author | Dan |
Wed, 28 Nov 2007 14:47:42 -0500 | |
changeset 242 | ce2873735506 |
parent 237 | 4ab30e8dd168 |
child 255 | c74736571f43 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/* |
|
3 |
Plugin Name: Runt - the Enano administration panel |
|
4 |
Plugin URI: http://enanocms.org/ |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
5 |
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled. |
0 | 6 |
Author: Dan Fuhry |
181
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
179
diff
changeset
|
7 |
Version: 1.0.2 |
0 | 8 |
Author URI: http://enanocms.org/ |
9 |
*/ |
|
10 |
||
11 |
/* |
|
12 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
parents:
140
diff
changeset
|
13 |
* Version 1.0.2 (Coblynau) |
0 | 14 |
* Copyright (C) 2006-2007 Dan Fuhry |
15 |
* |
|
16 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 |
* |
|
19 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 |
*/ |
|
22 |
||
23 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
24 |
||
25 |
$plugins->attachHook('base_classes_initted', ' |
|
26 |
global $paths; |
|
27 |
$paths->add_page(Array( |
|
28 |
\'name\'=>\'Administration\', |
|
29 |
\'urlname\'=>\'Administration\', |
|
30 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
110
diff
changeset
|
31 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 32 |
)); |
33 |
||
34 |
$paths->add_page(Array( |
|
35 |
\'name\'=>\'Manage the Sidebar\', |
|
36 |
\'urlname\'=>\'EditSidebar\', |
|
37 |
\'namespace\'=>\'Special\', |
|
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
parents:
110
diff
changeset
|
38 |
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
0 | 39 |
)); |
40 |
'); |
|
41 |
||
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
42 |
// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1 |
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
43 |
require(ENANO_ROOT . '/plugins/admin/PageGroups.php'); |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
44 |
require(ENANO_ROOT . '/plugins/admin/SecurityLog.php'); |
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
133
diff
changeset
|
45 |
require(ENANO_ROOT . '/plugins/admin/UserManager.php'); |
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
46 |
|
0 | 47 |
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
48 |
||
49 |
function page_Admin_Home() { |
|
50 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
51 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
52 |
{ |
|
53 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
54 |
return; |
|
55 |
} |
|
56 |
||
57 |
// Basic information |
|
58 |
echo RenderMan::render( |
|
59 |
'== Welcome to Runt, the Enano administration panel. == |
|
60 |
||
61 |
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically. |
|
62 |
||
63 |
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.'); |
|
64 |
||
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
65 |
// Demo mode |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
66 |
if ( defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
67 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
68 |
echo '<h3>Enano is running in demo mode.</h3> |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
69 |
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
70 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
71 |
|
0 | 72 |
// Check for the installer scripts |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
73 |
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') ) |
0 | 74 |
{ |
75 |
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>'; |
|
76 |
} |
|
77 |
||
78 |
// Inactive users |
|
79 |
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';'); |
|
80 |
if($q) |
|
81 |
if($db->numrows() > 0) |
|
82 |
{ |
|
83 |
$n = $db->numrows(); |
|
84 |
if($n == 1) $s = $n . ' user is'; |
|
85 |
else $s = $n . ' users are'; |
|
86 |
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>'; |
|
87 |
} |
|
88 |
$db->free_result(); |
|
89 |
// Stats |
|
90 |
if(getConfig('log_hits') == '1') |
|
91 |
{ |
|
92 |
$stats = stats_top_pages(10); |
|
61 | 93 |
//die('<pre>'.print_r($stats,true).'</pre>'); |
0 | 94 |
$c = 0; |
95 |
$cls = 'row2'; |
|
96 |
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>'; |
|
61 | 97 |
foreach($stats as $data) |
0 | 98 |
{ |
61 | 99 |
echo '<tr>'; |
100 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
101 |
echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>'; |
|
102 |
echo '</tr>'; |
|
0 | 103 |
} |
104 |
echo '</table></div>'; |
|
105 |
} |
|
106 |
||
107 |
// Security log |
|
108 |
echo '<h3>Security log</h3>'; |
|
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
109 |
$seclog = get_security_log(5); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
110 |
echo $seclog; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
111 |
|
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
112 |
echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>'; |
0 | 113 |
|
114 |
} |
|
115 |
||
116 |
function page_Admin_GeneralConfig() { |
|
117 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
118 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
119 |
{ |
|
120 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
121 |
return; |
|
122 |
} |
|
123 |
||
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
124 |
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
125 |
{ |
0 | 126 |
|
127 |
// Global site options |
|
128 |
setConfig('site_name', $_POST['site_name']); |
|
129 |
setConfig('site_desc', $_POST['site_desc']); |
|
130 |
setConfig('main_page', str_replace(' ', '_', $_POST['main_page'])); |
|
131 |
setConfig('copyright_notice', $_POST['copyright']); |
|
132 |
setConfig('contact_email', $_POST['contact_email']); |
|
133 |
||
134 |
// Wiki mode |
|
135 |
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1'); |
|
136 |
else setConfig('wiki_mode', '0'); |
|
137 |
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1'); |
|
138 |
else setConfig('wiki_mode_require_login', '0'); |
|
139 |
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1'); |
|
140 |
else setConfig('wiki_edit_notice', '0'); |
|
141 |
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']); |
|
142 |
||
143 |
// Stats |
|
144 |
if(isset($_POST['log_hits'])) setConfig('log_hits', '1'); |
|
145 |
else setConfig('log_hits', '0'); |
|
146 |
||
147 |
// Disablement |
|
148 |
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); } |
|
149 |
else setConfig('site_disabled', '0'); |
|
150 |
||
151 |
// Account activation |
|
152 |
setConfig('account_activation', $_POST['account_activation']); |
|
153 |
||
154 |
// W3C compliance buttons |
|
155 |
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1"); |
|
156 |
else setConfig("w3c_vh32", "0"); |
|
157 |
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1"); |
|
158 |
else setConfig("w3c_vh40", "0"); |
|
159 |
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1"); |
|
160 |
else setConfig("w3c_vh401", "0"); |
|
161 |
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1"); |
|
162 |
else setConfig("w3c_vxhtml10", "0"); |
|
163 |
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1"); |
|
164 |
else setConfig("w3c_vxhtml11", "0"); |
|
165 |
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1"); |
|
166 |
else setConfig("w3c_vcss", "0"); |
|
167 |
||
168 |
// SourceForge.net logo |
|
169 |
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1'); |
|
170 |
else setConfig('sflogo_enabled', '0'); |
|
171 |
setConfig('sflogo_groupid', $_POST['sfgroup']); |
|
172 |
setConfig('sflogo_type', $_POST['sflogo']); |
|
173 |
||
174 |
// Comment options |
|
175 |
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1'); |
|
176 |
else setConfig('approve_comments', '0'); |
|
177 |
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1'); |
|
178 |
else setConfig('enable_comments', '0'); |
|
179 |
setConfig('comments_need_login', $_POST['comments_need_login']); |
|
180 |
||
181 |
// Powered by link |
|
182 |
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1'); |
|
183 |
else setConfig('powered_btn', '0'); |
|
184 |
||
185 |
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1'); |
|
186 |
else setConfig('dbd_button', '0'); |
|
187 |
||
188 |
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0'); |
|
189 |
else setConfig('smtp_enabled', '1'); |
|
190 |
||
191 |
setConfig('smtp_server', $_POST['smtp_host']); |
|
192 |
setConfig('smtp_user', $_POST['smtp_user']); |
|
193 |
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']); |
|
194 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
195 |
// Password strength |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
196 |
if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
197 |
else setConfig('pw_strength_enable', '0'); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
198 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
199 |
$strength = intval($_POST['pw_strength_minimum']); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
200 |
if ( $strength >= -10 && $strength <= 30 ) |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
201 |
{ |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
202 |
$strength = strval($strength); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
203 |
setConfig('pw_strength_minimum', $strength); |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
204 |
} |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
205 |
|
0 | 206 |
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />'; |
207 |
||
208 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
209 |
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
210 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
211 |
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
212 |
} |
0 | 213 |
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">'); |
214 |
?> |
|
215 |
<div class="tblholder"> |
|
216 |
<table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
217 |
||
218 |
<!-- Global options --> |
|
219 |
||
220 |
<tr><th colspan="2">Global site options</th></tr> |
|
221 |
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr> |
|
222 |
||
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
223 |
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr> |
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
224 |
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr> |
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
225 |
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr> |
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
226 |
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr> |
0 | 227 |
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr> |
228 |
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr> |
|
229 |
||
230 |
<!-- Wiki mode --> |
|
231 |
||
232 |
<tr><th colspan="2">Wiki mode</th></tr> |
|
233 |
||
234 |
<tr> |
|
235 |
<td class="row3" rowspan="2"> |
|
236 |
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br /> |
|
237 |
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br /> |
|
238 |
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited. |
|
239 |
</td> |
|
240 |
<td class="row1"> |
|
241 |
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label> |
|
242 |
</td> |
|
243 |
</tr> |
|
244 |
||
245 |
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr> |
|
246 |
||
247 |
<tr> |
|
248 |
<td class="row3" rowspan="2"> |
|
249 |
<b>Edit page notice</b><br /> |
|
250 |
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened. |
|
251 |
</td> |
|
252 |
<td class="row1"> |
|
253 |
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label> |
|
254 |
</td> |
|
255 |
</tr> |
|
256 |
||
257 |
<tr> |
|
258 |
<td class="row2"> |
|
259 |
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea> |
|
260 |
</td> |
|
261 |
</tr> |
|
262 |
||
263 |
<!-- Site statistics --> |
|
264 |
||
265 |
<tr><th colspan="2">Statistics and hit counting</th></tr> |
|
266 |
||
267 |
<tr> |
|
268 |
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td> |
|
269 |
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td> |
|
270 |
</tr> |
|
271 |
||
272 |
<!-- Comment options --> |
|
273 |
||
274 |
<tr><th colspan="2">Comment system</th></tr> |
|
275 |
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr> |
|
276 |
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr> |
|
277 |
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label> |
|
278 |
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label> |
|
279 |
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr> |
|
280 |
||
281 |
<!-- |
|
282 |
||
283 |
READ: Do not try to enable this, backend support for it has been disabled. To edit default |
|
284 |
permissions, select The Entire Website in any permissions editor window. |
|
285 |
||
286 |
<tr><th colspan="2">Default permissions for pages</th></tr> |
|
287 |
||
288 |
<tr> |
|
289 |
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td> |
|
290 |
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td> |
|
291 |
</tr> |
|
292 |
||
293 |
--> |
|
294 |
||
295 |
<!-- enanocms.org link --> |
|
296 |
||
297 |
<tr> |
|
298 |
<th colspan="2">Promote Enano</th> |
|
299 |
</tr> |
|
300 |
<tr> |
|
301 |
<td class="row3"> |
|
302 |
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano |
|
303 |
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because |
|
304 |
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word |
|
305 |
using this link. |
|
306 |
</td> |
|
307 |
<td class="row1"> |
|
308 |
<label> |
|
36
425261984266
Added "page hint" on search page; deprecated "www." on EnanoCMS.org links
Dan
parents:
30
diff
changeset
|
309 |
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar |
0 | 310 |
</label> |
311 |
</td> |
|
312 |
</tr> |
|
313 |
||
314 |
<!-- Site disablement --> |
|
315 |
||
316 |
<tr><th colspan="2">Disable all site access</th></tr> |
|
317 |
||
318 |
<tr> |
|
319 |
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td> |
|
320 |
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td> |
|
321 |
</tr> |
|
322 |
<tr> |
|
323 |
<td class="row2"> |
|
30 | 324 |
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>> |
0 | 325 |
Message to show to users:<br /> |
326 |
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea> |
|
327 |
</div> |
|
328 |
</td> |
|
329 |
</tr> |
|
330 |
||
331 |
<!-- Account activation --> |
|
332 |
||
333 |
<tr><th colspan="2">User account activation</th></tr> |
|
334 |
||
335 |
<tr> |
|
336 |
<td class="row3" colspan="2"> |
|
337 |
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br /> |
|
338 |
You may also disable registration completely if needed.<br /><br /> |
|
339 |
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b> |
|
340 |
</td> |
|
341 |
</tr> |
|
342 |
||
343 |
<tr> |
|
344 |
<td class="row1">Account activation:</td><td class="row1"> |
|
345 |
<?php |
|
346 |
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />'; |
|
192
712eb3f230b5
Fixed: radiobutton state in Admin:GeneralConfig not remembered when registration disabled
Dan
parents:
190
diff
changeset
|
347 |
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>'; |
0 | 348 |
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>'; |
349 |
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>'; |
|
350 |
?> |
|
351 |
</td> |
|
352 |
</tr> |
|
353 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
354 |
<tr><th colspan="2">Password strength</th></tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
355 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
356 |
<tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
357 |
<td class="row2"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
358 |
<b>Enable password strength analysis</b><br /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
359 |
<small>This should be enabled in most cases. When this is enabled, a strength meter and a numerical score will be displayed wherever a password can be changed.</small> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
360 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
361 |
<td class="row2"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
362 |
<label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
363 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
364 |
</tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
365 |
|
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
366 |
<tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
367 |
<td class="row1"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
368 |
<b>Minimum strength score</b><br /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
369 |
<small>This is the lowest score a password will be allowed to have. -10 will allow any password. A score of under -3 is considered weak, under 1 is fair, under 4 is good, under 10 is strong, and 10 and above are very strong. The scale is open-ended. This only has an effect if the meter is enabled above.</small> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
370 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
371 |
<td class="row1"> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
372 |
<input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" /> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
373 |
</td> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
374 |
</tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
375 |
|
0 | 376 |
<!-- E-mail options --> |
377 |
||
378 |
<tr><th colspan="2">E-mail sent from the site</th></tr> |
|
379 |
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td> |
|
380 |
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br /> |
|
381 |
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td> |
|
382 |
</tr> |
|
383 |
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td> |
|
384 |
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td> |
|
385 |
</tr> |
|
386 |
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td> |
|
387 |
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br /> |
|
388 |
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td> |
|
389 |
</tr> |
|
390 |
||
391 |
<!-- SourceForge.net logo --> |
|
392 |
||
393 |
<tr><th colspan="2">SourceForge.net logo</th></tr> |
|
394 |
||
395 |
<tr> |
|
396 |
<td colspan="2" class="row3"> |
|
397 |
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want |
|
398 |
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type. |
|
399 |
</td> |
|
400 |
</tr> |
|
401 |
||
402 |
<?php |
|
403 |
if(getConfig("sflogo_enabled")=='1') $c='CHECKED '; |
|
404 |
else $c=''; |
|
405 |
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid"); |
|
406 |
else $g=''; |
|
407 |
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type"); |
|
408 |
else $t='1'; |
|
409 |
?> |
|
410 |
||
411 |
<tr> |
|
412 |
<td class="row1">Display the SourceForge.net logo on the right sidebar</td> |
|
413 |
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td> |
|
414 |
</tr> |
|
415 |
||
416 |
<tr> |
|
417 |
<td class="row2">Group ID:</td> |
|
418 |
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td> |
|
419 |
</tr> |
|
420 |
||
421 |
<tr> |
|
422 |
<td class="row1">Logo style:</td> |
|
423 |
<td class="row1"> |
|
424 |
<select name="sflogo"> |
|
425 |
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option> |
|
426 |
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option> |
|
427 |
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option> |
|
428 |
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option> |
|
429 |
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option> |
|
430 |
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option> |
|
431 |
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option> |
|
432 |
</select> |
|
433 |
</td> |
|
434 |
</tr> |
|
435 |
||
436 |
<!-- W3C validator buttons --> |
|
437 |
||
438 |
<tr><th colspan="2">W3C compliance logos</th></tr> |
|
439 |
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr> |
|
440 |
||
441 |
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr> |
|
442 |
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr> |
|
443 |
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr> |
|
444 |
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr> |
|
445 |
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr> |
|
446 |
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr> |
|
447 |
||
448 |
<!-- DefectiveByDesign.org ad --> |
|
449 |
||
450 |
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr> |
|
451 |
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr> |
|
452 |
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr> |
|
453 |
||
454 |
<!-- Save button --> |
|
455 |
||
456 |
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr> |
|
457 |
||
458 |
</table> |
|
459 |
</div> |
|
460 |
</form> |
|
461 |
<?php |
|
462 |
} |
|
463 |
||
464 |
function page_Admin_UploadConfig() |
|
465 |
{ |
|
466 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
467 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
468 |
{ |
|
469 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
470 |
return; |
|
471 |
} |
|
472 |
||
473 |
if(isset($_POST['save'])) |
|
474 |
{ |
|
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
475 |
if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1') |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
476 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
477 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
478 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
479 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
480 |
setConfig('enable_uploads', '1'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
481 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
482 |
else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
483 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
484 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
485 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
486 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
487 |
setConfig('enable_uploads', '0'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
488 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
489 |
if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1') |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
490 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
491 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
492 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
493 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
494 |
setConfig('enable_imagemagick', '1'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
495 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
496 |
else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
497 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
498 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
499 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
500 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
501 |
setConfig('enable_imagemagick', '0'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
502 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
503 |
if(isset($_POST['cache_thumbs'])) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
504 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
505 |
setConfig('cache_thumbs', '1'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
506 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
507 |
else |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
508 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
509 |
setConfig('cache_thumbs', '0'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
510 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
511 |
if(isset($_POST['file_history']) && getConfig('file_history') != '1' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
512 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
513 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
514 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
515 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
516 |
setConfig('file_history', '1'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
517 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
518 |
else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
519 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
520 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
521 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
522 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
523 |
setConfig('file_history', '0'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
524 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
525 |
if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path')) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
526 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
527 |
$old = getConfig('imagemagick_path'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
528 |
$oldnew = "{$old}||{$_POST['imagemagick_path']}"; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
529 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","magick_path",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($oldnew) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
530 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
531 |
$db->_die(); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
532 |
setConfig('imagemagick_path', $_POST['imagemagick_path']); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
533 |
} |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
534 |
else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
535 |
{ |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
536 |
echo '<span style="color: red"><b>Warning:</b> the file "'.htmlspecialchars($_POST['imagemagick_path']).'" was not found, and the ImageMagick file path was not updated.</span>'; |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
537 |
} |
0 | 538 |
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']); |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
539 |
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
540 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
541 |
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
542 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
543 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
544 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
545 |
setConfig('max_file_size', $max_upload.''); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
546 |
} |
0 | 547 |
} |
548 |
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">'; |
|
549 |
?> |
|
550 |
<h3>File upload configuration</h3> |
|
551 |
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images |
|
552 |
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses |
|
553 |
and executable files can sometimes be uploaded.</p> |
|
554 |
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p> |
|
555 |
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p> |
|
556 |
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server |
|
557 |
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you |
|
558 |
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these |
|
559 |
large images many times can cost you quite a lot of bandwidth.</p> |
|
560 |
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br /> |
|
561 |
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br /> |
|
562 |
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then |
|
563 |
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe. |
|
564 |
</p> |
|
565 |
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site |
|
566 |
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p> |
|
567 |
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on |
|
568 |
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for |
|
569 |
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory |
|
570 |
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p> |
|
571 |
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p> |
|
572 |
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious |
|
573 |
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option |
|
574 |
enabled unless you have less than 250MB of MySQL database space.</p> |
|
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
575 |
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p> |
0 | 576 |
<hr style="margin-left: 1em;" /> |
577 |
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p> |
|
578 |
<?php |
|
579 |
echo '</form>'; |
|
580 |
} |
|
581 |
||
582 |
function page_Admin_PluginManager() { |
|
583 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
584 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
585 |
{ |
|
586 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
587 |
return; |
|
588 |
} |
|
589 |
||
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
590 |
if(isset($_GET['action'])) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
591 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
592 |
switch($_GET['action']) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
593 |
{ |
0 | 594 |
case "enable": |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
595 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
596 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
597 |
$db->_die(); |
0 | 598 |
setConfig('plugin_'.$_GET['plugin'], '1'); |
599 |
break; |
|
600 |
case "disable": |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
601 |
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
602 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
603 |
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
604 |
break; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
605 |
} |
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
606 |
if ( !in_array($_GET['plugin'], $plugins->system_plugins) ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
607 |
{ |
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
608 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");'); |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
609 |
if ( !$q ) |
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
parents:
103
diff
changeset
|
610 |
$db->_die(); |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
611 |
setConfig('plugin_'.$_GET['plugin'], '0'); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
612 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
613 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
614 |
{ |
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
615 |
echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>'); |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
616 |
} |
0 | 617 |
break; |
618 |
} |
|
619 |
} |
|
620 |
$dir = './plugins/'; |
|
621 |
$plugin_list = Array(); |
|
622 |
$system = Array(); |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
623 |
$show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' ); |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
624 |
|
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
625 |
if (is_dir($dir)) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
626 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
627 |
if ($dh = opendir($dir)) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
628 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
629 |
while (($file = readdir($dh)) !== false) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
630 |
{ |
0 | 631 |
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php') |
632 |
{ |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
633 |
unset($thelist); |
0 | 634 |
if ( in_array($file, $plugins->system_plugins) ) |
635 |
{ |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
636 |
if ( !$show_system ) |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
637 |
continue; |
0 | 638 |
$thelist =& $system; |
639 |
} |
|
640 |
else |
|
641 |
{ |
|
642 |
$thelist =& $plugin_list; |
|
643 |
} |
|
644 |
$f = file_get_contents($dir . $file); |
|
645 |
$f = explode("\n", $f); |
|
646 |
$f = array_slice($f, 2, 7); |
|
647 |
$f[0] = substr($f[0], 13, strlen($f[0])); |
|
648 |
$f[1] = substr($f[1], 12, strlen($f[1])); |
|
649 |
$f[2] = substr($f[2], 13, strlen($f[2])); |
|
650 |
$f[3] = substr($f[3], 8, strlen($f[3])); |
|
651 |
$f[4] = substr($f[4], 9, strlen($f[4])); |
|
652 |
$f[5] = substr($f[5], 12, strlen($f[5])); |
|
653 |
$thelist[$file] = Array(); |
|
654 |
$thelist[$file]['name'] = $f[0]; |
|
655 |
$thelist[$file]['uri'] = $f[1]; |
|
656 |
$thelist[$file]['desc'] = $f[2]; |
|
657 |
$thelist[$file]['auth'] = $f[3]; |
|
658 |
$thelist[$file]['vers'] = $f[4]; |
|
659 |
$thelist[$file]['aweb'] = $f[5]; |
|
660 |
} |
|
661 |
} |
|
662 |
closedir($dh); |
|
663 |
} |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
664 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
665 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
666 |
echo '<div class="error-box">The plugins/ directory could not be opened.</div>'; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
667 |
return; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
668 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
669 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
670 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
671 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
672 |
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>'; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
0
diff
changeset
|
673 |
return; |
0 | 674 |
} |
675 |
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
676 |
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>'); |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
677 |
$plugin_files_1 = array_keys($plugin_list); |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
678 |
$plugin_files_2 = array_keys($system); |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
679 |
$plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2)); |
0 | 680 |
$cls = 'row2'; |
681 |
for ( $i = 0; $i < sizeof($plugin_files); $i++ ) |
|
682 |
{ |
|
683 |
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2'; |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
684 |
$this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]]; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
685 |
$is_system = ( $system[$plugin_files[$i]] ); |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
686 |
$bgcolor = ''; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
687 |
if ( $is_system && $cls == 'row2' ) |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
688 |
$bgcolor = ' style="background-color: #FFD8D8;"'; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
689 |
else if ( $is_system && $cls == 'row3' ) |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
690 |
$bgcolor = ' style="background-color: #FFD0D0;"'; |
0 | 691 |
echo '<tr> |
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
692 |
<td class="'.$cls.'"'.$bgcolor.'>'.$plugin_files[$i].'</td> |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
693 |
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['uri'].'">'.$this_plugin['name'].'</a></td> |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
694 |
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['desc'].'</td> |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
695 |
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['aweb'].'">'.$this_plugin['auth'].'</a></td> |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
696 |
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['vers'].'</td> |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
697 |
<td class="'.$cls.'"'.$bgcolor.'>'; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
698 |
if ( !in_array($plugin_files[$i], $plugins->system_plugins) ) |
0 | 699 |
{ |
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
700 |
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' ) |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
701 |
{ |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
702 |
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=disable&plugin='.$plugin_files[$i].'">Disable</a>'; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
703 |
} |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
704 |
else |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
705 |
{ |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
706 |
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=enable&plugin='.$plugin_files[$i].'">Enable</a>'; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
707 |
} |
0 | 708 |
} |
709 |
else |
|
710 |
{ |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
711 |
echo '[System]'; |
0 | 712 |
} |
713 |
echo '</td></tr>'; |
|
714 |
} |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
715 |
$showhide_link = ( $show_system ) ? |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
716 |
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' : |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
717 |
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ; |
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
718 |
echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>'; |
0 | 719 |
echo '</table></div>'; |
720 |
} |
|
721 |
||
722 |
function page_Admin_UploadAllowedMimeTypes() |
|
723 |
{ |
|
724 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
725 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
726 |
{ |
|
727 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
728 |
return; |
|
729 |
} |
|
730 |
||
731 |
global $mime_types, $mimetype_exps, $mimetype_extlist; |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
732 |
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE')) |
0 | 733 |
{ |
734 |
$bits = ''; |
|
735 |
$keys = array_keys($mime_types); |
|
736 |
foreach($keys as $i => $k) |
|
737 |
{ |
|
738 |
if(isset($_POST['ext_'.$k])) $bits .= '1'; |
|
739 |
else $bits .= '0'; |
|
740 |
} |
|
741 |
$bits = compress_bitfield($bits); |
|
742 |
setConfig('allowed_mime_types', $bits); |
|
743 |
echo '<div class="info-box">Your changes have been saved.</div>'; |
|
744 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
745 |
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
746 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
747 |
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
748 |
} |
0 | 749 |
$allowed = fetch_allowed_extensions(); |
750 |
?> |
|
751 |
<h3>Allowed file types</h3> |
|
752 |
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p> |
|
753 |
<?php |
|
754 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">'; |
|
755 |
$c = -1; |
|
756 |
$t = -1; |
|
757 |
$cl = 'row1'; |
|
758 |
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n "; |
|
237
4ab30e8dd168
Nothing special. ksort()ing list of allowed filetypes in the admin panel to make editing the list marginally easier
Dan
parents:
218
diff
changeset
|
759 |
ksort($mime_types); |
0 | 760 |
foreach($mime_types as $e => $m) |
761 |
{ |
|
762 |
$c++; |
|
763 |
$t++; |
|
764 |
if($c == 3) |
|
765 |
{ |
|
766 |
$c = 0; |
|
767 |
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1'; |
|
768 |
echo '</tr>'."\n".' <tr>'."\n "; |
|
769 |
} |
|
770 |
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand()); |
|
771 |
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : ''; |
|
772 |
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n "; |
|
773 |
} |
|
774 |
while($c < 2) |
|
775 |
{ |
|
776 |
$c++; |
|
777 |
echo " <td class='{$cl}'></td>\n "; |
|
778 |
} |
|
779 |
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>'; |
|
780 |
echo '</tr>'."\n".' </table>'."\n".' </div>'; |
|
781 |
echo '</form>'; |
|
782 |
?> |
|
783 |
<?php |
|
784 |
} |
|
785 |
||
786 |
function page_Admin_Sidebar() |
|
787 |
{ |
|
788 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
789 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
790 |
{ |
|
791 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
792 |
return; |
|
793 |
} |
|
794 |
||
795 |
?> |
|
796 |
<h2>Editing and managing the Enano sidebar</h2> |
|
797 |
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar |
|
798 |
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message |
|
799 |
markup language. |
|
800 |
</p> |
|
801 |
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the |
|
802 |
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p> |
|
803 |
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading |
|
804 |
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading, |
|
805 |
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and |
|
806 |
external sites.</p> |
|
807 |
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p> |
|
808 |
<pre>{slider=Navigation} |
|
809 |
[[Main Page|Home]] |
|
810 |
[[Enano:Sidebar|Edit the sidebar]] |
|
811 |
{/slider}</pre> |
|
812 |
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you |
|
813 |
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are |
|
814 |
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the |
|
815 |
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the |
|
816 |
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p> |
|
817 |
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the |
|
818 |
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME. |
|
819 |
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and |
|
820 |
the "change theme" button can be added with $STYLE_LINK.</p> |
|
821 |
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p> |
|
822 |
<pre>{slider=$USERNAME} |
|
823 |
[[User:$USERNAME|User page]] |
|
824 |
[[Special:Contributions?user=$USERNAME|My Contributions]] |
|
825 |
{if user_logged_in} |
|
826 |
[[Special:Preferences|Preferences]] |
|
827 |
$THEME_LINK |
|
828 |
{/if} |
|
829 |
{if auth_admin} |
|
830 |
[[Special:Administration|Administration]] |
|
831 |
{/if} |
|
832 |
{if user_logged_in} |
|
833 |
$LOGOUT_LINK |
|
834 |
{/if} |
|
835 |
{!if user_logged_in} |
|
836 |
Create an account |
|
837 |
Log in |
|
838 |
{/if} |
|
839 |
{/slider}</pre> |
|
840 |
<?php |
|
841 |
} |
|
842 |
||
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
133
diff
changeset
|
843 |
/* |
0 | 844 |
function page_Admin_UserManager() { |
845 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
846 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
847 |
{ |
|
848 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
849 |
return; |
|
850 |
} |
|
851 |
||
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
852 |
if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) ) |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
853 |
{ |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
854 |
$_POST['go'] = true; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
855 |
$_POST['username'] = $_GET['user']; |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
856 |
} |
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
857 |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
858 |
if(isset($_POST['go'])) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
859 |
{ |
0 | 860 |
// We need the user ID before we can do anything |
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
861 |
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\''); |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
862 |
if ( !$q ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
863 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
864 |
die('Error selecting user ID: '.mysql_error()); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
865 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
866 |
if ( $db->numrows() < 1 ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
867 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
868 |
echo('User does not exist, please enter another username.'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
869 |
return; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
870 |
} |
0 | 871 |
$r = $db->fetchrow(); |
872 |
$db->free_result(); |
|
873 |
if(isset($_POST['save'])) |
|
874 |
{ |
|
875 |
$_POST['level'] = intval($_POST['level']); |
|
876 |
||
877 |
$new_level = $_POST['level']; |
|
878 |
$old_level = intval($r['user_level']); |
|
879 |
||
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
880 |
if ( defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
881 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
882 |
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
883 |
$re = Array('permission denied'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
884 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
885 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
886 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
887 |
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
888 |
} |
0 | 889 |
|
890 |
if($re == 'success') |
|
891 |
{ |
|
892 |
||
893 |
if ( $new_level != $old_level ) |
|
894 |
{ |
|
895 |
$user_id = intval($r['user_id']); |
|
896 |
// We need to update group memberships |
|
897 |
if ( $old_level == USER_LEVEL_ADMIN ) |
|
898 |
{ |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
899 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");'); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
900 |
if ( !$q ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
901 |
$db->_die(); |
0 | 902 |
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
903 |
} |
|
904 |
else if ( $old_level == USER_LEVEL_MOD ) |
|
905 |
{ |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
906 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");'); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
907 |
if ( !$q ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
908 |
$db->_die(); |
0 | 909 |
$session->remove_user_from_group($user_id, GROUP_ID_MOD); |
910 |
} |
|
911 |
||
912 |
if ( $new_level == USER_LEVEL_ADMIN ) |
|
913 |
{ |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
914 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");'); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
915 |
if ( !$q ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
916 |
$db->_die(); |
0 | 917 |
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
918 |
} |
|
919 |
else if ( $new_level == USER_LEVEL_MOD ) |
|
920 |
{ |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
921 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");'); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
922 |
if ( !$q ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
923 |
$db->_die(); |
0 | 924 |
$session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
925 |
} |
|
926 |
} |
|
927 |
||
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
928 |
// update account activation |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
929 |
if ( isset($_POST['account_active']) ) |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
930 |
{ |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
931 |
// activate account |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
932 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';'); |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
933 |
if ( !$q ) |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
934 |
$db->_die(); |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
935 |
} |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
936 |
else |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
937 |
{ |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
938 |
// deactivate account and throw away the old key |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
939 |
$actkey = sha1 ( microtime() . mt_rand() ); |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
940 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';'); |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
941 |
if ( !$q ) |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
942 |
$db->_die(); |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
943 |
} |
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
944 |
|
0 | 945 |
echo('<div class="info-box">Your changes have been saved.</div>'); |
946 |
} |
|
947 |
else |
|
948 |
{ |
|
949 |
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>'); |
|
950 |
} |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
951 |
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\''); |
0 | 952 |
if ( !$q ) |
953 |
{ |
|
954 |
die('Error selecting user ID: '.mysql_error()); |
|
955 |
} |
|
956 |
if($db->numrows($q) < 1) |
|
957 |
{ |
|
958 |
die('User does not exist, please enter another username.'); |
|
959 |
} |
|
960 |
$r = mysql_fetch_object($q); |
|
961 |
$db->free_result(); |
|
962 |
} |
|
963 |
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf'])) |
|
964 |
{ |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
965 |
if ( defined('ENANO_DEMO_MODE') ) |
0 | 966 |
{ |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
967 |
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>'; |
0 | 968 |
} |
969 |
else |
|
970 |
{ |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
971 |
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
972 |
if($q) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
973 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
974 |
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
975 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
976 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
977 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
978 |
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
979 |
} |
0 | 980 |
} |
981 |
} |
|
982 |
else |
|
983 |
{ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
984 |
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : ''; |
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
985 |
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : ''; |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
986 |
$meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : ''; |
0 | 987 |
echo(' |
988 |
<h3>Edit User Info</h3> |
|
989 |
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"> |
|
990 |
<table border="0" style="margin-left: 0.2in;"> |
|
991 |
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr> |
|
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
992 |
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr> |
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
130
diff
changeset
|
993 |
'.$meter.' |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
994 |
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
995 |
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
996 |
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . ' |
0 | 997 |
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr> |
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
89
diff
changeset
|
998 |
<tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr> |
0 | 999 |
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label> |
1000 |
<tr><td align="center" colspan="2"> |
|
1001 |
<input type="submit" name="save" value="Save Changes" /></td></tr> |
|
1002 |
</table> |
|
1003 |
</form> |
|
1004 |
'); |
|
1005 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1006 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1007 |
else if(isset($_POST['clearsessions'])) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1008 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1009 |
if ( defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1010 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1011 |
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1012 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1013 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1014 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1015 |
// Get the current session information so the user doesn't get logged out |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1016 |
$aes = new AESCrypt(); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1017 |
$sk = md5(strrev($session->sid_super)); |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1018 |
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1019 |
if ( !$qb ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1020 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1021 |
die('Error selecting session key info block B: '.$db->get_error()); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1022 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1023 |
if ( $db->numrows($qb) < 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1024 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1025 |
die('Error: cannot read admin session info block B, aborting table clear process'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1026 |
} |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1027 |
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1028 |
if ( !$qa ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1029 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1030 |
die('Error selecting session key info block A: '.$db->get_error()); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1031 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1032 |
if ( $db->numrows($qa) < 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1033 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1034 |
die('Error: cannot read user session info block A, aborting table clear process'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1035 |
} |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1036 |
$ra = mysql_fetch_object($qa); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1037 |
$rb = mysql_fetch_object($qb); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1038 |
$db->free_result($qa); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1039 |
$db->free_result($qb); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1040 |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1041 |
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1042 |
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )'); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1043 |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1044 |
echo(' |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1045 |
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div> |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1046 |
'); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
1047 |
} |
0 | 1048 |
} |
1049 |
echo(' |
|
1050 |
<h3>User Management</h3> |
|
1051 |
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
1052 |
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p> |
|
1053 |
<h3>Clear session keys table</h3> |
|
1054 |
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p> |
|
1055 |
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p> |
|
1056 |
</form> |
|
1057 |
'); |
|
1058 |
if(isset($_GET['action']) && isset($_GET['user'])) |
|
1059 |
{ |
|
1060 |
switch($_GET['action']) |
|
1061 |
{ |
|
1062 |
case "activate": |
|
1063 |
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
|
1064 |
if($e) |
|
1065 |
{ |
|
1066 |
$row = $db->fetchrow(); |
|
1067 |
$db->free_result(); |
|
1068 |
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
|
1069 |
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>'; |
|
1070 |
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>'; |
|
1071 |
break; |
|
1072 |
case "sendemail": |
|
1073 |
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
|
1074 |
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>'; |
|
1075 |
break; |
|
1076 |
case "deny": |
|
1077 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';'); |
|
1078 |
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>'; |
|
1079 |
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>'; |
|
1080 |
break; |
|
1081 |
} |
|
1082 |
} |
|
30 | 1083 |
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l |
1084 |
LEFT JOIN '.table_prefix.'users AS u |
|
1085 |
ON ( u.username = l.edit_summary OR u.username IS NULL ) |
|
1086 |
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); |
|
0 | 1087 |
if($q) |
1088 |
{ |
|
1089 |
if($db->numrows() > 0) |
|
1090 |
{ |
|
1091 |
$n = $db->numrows(); |
|
1092 |
if($n == 1) $s = $n . ' user is'; |
|
1093 |
else $s = $n . ' users are'; |
|
1094 |
echo '<h3>'.$s . ' awaiting account activation</h3>'; |
|
1095 |
echo '<div class="tblholder"> |
|
1096 |
<table border="0" cellspacing="1" cellpadding="4" width="100%"> |
|
30 | 1097 |
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>'; |
0 | 1098 |
$cls = 'row2'; |
1099 |
while($row = $db->fetchrow()) |
|
1100 |
{ |
|
1101 |
if($cls == 'row2') $cls = 'row1'; |
|
1102 |
else $cls = 'row2'; |
|
30 | 1103 |
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No'; |
1104 |
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>'; |
|
0 | 1105 |
} |
1106 |
echo '</table>'; |
|
1107 |
} |
|
1108 |
$db->free_result(); |
|
1109 |
} |
|
1110 |
} |
|
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
parents:
133
diff
changeset
|
1111 |
*/ |
0 | 1112 |
|
1113 |
function page_Admin_GroupManager() |
|
1114 |
{ |
|
1115 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1116 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1117 |
{ |
|
1118 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1119 |
return; |
|
1120 |
} |
|
1121 |
||
1122 |
if(isset($_POST['do_create_stage1'])) |
|
1123 |
{ |
|
1124 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
1125 |
{ |
|
1126 |
echo '<p>The group name you chose is invalid.</p>'; |
|
1127 |
return; |
|
1128 |
} |
|
1129 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1130 |
echo '<div class="tblholder"> |
|
1131 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1132 |
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr> |
|
1133 |
<tr> |
|
1134 |
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td> |
|
1135 |
</tr> |
|
1136 |
<tr><td class="row2">Group status</td><td class="row2"> |
|
1137 |
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br /> |
|
1138 |
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br /> |
|
1139 |
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br /> |
|
1140 |
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label> |
|
1141 |
</td></tr> |
|
1142 |
<tr> |
|
1143 |
<th class="subhead" colspan="2"> |
|
1144 |
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" /> |
|
1145 |
<input type="submit" name="do_create_stage2" value="Create group" /> |
|
1146 |
</th> |
|
1147 |
</tr> |
|
1148 |
</table> |
|
1149 |
</div>'; |
|
1150 |
echo '</form>'; |
|
1151 |
return; |
|
1152 |
} |
|
1153 |
elseif(isset($_POST['do_create_stage2'])) |
|
1154 |
{ |
|
1155 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
1156 |
{ |
|
1157 |
echo '<p>The group name you chose is invalid.</p>'; |
|
1158 |
return; |
|
1159 |
} |
|
1160 |
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
1161 |
{ |
|
1162 |
echo '<p>Hacking attempt</p>'; |
|
1163 |
return; |
|
1164 |
} |
|
1165 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
1166 |
if(!$e) |
|
1167 |
{ |
|
1168 |
echo $db->get_error(); |
|
1169 |
return; |
|
1170 |
} |
|
1171 |
if($db->numrows() > 0) |
|
1172 |
{ |
|
1173 |
echo '<p>The group name you entered already exists.</p>'; |
|
1174 |
return; |
|
1175 |
} |
|
1176 |
$db->free_result(); |
|
1177 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); |
|
1178 |
if(!$q) |
|
1179 |
{ |
|
1180 |
echo $db->get_error(); |
|
1181 |
return; |
|
1182 |
} |
|
1183 |
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); |
|
1184 |
if(!$e) |
|
1185 |
{ |
|
1186 |
echo $db->get_error(); |
|
1187 |
return; |
|
1188 |
} |
|
1189 |
if($db->numrows() < 1) |
|
1190 |
{ |
|
1191 |
echo '<p>The username you entered could not be found.</p>'; |
|
1192 |
return; |
|
1193 |
} |
|
1194 |
$row = $db->fetchrow(); |
|
1195 |
$id = $row['user_id']; |
|
1196 |
$db->free_result(); |
|
1197 |
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
1198 |
if(!$e) |
|
1199 |
{ |
|
1200 |
echo $db->get_error(); |
|
1201 |
return; |
|
1202 |
} |
|
1203 |
if($db->numrows() < 1) |
|
1204 |
{ |
|
1205 |
echo '<p>The group ID could not be looked up.</p>'; |
|
1206 |
return; |
|
1207 |
} |
|
1208 |
$row = $db->fetchrow(); |
|
1209 |
$gid = $row['group_id']; |
|
1210 |
$db->free_result(); |
|
1211 |
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); |
|
1212 |
if(!$e) |
|
1213 |
{ |
|
1214 |
echo $db->get_error(); |
|
1215 |
return; |
|
1216 |
} |
|
1217 |
echo "<div class='info-box'> |
|
1218 |
<b>Information</b><br /> |
|
1219 |
The group {$_POST['create_group_name']} has been created successfully. |
|
1220 |
</div>"; |
|
1221 |
} |
|
1222 |
if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) |
|
1223 |
{ |
|
1224 |
// Fetch the group name |
|
1225 |
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1226 |
if(!$q) |
|
1227 |
{ |
|
1228 |
echo $db->get_error(); |
|
1229 |
return; |
|
1230 |
} |
|
1231 |
if($db->numrows() < 1) |
|
1232 |
{ |
|
1233 |
echo '<p>Error: couldn\'t look up group name</p>'; |
|
1234 |
} |
|
1235 |
$row = $db->fetchrow(); |
|
1236 |
$name = $row['group_name']; |
|
1237 |
$db->free_result(); |
|
1238 |
if(isset($_POST['edit_do'])) |
|
1239 |
{ |
|
1240 |
if(isset($_POST['edit_do']['del_group'])) |
|
1241 |
{ |
|
1242 |
if ( $row['system_group'] == 1 ) |
|
1243 |
{ |
|
1244 |
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>'; |
|
1245 |
} |
|
1246 |
else |
|
1247 |
{ |
|
1248 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1249 |
if(!$q) |
|
1250 |
{ |
|
1251 |
echo $db->get_error(); |
|
1252 |
return; |
|
1253 |
} |
|
1254 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1255 |
if(!$q) |
|
1256 |
{ |
|
1257 |
echo $db->get_error(); |
|
1258 |
return; |
|
1259 |
} |
|
1260 |
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>'; |
|
1261 |
return; |
|
1262 |
} |
|
1263 |
} |
|
1264 |
if(isset($_POST['edit_do']['save_name'])) |
|
1265 |
{ |
|
1266 |
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) |
|
1267 |
{ |
|
1268 |
echo '<p>The group name you chose is invalid.</p>'; |
|
1269 |
return; |
|
1270 |
} |
|
1271 |
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' |
|
1272 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1273 |
if(!$q) |
|
1274 |
{ |
|
1275 |
echo $db->get_error(); |
|
1276 |
return; |
|
1277 |
} |
|
1278 |
else |
|
1279 |
{ |
|
1280 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1281 |
The group name has been updated. |
|
1282 |
</div>'; |
|
1283 |
} |
|
1284 |
$name = $_POST['group_name']; |
|
1285 |
||
1286 |
} |
|
1287 |
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members |
|
1288 |
WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1289 |
if(!$q) |
|
1290 |
{ |
|
1291 |
echo $db->get_error(); |
|
1292 |
return; |
|
1293 |
} |
|
1294 |
if($db->numrows() > 0) |
|
1295 |
{ |
|
1296 |
while($row = $db->fetchrow($q)) |
|
1297 |
{ |
|
1298 |
if(isset($_POST['edit_do']['del_' . $row['member_id']])) |
|
1299 |
{ |
|
1300 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); |
|
1301 |
if(!$e) |
|
1302 |
{ |
|
1303 |
echo $db->get_error(); |
|
1304 |
return; |
|
1305 |
} |
|
1306 |
} |
|
1307 |
} |
|
1308 |
} |
|
1309 |
$db->free_result(); |
|
1310 |
if(isset($_POST['edit_do']['add_member'])) |
|
1311 |
{ |
|
1312 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); |
|
1313 |
if(!$q) |
|
1314 |
{ |
|
1315 |
echo $db->get_error(); |
|
1316 |
return; |
|
1317 |
} |
|
1318 |
if($db->numrows() > 0) |
|
1319 |
{ |
|
1320 |
$row = $db->fetchrow(); |
|
1321 |
$user_id = $row['user_id']; |
|
1322 |
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; |
|
1323 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); |
|
1324 |
if(!$q) |
|
1325 |
{ |
|
1326 |
echo $db->get_error(); |
|
1327 |
return; |
|
1328 |
} |
|
1329 |
else |
|
1330 |
{ |
|
1331 |
echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1332 |
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup. |
|
1333 |
</div>'; |
|
1334 |
} |
|
1335 |
} |
|
1336 |
else |
|
1337 |
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>'; |
|
1338 |
} |
|
1339 |
} |
|
1340 |
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" '; |
|
1341 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1342 |
echo '<div class="tblholder"> |
|
1343 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1344 |
<tr><th>Edit group name</th></tr> |
|
1345 |
<tr> |
|
1346 |
<td class="row1"> |
|
1347 |
Group name: <input type="text" name="group_name" value="'.$name.'" /> |
|
1348 |
</td> |
|
1349 |
</tr> |
|
1350 |
<tr> |
|
1351 |
<th class="subhead"> |
|
1352 |
<input type="submit" name="edit_do[save_name]" value="Save name" /> |
|
1353 |
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> |
|
1354 |
</th> |
|
1355 |
</tr> |
|
1356 |
</table> |
|
1357 |
</div> |
|
1358 |
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1359 |
echo '</form>'; |
|
1360 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1361 |
echo '<div class="tblholder"> |
|
1362 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1363 |
<tr><th colspan="3">Edit group members</th></tr>'; |
|
1364 |
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m |
|
1365 |
LEFT JOIN '.table_prefix.'users AS u |
|
1366 |
ON u.user_id=m.user_id |
|
1367 |
WHERE m.group_id='.intval($_POST['group_edit_id']).' |
|
1368 |
ORDER BY m.is_mod DESC, u.username ASC;'); |
|
1369 |
if(!$q) |
|
1370 |
{ |
|
1371 |
echo $db->get_error(); |
|
1372 |
return; |
|
1373 |
} |
|
1374 |
if($db->numrows() < 1) |
|
1375 |
{ |
|
1376 |
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>'; |
|
1377 |
} |
|
1378 |
else |
|
1379 |
{ |
|
1380 |
$cls = 'row2'; |
|
1381 |
while($row = $db->fetchrow()) |
|
1382 |
{ |
|
1383 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1384 |
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : ''; |
|
1385 |
echo '<tr> |
|
1386 |
<td class="'.$cls.'" style="width: 100%;"> |
|
1387 |
' . $row['username'] . ' |
|
1388 |
</td> |
|
1389 |
<td class="'.$cls.'"> |
|
1390 |
'.$mod.' |
|
1391 |
</td> |
|
1392 |
<td class="'.$cls.'"> |
|
1393 |
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" /> |
|
1394 |
</td> |
|
1395 |
</tr>'; |
|
1396 |
} |
|
1397 |
} |
|
1398 |
$db->free_result(); |
|
1399 |
echo '</table> |
|
1400 |
</div> |
|
1401 |
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1402 |
echo '</form>'; |
|
1403 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1404 |
echo '<div class="tblholder"> |
|
1405 |
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1406 |
<tr> |
|
1407 |
<th>Add a new member</th> |
|
1408 |
</tr> |
|
1409 |
<tr> |
|
1410 |
<td class="row1"> |
|
1411 |
Username: ' . $template->username_field('edit_add_username') . ' |
|
1412 |
</td> |
|
1413 |
</tr> |
|
1414 |
<tr> |
|
1415 |
<td class="row2"> |
|
1416 |
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members) |
|
1417 |
</td> |
|
1418 |
</tr> |
|
1419 |
<tr> |
|
1420 |
<th class="subhead"> |
|
1421 |
<input type="submit" name="edit_do[add_member]" value="Add user to group" /> |
|
1422 |
</th> |
|
1423 |
</tr> |
|
1424 |
</table> |
|
1425 |
</div> |
|
1426 |
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1427 |
echo '</form>'; |
|
1428 |
return; |
|
1429 |
} |
|
1430 |
echo '<h3>Manage Usergroups</h3>'; |
|
1431 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1432 |
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
1433 |
if(!$q) |
|
1434 |
{ |
|
1435 |
echo $db->get_error(); |
|
1436 |
} |
|
1437 |
else |
|
1438 |
{ |
|
1439 |
echo '<div class="tblholder"> |
|
1440 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1441 |
<tr> |
|
1442 |
<th>Edit an existing group</th> |
|
1443 |
</tr>'; |
|
1444 |
echo '<tr><td class="row2"><select name="group_edit_id">'; |
|
1445 |
while ( $row = $db->fetchrow() ) |
|
1446 |
{ |
|
1447 |
if ( $row['group_name'] != 'Everyone' ) |
|
1448 |
{ |
|
1449 |
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; |
|
1450 |
} |
|
1451 |
} |
|
1452 |
$db->free_result(); |
|
1453 |
echo '</select></td></tr>'; |
|
1454 |
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr> |
|
1455 |
</table> |
|
1456 |
</div> |
|
1457 |
</form><br />'; |
|
1458 |
} |
|
1459 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1460 |
echo '<div class="tblholder"> |
|
1461 |
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1462 |
<tr> |
|
1463 |
<th colspan="2">Create a new group</th> |
|
1464 |
</tr>'; |
|
1465 |
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; |
|
1466 |
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr> |
|
1467 |
</table> |
|
1468 |
</div>'; |
|
1469 |
echo '</form>'; |
|
1470 |
} |
|
1471 |
||
30 | 1472 |
function page_Admin_COPPA() |
1473 |
{ |
|
1474 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1475 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1476 |
{ |
|
1477 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1478 |
return; |
|
1479 |
} |
|
1480 |
||
1481 |
echo '<h2>Background information</h2>'; |
|
1482 |
echo '<p> |
|
1483 |
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards |
|
1484 |
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected |
|
1485 |
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano |
|
1486 |
provides an easy way to allow you, as the website administrator, to obtain this authorization. |
|
1487 |
</p>'; |
|
1488 |
||
1489 |
// Start form |
|
1490 |
||
1491 |
if ( isset($_POST['coppa_address']) ) |
|
1492 |
{ |
|
1493 |
// Saving changes |
|
1494 |
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0'; |
|
1495 |
setConfig('enable_coppa', $enable_coppa); |
|
1496 |
||
1497 |
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false); |
|
1498 |
setConfig('coppa_address', $address); |
|
1499 |
||
1500 |
echo '<div class="info-box">Your changes have been saved.</div>'; |
|
1501 |
} |
|
1502 |
||
1503 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">'; |
|
1504 |
||
1505 |
echo '<div class="tblholder">'; |
|
1506 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
1507 |
echo '<tr> |
|
1508 |
<th colspan="2"> |
|
1509 |
COPPA support |
|
1510 |
</th> |
|
1511 |
</tr>'; |
|
1512 |
||
1513 |
echo '<tr> |
|
1514 |
<td class="row1"> |
|
1515 |
Enable COPPA support: |
|
1516 |
</td> |
|
1517 |
<td class="row2"> |
|
1518 |
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br /> |
|
1519 |
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small> |
|
1520 |
</td> |
|
1521 |
</tr>'; |
|
1522 |
||
1523 |
echo '<tr> |
|
1524 |
<td class="row1"> |
|
1525 |
Your mailing address:<br /> |
|
1526 |
<small>This is the address to which parents will send authorization forms.</small> |
|
1527 |
</td> |
|
1528 |
<td class="row2"> |
|
1529 |
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea> |
|
1530 |
</td> |
|
1531 |
</tr>'; |
|
1532 |
||
1533 |
echo '<tr> |
|
1534 |
<th colspan="2" class="subhead"> |
|
1535 |
<input type="submit" value="Save changes" /> |
|
1536 |
</th> |
|
1537 |
</tr>'; |
|
1538 |
||
1539 |
echo '</table>'; |
|
1540 |
||
1541 |
echo '</form>'; |
|
1542 |
||
1543 |
} |
|
1544 |
||
0 | 1545 |
function page_Admin_PageManager() |
1546 |
{ |
|
1547 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1548 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1549 |
{ |
|
1550 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1551 |
return; |
|
1552 |
} |
|
1553 |
||
1554 |
||
1555 |
echo '<h2>Page management</h2>'; |
|
1556 |
||
1557 |
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) { |
|
1558 |
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms... |
|
1559 |
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false; |
|
1560 |
if ( $source == 'ajax' ) |
|
1561 |
{ |
|
1562 |
$_POST['search'] = true; |
|
1563 |
$_POST['page_url'] = $_GET['page_id']; |
|
1564 |
} |
|
1565 |
if(isset($_POST['search'])) $pid = $_POST['page_url']; |
|
1566 |
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url']; |
|
1567 |
else { echo 'Internal error selecting page search terms'; return false; } |
|
1568 |
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
1569 |
$k = array_keys($paths->nslist); |
|
1570 |
for($i=0;$i<sizeof($paths->nslist);$i++) |
|
1571 |
{ |
|
1572 |
$ln = strlen($paths->nslist[$k[$i]]); |
|
1573 |
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]]) |
|
1574 |
{ |
|
1575 |
$ns = $k[$i]; |
|
1576 |
$page_id = substr($pid, $ln, strlen($pid)); |
|
1577 |
} |
|
1578 |
} |
|
1579 |
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id |
|
1580 |
// Now, iterate through $paths->pages searching for a page with this name or ID |
|
1581 |
for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1582 |
{ |
|
1583 |
if(!isset($final_pid)) |
|
1584 |
{ |
|
1585 |
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id); |
|
1586 |
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1587 |
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1588 |
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1589 |
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; } |
|
1590 |
} |
|
1591 |
} |
|
1592 |
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1593 |
$_POST['namespace'] = $ns; |
|
1594 |
$_POST['old_namespace'] = $ns; |
|
1595 |
$_POST['page_id'] = $final_pid; |
|
1596 |
$_POST['old_page_id'] = $final_pid; |
|
1597 |
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1598 |
} |
|
1599 |
||
1600 |
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel'])) |
|
1601 |
{ |
|
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
1602 |
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']]; |
0 | 1603 |
if(isset($_POST['submit'])) |
1604 |
{ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1605 |
switch(true) |
0 | 1606 |
{ |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1607 |
case true: |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1608 |
// Create a list of things to update |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1609 |
$page_info = Array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1610 |
'name'=>$_POST['name'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1611 |
'urlname'=>sanitize_page_id($_POST['page_id']), |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1612 |
'namespace'=>$_POST['namespace'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1613 |
'special'=>isset($_POST['special']) ? '1' : '0', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1614 |
'visible'=>isset($_POST['visible']) ? '1' : '0', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1615 |
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1616 |
'protected'=>isset($_POST['protected']) ? '1' : '0' |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1617 |
); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1618 |
|
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
1619 |
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] ); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1620 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1621 |
if ( !isset($paths->nslist[ $page_info['namespace'] ]) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1622 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1623 |
echo '<div class="error-box">The namespace you selected is not properly registered.</div>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1624 |
break; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1625 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1626 |
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1627 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1628 |
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1629 |
break; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1630 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1631 |
// Build the query |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1632 |
$q = 'UPDATE '.table_prefix.'pages SET '; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1633 |
$k = array_keys($page_info); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1634 |
foreach($k as $c) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1635 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1636 |
$q .= $c.'=\''.$db->escape($page_info[$c]).'\','; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1637 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1638 |
$q = substr($q, 0, strlen($q)-1); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1639 |
// Build the WHERE statements |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1640 |
$q .= ' WHERE '; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1641 |
$k = array_keys($cpage); |
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
37
diff
changeset
|
1642 |
if ( !isset($cpage) ) |
110 | 1643 |
die('[internal] no cpage'); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1644 |
foreach($k as $c) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1645 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1646 |
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected') |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1647 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1648 |
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND '; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1649 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1650 |
else if($c == 'urlname') |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1651 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1652 |
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND '; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1653 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1654 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1655 |
// Trim off the last " AND " and append a semicolon |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1656 |
$q = substr($q, 0, strlen($q)-5) . ';'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1657 |
// Send the completed query to MySQL |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1658 |
$e = $db->sql_query($q); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1659 |
if(!$e) $db->_die('The page data could not be updated.'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1660 |
// Update any additional tables |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1661 |
$q = Array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1662 |
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1663 |
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1664 |
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1665 |
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
72
bda11e521e8a
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Dan
parents:
61
diff
changeset
|
1666 |
'UPDATE '.table_prefix.'acl SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';' |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1667 |
); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1668 |
foreach($q as $cq) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1669 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1670 |
$e = $db->sql_query($cq); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1671 |
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1672 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1673 |
// Update $cpage |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1674 |
$cpage = $page_info; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1675 |
$cpage['urlname_nons'] = $cpage['urlname']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1676 |
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1677 |
$_POST['old_page_id'] = $page_info['urlname']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1678 |
$_POST['old_namespace'] = $page_info['namespace']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1679 |
echo '<div class="info-box">Your changes have been saved.</div>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1680 |
break; |
0 | 1681 |
} |
1682 |
} elseif(isset($_POST['delete'])) { |
|
1683 |
$q = Array( |
|
1684 |
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1685 |
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1686 |
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1687 |
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1688 |
); |
|
1689 |
foreach($q as $cq) |
|
1690 |
{ |
|
1691 |
$e = $db->sql_query($cq); |
|
1692 |
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); |
|
1693 |
} |
|
1694 |
||
1695 |
if(!$db->sql_query( |
|
1696 |
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";' |
|
1697 |
)) $db->_die('The page could not be deleted.'); |
|
1698 |
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>'; |
|
1699 |
return; |
|
1700 |
} |
|
130
c4ce1640e1f4
Fixed unwanted sanitization in Admin:PageManager form submit
Dan
parents:
128
diff
changeset
|
1701 |
$url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true); |
c4ce1640e1f4
Fixed unwanted sanitization in Admin:PageManager form submit
Dan
parents:
128
diff
changeset
|
1702 |
echo '<form action="'.$url.'" method="post">'; |
0 | 1703 |
?> |
89 | 1704 |
<h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3> |
0 | 1705 |
<table border="0"> |
1706 |
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr> |
|
89 | 1707 |
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr> |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
20
diff
changeset
|
1708 |
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr> |
0 | 1709 |
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr> |
1710 |
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr> |
|
1711 |
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr> |
|
1712 |
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr> |
|
1713 |
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr> |
|
1714 |
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr> |
|
1715 |
<tr><td colspan="2" style="text-align: right;"> |
|
1716 |
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" /> |
|
1717 |
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" /> |
|
1718 |
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr> |
|
1719 |
</table> |
|
1720 |
<?php |
|
1721 |
echo '</form>'; |
|
1722 |
} else { |
|
1723 |
echo '<h3>Please select a page</h3>'; |
|
1724 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1725 |
?> |
|
1726 |
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p> |
|
1727 |
<p>Select page title from a list: <select name="page_force_url"> |
|
1728 |
<?php |
|
1729 |
for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1730 |
{ |
|
89 | 1731 |
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.htmlspecialchars($paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name']).'</option>'."\n"; |
0 | 1732 |
} |
1733 |
?> |
|
1734 |
</select> <input type="submit" name="select" value="Select" /></p> |
|
1735 |
<?php |
|
1736 |
echo '</form>'; |
|
1737 |
||
1738 |
} |
|
1739 |
} |
|
1740 |
||
1741 |
function page_Admin_PageEditor() |
|
1742 |
{ |
|
1743 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1744 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1745 |
{ |
|
1746 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1747 |
return; |
|
1748 |
} |
|
1749 |
||
1750 |
||
1751 |
echo '<h2>Edit page content</h2>'; |
|
1752 |
||
1753 |
if(isset($_POST['search']) || isset($_POST['select'])) { |
|
1754 |
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms... |
|
1755 |
if(isset($_POST['search'])) $pid = $_POST['page_url']; |
|
1756 |
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url']; |
|
1757 |
else { echo 'Internal error selecting page search terms'; return false; } |
|
1758 |
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
1759 |
$k = array_keys($paths->nslist); |
|
1760 |
for($i=0;$i<sizeof($paths->nslist);$i++) |
|
1761 |
{ |
|
1762 |
$ln = strlen($paths->nslist[$k[$i]]); |
|
1763 |
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]]) |
|
1764 |
{ |
|
1765 |
$ns = $k[$i]; |
|
1766 |
$page_id = substr($pid, $ln, strlen($pid)); |
|
1767 |
} |
|
1768 |
} |
|
1769 |
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id |
|
1770 |
// Now, iterate through $paths->pages searching for a page with this name or ID |
|
1771 |
for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1772 |
{ |
|
1773 |
if(!isset($final_pid)) |
|
1774 |
{ |
|
1775 |
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id); |
|
1776 |
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1777 |
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1778 |
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1779 |
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; } |
|
1780 |
} |
|
1781 |
} |
|
1782 |
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1783 |
$_POST['namespace'] = $ns; |
|
1784 |
$_POST['page_id'] = $final_pid; |
|
1785 |
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1786 |
} |
|
1787 |
||
1788 |
if(isset($_POST['page_id']) && !isset($_POST['cancel'])) |
|
1789 |
{ |
|
1790 |
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
|
1791 |
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false); |
|
1792 |
else $content = $_POST['content']; |
|
1793 |
if(isset($_POST['save'])) |
|
1794 |
{ |
|
1795 |
$data = $content; |
|
1796 |
$id = md5( microtime() . mt_rand() ); |
|
1797 |
||
1798 |
$minor = isset($_POST['minor']) ? 'true' : 'false'; |
|
1799 |
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');'; |
|
1800 |
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
|
1801 |
||
1802 |
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';'; |
|
1803 |
$e = $db->sql_query($query); |
|
1804 |
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>'; |
|
1805 |
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>'; |
|
1806 |
} elseif(isset($_POST['preview'])) { |
|
1807 |
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>'; |
|
1808 |
} |
|
1809 |
?> |
|
1810 |
<p> |
|
1811 |
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br /> |
|
1812 |
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br /> |
|
1813 |
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label> |
|
1814 |
</p> |
|
1815 |
<p> |
|
1816 |
<input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" /> |
|
1817 |
<input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" /> |
|
1818 |
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" /> |
|
1819 |
</p> |
|
1820 |
<?php |
|
1821 |
echo '</form>'; |
|
1822 |
} else { |
|
1823 |
echo '<h3>Please select a page</h3>'; |
|
1824 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1825 |
?> |
|
1826 |
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p> |
|
1827 |
<p>Select page title from a list: <select name="page_force_url"> |
|
1828 |
<?php |
|
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
72
diff
changeset
|
1829 |
for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ ) |
0 | 1830 |
{ |
1831 |
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n"; |
|
1832 |
} |
|
1833 |
?> |
|
1834 |
</select> <input type="submit" name="select" value="Select" /></p> |
|
1835 |
<?php |
|
1836 |
echo '</form>'; |
|
1837 |
} |
|
1838 |
} |
|
1839 |
||
1840 |
function page_Admin_ThemeManager() |
|
1841 |
{ |
|
1842 |
||
1843 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1844 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1845 |
{ |
|
1846 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1847 |
return; |
|
1848 |
} |
|
1849 |
||
1850 |
||
1851 |
// Get the list of styles in the themes/ dir |
|
1852 |
$h = opendir('./themes'); |
|
1853 |
$l = Array(); |
|
1854 |
if(!$h) die('Error opening directory "./themes" for reading.'); |
|
1855 |
while(false !== ($n = readdir($h))) { |
|
1856 |
if($n != '.' && $n != '..' && is_dir('./themes/'.$n)) |
|
1857 |
$l[] = $n; |
|
1858 |
} |
|
1859 |
closedir($h); |
|
1860 |
echo(' |
|
1861 |
<h3>Theme Management</h3> |
|
1862 |
<p>Install, uninstall, and manage Enano themes.</p> |
|
1863 |
'); |
|
1864 |
if(isset($_POST['disenable'])) { |
|
1865 |
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1866 |
$s = $db->sql_query($q); |
|
1867 |
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1868 |
$r = $db->fetchrow_num($s); |
|
1869 |
$db->free_result(); |
|
1870 |
if($r[0] == 1) $e = 0; |
|
1871 |
else $e = 1; |
|
1872 |
$s=true; |
|
1873 |
if($e==0) |
|
1874 |
{ |
|
1875 |
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1'); |
|
1876 |
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.'); |
|
1877 |
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; } |
|
1878 |
} |
|
1879 |
$db->free_result(); |
|
1880 |
if($s) { |
|
1881 |
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1882 |
$a = $db->sql_query($q); |
|
1883 |
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1884 |
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>'); |
|
1885 |
} |
|
1886 |
} |
|
1887 |
elseif(isset($_POST['edit'])) { |
|
1888 |
||
1889 |
$dir = './themes/'.$_POST['theme_id'].'/css/'; |
|
1890 |
$list = Array(); |
|
1891 |
// Open a known directory, and proceed to read its contents |
|
1892 |
if (is_dir($dir)) { |
|
1893 |
if ($dh = opendir($dir)) { |
|
1894 |
while (($file = readdir($dh)) !== false) { |
|
1895 |
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { |
|
1896 |
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4)); |
|
1897 |
} |
|
1898 |
} |
|
1899 |
closedir($dh); |
|
1900 |
} |
|
1901 |
} |
|
1902 |
$lk = array_keys($list); |
|
1903 |
||
1904 |
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1905 |
$s = $db->sql_query($q); |
|
1906 |
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1907 |
$r = $db->fetchrow_num($s); |
|
1908 |
$db->free_result(); |
|
1909 |
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'); |
|
1910 |
echo('<div class="question-box"> |
|
1911 |
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br /> |
|
1912 |
Default stylesheet: <select name="defaultcss">'); |
|
1913 |
foreach ($lk as $l) |
|
1914 |
{ |
|
1915 |
if($r[1] == $l) $v = ' selected="selected"'; |
|
1916 |
else $v = ''; |
|
1917 |
echo "<option value='{$l}'$v>{$list[$l]}</option>"; |
|
1918 |
} |
|
1919 |
echo('</select><br /><br /> |
|
1920 |
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" /> |
|
1921 |
</div>'); |
|
1922 |
echo('</form>'); |
|
1923 |
} |
|
1924 |
elseif(isset($_POST['editsave'])) { |
|
1925 |
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1926 |
$s = $db->sql_query($q); |
|
1927 |
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1928 |
else echo('<div class="info-box">Theme data updated.</div>'); |
|
1929 |
} |
|
1930 |
elseif(isset($_POST['up'])) { |
|
1931 |
// If there is only one theme or if the selected theme is already at the top, do nothing |
|
1932 |
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;'; |
|
1933 |
$s = $db->sql_query($q); |
|
1934 |
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1935 |
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1936 |
$sn = $db->sql_query($q); |
|
1937 |
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1938 |
$r = $db->fetchrow_num($sn); |
|
1939 |
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else { |
|
1940 |
// Get the order IDs of the selected theme and the theme before it |
|
1941 |
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1942 |
$s = $db->sql_query($q); |
|
1943 |
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1944 |
$r = $db->fetchrow_num($s); |
|
1945 |
$r = $r[0]; |
|
1946 |
$rb = $r - 1; |
|
1947 |
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;) |
|
1948 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1949 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1950 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1951 |
echo('<div class="info-box">Theme moved up.</div>'); |
|
1952 |
} |
|
1953 |
$db->free_result($s); |
|
1954 |
$db->free_result($sn); |
|
1955 |
} |
|
1956 |
elseif(isset($_POST['down'])) { |
|
1957 |
// If there is only one theme or if the selected theme is already at the top, do nothing |
|
1958 |
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;'; |
|
1959 |
$s = $db->sql_query($q); |
|
1960 |
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1961 |
$r = $db->fetchrow_num($s); |
|
1962 |
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else { |
|
1963 |
// Get the order IDs of the selected theme and the theme before it |
|
1964 |
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1965 |
$s = $db->sql_query($q); |
|
1966 |
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1967 |
$r = $db->fetchrow_num($s); |
|
1968 |
$r = $r[0]; |
|
1969 |
$rb = $r + 1; |
|
1970 |
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;) |
|
1971 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1972 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1973 |
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1974 |
echo('<div class="info-box">Theme moved down.</div>'); |
|
1975 |
} |
|
1976 |
} |
|
1977 |
else if(isset($_POST['uninstall'])) |
|
1978 |
{ |
|
1979 |
$q = 'SELECT * FROM '.table_prefix.'themes;'; |
|
1980 |
$s = $db->sql_query($q); |
|
1981 |
if ( !$s ) |
|
1982 |
{ |
|
1983 |
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1984 |
} |
|
1985 |
$n = $db->numrows($s); |
|
1986 |
$db->free_result(); |
|
1987 |
||
1988 |
if ( $_POST['theme_id'] == 'oxygen' ) |
|
1989 |
{ |
|
1990 |
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>'; |
|
1991 |
} |
|
1992 |
else |
|
1993 |
{ |
|
1994 |
if($n < 2) |
|
1995 |
{ |
|
1996 |
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>'; |
|
1997 |
} |
|
1998 |
else |
|
1999 |
{ |
|
2000 |
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;'; |
|
2001 |
$s = $db->sql_query($q); |
|
2002 |
if ( !$s ) |
|
2003 |
{ |
|
2004 |
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
2005 |
} |
|
2006 |
else |
|
2007 |
{ |
|
2008 |
echo('<div class="info-box">Theme uninstalled.</div>'); |
|
2009 |
} |
|
2010 |
} |
|
2011 |
} |
|
2012 |
} |
|
2013 |
elseif(isset($_POST['install'])) { |
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2014 |
$q = 'SELECT theme_id FROM '.table_prefix.'themes;'; |
0 | 2015 |
$s = $db->sql_query($q); |
2016 |
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
2017 |
$n = $db->numrows($s); |
|
2018 |
$n++; |
|
2019 |
$theme_id = $_POST['theme_id']; |
|
2020 |
$theme = Array(); |
|
2021 |
include('./themes/'.$theme_id.'/theme.cfg'); |
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2022 |
if ( !isset($theme['theme_id']) ) |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2023 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2024 |
echo '<div class="error-box">Could not load theme.cfg (theme metadata file)</div>'; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2025 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2026 |
else |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2027 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2028 |
$default_style = false; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2029 |
if ( $dh = opendir('./themes/' . $theme_id . '/css') ) |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2030 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2031 |
while ( $file = readdir($dh) ) |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2032 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2033 |
if ( $file != '_printable.css' && preg_match('/\.css$/i', $file) ) |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2034 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2035 |
$default_style = $file; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2036 |
break; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2037 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2038 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2039 |
closedir($dh); |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2040 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2041 |
else |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2042 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2043 |
die('The /css subdirectory could not be located in the theme\'s directory'); |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2044 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2045 |
|
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2046 |
if ( $default_style ) |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2047 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2048 |
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled,default_style) VALUES(\''.$db->escape($theme['theme_id']).'\', \''.$db->escape($theme['theme_name']).'\', '.$n.', 1, \'' . $db->escape($default_style) . '\')'; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2049 |
$s = $db->sql_query($q); |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2050 |
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2051 |
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>'); |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2052 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2053 |
else |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2054 |
{ |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2055 |
echo '<div class="error-box">Could not determine the default style for the theme.</div>'; |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2056 |
} |
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
74
diff
changeset
|
2057 |
} |
0 | 2058 |
} |
2059 |
echo(' |
|
2060 |
<h3>Currently installed themes</h3> |
|
2061 |
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"> |
|
2062 |
<p> |
|
2063 |
<select name="theme_id"> |
|
2064 |
'); |
|
2065 |
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order'; |
|
2066 |
$s = $db->sql_query($q); |
|
2067 |
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q); |
|
2068 |
while ( $r = $db->fetchrow_num($s) ) { |
|
2069 |
if($r[2] < 1) $r[1] .= ' (disabled)'; |
|
2070 |
echo('<option value="'.$r[0].'">'.$r[1].'</option>'); |
|
2071 |
} |
|
2072 |
$db->free_result(); |
|
2073 |
echo(' |
|
2074 |
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" /> |
|
2075 |
</p> |
|
2076 |
</form> |
|
2077 |
<h3>Install a new theme</h3> |
|
2078 |
'); |
|
2079 |
$theme = Array(); |
|
2080 |
$obb = ''; |
|
2081 |
for($i=0;$i<sizeof($l);$i++) { |
|
2082 |
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) { |
|
2083 |
include('./themes/'.$l[$i].'/theme.cfg'); |
|
2084 |
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\''; |
|
2085 |
$s = $db->sql_query($q); |
|
2086 |
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q); |
|
2087 |
if($db->numrows($s) < 1) { |
|
2088 |
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>'; |
|
2089 |
} |
|
2090 |
$db->free_result(); |
|
2091 |
} |
|
2092 |
} |
|
2093 |
if($obb != '') { |
|
2094 |
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>'); |
|
2095 |
echo('<select name="theme_id">'); |
|
2096 |
echo($obb); |
|
2097 |
echo('</select>'); |
|
2098 |
echo(' |
|
2099 |
<input type="submit" name="install" value="Install this theme" /> |
|
2100 |
</p></form>'); |
|
2101 |
} else echo('<p>All themes are currently installed.</p>'); |
|
2102 |
} |
|
2103 |
||
2104 |
function page_Admin_BanControl() |
|
2105 |
{ |
|
2106 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2107 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2108 |
{ |
|
2109 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2110 |
return; |
|
2111 |
} |
|
2112 |
||
2113 |
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '') |
|
2114 |
{ |
|
2115 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . ''); |
|
2116 |
if(!$e) $db->_die('The ban list entry was not deleted.'); |
|
2117 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2118 |
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE')) |
0 | 2119 |
{ |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2120 |
$type = intval($_POST['type']); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2121 |
$value = trim($_POST['value']); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2122 |
if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2123 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2124 |
echo '<div class="error-box">Hacking attempt.</div>'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2125 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2126 |
else if ( empty($value) ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2127 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2128 |
echo '<div class="error-box">Please enter something to ban.</div>'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2129 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2130 |
else |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2131 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2132 |
$entries = array(); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2133 |
$input = explode(',', $_POST['value']); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2134 |
$error = false; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2135 |
foreach ( $input as $entry ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2136 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2137 |
$entry = trim($entry); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2138 |
if ( empty($entry) ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2139 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2140 |
echo '<div class="error-box">Malformed entry.</div>'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2141 |
$error = true; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2142 |
break; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2143 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2144 |
if ( $type == BAN_IP ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2145 |
{ |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2146 |
if ( !isset($_POST['regex']) ) |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2147 |
{ |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2148 |
// as of 1.0.2 parsing is done at runtime |
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2149 |
$entries[] = $entry; |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2150 |
} |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2151 |
else |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2152 |
{ |
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2153 |
$entries[] = $entry; |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2154 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2155 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2156 |
else |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2157 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2158 |
$entries[] = $entry; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2159 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2160 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2161 |
if ( !$error ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2162 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2163 |
$regex = ( isset($_POST['regex']) ) ? '1' : '0'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2164 |
$to_insert = array(); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2165 |
$reason = $db->escape($_POST['reason']); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2166 |
foreach ( $entries as $entry ) |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2167 |
{ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2168 |
$entry = $db->escape($entry); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2169 |
$to_insert[] = "($type, '$entry', '$reason', $regex)"; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2170 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2171 |
$q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2172 |
@set_time_limit(0); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2173 |
$e = $db->sql_query($q); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2174 |
if(!$e) $db->_die('The banlist could not be updated.'); |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2175 |
} |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2176 |
} |
0 | 2177 |
} |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2178 |
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2179 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2180 |
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2181 |
} |
0 | 2182 |
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;'); |
2183 |
if(!$q) $db->_die('The banlist data could not be selected.'); |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2184 |
echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;"> |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2185 |
<table border="0" cellspacing="1" cellpadding="4">'; |
0 | 2186 |
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>'; |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2187 |
if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>'; |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2188 |
$cls = 'row2'; |
0 | 2189 |
while($r = $db->fetchrow()) |
2190 |
{ |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2191 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
0 | 2192 |
if($r['ban_type']==BAN_IP) $t = 'IP address'; |
2193 |
elseif($r['ban_type']==BAN_USER) $t = 'Username'; |
|
2194 |
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address'; |
|
2195 |
if($r['is_regex']) $g = 'Yes'; else $g = 'No'; |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2196 |
echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>'; |
0 | 2197 |
} |
2198 |
$db->free_result(); |
|
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2199 |
echo '</table></div>'; |
0 | 2200 |
echo '<h3>Create new ban rule</h3>'; |
2201 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
|
2202 |
?> |
|
2203 |
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br /> |
|
2204 |
Rule: <input type="text" name="value" size="30" /><br /> |
|
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents:
205
diff
changeset
|
2205 |
<small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses.</small><br /> |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
118
diff
changeset
|
2206 |
Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br /> |
0 | 2207 |
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br /> |
2208 |
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" /> |
|
2209 |
<?php |
|
2210 |
echo '</form>'; |
|
2211 |
} |
|
2212 |
||
2213 |
function page_Admin_MassEmail() |
|
2214 |
{ |
|
2215 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2216 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2217 |
{ |
|
2218 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2219 |
return; |
|
2220 |
} |
|
2221 |
||
2222 |
global $enano_config; |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2223 |
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') ) |
0 | 2224 |
{ |
2225 |
$use_smtp = getConfig('smtp_enabled') == '1'; |
|
2226 |
||
2227 |
// |
|
2228 |
// Let's do some checking to make sure that mass mail functions |
|
2229 |
// are working in win32 versions of php. (copied from phpBB) |
|
2230 |
// |
|
2231 |
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp) |
|
2232 |
{ |
|
2233 |
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; |
|
2234 |
||
2235 |
// We are running on windows, force delivery to use our smtp functions |
|
2236 |
// since php's are broken by default |
|
2237 |
$use_smtp = true; |
|
2238 |
$enano_config['smtp_server'] = @$ini_val('SMTP'); |
|
2239 |
} |
|
2240 |
||
2241 |
$mail = new emailer( !empty($use_smtp) ); |
|
2242 |
||
2243 |
// Validate subject/message body |
|
2244 |
$subject = stripslashes(trim($_POST['subject'])); |
|
2245 |
$message = stripslashes(trim($_POST['message'])); |
|
2246 |
||
2247 |
if ( empty($subject) ) |
|
2248 |
$errors[] = 'Please enter a subject.'; |
|
2249 |
if ( empty($message) ) |
|
2250 |
$errors[] = 'Please enter a message.'; |
|
2251 |
||
2252 |
// Get list of members |
|
2253 |
if ( !empty($_POST['userlist']) ) |
|
2254 |
{ |
|
2255 |
$userlist = str_replace(', ', ',', $_POST['userlist']); |
|
2256 |
$userlist = explode(',', $userlist); |
|
2257 |
foreach ( $userlist as $k => $u ) |
|
2258 |
{ |
|
2259 |
if ( $u == $session->username ) |
|
2260 |
{ |
|
2261 |
// Message is automatically sent to the sender |
|
2262 |
unset($userlist[$k]); |
|
2263 |
} |
|
2264 |
else |
|
2265 |
{ |
|
2266 |
$userlist[$k] = $db->escape($u); |
|
2267 |
} |
|
2268 |
} |
|
2269 |
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\''; |
|
2270 |
||
2271 |
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';'); |
|
2272 |
if ( !$q ) |
|
2273 |
$db->_die(); |
|
2274 |
||
2275 |
if ( $row = $db->fetchrow() ) |
|
2276 |
{ |
|
2277 |
do { |
|
2278 |
$mail->cc($row['email']); |
|
2279 |
} while ( $row = $db->fetchrow() ); |
|
2280 |
} |
|
2281 |
||
2282 |
$db->free_result(); |
|
2283 |
||
2284 |
} |
|
2285 |
else |
|
2286 |
{ |
|
2287 |
// Sending to a usergroup |
|
2288 |
||
2289 |
$group_id = intval($_POST['group_id']); |
|
2290 |
if ( $group_id < 1 ) |
|
2291 |
{ |
|
2292 |
$errors[] = 'Invalid group ID'; |
|
2293 |
} |
|
2294 |
else |
|
2295 |
{ |
|
2296 |
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g |
|
2297 |
LEFT JOIN '.table_prefix.'users AS u |
|
2298 |
ON (u.user_id=g.user_id) |
|
2299 |
WHERE g.group_id=' . $group_id . ';'); |
|
2300 |
if ( !$q ) |
|
2301 |
$db->_die(); |
|
2302 |
||
2303 |
if ( $row = $db->fetchrow() ) |
|
2304 |
{ |
|
2305 |
do { |
|
2306 |
$mail->cc($row['email']); |
|
2307 |
} while ( $row = $db->fetchrow() ); |
|
2308 |
} |
|
2309 |
||
2310 |
$db->free_result(); |
|
2311 |
} |
|
2312 |
} |
|
2313 |
||
2314 |
if ( sizeof($errors) < 1 ) |
|
2315 |
{ |
|
2316 |
||
2317 |
$mail->from(getConfig('contact_email')); |
|
2318 |
$mail->replyto(getConfig('contact_email')); |
|
2319 |
$mail->set_subject($subject); |
|
2320 |
$mail->email_address(getConfig('contact_email')); |
|
2321 |
||
2322 |
// Copied/modified from phpBB |
|
2323 |
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n"; |
|
2324 |
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n"; |
|
2325 |
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n"; |
|
2326 |
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n"; |
|
2327 |
||
2328 |
$mail->extra_headers($email_headers); |
|
2329 |
||
2330 |
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at: |
|
2331 |
||
2332 |
{CONTACT_EMAIL} |
|
2333 |
||
2334 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
2335 |
{MESSAGE} |
|
2336 |
'; |
|
2337 |
||
2338 |
$mail->use_template($tpl); |
|
2339 |
||
2340 |
$mail->assign_vars(array( |
|
2341 |
'SENDER' => $session->username, |
|
2342 |
'SITE_NAME' => getConfig('site_name'), |
|
2343 |
'CONTACT_EMAIL' => getConfig('contact_email'), |
|
2344 |
'MESSAGE' => $message |
|
2345 |
)); |
|
2346 |
||
2347 |
//echo '<pre>'.print_r($mail,true).'</pre>'; |
|
2348 |
||
2349 |
// All done |
|
2350 |
$mail->send(); |
|
2351 |
$mail->reset(); |
|
2352 |
||
2353 |
echo '<div class="info-box">Your message has been sent.</div>'; |
|
2354 |
||
2355 |
} |
|
2356 |
else |
|
2357 |
{ |
|
2358 |
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>'; |
|
2359 |
} |
|
2360 |
||
2361 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2362 |
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2363 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2364 |
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2365 |
} |
0 | 2366 |
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
2367 |
?> |
|
2368 |
<div class="tblholder"> |
|
2369 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
2370 |
<tr> |
|
2371 |
<th colspan="2">Send mass e-mail</th> |
|
2372 |
</tr> |
|
2373 |
<tr> |
|
2374 |
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;"> |
|
2375 |
Send message to:<br /> |
|
2376 |
<small> |
|
2377 |
By default, this message will be sent to the group selected here. You may instead send the message to a specific |
|
2378 |
list of users by entering them in the second row, with usernames separated by a single comma (no space). |
|
2379 |
</small> |
|
2380 |
</td> |
|
2381 |
<td class="row1"> |
|
2382 |
<select name="group_id"> |
|
2383 |
<?php |
|
2384 |
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
2385 |
if ( !$q ) |
|
2386 |
$db->_die(); |
|
2387 |
while ( $row = $db->fetchrow() ) |
|
2388 |
{ |
|
2389 |
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; |
|
2390 |
} |
|
2391 |
?> |
|
2392 |
</select> |
|
2393 |
</td> |
|
2394 |
</tr> |
|
2395 |
<tr> |
|
2396 |
<td class="row1"> |
|
2397 |
Usernames: <input type="text" name="userlist" size="50" /> |
|
2398 |
</td> |
|
2399 |
</tr> |
|
2400 |
<tr> |
|
2401 |
<td class="row2" style="width: 30%; min-width: 200px;"> |
|
2402 |
Subject: |
|
2403 |
</td> |
|
2404 |
<td class="row1"> |
|
2405 |
<input name="subject" type="text" size="50" /> |
|
2406 |
</td> |
|
2407 |
</tr> |
|
2408 |
<tr> |
|
2409 |
<td class="row2" style="width: 30%; min-width: 200px;"> |
|
2410 |
Message: |
|
2411 |
</td> |
|
2412 |
<td class="row1"> |
|
2413 |
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea> |
|
2414 |
</td> |
|
2415 |
</tr> |
|
2416 |
<tr> |
|
2417 |
<th class="subhead" colspan="2" style="text-align: left;" valign="middle"> |
|
2418 |
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div> |
|
2419 |
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small> |
|
2420 |
</th> |
|
2421 |
</tr> |
|
2422 |
||
2423 |
</table> |
|
2424 |
</div> |
|
2425 |
<?php |
|
2426 |
echo '</form>'; |
|
2427 |
} |
|
2428 |
||
2429 |
function page_Admin_DBBackup() |
|
2430 |
{ |
|
2431 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2432 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2433 |
{ |
|
2434 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2435 |
return; |
|
2436 |
} |
|
2437 |
||
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2438 |
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2439 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2440 |
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 ); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2441 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2442 |
|
0 | 2443 |
global $system_table_list; |
2444 |
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes') |
|
2445 |
{ |
|
2446 |
||
2447 |
if(defined('SQL_BACKUP_CRYPT')) |
|
2448 |
// Try to increase our time limit |
|
2449 |
@set_time_limit(300); // five minutes |
|
2450 |
// Do the actual export |
|
2451 |
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
2452 |
$filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext; |
0 | 2453 |
ob_start(); |
2454 |
header('Content-disposition: attachment, filename="'.$filename.'";'); |
|
2455 |
header('Content-type: application/transact-sql'); |
|
2456 |
// Spew some headers |
|
2457 |
$headdate = date('F d, Y \a\t h:i a'); |
|
2458 |
echo <<<HEADER |
|
2459 |
-- Enano CMS SQL backup |
|
2460 |
-- Generated on {$headdate} by {$session->username} |
|
2461 |
||
2462 |
HEADER; |
|
2463 |
// build the table list |
|
2464 |
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array(); |
|
2465 |
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array(); |
|
2466 |
$tables = array_merge($base, $add); |
|
2467 |
||
2468 |
// Log it! |
|
2469 |
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); |
|
2470 |
if ( !$e ) |
|
2471 |
$db->_die(); |
|
2472 |
||
2473 |
foreach($tables as $i => $t) |
|
2474 |
{ |
|
2475 |
if(!preg_match('#^([a-z0-9_]+)$#i', $t)) |
|
2476 |
die('Hacking attempt'); |
|
2477 |
// if($t == table_prefix.'files' && isset($_POST['do_data'])) |
|
2478 |
// unset($tables[$i]); |
|
2479 |
} |
|
2480 |
foreach($tables as $t) |
|
2481 |
{ |
|
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents:
102
diff
changeset
|
2482 |
// THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0. |
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
217
diff
changeset
|
2483 |
// Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables. |
0 | 2484 |
// If encryption is enabled the log data will be excluded too. |
2485 |
echo export_table( |
|
2486 |
$t, |
|
2487 |
isset($_POST['do_struct']), |
|
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
217
diff
changeset
|
2488 |
( isset($_POST['do_data']) ), |
0 | 2489 |
false |
2490 |
) . "\n"; |
|
2491 |
} |
|
2492 |
$data = ob_get_contents(); |
|
2493 |
ob_end_clean(); |
|
2494 |
if(defined('SQL_BACKUP_CRYPT')) |
|
2495 |
{ |
|
2496 |
// Free some memory, we don't need this stuff any more |
|
2497 |
$db->close(); |
|
2498 |
unset($paths, $db, $template, $plugins); |
|
2499 |
$tea = new TEACrypt(); |
|
2500 |
$data = $tea->encrypt($data, $session->private_key); |
|
2501 |
} |
|
2502 |
header('Content-length: '.strlen($data)); |
|
2503 |
echo $data; |
|
2504 |
exit; |
|
2505 |
} |
|
2506 |
else |
|
2507 |
{ |
|
2508 |
// Show the UI |
|
2509 |
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">'; |
|
2510 |
?> |
|
2511 |
<p>This page allows you to back up your Enano database should something go miserably wrong.</p> |
|
2512 |
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p> |
|
2513 |
<p>Additional tables to export:</p> |
|
2514 |
<p><select name="additional_tables[]" multiple="multiple"> |
|
2515 |
<?php |
|
2516 |
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.'); |
|
2517 |
while($row = $db->fetchrow_num()) |
|
2518 |
{ |
|
2519 |
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>'; |
|
2520 |
} |
|
2521 |
?> |
|
2522 |
</select> |
|
2523 |
</p> |
|
2524 |
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br /> |
|
2525 |
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label> |
|
2526 |
</p> |
|
2527 |
<p><input type="submit" value="Create backup" /></p> |
|
2528 |
<?php |
|
2529 |
echo '</form>'; |
|
2530 |
} |
|
2531 |
} |
|
2532 |
||
2533 |
function page_Admin_AdminLogout() |
|
2534 |
{ |
|
2535 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2536 |
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2537 |
{ |
|
2538 |
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2539 |
return; |
|
2540 |
} |
|
2541 |
||
2542 |
$session->logout(USER_LEVEL_ADMIN); |
|
2543 |
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>'; |
|
2544 |
} |
|
2545 |
||
2546 |
function page_Special_Administration() |
|
2547 |
{ |
|
2548 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2549 |
||
2550 |
if($session->auth_level < USER_LEVEL_ADMIN) { |
|
2551 |
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0); |
|
2552 |
exit; |
|
2553 |
} |
|
2554 |
else |
|
2555 |
{ |
|
2556 |
$template->load_theme('admin', 'default'); |
|
2557 |
$template->init_vars(); |
|
2558 |
if( !isset( $_GET['noheaders'] ) ) |
|
2559 |
{ |
|
2560 |
$template->header(); |
|
2561 |
} |
|
2562 |
echo 'Administer your Enano website.'; |
|
2563 |
?> |
|
2564 |
<script type="text/javascript"> |
|
2565 |
function ajaxPage(t) |
|
2566 |
{ |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2567 |
if ( KILL_SWITCH ) |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2568 |
{ |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2569 |
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2570 |
return false; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2571 |
} |
0 | 2572 |
if ( t == namespace_list.Admin + 'AdminLogout' ) |
2573 |
{ |
|
2574 |
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.'); |
|
2575 |
mb.onclick['Yes'] = function() { |
|
2576 |
var tigraentry = document.getElementById('i_div0_0').parentNode; |
|
2577 |
var tigraobj = $(tigraentry); |
|
2578 |
var div = document.createElement('div'); |
|
2579 |
div.style.backgroundColor = '#FFFFFF'; |
|
2580 |
domObjChangeOpac(70, div); |
|
2581 |
div.style.position = 'absolute'; |
|
2582 |
var top = tigraobj.Top(); |
|
2583 |
var left = tigraobj.Left(); |
|
2584 |
var width = tigraobj.Width(); |
|
2585 |
var height = tigraobj.Height(); |
|
2586 |
div.style.top = top + 'px'; |
|
2587 |
div.style.left = left + 'px'; |
|
2588 |
div.style.width = width + 'px'; |
|
2589 |
div.style.height = height + 'px'; |
|
2590 |
var body = document.getElementsByTagName('body')[0]; |
|
2591 |
enlighten(true); |
|
2592 |
body.appendChild(div); |
|
2593 |
ajaxPageBin(namespace_list.Admin + 'AdminLogout'); |
|
2594 |
} |
|
2595 |
return; |
|
2596 |
} |
|
2597 |
ajaxPageBin(t); |
|
2598 |
} |
|
2599 |
function ajaxPageBin(t) |
|
2600 |
{ |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2601 |
if ( KILL_SWITCH ) |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2602 |
{ |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2603 |
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2604 |
return false; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2605 |
} |
0 | 2606 |
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>'; |
2607 |
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() { |
|
2608 |
if(ajax.readyState == 4) { |
|
2609 |
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText; |
|
2610 |
fadeInfoBoxes(); |
|
2611 |
} |
|
2612 |
}); |
|
2613 |
} |
|
2614 |
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); } |
|
2615 |
var TREE_TPL = { |
|
2616 |
'target' : '_self', // name of the frame links will be opened in |
|
2617 |
// other possible values are: _blank, _parent, _search, _self and _top |
|
2618 |
||
2619 |
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image |
|
2620 |
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line |
|
2621 |
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal |
|
2622 |
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected |
|
2623 |
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal |
|
2624 |
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected |
|
2625 |
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened |
|
2626 |
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected |
|
2627 |
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal |
|
2628 |
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected |
|
2629 |
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened |
|
2630 |
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened |
|
2631 |
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal |
|
2632 |
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected |
|
2633 |
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened |
|
2634 |
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected |
|
2635 |
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf |
|
2636 |
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf |
|
2637 |
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node |
|
2638 |
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node |
|
2639 |
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node |
|
2640 |
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node |
|
2641 |
}; |
|
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
116
diff
changeset
|
2642 |
addOnloadHook(keepalive_onload); |
0 | 2643 |
<?php |
2644 |
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree |
|
2645 |
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?> |
|
2646 |
</script> |
|
2647 |
<table border="0" width="100%"> |
|
2648 |
<tr> |
|
2649 |
<td class="holder" valign="top"> |
|
2650 |
<div class="pad" style="padding-right: 20px;"> |
|
2651 |
<script type="text/javascript"> |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2652 |
if ( !KILL_SWITCH ) |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2653 |
{ |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2654 |
new tree(TREE_ITEMS, TREE_TPL); |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2655 |
} |
0 | 2656 |
</script> |
2657 |
</div> |
|
2658 |
</td> |
|
2659 |
<td width="100%" valign="top"> |
|
2660 |
<div class="pad" id="ajaxPageContainer"> |
|
2661 |
<?php |
|
2662 |
if(isset($_GET['module'])) |
|
2663 |
{ |
|
2664 |
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
2665 |
$k = array_keys($paths->nslist); |
|
2666 |
for ( $i = 0; $i < sizeof($paths->nslist); $i++ ) |
|
2667 |
{ |
|
2668 |
$ln = strlen( $paths->nslist[ $k[ $i ] ] ); |
|
2669 |
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] ) |
|
2670 |
{ |
|
2671 |
$ns = $k[$i]; |
|
2672 |
$nm = substr($_GET['module'], $ln, strlen($_GET['module'])); |
|
2673 |
} |
|
2674 |
} |
|
2675 |
$fname = 'page_'.$ns.'_'.$nm; |
|
2676 |
$s = strpos($fname, '?noheaders'); |
|
2677 |
if($s) $fname = substr($fname, 0, $s); |
|
2678 |
$paths->cpage['module'] = $_GET['module']; |
|
2679 |
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' ) |
|
2680 |
{ |
|
2681 |
eval($fname.'();'); |
|
2682 |
} |
|
2683 |
} |
|
2684 |
else |
|
2685 |
{ |
|
2686 |
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>'; |
|
2687 |
} |
|
2688 |
?> |
|
2689 |
</div> |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2690 |
<script type="text/javascript"> |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2691 |
if ( KILL_SWITCH ) |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2692 |
{ |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2693 |
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2694 |
} |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
43
diff
changeset
|
2695 |
</script> |
0 | 2696 |
</td> |
2697 |
</tr> |
|
2698 |
</table> |
|
2699 |
||
2700 |
<?php |
|
2701 |
} |
|
2702 |
if(!isset($_GET['noheaders'])) |
|
2703 |
{ |
|
2704 |
$template->footer(); |
|
2705 |
} |
|
2706 |
} |
|
2707 |
||
2708 |
function page_Special_EditSidebar() |
|
2709 |
{ |
|
2710 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2711 |
||
2712 |
if($session->auth_level < USER_LEVEL_ADMIN) |
|
2713 |
{ |
|
2714 |
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); |
|
2715 |
exit; |
|
2716 |
} |
|
2717 |
else |
|
2718 |
{ |
|
2719 |
||
2720 |
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>'); |
|
2721 |
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>'); |
|
2722 |
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>'); |
|
2723 |
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />'); |
|
2724 |
||
2725 |
// Knock the sidebars dead to keep javascript in plugins from interfering |
|
2726 |
$template->tpl_strings['SIDEBAR_LEFT'] = ''; |
|
2727 |
$template->tpl_strings['SIDEBAR_RIGHT'] = ''; |
|
2728 |
||
2729 |
$template->load_theme('oxygen', 'bleu'); |
|
2730 |
$template->init_vars(); |
|
2731 |
||
2732 |
$template->header(); |
|
2733 |
||
2734 |
if(isset($_POST['save'])) |
|
2735 |
{ |
|
2736 |
// Write the new block order to the database |
|
2737 |
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... |
|
2738 |
// Anyone know a better way to do this? |
|
2739 |
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
|
2740 |
if ( !$q ) |
|
2741 |
{ |
|
2742 |
$db->_die('The sidebar order data could not be selected.'); |
|
2743 |
} |
|
2744 |
$orders = Array(); |
|
2745 |
while($row = $db->fetchrow()) |
|
2746 |
{ |
|
2747 |
$orders[] = Array( |
|
2748 |
count($orders), |
|
2749 |
$row['item_id'], |
|
2750 |
$row['sidebar_id'], |
|
2751 |
); |
|
2752 |
} |
|
2753 |
$db->free_result(); |
|
2754 |
||
2755 |
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. |
|
2756 |
$ol = explode(',', $_POST['order_left']); |
|
2757 |
$odr = explode(',', $_POST['order_right']); |
|
2758 |
$om = array_merge($ol, $odr); |
|
2759 |
unset($ol, $odr); |
|
2760 |
$queries = Array(); |
|
2761 |
foreach($orders as $k => $v) |
|
2762 |
{ |
|
2763 |
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';'; |
|
2764 |
} |
|
2765 |
foreach($queries as $sql) |
|
2766 |
{ |
|
2767 |
$q = $db->sql_query($sql); |
|
2768 |
if(!$q) |
|
2769 |
{ |
|
2770 |
$t = $db->get_error(); |
|
2771 |
echo $t; |
|
2772 |
$template->footer(); |
|
2773 |
exit; |
|
2774 |
} |
|
2775 |
} |
|
2776 |
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>'; |
|
2777 |
} |
|
2778 |
elseif(isset($_POST['create'])) |
|
2779 |
{ |
|
2780 |
switch((int)$_POST['type']) |
|
2781 |
{ |
|
2782 |
case BLOCK_WIKIFORMAT: |
|
2783 |
$content = $_POST['wikiformat_content']; |
|
2784 |
break; |
|
2785 |
case BLOCK_TEMPLATEFORMAT: |
|
2786 |
$content = $_POST['templateformat_content']; |
|
2787 |
break; |
|
2788 |
case BLOCK_HTML: |
|
2789 |
$content = $_POST['html_content']; |
|
2790 |
break; |
|
2791 |
case BLOCK_PHP: |
|
2792 |
$content = $_POST['php_content']; |
|
2793 |
break; |
|
2794 |
case BLOCK_PLUGIN: |
|
2795 |
$content = $_POST['plugin_id']; |
|
2796 |
break; |
|
2797 |
} |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2798 |
|
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2799 |
if ( defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2800 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2801 |
// Sanitize the HTML |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2802 |
$content = sanitize_html($content, true); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2803 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2804 |
|
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2805 |
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2806 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2807 |
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2808 |
$_POST['php_content'] = '?><Nulled>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2809 |
$content = $_POST['php_content']; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2810 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2811 |
|
0 | 2812 |
// Get the value of item_order |
2813 |
||
2814 |
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';'); |
|
2815 |
if(!$q) $db->_die('The order number could not be selected'); |
|
2816 |
$io = $db->numrows(); |
|
2817 |
||
2818 |
$db->free_result(); |
|
2819 |
||
2820 |
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; |
|
2821 |
$result = $db->sql_query($q); |
|
2822 |
if(!$result) |
|
2823 |
{ |
|
2824 |
echo $db->get_error(); |
|
2825 |
$template->footer(); |
|
2826 |
exit; |
|
2827 |
} |
|
2828 |
||
2829 |
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>'; |
|
2830 |
||
2831 |
} |
|
2832 |
||
2833 |
if(isset($_GET['action']) && isset($_GET['id'])) |
|
2834 |
{ |
|
161
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
2835 |
if(!preg_match('#^([0-9]*)$#', $_GET['id'])) |
0 | 2836 |
{ |
2837 |
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>'; |
|
2838 |
} |
|
2839 |
switch($_GET['action']) |
|
2840 |
{ |
|
2841 |
case 'new': |
|
2842 |
?> |
|
2843 |
<script type="text/javascript"> |
|
2844 |
function setType(input) |
|
2845 |
{ |
|
2846 |
val = input.value; |
|
2847 |
if(!val) |
|
2848 |
{ |
|
2849 |
return false; |
|
2850 |
} |
|
2851 |
var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2852 |
for(var i in divs) |
|
2853 |
{ |
|
2854 |
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block'; |
|
2855 |
else divs[i].style.display = 'none'; |
|
2856 |
} |
|
2857 |
} |
|
2858 |
</script> |
|
2859 |
||
2860 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
2861 |
||
2862 |
<p> |
|
2863 |
What type of block should this be? |
|
2864 |
</p> |
|
2865 |
<p> |
|
2866 |
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?> |
|
2867 |
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option> |
|
2868 |
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option> |
|
2869 |
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option> |
|
2870 |
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option> |
|
2871 |
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option> |
|
2872 |
</select> |
|
2873 |
</p> |
|
2874 |
||
2875 |
<p> |
|
2876 |
||
2877 |
Block title: <input name="title" type="text" size="40" /><br /> |
|
2878 |
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select> |
|
2879 |
||
2880 |
</p> |
|
2881 |
||
2882 |
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>"> |
|
2883 |
<p> |
|
2884 |
Wikitext: |
|
2885 |
</p> |
|
2886 |
<p> |
|
2887 |
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea> |
|
2888 |
</p> |
|
2889 |
</div> |
|
2890 |
||
2891 |
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>"> |
|
2892 |
<p> |
|
2893 |
Template code: |
|
2894 |
</p> |
|
2895 |
<p> |
|
2896 |
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea> |
|
2897 |
</p> |
|
2898 |
</div> |
|
2899 |
||
2900 |
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>"> |
|
2901 |
<p> |
|
2902 |
HTML to place inside the sidebar: |
|
2903 |
</p> |
|
2904 |
<p> |
|
2905 |
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea> |
|
2906 |
</p> |
|
2907 |
</div> |
|
2908 |
||
2909 |
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>"> |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2910 |
<?php if ( defined('ENANO_DEMO_MODE') ) { ?> |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2911 |
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p> |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2912 |
<?php } else { ?> |
0 | 2913 |
<p> |
2914 |
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here. |
|
2915 |
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type. |
|
2916 |
</p> |
|
2917 |
<p> |
|
2918 |
<span style="color: red;"> |
|
2919 |
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save. |
|
2920 |
</span> You have been warned. |
|
2921 |
</p> |
|
2922 |
<p> |
|
2923 |
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script. |
|
2924 |
</p> |
|
2925 |
<p> |
|
2926 |
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error. |
|
2927 |
</p> |
|
2928 |
<p> |
|
2929 |
PHP code: |
|
2930 |
</p> |
|
2931 |
<p> |
|
2932 |
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea> |
|
2933 |
</p> |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
2934 |
<?php } ?> |
0 | 2935 |
</div> |
2936 |
||
2937 |
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>"> |
|
2938 |
<p> |
|
2939 |
Plugin: |
|
2940 |
</p> |
|
2941 |
<p> |
|
2942 |
<select name="plugin_id"> |
|
2943 |
<?php |
|
2944 |
foreach($template->plugin_blocks as $k => $c) |
|
2945 |
{ |
|
2946 |
echo '<option value="'.$k.'">'.$k.'</option>'; |
|
2947 |
} |
|
2948 |
?> |
|
2949 |
</select> |
|
2950 |
</p> |
|
2951 |
</div> |
|
2952 |
||
2953 |
<p> |
|
2954 |
||
2955 |
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" /> |
|
2956 |
<input type="submit" name="cancel" value="Cancel" /> |
|
2957 |
||
2958 |
</p> |
|
2959 |
||
2960 |
</form> |
|
2961 |
||
2962 |
<script type="text/javascript"> |
|
2963 |
var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2964 |
for(var i in divs) |
|
2965 |
{ |
|
2966 |
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); |
|
2967 |
} |
|
2968 |
</script> |
|
2969 |
||
2970 |
<?php |
|
2971 |
$template->footer(); |
|
2972 |
return; |
|
2973 |
break; |
|
2974 |
case 'move': |
|
2975 |
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
|
2976 |
{ |
|
2977 |
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
|
2978 |
break; |
|
2979 |
} |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
2980 |
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 2981 |
if(!$query) |
2982 |
{ |
|
2983 |
echo $db->get_error(); |
|
2984 |
$template->footer(); |
|
2985 |
exit; |
|
2986 |
} |
|
2987 |
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>'; |
|
2988 |
break; |
|
2989 |
case 'delete': |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
2990 |
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) |
0 | 2991 |
if(!$query) |
2992 |
{ |
|
2993 |
echo $db->get_error(); |
|
2994 |
$template->footer(); |
|
2995 |
exit; |
|
2996 |
} |
|
2997 |
if(isset($_GET['ajax'])) |
|
2998 |
{ |
|
2999 |
ob_end_clean(); |
|
3000 |
die('GOOD'); |
|
3001 |
} |
|
3002 |
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>'; |
|
3003 |
break; |
|
3004 |
case 'disenable'; |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3005 |
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 3006 |
if(!$q) |
3007 |
{ |
|
3008 |
echo $db->get_error(); |
|
3009 |
$template->footer(); |
|
3010 |
exit; |
|
3011 |
} |
|
3012 |
$r = $db->fetchrow(); |
|
3013 |
$db->free_result(); |
|
3014 |
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3015 |
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3016 |
if(!$q) |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3017 |
{ |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3018 |
echo $db->get_error(); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3019 |
$template->footer(); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3020 |
exit; |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3021 |
} |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3022 |
if(isset($_GET['ajax'])) |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3023 |
{ |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3024 |
ob_end_clean(); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3025 |
die('GOOD'); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3026 |
} |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3027 |
break; |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3028 |
case 'rename'; |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3029 |
$newname = $db->escape($_POST['newname']); |
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3030 |
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 3031 |
if(!$q) |
3032 |
{ |
|
3033 |
echo $db->get_error(); |
|
3034 |
$template->footer(); |
|
3035 |
exit; |
|
3036 |
} |
|
3037 |
if(isset($_GET['ajax'])) |
|
3038 |
{ |
|
3039 |
ob_end_clean(); |
|
3040 |
die('GOOD'); |
|
3041 |
} |
|
3042 |
break; |
|
3043 |
case 'getsource': |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3044 |
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 3045 |
if(!$q) |
3046 |
{ |
|
3047 |
echo $db->get_error(); |
|
3048 |
$template->footer(); |
|
3049 |
exit; |
|
3050 |
} |
|
3051 |
ob_end_clean(); |
|
3052 |
$r = $db->fetchrow(); |
|
3053 |
$db->free_result(); |
|
3054 |
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); |
|
3055 |
die($r['block_content']); |
|
3056 |
break; |
|
3057 |
case 'save': |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3058 |
if ( defined('ENANO_DEMO_MODE') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3059 |
{ |
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3060 |
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3061 |
if(!$q) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3062 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3063 |
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3064 |
exit; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3065 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3066 |
$row = $db->fetchrow(); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3067 |
if ( $row['block_type'] == BLOCK_PHP ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3068 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3069 |
$_POST['content'] = '?><Nulled>'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3070 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3071 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3072 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3073 |
$_POST['content'] = sanitize_html($_POST['content'], true); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3074 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
15
diff
changeset
|
3075 |
} |
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3076 |
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 3077 |
if(!$q) |
3078 |
{ |
|
3079 |
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
3080 |
exit; |
|
3081 |
} |
|
179
e858bacb5cfa
Sidebar blocks can be renamed now (untested except in Fx2)
Dan
parents:
173
diff
changeset
|
3082 |
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
0 | 3083 |
if(!$q) |
3084 |
{ |
|
3085 |
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
3086 |
exit; |
|
3087 |
} |
|
3088 |
$row = $db->fetchrow(); |
|
3089 |
$db->free_result(); |
|
3090 |
switch($row['block_type']) |
|
3091 |
{ |
|
3092 |
case BLOCK_WIKIFORMAT: |
|
3093 |
default: |
|
3094 |
$c = RenderMan::render($row['block_content']); |
|
3095 |
break; |
|
3096 |
case BLOCK_TEMPLATEFORMAT: |
|
3097 |
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
|
3098 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3099 |
break; |
|
3100 |
case BLOCK_HTML: |
|
3101 |
$c = $row['block_content']; |
|
3102 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3103 |
break; |
|
3104 |
case BLOCK_PHP: |
|
3105 |
ob_start(); |
|
3106 |
eval($row['block_content']); |
|
3107 |
$c = ob_get_contents(); |
|
3108 |
ob_end_clean(); |
|
3109 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3110 |
break; |
|
3111 |
case BLOCK_PLUGIN: |
|
3112 |
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
|
3113 |
break; |
|
3114 |
} |
|
3115 |
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');'); |
|
3116 |
break; |
|
3117 |
} |
|
3118 |
} |
|
3119 |
||
3120 |
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
|
3121 |
if(!$q) $db->_die('The sidebar text data could not be selected.'); |
|
3122 |
||
3123 |
$vars = $template->extract_vars('sidebar-editor.tpl'); |
|
3124 |
||
3125 |
$parser = $template->makeParserText($vars['sidebar_button']); |
|
3126 |
$parser->assign_vars(Array( |
|
3127 |
'HREF'=>'#', |
|
3128 |
'FLAGS'=>'onclick="return false;"', |
|
3129 |
'TEXT'=>'Change theme' |
|
3130 |
)); |
|
3131 |
$template->tpl_strings['THEME_LINK'] = $parser->run(); |
|
3132 |
$parser->assign_vars(Array( |
|
3133 |
'TEXT'=>'Log out', |
|
3134 |
)); |
|
3135 |
$template->tpl_strings['LOGOUT_LINK'] = $parser->run(); |
|
3136 |
||
3137 |
$n1 = Array(); |
|
3138 |
$n2 = Array(); |
|
3139 |
$n =& $n1; |
|
3140 |
||
3141 |
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">'; |
|
3142 |
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']); |
|
3143 |
||
3144 |
// Time for the loop |
|
3145 |
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting, |
|
3146 |
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code. |
|
3147 |
while($row = $db->fetchrow()) |
|
3148 |
{ |
|
3149 |
if(isset($current_side)) |
|
3150 |
{ |
|
3151 |
if($current_side != $row['sidebar_id']) |
|
3152 |
{ |
|
3153 |
// Time to switch! |
|
3154 |
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']); |
|
3155 |
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">'; |
|
3156 |
//echo '</td><td valign="top">'; |
|
3157 |
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']); |
|
3158 |
$n =& $n2; |
|
3159 |
} |
|
3160 |
} |
|
3161 |
$n[] = count($n); |
|
3162 |
$current_side = $row['sidebar_id']; |
|
3163 |
switch($row['block_type']) |
|
3164 |
{ |
|
3165 |
case BLOCK_WIKIFORMAT: |
|
3166 |
default: |
|
3167 |
$parser = $template->makeParserText($vars['sidebar_section']); |
|
3168 |
$c = RenderMan::render($row['block_content']); |
|
3169 |
break; |
|
3170 |
case BLOCK_TEMPLATEFORMAT: |
|
3171 |
$parser = $template->makeParserText($vars['sidebar_section']); |
|
3172 |
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
|
3173 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
173
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
parents:
161
diff
changeset
|
3174 |
// fix for the "Administration" link that somehow didn't get rendered properly |
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
parents:
161
diff
changeset
|
3175 |
$c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c); |
0 | 3176 |
break; |
3177 |
case BLOCK_HTML: |
|
3178 |
$parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
3179 |
$c = $row['block_content']; |
|
3180 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3181 |
break; |
|
3182 |
case BLOCK_PHP: |
|
3183 |
$parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
3184 |
ob_start(); |
|
3185 |
eval($row['block_content']); |
|
3186 |
$c = ob_get_contents(); |
|
3187 |
ob_end_clean(); |
|
3188 |
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3189 |
break; |
|
3190 |
case BLOCK_PLUGIN: |
|
3191 |
$parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
3192 |
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
|
3193 |
break; |
|
3194 |
} |
|
190
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
parents:
181
diff
changeset
|
3195 |
$block_name = $template->tplWikiFormat($row['block_name']); |
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
parents:
181
diff
changeset
|
3196 |
if ( empty($block_name) ) |
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
parents:
181
diff
changeset
|
3197 |
$block_name = '<Unnamed>'; |
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
parents:
181
diff
changeset
|
3198 |
$t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>'; |
0 | 3199 |
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>'; |
3200 |
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>'; |
|
3201 |
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT; |
|
3202 |
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a> |
|
3203 |
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a> |
|
3204 |
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a> |
|
3205 |
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>'; |
|
3206 |
$as = ''; |
|
3207 |
$ae = ' '.$tb; |
|
3208 |
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae)); |
|
3209 |
echo $parser->run(); |
|
3210 |
unset($parser); |
|
3211 |
||
3212 |
} |
|
3213 |
$db->free_result(); |
|
3214 |
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']); |
|
3215 |
echo '</div></td></tr></table>'; |
|
3216 |
echo '<form action="'.makeUrl($paths->page).'" method="post">'; |
|
3217 |
$order = implode(',', $n1); |
|
3218 |
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />"; |
|
3219 |
$order = implode(',', $n2); |
|
3220 |
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />"; |
|
3221 |
echo ' |
|
3222 |
<div style="margin: 0 auto 0 auto; text-align: center;"> |
|
3223 |
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" /> |
|
3224 |
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" /> |
|
3225 |
<br /> |
|
3226 |
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a> |
|
3227 |
</div> |
|
3228 |
</form> |
|
3229 |
'; |
|
3230 |
} |
|
3231 |
||
3232 |
$template->footer(); |
|
3233 |
} |
|
3234 |
||
3235 |
?> |