mime_types); - foreach($mime_types as $e => $m) - { - $c++; - $t++; - if($c == 3) - { - $c = 0; - $cl = ( $cl == 'row1' ) ? 'row2' : 'row1'; - echo ''."\n".' '."\n "; - } - $seed = "extchkbx_{$e}_".md5(microtime() . mt_rand()); - $chk = (!empty($allowed[$e])) ? ' checked="checked"' : ''; - echo " \n "; - } - while($c < 2) - { - $c++; - echo " \n "; - } - echo ''; - echo ''."\n".'
\n \n
'."\n".' '; - echo ''; - ?> - auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + global $mime_types, $mimetype_exps, $mimetype_extlist; + if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE')) + { + $bits = ''; + $keys = array_keys($mime_types); + foreach($keys as $i => $k) + { + if(isset($_POST['ext_'.$k])) $bits .= '1'; + else $bits .= '0'; + } + $bits = compress_bitfield($bits); + setConfig('allowed_mime_types', $bits); + echo '
' . $lang->get('acpft_msg_saved') . '
'; + } + else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') ) + { + echo '
' . $lang->get('acpft_msg_demo_mode') . '
'; + } + $allowed = fetch_allowed_extensions(); + ?> +

get('acpft_heading_main'); ?>

+

get('acpft_hint'); ?>

+ '."\n".' '."\n".' '."\n "; + ksort($mime_types); + foreach($mime_types as $e => $m) + { + $c++; + $t++; + if($c == 3) + { + $c = 0; + $cl = ( $cl == 'row1' ) ? 'row2' : 'row1'; + echo ''."\n".' '."\n "; + } + $seed = "extchkbx_{$e}_".md5(microtime() . mt_rand()); + $chk = (!empty($allowed[$e])) ? ' checked="checked"' : ''; + echo " \n "; + } + while($c < 2) + { + $c++; + echo " \n "; + } + echo ''; + echo ''."\n".'
\n \n
'."\n".' '; + echo ''; + ?> + auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if ( ENANO_DBLAYER != 'MYSQL' ) - die('

' . $lang->get('acpdb_err_not_supported_title') . '

-

' . $lang->get('acpdb_err_not_supported_desc') . '

'); - - if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') ) - { - redirect(makeUrlComplete('Special', 'Administration'), $lang->get('acpdb_err_demo_mode_title'), $lang->get('acpdb_err_demo_mode_desc'), 5); - } - - global $system_table_list; - if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes') - { - - if(defined('SQL_BACKUP_CRYPT')) - // Try to increase our time limit - @set_time_limit(0); - // Do the actual export - $aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; - $filename = 'enano_backup_' . enano_date('ymd') . '.sql' . $aesext; - ob_start(); - // Spew some headers - $headdate = enano_date(ED_DATE | ED_TIME); - echo <<
auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + if ( ENANO_DBLAYER != 'MYSQL' ) + die('

' . $lang->get('acpdb_err_not_supported_title') . '

+

' . $lang->get('acpdb_err_not_supported_desc') . '

'); + + if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') ) + { + redirect(makeUrlComplete('Special', 'Administration'), $lang->get('acpdb_err_demo_mode_title'), $lang->get('acpdb_err_demo_mode_desc'), 5); + } + + global $system_table_list; + if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes') + { + + if(defined('SQL_BACKUP_CRYPT')) + // Try to increase our time limit + @set_time_limit(0); + // Do the actual export + $aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; + $filename = 'enano_backup_' . enano_date('ymd') . '.sql' . $aesext; + ob_start(); + // Spew some headers + $headdate = enano_date(ED_DATE | ED_TIME); + echo <<
username} HEADER; - // build the table list - $base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array(); - $add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array(); - $tables = array_merge($base, $add); - - // Log it! - $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\',' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); - if ( !$e ) - $db->_die(); - - foreach($tables as $i => $t) - { - if(!preg_match('#^([a-z0-9_]+)$#i', $t)) - die('Hacking attempt'); - // if($t == table_prefix.'files' && isset($_POST['do_data'])) - // unset($tables[$i]); - } - foreach($tables as $t) - { - // THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0. - // Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables. - // If encryption is enabled the log data will be excluded too. - $result = export_table( - $t, - isset($_POST['do_struct']), - ( isset($_POST['do_data']) ), - false - ) . "\n"; - if ( !$result ) - { - $db->_die(); - } - echo $result; - } - $data = ob_get_contents(); - ob_end_clean(); - if(defined('SQL_BACKUP_CRYPT')) - { - // Free some memory, we don't need this stuff any more - $db->close(); - unset($paths, $db, $template, $plugins); - $tea = new TEACrypt(); - $data = $tea->encrypt($data, $session->private_key); - } - header('Content-disposition: attachment; filename='.$filename.''); - header('Content-type: application/octet-stream'); - header('Content-length: '.strlen($data)); - echo $data; - exit; - } - else - { - // Show the UI - echo '
'; - ?> -

get('acpdb_intro'); ?>

-

-

get('acpdb_lbl_additional_tables'); ?>

-

-

-


- -

-

- '; - } + // build the table list + $base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array(); + $add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array(); + $tables = array_merge($base, $add); + + // Log it! + $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,author_uid,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\',' . $session->user_id . ', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); + if ( !$e ) + $db->_die(); + + foreach($tables as $i => $t) + { + if(!preg_match('#^([a-z0-9_]+)$#i', $t)) + die('Hacking attempt'); + // if($t == table_prefix.'files' && isset($_POST['do_data'])) + // unset($tables[$i]); + } + foreach($tables as $t) + { + // THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0. + // Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables. + // If encryption is enabled the log data will be excluded too. + $result = export_table( + $t, + isset($_POST['do_struct']), + ( isset($_POST['do_data']) ), + false + ) . "\n"; + if ( !$result ) + { + $db->_die(); + } + echo $result; + } + $data = ob_get_contents(); + ob_end_clean(); + if(defined('SQL_BACKUP_CRYPT')) + { + // Free some memory, we don't need this stuff any more + $db->close(); + unset($paths, $db, $template, $plugins); + $tea = new TEACrypt(); + $data = $tea->encrypt($data, $session->private_key); + } + header('Content-disposition: attachment; filename='.$filename.''); + header('Content-type: application/octet-stream'); + header('Content-length: '.strlen($data)); + echo $data; + exit; + } + else + { + // Show the UI + echo ''; + ?> +

get('acpdb_intro'); ?>

+

+

get('acpdb_lbl_additional_tables'); ?>

+

+

+


+ +

+

+ '; + } } /* @@ -1461,1191 +1461,1191 @@ function page_Admin_COPPA() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - echo '

' . $lang->get('acpcp_heading_main') . '

'; - echo '

- ' . $lang->get('acpcp_intro') . ' -

'; - - // Start form - - if ( isset($_POST['coppa_address']) ) - { - // Saving changes - $enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0'; - setConfig('enable_coppa', $enable_coppa); - - $address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false); - setConfig('coppa_address', $address); - - echo '
' . $lang->get('acpcp_msg_save_success') . '
'; - } - - acp_start_form(); - - echo '
'; - echo ''; - echo ' - - '; - - echo ' - - - '; - - echo ' - - - '; - - echo ' - - '; - - echo '
- ' . $lang->get('acpcp_th_form') . ' -
- ' . $lang->get('acpcp_field_enable_title') . ' - -
- ' . $lang->get('acpcp_field_enable_hint') . ' -
- ' . $lang->get('acpcp_field_address') . '
- ' . $lang->get('acpcp_field_address_hint') . ' - 		- -
- -
'; - - echo ''; - + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + echo '

' . $lang->get('acpcp_heading_main') . '

'; + echo '

+ ' . $lang->get('acpcp_intro') . ' +

'; + + // Start form + + if ( isset($_POST['coppa_address']) ) + { + // Saving changes + $enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0'; + setConfig('enable_coppa', $enable_coppa); + + $address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false); + setConfig('coppa_address', $address); + + echo '
' . $lang->get('acpcp_msg_save_success') . '
'; + } + + acp_start_form(); + + echo '
'; + echo ''; + echo ' + + '; + + echo ' + + + '; + + echo ' + + + '; + + echo ' + + '; + + echo '
+ ' . $lang->get('acpcp_th_form') . ' +
+ ' . $lang->get('acpcp_field_enable_title') . ' + +
+ ' . $lang->get('acpcp_field_enable_hint') . ' +
+ ' . $lang->get('acpcp_field_address') . '
+ ' . $lang->get('acpcp_field_address_hint') . ' + 		+ +
+ +
'; + + echo ''; + } function page_Admin_MassEmail() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - global $enano_config; - if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') ) - { - $use_smtp = getConfig('smtp_enabled') == '1'; - - // - // Let's do some checking to make sure that mass mail functions - // are working in win32 versions of php. (copied from phpBB) - // - if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp) - { - $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + global $enano_config; + if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') ) + { + $use_smtp = getConfig('smtp_enabled') == '1'; + + // + // Let's do some checking to make sure that mass mail functions + // are working in win32 versions of php. (copied from phpBB) + // + if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp) + { + $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; - // We are running on windows, force delivery to use our smtp functions - // since php's are broken by default - $use_smtp = true; - $enano_config['smtp_server'] = @$ini_val('SMTP'); - } - - $mail = new emailer( !empty($use_smtp) ); - - // Validate subject/message body - $subject = stripslashes(trim($_POST['subject'])); - $message = stripslashes(trim($_POST['message'])); - - if ( empty($subject) ) - $errors[] = $lang->get('acpmm_err_need_subject'); - if ( empty($message) ) - $errors[] = $lang->get('acpmm_err_need_message'); - - // Get list of members - if ( !empty($_POST['userlist']) ) - { - $userlist = str_replace(', ', ',', $_POST['userlist']); - $userlist = explode(',', $userlist); - foreach ( $userlist as $k => $u ) - { - if ( $u == $session->username ) - { - // Message is automatically sent to the sender - unset($userlist[$k]); - } - else - { - $userlist[$k] = $db->escape($u); - } - } - $userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\''; - - $q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';'); - if ( !$q ) - $db->_die(); - - if ( $row = $db->fetchrow() ) - { - do { - $mail->cc($row['email']); - } while ( $row = $db->fetchrow() ); - } - - $db->free_result(); - - } - else - { - // Sending to a usergroup - - $group_id = intval($_POST['group_id']); - if ( $group_id < 1 ) - { - $errors[] = 'Invalid group ID'; - } - else - { - $q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g - LEFT JOIN '.table_prefix.'users AS u - ON (u.user_id=g.user_id) - WHERE g.group_id=' . $group_id . ';'); - if ( !$q ) - $db->_die(); - - if ( $row = $db->fetchrow() ) - { - do { - $mail->cc($row['email']); - } while ( $row = $db->fetchrow() ); - } - - $db->free_result(); - } - } - - if ( sizeof($errors) < 1 ) - { - - $mail->from(getConfig('contact_email')); - $mail->replyto(getConfig('contact_email')); - $mail->set_subject($subject); - $mail->email_address(getConfig('contact_email')); - - // Copied/modified from phpBB - $email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n"; - $email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n"; - $email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n"; - $email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n"; - - $mail->extra_headers($email_headers); - - // FIXME: how to handle l10n with this? - $tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at: - + // We are running on windows, force delivery to use our smtp functions + // since php's are broken by default + $use_smtp = true; + $enano_config['smtp_server'] = @$ini_val('SMTP'); + } + + $mail = new emailer( !empty($use_smtp) ); + + // Validate subject/message body + $subject = stripslashes(trim($_POST['subject'])); + $message = stripslashes(trim($_POST['message'])); + + if ( empty($subject) ) + $errors[] = $lang->get('acpmm_err_need_subject'); + if ( empty($message) ) + $errors[] = $lang->get('acpmm_err_need_message'); + + // Get list of members + if ( !empty($_POST['userlist']) ) + { + $userlist = str_replace(', ', ',', $_POST['userlist']); + $userlist = explode(',', $userlist); + foreach ( $userlist as $k => $u ) + { + if ( $u == $session->username ) + { + // Message is automatically sent to the sender + unset($userlist[$k]); + } + else + { + $userlist[$k] = $db->escape($u); + } + } + $userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\''; + + $q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';'); + if ( !$q ) + $db->_die(); + + if ( $row = $db->fetchrow() ) + { + do { + $mail->cc($row['email']); + } while ( $row = $db->fetchrow() ); + } + + $db->free_result(); + + } + else + { + // Sending to a usergroup + + $group_id = intval($_POST['group_id']); + if ( $group_id < 1 ) + { + $errors[] = 'Invalid group ID'; + } + else + { + $q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g + LEFT JOIN '.table_prefix.'users AS u + ON (u.user_id=g.user_id) + WHERE g.group_id=' . $group_id . ';'); + if ( !$q ) + $db->_die(); + + if ( $row = $db->fetchrow() ) + { + do { + $mail->cc($row['email']); + } while ( $row = $db->fetchrow() ); + } + + $db->free_result(); + } + } + + if ( sizeof($errors) < 1 ) + { + + $mail->from(getConfig('contact_email')); + $mail->replyto(getConfig('contact_email')); + $mail->set_subject($subject); + $mail->email_address(getConfig('contact_email')); + + // Copied/modified from phpBB + $email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n"; + $email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n"; + $email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n"; + $email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n"; + + $mail->extra_headers($email_headers); + + // FIXME: how to handle l10n with this? + $tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at: + {CONTACT_EMAIL} ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ {MESSAGE} '; - - $mail->use_template($tpl); - - $mail->assign_vars(array( - 'SENDER' => $session->username, - 'SITE_NAME' => getConfig('site_name'), - 'CONTACT_EMAIL' => getConfig('contact_email'), - 'MESSAGE' => $message - )); - - //echo '
'.print_r($mail,true).'
'; - - // All done - $mail->send(); - $mail->reset(); - - echo '
' . $lang->get('acpmm_msg_send_success') . '
'; - - } - else - { - echo '
' . $lang->get('acpmm_err_send_fail') . '
  • ' . implode('
  • ', $errors) . '
'; - } - - } - else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') ) - { - echo '
' . $lang->get('acpmm_err_demo') . '
'; - } - acp_start_form(); - ?> -
- - - - - - - - - - - - - - - - - - - - - - - -
get('acpmm_heading_main'); ?>
- get('acpmm_field_group_to'); ?>
- - get('acpmm_field_group_to_hint'); ?> - - 		- -
- get('acpmm_field_username'); ?> -
- get('acpmm_field_subject'); ?> - - -
- get('acpmm_field_message'); ?> - - -
-
- get('acpmm_msg_send_takeawhile'); ?> -
-
- '; + + $mail->use_template($tpl); + + $mail->assign_vars(array( + 'SENDER' => $session->username, + 'SITE_NAME' => getConfig('site_name'), + 'CONTACT_EMAIL' => getConfig('contact_email'), + 'MESSAGE' => $message + )); + + //echo '
'.print_r($mail,true).'
'; + + // All done + $mail->send(); + $mail->reset(); + + echo '
' . $lang->get('acpmm_msg_send_success') . '
'; + + } + else + { + echo '
' . $lang->get('acpmm_err_send_fail') . '
  • ' . implode('
  • ', $errors) . '
'; + } + + } + else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') ) + { + echo '
' . $lang->get('acpmm_err_demo') . '
'; + } + acp_start_form(); + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + +
get('acpmm_heading_main'); ?>
+ get('acpmm_field_group_to'); ?>
+ + get('acpmm_field_group_to_hint'); ?> + + 		+ +
+ get('acpmm_field_username'); ?> +
+ get('acpmm_field_subject'); ?> + + +
+ get('acpmm_field_message'); ?> + + +
+
+ get('acpmm_msg_send_takeawhile'); ?> +
+
+ '; } function page_Admin_BanControl() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '') - { - $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . ''); - if ( !$e ) - $db->_die('The ban list entry was not deleted.'); - } - if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE')) - { - $type = intval($_POST['type']); - $value = trim($_POST['value']); - if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) ) - { - echo '
Hacking attempt.
'; - } - else if ( empty($value) ) - { - echo '
' . $lang->get('acpbc_err_empty') . '
'; - } - else - { - $entries = array(); - $input = explode(',', $_POST['value']); - $error = false; - foreach ( $input as $entry ) - { - $entry = trim($entry); - if ( empty($entry) ) - { - echo '
' . $lang->get('acpbc_err_invalid_ip_range') . '
'; - $error = true; - break; - } - if ( $type == BAN_IP ) - { - if ( !isset($_POST['regex']) ) - { - // as of 1.0.2 parsing is done at runtime - $entries[] = $entry; - } - else - { - $entries[] = $entry; - } - } - else - { - $entries[] = $entry; - } - } - if ( !$error ) - { - $regex = ( isset($_POST['regex']) ) ? '1' : '0'; - $to_insert = array(); - $reason = $db->escape($_POST['reason']); - foreach ( $entries as $entry ) - { - $entry = $db->escape($entry); - $to_insert[] = "($type, '$entry', '$reason', $regex)"; - } - $q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';'; - @set_time_limit(0); - $e = $db->sql_query($q); - if(!$e) $db->_die('The banlist could not be updated.'); - } - } - } - else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') ) - { - echo '
' . $lang->get('acpbc_err_demo', array('ban_target' => htmlspecialchars($_POST['value']))) . '
'; - } - $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;'); - if ( !$q ) - $db->_die('The banlist data could not be selected.'); - echo '
- '; - echo ' - - - - - '; - if ( $db->numrows() < 1 ) - { - echo ''; - } - $cls = 'row2'; - while ( $r = $db->fetchrow() ) - { - $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; - if ( $r['ban_type'] == BAN_IP ) - $t = $lang->get('acpbc_ban_type_ip'); - else if ( $r['ban_type'] == BAN_USER ) - $t = $lang->get('acpbc_ban_type_username'); - else if ( $r['ban_type'] == BAN_EMAIL ) - $t = $lang->get('acpbc_ban_type_email'); - $g = ( $r['is_regex'] ) ? '' . $lang->get('acpbc_ban_regex_yes') . '' : $lang->get('acpbc_ban_regex_no'); - echo ' - - - - - '; - } - $db->free_result(); - echo '
' . $lang->get('acpbc_col_type') . '' . $lang->get('acpbc_col_value') . '' . $lang->get('acpbc_col_regex') . '
' . $lang->get('acpbc_msg_no_rules') . '
'.$t.''.htmlspecialchars($r['ban_value']).''.$g.'' . $lang->get('acpbc_btn_delete') . '
'; - echo '

' . $lang->get('acpbc_heading_create_new') . '

'; - acp_start_form(); - ?> - - get('acpbc_field_type'); ?> - -
- - get('acpbc_field_rule'); ?> -
- get('acpbc_field_rule_hint'); ?>
- - get('acpbc_field_reason'); ?> -
- - - get('acpbc_field_regex_hint'); ?>
- - - '; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '') + { + $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . ''); + if ( !$e ) + $db->_die('The ban list entry was not deleted.'); + } + if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE')) + { + $type = intval($_POST['type']); + $value = trim($_POST['value']); + if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) ) + { + echo '
Hacking attempt.
'; + } + else if ( empty($value) ) + { + echo '
' . $lang->get('acpbc_err_empty') . '
'; + } + else + { + $entries = array(); + $input = explode(',', $_POST['value']); + $error = false; + foreach ( $input as $entry ) + { + $entry = trim($entry); + if ( empty($entry) ) + { + echo '
' . $lang->get('acpbc_err_invalid_ip_range') . '
'; + $error = true; + break; + } + if ( $type == BAN_IP ) + { + if ( !isset($_POST['regex']) ) + { + // as of 1.0.2 parsing is done at runtime + $entries[] = $entry; + } + else + { + $entries[] = $entry; + } + } + else + { + $entries[] = $entry; + } + } + if ( !$error ) + { + $regex = ( isset($_POST['regex']) ) ? '1' : '0'; + $to_insert = array(); + $reason = $db->escape($_POST['reason']); + foreach ( $entries as $entry ) + { + $entry = $db->escape($entry); + $to_insert[] = "($type, '$entry', '$reason', $regex)"; + } + $q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';'; + @set_time_limit(0); + $e = $db->sql_query($q); + if(!$e) $db->_die('The banlist could not be updated.'); + } + } + } + else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') ) + { + echo '
' . $lang->get('acpbc_err_demo', array('ban_target' => htmlspecialchars($_POST['value']))) . '
'; + } + $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;'); + if ( !$q ) + $db->_die('The banlist data could not be selected.'); + echo '
+ '; + echo ' + + + + + '; + if ( $db->numrows() < 1 ) + { + echo ''; + } + $cls = 'row2'; + while ( $r = $db->fetchrow() ) + { + $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; + if ( $r['ban_type'] == BAN_IP ) + $t = $lang->get('acpbc_ban_type_ip'); + else if ( $r['ban_type'] == BAN_USER ) + $t = $lang->get('acpbc_ban_type_username'); + else if ( $r['ban_type'] == BAN_EMAIL ) + $t = $lang->get('acpbc_ban_type_email'); + $g = ( $r['is_regex'] ) ? '' . $lang->get('acpbc_ban_regex_yes') . '' : $lang->get('acpbc_ban_regex_no'); + echo ' + + + + + '; + } + $db->free_result(); + echo '
' . $lang->get('acpbc_col_type') . '' . $lang->get('acpbc_col_value') . '' . $lang->get('acpbc_col_regex') . '
' . $lang->get('acpbc_msg_no_rules') . '
'.$t.''.htmlspecialchars($r['ban_value']).''.$g.'' . $lang->get('acpbc_btn_delete') . '
'; + echo '

' . $lang->get('acpbc_heading_create_new') . '

'; + acp_start_form(); + ?> + + get('acpbc_field_type'); ?> + +
+ + get('acpbc_field_rule'); ?> +
+ get('acpbc_field_rule_hint'); ?>
+ + get('acpbc_field_reason'); ?> +
+ + + get('acpbc_field_regex_hint'); ?>
+ + + '; } function page_Admin_AdminLogout() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); - echo '

' . $lang->get('adm_err_not_auth_title') . '

'; - echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; - return; - } - - $session->logout(USER_LEVEL_ADMIN); - echo '

' . $lang->get('acplo_heading_main') . '

-

' . $lang->get('acplo_msg_logout_complete', array('mainpage_link' => makeUrl(get_main_page()))) . '

'; + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; + } + + $session->logout(USER_LEVEL_ADMIN); + echo '

' . $lang->get('acplo_heading_main') . '

+

' . $lang->get('acplo_msg_logout_complete', array('mainpage_link' => makeUrl(get_main_page()))) . '

'; } function page_Special_Administration() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - global $output; - - if ( $session->auth_level < USER_LEVEL_ADMIN ) - { - $query_string = 'level=' . USER_LEVEL_ADMIN; - if ( !empty($_SERVER['QUERY_STRING']) ) - { - $query_string .= '&' . trim(preg_replace('/(?:&|^)title=.+?(?:&|$)/', '&', $_SERVER['QUERY_STRING']), '&'); - } - redirect(makeUrlNS('Special', 'Login/'.$paths->page, $query_string), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0); - exit; - } - else - { - $template->set_theme('admin', 'default'); - $template->preload_js('fat'); - $template->preload_js('ajax'); - $template->preload_js('l10n'); - $template->preload_js('jquery'); - $template->preload_js('jquery-ui'); - $template->preload_js('autofill'); - $template->preload_js('admin-menu'); - - $output->header(); - - echo $lang->get('adm_page_tagline'); - ?> - - - - - - -
-
-
- 		-
- Module must be in the Admin namespace
'; - } - else - { - $paths->fullpage = $_GET['module']; - $paths->cpage['module'] = $_GET['module']; - $page = new PageProcessor($page_id, $namespace); - $page->send_headers = false; - $page->send(); - $paths->fullpage = $paths->page; - } - } - else - { - echo ''; - } - ?> - - -
- - footer(); - } + } + ?> + var TREE_TPL = { + 'target' : '_self', // name of the frame links will be opened in + // other possible values are: _blank, _parent, _search, _self and _top + + 'icon_e' : '/images/icons/empty.gif', // empty image + 'icon_l' : '/images/icons/line.gif', // vertical line + 'icon_32' : '/images/spacer.gif', // root leaf icon normal + 'icon_36' : '/images/spacer.gif', // root leaf icon selected + 'icon_48' : '/images/spacer.gif', // root icon normal + 'icon_52' : '/images/spacer.gif', // root icon selected + 'icon_56' : '/images/spacer.gif', // root icon opened + 'icon_60' : '/images/spacer.gif', // root icon selected + 'icon_16' : '/images/spacer.gif', // node icon normal + 'icon_20' : '/images/spacer.gif', // node icon selected + 'icon_24' : '/images/spacer.gif', // node icon opened + 'icon_28' : '/images/spacer.gif', // node icon selected opened + 'icon_0' : '/images/icons/page.gif', // leaf icon normal + 'icon_4' : '/images/icons/page.gif', // leaf icon selected + 'icon_8' : '/images/icons/page.gif', // leaf icon opened + 'icon_12' : '/images/icons/page.gif', // leaf icon selected + 'icon_2' : '/images/icons/joinbottom.gif', // junction for leaf + 'icon_3' : '/images/icons/join.gif', // junction for last leaf + 'icon_18' : '/images/icons/plusbottom.gif', // junction for closed node + 'icon_19' : '/images/icons/plus.gif', // junction for last closed node + 'icon_26' : '/images/icons/minusbottom.gif',// junction for opened node + 'icon_27' : '/images/icons/minus.gif' // junction for last opended node + }; + + parseAdminTree(); // Make a Javascript array that defines the tree + ?> + + addOnloadHook(function() + { + new tree(TREE_ITEMS, TREE_TPL, 'admin_tree'); + keepalive_onload(); + }); + + + + + + +
+
+
+ 		+
+ Module must be in the Admin namespace
'; + } + else + { + $paths->fullpage = $_GET['module']; + $paths->cpage['module'] = $_GET['module']; + $page = new PageProcessor($page_id, $namespace); + $page->send_headers = false; + $page->send(); + $paths->fullpage = $paths->page; + } + } + else + { + echo ''; + } + ?> + + +
+ + footer(); + } } function page_Special_EditSidebar() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - global $cache; - - if($session->auth_level < USER_LEVEL_ADMIN) - { - redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); - exit; - } - else - { - if ( isset($_GET['update_order']) ) - { - header('Content-type: text/javascript'); - $order = @$_POST['order']; - try - { - $order = enano_json_decode($order); - } - catch ( Zend_Json_Exception $e ) - { - return print enano_json_encode(array( - 'mode' => 'error', - 'error' => 'bad order' - )); - } - - foreach ( $order as $sidebar_id => $blocks ) - { - foreach ( $blocks as $order => $block_id ) - { - $sbid = intval($sidebar_id); - $order = intval($order); - $block_id = intval($block_id); - $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); - if ( !$q ) - $db->die_json(); - } - } - - return print enano_json_encode(array( - 'mode' => 'success' - )); - } - - $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); - $template->add_header(''); - - $template->header(); - - if(isset($_POST['save'])) - { - // Write the new block order to the database - // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... - // Anyone know a better way to do this? - $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); - if ( !$q ) - { - $db->_die('The sidebar order data could not be selected.'); - } - $orders = Array(); - while($row = $db->fetchrow()) - { - $orders[] = Array( - count($orders), - $row['item_id'], - $row['sidebar_id'], - ); - } - $db->free_result(); - - // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. - $ol = explode(',', $_POST['order_left']); - $odr = explode(',', $_POST['order_right']); - $om = array_merge($ol, $odr); - unset($ol, $odr); - $queries = Array(); - foreach($orders as $k => $v) - { - $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; - } - foreach($queries as $sql) - { - $q = $db->sql_query($sql); - if(!$q) - { - $t = $db->get_error(); - echo $t; - $template->footer(); - exit; - } - } - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; - } - elseif(isset($_POST['create'])) - { - switch((int)$_POST['type']) - { - case BLOCK_WIKIFORMAT: - $content = $_POST['wikiformat_content']; - break; - case BLOCK_TEMPLATEFORMAT: - $content = $_POST['templateformat_content']; - break; - case BLOCK_HTML: - $content = $_POST['html_content']; - break; - case BLOCK_PHP: - $content = $_POST['php_content']; - break; - case BLOCK_PLUGIN: - $content = $_POST['plugin_id']; - break; - } - - if ( defined('ENANO_DEMO_MODE') ) - { - // Sanitize the HTML - $content = sanitize_html($content, true); - } - - if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) - { - echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; - $_POST['php_content'] = '?><Nulled>'; - $content = $_POST['php_content']; - } - - // Get the value of item_order - - $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); - if(!$q) $db->_die('The order number could not be selected'); - $io = $db->numrows(); - - $db->free_result(); - - $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; - $result = $db->sql_query($q); - if(!$result) - { - echo $db->get_error(); - $template->footer(); - exit; - } - - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_item_added') . '
'; - - } - - if(isset($_GET['action']) && isset($_GET['id'])) - { - if(!preg_match('#^([0-9]*)$#', $_GET['id'])) - { - echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; - } - switch($_GET['action']) - { - case 'new': - ?> - - -
- -

- get('sbedit_create_intro'); ?> -

-

- -

- -

- - get('sbedit_field_block_title'); ?>
- get('sbedit_field_block_sidebar'); ?> - - -

- -
- get('sbedit_field_wikitext'); ?> -

- -

-
- -
- get('sbedit_field_tplcode'); ?> -

- -

-
- -
- get('sbedit_field_html'); ?> -

- -

-
- -
- -

get('sbedit_field_php_disabled'); ?>

- - get('sbedit_field_php'); ?> - -

- -

- -
- -
- get('sbedit_field_plugin'); ?> -

- -

-
- -

- -   - - -

- -
- - - - footer(); - return; - break; - case 'move': - $cache->purge('anon_sidebar'); - if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) - { - echo '
$_GET[\'side\'] contained an SQL injection attempt
'; - break; - } - $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; - break; - case 'delete': - $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $cache->purge('anon_sidebar'); - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; - break; - case 'disenable'; - $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'rename'; - $newname = $db->escape($_POST['newname']); - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'getsource': - $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $cache->purge('anon_sidebar'); - - if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); - die($r['block_content']); - break; - case 'save': - if ( defined('ENANO_DEMO_MODE') ) - { - $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; - exit; - } - $row = $db->fetchrow(); - if ( $row['block_type'] == BLOCK_PHP ) - { - $_POST['content'] = '?><Nulled>'; - } - else - { - $_POST['content'] = sanitize_html($_POST['content'], true); - } - } - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; - exit; - } - echo 'GOOD'; - return; - - break; - } - } - - ?> -

- get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Special', 'EditSidebar', 'action=new&id=0', true) )); ?> -

- sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); - if ( !$q ) - $db->_die(); - - $switched_to_right = false; - - echo '
'; - while ( $row = $db->fetchrow() ) - { - if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) - { - echo ''; - $switched_to_right = true; - } - $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; - echo '
-
- ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' - -
'; - ?> -
- extract_vars('toolbar.tpl'); - $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); - echo $parser_start->run(); - - $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); - $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); - - $type = ''; - switch($row['block_type']) - { - case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; - case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; - case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; - case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; - case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; - default: $type .= '$&#@'; break; - } - $type .= ''; - if ( $row['block_type'] == BLOCK_PLUGIN ) - { - $type .= ': ' . $lang->get($row['block_content']); - } - - $label->assign_vars(array( - 'TITLE' => $type - )); - echo $label->run(); - - // edit - if ( $row['block_type'] != BLOCK_PLUGIN ) - { - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_edit'), - 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', - 'IMAGE' => cdnPath . '/images/edit.png' - )); - echo $button->run(); - } - - // delete - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_delete'), - 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/delete.png' - )); - echo $button->run(); - - // rename - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_rename'), - 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/rename.png' - )); - echo $button->run(); - - // disenable - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_disenable'), - 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/disenable.png' - )); - echo $button->run(); - - $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); - echo $parser_end->run(); - ?> -
- '; - } - - if ( !$switched_to_right ) - echo '
'; - - echo '
'; - } - - $template->footer(); + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + global $cache; + + if($session->auth_level < USER_LEVEL_ADMIN) + { + redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); + exit; + } + else + { + if ( isset($_GET['update_order']) ) + { + header('Content-type: text/javascript'); + $order = @$_POST['order']; + try + { + $order = enano_json_decode($order); + } + catch ( Zend_Json_Exception $e ) + { + return print enano_json_encode(array( + 'mode' => 'error', + 'error' => 'bad order' + )); + } + + foreach ( $order as $sidebar_id => $blocks ) + { + foreach ( $blocks as $order => $block_id ) + { + $sbid = intval($sidebar_id); + $order = intval($order); + $block_id = intval($block_id); + $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); + if ( !$q ) + $db->die_json(); + } + } + + return print enano_json_encode(array( + 'mode' => 'success' + )); + } + + $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); + $template->add_header(''); + + $template->header(); + + if(isset($_POST['save'])) + { + // Write the new block order to the database + // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... + // Anyone know a better way to do this? + $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); + if ( !$q ) + { + $db->_die('The sidebar order data could not be selected.'); + } + $orders = Array(); + while($row = $db->fetchrow()) + { + $orders[] = Array( + count($orders), + $row['item_id'], + $row['sidebar_id'], + ); + } + $db->free_result(); + + // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. + $ol = explode(',', $_POST['order_left']); + $odr = explode(',', $_POST['order_right']); + $om = array_merge($ol, $odr); + unset($ol, $odr); + $queries = Array(); + foreach($orders as $k => $v) + { + $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; + } + foreach($queries as $sql) + { + $q = $db->sql_query($sql); + if(!$q) + { + $t = $db->get_error(); + echo $t; + $template->footer(); + exit; + } + } + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; + } + elseif(isset($_POST['create'])) + { + switch((int)$_POST['type']) + { + case BLOCK_WIKIFORMAT: + $content = $_POST['wikiformat_content']; + break; + case BLOCK_TEMPLATEFORMAT: + $content = $_POST['templateformat_content']; + break; + case BLOCK_HTML: + $content = $_POST['html_content']; + break; + case BLOCK_PHP: + $content = $_POST['php_content']; + break; + case BLOCK_PLUGIN: + $content = $_POST['plugin_id']; + break; + } + + if ( defined('ENANO_DEMO_MODE') ) + { + // Sanitize the HTML + $content = sanitize_html($content, true); + } + + if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) + { + echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; + $_POST['php_content'] = '?><Nulled>'; + $content = $_POST['php_content']; + } + + // Get the value of item_order + + $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); + if(!$q) $db->_die('The order number could not be selected'); + $io = $db->numrows(); + + $db->free_result(); + + $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; + $result = $db->sql_query($q); + if(!$result) + { + echo $db->get_error(); + $template->footer(); + exit; + } + + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_item_added') . '
'; + + } + + if(isset($_GET['action']) && isset($_GET['id'])) + { + if(!preg_match('#^([0-9]*)$#', $_GET['id'])) + { + echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; + } + switch($_GET['action']) + { + case 'new': + ?> + + +
+ +

+ get('sbedit_create_intro'); ?> +

+

+ +

+ +

+ + get('sbedit_field_block_title'); ?>
+ get('sbedit_field_block_sidebar'); ?> + + +

+ +
+ get('sbedit_field_wikitext'); ?> +

+ +

+
+ +
+ get('sbedit_field_tplcode'); ?> +

+ +

+
+ +
+ get('sbedit_field_html'); ?> +

+ +

+
+ +
+ +

get('sbedit_field_php_disabled'); ?>

+ + get('sbedit_field_php'); ?> + +

+ +

+ +
+ +
+ get('sbedit_field_plugin'); ?> +

+ +

+
+ +

+ +   + + +

+ +
+ + + + footer(); + return; + break; + case 'move': + $cache->purge('anon_sidebar'); + if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) + { + echo '
$_GET[\'side\'] contained an SQL injection attempt
'; + break; + } + $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$query) + { + echo $db->get_error(); + $template->footer(); + exit; + } + echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; + break; + case 'delete': + $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) + if(!$query) + { + echo $db->get_error(); + $template->footer(); + exit; + } + $cache->purge('anon_sidebar'); + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; + break; + case 'disenable'; + $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'rename'; + $newname = $db->escape($_POST['newname']); + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'getsource': + $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $cache->purge('anon_sidebar'); + + if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); + die($r['block_content']); + break; + case 'save': + if ( defined('ENANO_DEMO_MODE') ) + { + $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; + exit; + } + $row = $db->fetchrow(); + if ( $row['block_type'] == BLOCK_PHP ) + { + $_POST['content'] = '?><Nulled>'; + } + else + { + $_POST['content'] = sanitize_html($_POST['content'], true); + } + } + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; + exit; + } + echo 'GOOD'; + return; + + break; + } + } + + ?> +

+ get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Special', 'EditSidebar', 'action=new&id=0', true) )); ?> +

+ sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); + if ( !$q ) + $db->_die(); + + $switched_to_right = false; + + echo '
'; + while ( $row = $db->fetchrow() ) + { + if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) + { + echo ''; + $switched_to_right = true; + } + $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; + echo '
+
+ ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' + +
'; + ?> +
+ extract_vars('toolbar.tpl'); + $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); + echo $parser_start->run(); + + $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); + $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); + + $type = ''; + switch($row['block_type']) + { + case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; + case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; + case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; + case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; + case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; + default: $type .= '$&#@'; break; + } + $type .= ''; + if ( $row['block_type'] == BLOCK_PLUGIN ) + { + $type .= ': ' . $lang->get($row['block_content']); + } + + $label->assign_vars(array( + 'TITLE' => $type + )); + echo $label->run(); + + // edit + if ( $row['block_type'] != BLOCK_PLUGIN ) + { + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_edit'), + 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', + 'IMAGE' => cdnPath . '/images/edit.png' + )); + echo $button->run(); + } + + // delete + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_delete'), + 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/delete.png' + )); + echo $button->run(); + + // rename + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_rename'), + 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/rename.png' + )); + echo $button->run(); + + // disenable + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_disenable'), + 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/disenable.png' + )); + echo $button->run(); + + $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); + echo $parser_end->run(); + ?> +
+ '; + } + + if ( !$switched_to_right ) + echo '
'; + + echo '
'; + } + + $template->footer(); } ?> \ No newline at end of file