|
1 <?php |
|
2 /* |
|
3 Plugin Name: Runt - the Enano administration panel |
|
4 Plugin URI: http://enanocms.org/ |
|
5 Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin: |
|
6 Author: Dan Fuhry |
|
7 Version: 1.0 |
|
8 Author URI: http://enanocms.org/ |
|
9 */ |
|
10 |
|
11 /* |
|
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
13 * Version 1.0 release candidate 2 |
|
14 * Copyright (C) 2006-2007 Dan Fuhry |
|
15 * |
|
16 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
17 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
18 * |
|
19 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
20 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
21 */ |
|
22 |
|
23 global $db, $session, $paths, $template, $plugins; // Common objects |
|
24 |
|
25 $plugins->attachHook('base_classes_initted', ' |
|
26 global $paths; |
|
27 $paths->add_page(Array( |
|
28 \'name\'=>\'Administration\', |
|
29 \'urlname\'=>\'Administration\', |
|
30 \'namespace\'=>\'Special\', |
|
31 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
32 )); |
|
33 |
|
34 $paths->add_page(Array( |
|
35 \'name\'=>\'Manage the Sidebar\', |
|
36 \'urlname\'=>\'EditSidebar\', |
|
37 \'namespace\'=>\'Special\', |
|
38 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
39 )); |
|
40 '); |
|
41 |
|
42 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
|
43 |
|
44 function page_Admin_Home() { |
|
45 global $db, $session, $paths, $template, $plugins; // Common objects |
|
46 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
47 { |
|
48 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
49 return; |
|
50 } |
|
51 |
|
52 |
|
53 // Basic information |
|
54 echo RenderMan::render( |
|
55 '== Welcome to Runt, the Enano administration panel. == |
|
56 |
|
57 Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically. |
|
58 |
|
59 Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.'); |
|
60 |
|
61 // Check for the installer scripts |
|
62 if(file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql')) |
|
63 { |
|
64 echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>'; |
|
65 } |
|
66 |
|
67 // Inactive users |
|
68 $q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';'); |
|
69 if($q) |
|
70 if($db->numrows() > 0) |
|
71 { |
|
72 $n = $db->numrows(); |
|
73 if($n == 1) $s = $n . ' user is'; |
|
74 else $s = $n . ' users are'; |
|
75 echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>'; |
|
76 } |
|
77 $db->free_result(); |
|
78 // Stats |
|
79 if(getConfig('log_hits') == '1') |
|
80 { |
|
81 $stats = stats_top_pages(10); |
|
82 $c = 0; |
|
83 $cls = 'row2'; |
|
84 echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>'; |
|
85 foreach($stats as $page => $count) |
|
86 { |
|
87 if(isset($paths->pages[$page])) |
|
88 { |
|
89 echo '<tr>'; |
|
90 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
91 echo '<td class="'.$cls.'"><a href="'.makeUrl($page).'">'.$paths->pages[$page]['name'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$count.'</td>'; |
|
92 echo '</tr>'; |
|
93 } |
|
94 } |
|
95 echo '</table></div>'; |
|
96 } |
|
97 |
|
98 // Security log |
|
99 echo '<h3>Security log</h3>'; |
|
100 echo '<div class="tblholder" style="/* max-height: 500px; clip: rect(0px,auto,auto,0px); overflow: auto; */"><table border="0" cellspacing="1" cellpadding="4" width="100%">'; |
|
101 $cls = 'row2'; |
|
102 echo '<tr><th style="width: 60%;">Type</th><th>Date</th><th>Username</th><th>IP Address</th></tr>'; |
|
103 if(isset($_GET['fulllog'])) |
|
104 { |
|
105 $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC;'; |
|
106 } |
|
107 else |
|
108 { |
|
109 $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT 5'; |
|
110 } |
|
111 $q = $db->sql_query($l); |
|
112 while($r = $db->fetchrow()) |
|
113 { |
|
114 if($cls == 'row2') $cls = 'row1'; |
|
115 else $cls = 'row2'; |
|
116 echo '<tr><td class="'.$cls.'">'; |
|
117 switch($r['action']) { |
|
118 case "admin_auth_good": echo 'Successful elevated authentication'; if ( !empty($r['page_text']) ) { $level = $session->userlevel_to_string( intval($r['page_text']) ); echo "<br /><small>Authentication level: $level</small>"; } break; |
|
119 case "admin_auth_bad": echo 'Failed administration logon'; break; |
|
120 case "activ_good": echo 'Successful account activation'; break; |
|
121 case "auth_good": echo 'Successful regular user logon'; break; |
|
122 case "activ_bad": echo 'Failed account activation'; break; |
|
123 case "auth_bad": echo 'Failed regular user logon'; break; |
|
124 case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break; |
|
125 case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break; |
|
126 case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; |
|
127 } |
|
128 echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>'; |
|
129 } |
|
130 $db->free_result(); |
|
131 echo '</table></div>'; |
|
132 if(!isset($_GET['fulllog'])) echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'Home&fulllog\'); return false;">Full security log</a></p>'; |
|
133 |
|
134 } |
|
135 |
|
136 function page_Admin_GeneralConfig() { |
|
137 global $db, $session, $paths, $template, $plugins; // Common objects |
|
138 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
139 { |
|
140 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
141 return; |
|
142 } |
|
143 |
|
144 if(isset($_POST['submit'])) { |
|
145 |
|
146 // Global site options |
|
147 setConfig('site_name', $_POST['site_name']); |
|
148 setConfig('site_desc', $_POST['site_desc']); |
|
149 setConfig('main_page', str_replace(' ', '_', $_POST['main_page'])); |
|
150 setConfig('copyright_notice', $_POST['copyright']); |
|
151 setConfig('contact_email', $_POST['contact_email']); |
|
152 |
|
153 // Wiki mode |
|
154 if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1'); |
|
155 else setConfig('wiki_mode', '0'); |
|
156 if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1'); |
|
157 else setConfig('wiki_mode_require_login', '0'); |
|
158 if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1'); |
|
159 else setConfig('wiki_edit_notice', '0'); |
|
160 setConfig('wiki_edit_notice_text', $_POST['editmsg_text']); |
|
161 |
|
162 // Stats |
|
163 if(isset($_POST['log_hits'])) setConfig('log_hits', '1'); |
|
164 else setConfig('log_hits', '0'); |
|
165 |
|
166 // Disablement |
|
167 if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); } |
|
168 else setConfig('site_disabled', '0'); |
|
169 |
|
170 // Account activation |
|
171 setConfig('account_activation', $_POST['account_activation']); |
|
172 |
|
173 // W3C compliance buttons |
|
174 if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1"); |
|
175 else setConfig("w3c_vh32", "0"); |
|
176 if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1"); |
|
177 else setConfig("w3c_vh40", "0"); |
|
178 if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1"); |
|
179 else setConfig("w3c_vh401", "0"); |
|
180 if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1"); |
|
181 else setConfig("w3c_vxhtml10", "0"); |
|
182 if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1"); |
|
183 else setConfig("w3c_vxhtml11", "0"); |
|
184 if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1"); |
|
185 else setConfig("w3c_vcss", "0"); |
|
186 |
|
187 // SourceForge.net logo |
|
188 if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1'); |
|
189 else setConfig('sflogo_enabled', '0'); |
|
190 setConfig('sflogo_groupid', $_POST['sfgroup']); |
|
191 setConfig('sflogo_type', $_POST['sflogo']); |
|
192 |
|
193 // Comment options |
|
194 if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1'); |
|
195 else setConfig('approve_comments', '0'); |
|
196 if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1'); |
|
197 else setConfig('enable_comments', '0'); |
|
198 setConfig('comments_need_login', $_POST['comments_need_login']); |
|
199 |
|
200 // Powered by link |
|
201 if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1'); |
|
202 else setConfig('powered_btn', '0'); |
|
203 |
|
204 if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1'); |
|
205 else setConfig('dbd_button', '0'); |
|
206 |
|
207 if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0'); |
|
208 else setConfig('smtp_enabled', '1'); |
|
209 |
|
210 setConfig('smtp_server', $_POST['smtp_host']); |
|
211 setConfig('smtp_user', $_POST['smtp_user']); |
|
212 if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']); |
|
213 |
|
214 echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />'; |
|
215 |
|
216 } |
|
217 echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">'); |
|
218 ?> |
|
219 <div class="tblholder"> |
|
220 <table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
221 |
|
222 <!-- Global options --> |
|
223 |
|
224 <tr><th colspan="2">Global site options</th></tr> |
|
225 <tr><th colspan="2" class="subhead">These options control the entire site.</th></tr> |
|
226 |
|
227 <tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input name="site_name" size="30" value="<?php echo getConfig('site_name'); ?>" /></td></tr> |
|
228 <tr><td class="row2">Site description:</td> <td class="row2"><input name="site_desc" size="30" value="<?php echo getConfig('site_desc'); ?>" /></td></tr> |
|
229 <tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', str_replace('_', ' ', getConfig('main_page'))); ?></td></tr> |
|
230 <tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input name="copyright" size="30" value="<?php echo getConfig('copyright_notice'); ?>" /></td></tr> |
|
231 <tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr> |
|
232 <tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr> |
|
233 |
|
234 <!-- Wiki mode --> |
|
235 |
|
236 <tr><th colspan="2">Wiki mode</th></tr> |
|
237 |
|
238 <tr> |
|
239 <td class="row3" rowspan="2"> |
|
240 Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br /> |
|
241 In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br /> |
|
242 Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited. |
|
243 </td> |
|
244 <td class="row1"> |
|
245 <input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label> |
|
246 </td> |
|
247 </tr> |
|
248 |
|
249 <tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr> |
|
250 |
|
251 <tr> |
|
252 <td class="row3" rowspan="2"> |
|
253 <b>Edit page notice</b><br /> |
|
254 When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened. |
|
255 </td> |
|
256 <td class="row1"> |
|
257 <input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label> |
|
258 </td> |
|
259 </tr> |
|
260 |
|
261 <tr> |
|
262 <td class="row2"> |
|
263 <textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea> |
|
264 </td> |
|
265 </tr> |
|
266 |
|
267 <!-- Site statistics --> |
|
268 |
|
269 <tr><th colspan="2">Statistics and hit counting</th></tr> |
|
270 |
|
271 <tr> |
|
272 <td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td> |
|
273 <td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td> |
|
274 </tr> |
|
275 |
|
276 <!-- Comment options --> |
|
277 |
|
278 <tr><th colspan="2">Comment system</th></tr> |
|
279 <tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr> |
|
280 <tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr> |
|
281 <tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label> |
|
282 <label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label> |
|
283 <!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr> |
|
284 |
|
285 <!-- |
|
286 |
|
287 READ: Do not try to enable this, backend support for it has been disabled. To edit default |
|
288 permissions, select The Entire Website in any permissions editor window. |
|
289 |
|
290 <tr><th colspan="2">Default permissions for pages</th></tr> |
|
291 |
|
292 <tr> |
|
293 <td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td> |
|
294 <td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td> |
|
295 </tr> |
|
296 |
|
297 --> |
|
298 |
|
299 <!-- enanocms.org link --> |
|
300 |
|
301 <tr> |
|
302 <th colspan="2">Promote Enano</th> |
|
303 </tr> |
|
304 <tr> |
|
305 <td class="row3"> |
|
306 If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano |
|
307 homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because |
|
308 Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word |
|
309 using this link. |
|
310 </td> |
|
311 <td class="row1"> |
|
312 <label> |
|
313 <input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to www.enanocms.org on the sidebar |
|
314 </label> |
|
315 </td> |
|
316 </tr> |
|
317 |
|
318 <!-- Site disablement --> |
|
319 |
|
320 <tr><th colspan="2">Disable all site access</th></tr> |
|
321 |
|
322 <tr> |
|
323 <td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td> |
|
324 <td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td> |
|
325 </tr> |
|
326 <tr> |
|
327 <td class="row2"> |
|
328 <div id="site_disabled_notice"> |
|
329 Message to show to users:<br /> |
|
330 <textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea> |
|
331 </div> |
|
332 </td> |
|
333 </tr> |
|
334 |
|
335 <!-- Account activation --> |
|
336 |
|
337 <tr><th colspan="2">User account activation</th></tr> |
|
338 |
|
339 <tr> |
|
340 <td class="row3" colspan="2"> |
|
341 If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br /> |
|
342 You may also disable registration completely if needed.<br /><br /> |
|
343 <b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b> |
|
344 </td> |
|
345 </tr> |
|
346 |
|
347 <tr> |
|
348 <td class="row1">Account activation:</td><td class="row1"> |
|
349 <?php |
|
350 echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />'; |
|
351 echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>'; |
|
352 echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>'; |
|
353 echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>'; |
|
354 ?> |
|
355 </td> |
|
356 </tr> |
|
357 |
|
358 <!-- E-mail options --> |
|
359 |
|
360 <tr><th colspan="2">E-mail sent from the site</th></tr> |
|
361 <tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td> |
|
362 <td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br /> |
|
363 <label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td> |
|
364 </tr> |
|
365 <tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td> |
|
366 <td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td> |
|
367 </tr> |
|
368 <tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td> |
|
369 <td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br /> |
|
370 Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td> |
|
371 </tr> |
|
372 |
|
373 <!-- SourceForge.net logo --> |
|
374 |
|
375 <tr><th colspan="2">SourceForge.net logo</th></tr> |
|
376 |
|
377 <tr> |
|
378 <td colspan="2" class="row3"> |
|
379 All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want |
|
380 to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type. |
|
381 </td> |
|
382 </tr> |
|
383 |
|
384 <?php |
|
385 if(getConfig("sflogo_enabled")=='1') $c='CHECKED '; |
|
386 else $c=''; |
|
387 if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid"); |
|
388 else $g=''; |
|
389 if(getConfig("sflogo_type")) $t=getConfig("sflogo_type"); |
|
390 else $t='1'; |
|
391 ?> |
|
392 |
|
393 <tr> |
|
394 <td class="row1">Display the SourceForge.net logo on the right sidebar</td> |
|
395 <td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td> |
|
396 </tr> |
|
397 |
|
398 <tr> |
|
399 <td class="row2">Group ID:</td> |
|
400 <td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td> |
|
401 </tr> |
|
402 |
|
403 <tr> |
|
404 <td class="row1">Logo style:</td> |
|
405 <td class="row1"> |
|
406 <select name="sflogo"> |
|
407 <option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option> |
|
408 <option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option> |
|
409 <option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option> |
|
410 <option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option> |
|
411 <option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option> |
|
412 <option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option> |
|
413 <option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option> |
|
414 </select> |
|
415 </td> |
|
416 </tr> |
|
417 |
|
418 <!-- W3C validator buttons --> |
|
419 |
|
420 <tr><th colspan="2">W3C compliance logos</th></tr> |
|
421 <tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr> |
|
422 |
|
423 <tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr> |
|
424 <tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr> |
|
425 <tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr> |
|
426 <tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr> |
|
427 <tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr> |
|
428 <tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr> |
|
429 |
|
430 <!-- DefectiveByDesign.org ad --> |
|
431 |
|
432 <tr><th colspan="2">Defective By Design Anti-DRM button</th></tr> |
|
433 <tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr> |
|
434 <tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr> |
|
435 |
|
436 <!-- Save button --> |
|
437 |
|
438 <tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr> |
|
439 |
|
440 </table> |
|
441 </div> |
|
442 </form> |
|
443 <?php |
|
444 } |
|
445 |
|
446 function page_Admin_UploadConfig() |
|
447 { |
|
448 global $db, $session, $paths, $template, $plugins; // Common objects |
|
449 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
450 { |
|
451 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
452 return; |
|
453 } |
|
454 |
|
455 if(isset($_POST['save'])) |
|
456 { |
|
457 if(isset($_POST['enable_uploads'])) setConfig('enable_uploads', '1'); else setConfig('enable_uploads', '0'); |
|
458 if(isset($_POST['enable_imagemagick'])) setConfig('enable_imagemagick', '1'); else setConfig('enable_imagemagick', '0'); |
|
459 if(isset($_POST['cache_thumbs'])) setConfig('cache_thumbs', '1'); else setConfig('cache_thumbs', '0'); |
|
460 if(isset($_POST['file_history'])) setConfig('file_history', '1'); else setConfig('file_history', '0'); |
|
461 if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']); |
|
462 else echo '<span style="color: red"><b>Warning:</b> the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.</span>'; |
|
463 $max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']); |
|
464 setConfig('max_file_size', $max_upload.''); |
|
465 } |
|
466 echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">'; |
|
467 ?> |
|
468 <h3>File upload configuration</h3> |
|
469 <p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images |
|
470 and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses |
|
471 and executable files can sometimes be uploaded.</p> |
|
472 <p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p> |
|
473 <p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p> |
|
474 <p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server |
|
475 does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you |
|
476 are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these |
|
477 large images many times can cost you quite a lot of bandwidth.</p> |
|
478 <p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br /> |
|
479 Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br /> |
|
480 On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then |
|
481 ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe. |
|
482 </p> |
|
483 <p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site |
|
484 may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p> |
|
485 <p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on |
|
486 Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for |
|
487 more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory |
|
488 is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p> |
|
489 <p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p> |
|
490 <p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious |
|
491 changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option |
|
492 enabled unless you have less than 250MB of MySQL database space.</p> |
|
493 <p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p> |
|
494 <hr style="margin-left: 1em;" /> |
|
495 <p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p> |
|
496 <?php |
|
497 echo '</form>'; |
|
498 } |
|
499 |
|
500 function page_Admin_PluginManager() { |
|
501 global $db, $session, $paths, $template, $plugins; // Common objects |
|
502 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
503 { |
|
504 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
505 return; |
|
506 } |
|
507 |
|
508 |
|
509 if(isset($_GET['action'])) { |
|
510 switch($_GET['action']) { |
|
511 case "enable": |
|
512 setConfig('plugin_'.$_GET['plugin'], '1'); |
|
513 break; |
|
514 case "disable": |
|
515 if($_GET['plugin']!='admin.php') setConfig('plugin_'.$_GET['plugin'], '0'); |
|
516 else echo('<h3>Error disabling plugin</h3><p>The administration panel plugin cannot be disabled.</p>'); |
|
517 break; |
|
518 } |
|
519 } |
|
520 $dir = './plugins/'; |
|
521 $plugin_list = Array(); |
|
522 $system = Array(); |
|
523 if (is_dir($dir)) { |
|
524 if ($dh = opendir($dir)) { |
|
525 while (($file = readdir($dh)) !== false) { |
|
526 if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php') |
|
527 { |
|
528 if ( in_array($file, $plugins->system_plugins) ) |
|
529 { |
|
530 $thelist =& $system; |
|
531 continue; |
|
532 } |
|
533 else |
|
534 { |
|
535 $thelist =& $plugin_list; |
|
536 } |
|
537 $f = file_get_contents($dir . $file); |
|
538 $f = explode("\n", $f); |
|
539 $f = array_slice($f, 2, 7); |
|
540 $f[0] = substr($f[0], 13, strlen($f[0])); |
|
541 $f[1] = substr($f[1], 12, strlen($f[1])); |
|
542 $f[2] = substr($f[2], 13, strlen($f[2])); |
|
543 $f[3] = substr($f[3], 8, strlen($f[3])); |
|
544 $f[4] = substr($f[4], 9, strlen($f[4])); |
|
545 $f[5] = substr($f[5], 12, strlen($f[5])); |
|
546 $thelist[$file] = Array(); |
|
547 $thelist[$file]['name'] = $f[0]; |
|
548 $thelist[$file]['uri'] = $f[1]; |
|
549 $thelist[$file]['desc'] = $f[2]; |
|
550 $thelist[$file]['auth'] = $f[3]; |
|
551 $thelist[$file]['vers'] = $f[4]; |
|
552 $thelist[$file]['aweb'] = $f[5]; |
|
553 } |
|
554 } |
|
555 closedir($dh); |
|
556 } |
|
557 } |
|
558 echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"> |
|
559 <tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>'); |
|
560 $plugin_files = array_keys($plugin_list); |
|
561 $cls = 'row2'; |
|
562 for ( $i = 0; $i < sizeof($plugin_files); $i++ ) |
|
563 { |
|
564 $cls = ( $cls == 'row2' ) ? 'row3' : 'row2'; |
|
565 echo '<tr> |
|
566 <td class="'.$cls.'">'.$plugin_files[$i].'</td> |
|
567 <td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['uri'].'">'.$plugin_list[$plugin_files[$i]]['name'].'</a></td> |
|
568 <td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['desc'].'</td> |
|
569 <td class="'.$cls.'"><a href="'.$plugin_list[$plugin_files[$i]]['aweb'].'">'.$plugin_list[$plugin_files[$i]]['auth'].'</a></td> |
|
570 <td class="'.$cls.'">'.$plugin_list[$plugin_files[$i]]['vers'].'</td> |
|
571 <td class="'.$cls.'">'; |
|
572 if ( getConfig('plugin_'.$plugin_files[$i]) == '1' ) |
|
573 { |
|
574 echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=disable&plugin='.$plugin_files[$i].'">Disable</a>'; |
|
575 } |
|
576 else |
|
577 { |
|
578 echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&action=enable&plugin='.$plugin_files[$i].'">Enable</a>'; |
|
579 } |
|
580 echo '</td></tr>'; |
|
581 } |
|
582 echo '</table></div>'; |
|
583 } |
|
584 |
|
585 function page_Admin_UploadAllowedMimeTypes() |
|
586 { |
|
587 global $db, $session, $paths, $template, $plugins; // Common objects |
|
588 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
589 { |
|
590 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
591 return; |
|
592 } |
|
593 |
|
594 global $mime_types, $mimetype_exps, $mimetype_extlist; |
|
595 if(isset($_POST['save'])) |
|
596 { |
|
597 $bits = ''; |
|
598 $keys = array_keys($mime_types); |
|
599 foreach($keys as $i => $k) |
|
600 { |
|
601 if(isset($_POST['ext_'.$k])) $bits .= '1'; |
|
602 else $bits .= '0'; |
|
603 } |
|
604 $bits = compress_bitfield($bits); |
|
605 setConfig('allowed_mime_types', $bits); |
|
606 echo '<div class="info-box">Your changes have been saved.</div>'; |
|
607 } |
|
608 $allowed = fetch_allowed_extensions(); |
|
609 ?> |
|
610 <h3>Allowed file types</h3> |
|
611 <p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p> |
|
612 <?php |
|
613 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">'; |
|
614 $c = -1; |
|
615 $t = -1; |
|
616 $cl = 'row1'; |
|
617 echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n "; |
|
618 foreach($mime_types as $e => $m) |
|
619 { |
|
620 $c++; |
|
621 $t++; |
|
622 if($c == 3) |
|
623 { |
|
624 $c = 0; |
|
625 $cl = ( $cl == 'row1' ) ? 'row2' : 'row1'; |
|
626 echo '</tr>'."\n".' <tr>'."\n "; |
|
627 } |
|
628 $seed = "extchkbx_{$e}_".md5(microtime() . mt_rand()); |
|
629 $chk = (!empty($allowed[$e])) ? ' checked="checked"' : ''; |
|
630 echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n "; |
|
631 } |
|
632 while($c < 2) |
|
633 { |
|
634 $c++; |
|
635 echo " <td class='{$cl}'></td>\n "; |
|
636 } |
|
637 echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>'; |
|
638 echo '</tr>'."\n".' </table>'."\n".' </div>'; |
|
639 echo '</form>'; |
|
640 ?> |
|
641 <?php |
|
642 } |
|
643 |
|
644 function page_Admin_Sidebar() |
|
645 { |
|
646 global $db, $session, $paths, $template, $plugins; // Common objects |
|
647 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
648 { |
|
649 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
650 return; |
|
651 } |
|
652 |
|
653 ?> |
|
654 <h2>Editing and managing the Enano sidebar</h2> |
|
655 <p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar |
|
656 provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message |
|
657 markup language. |
|
658 </p> |
|
659 <p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the |
|
660 main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p> |
|
661 <p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading |
|
662 on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading, |
|
663 use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and |
|
664 external sites.</p> |
|
665 <p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p> |
|
666 <pre>{slider=Navigation} |
|
667 [[Main Page|Home]] |
|
668 [[Enano:Sidebar|Edit the sidebar]] |
|
669 {/slider}</pre> |
|
670 <p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you |
|
671 to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are |
|
672 "user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the |
|
673 wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the |
|
674 effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p> |
|
675 <p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the |
|
676 variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME. |
|
677 The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and |
|
678 the "change theme" button can be added with $STYLE_LINK.</p> |
|
679 <p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p> |
|
680 <pre>{slider=$USERNAME} |
|
681 [[User:$USERNAME|User page]] |
|
682 [[Special:Contributions?user=$USERNAME|My Contributions]] |
|
683 {if user_logged_in} |
|
684 [[Special:Preferences|Preferences]] |
|
685 $THEME_LINK |
|
686 {/if} |
|
687 {if auth_admin} |
|
688 [[Special:Administration|Administration]] |
|
689 {/if} |
|
690 {if user_logged_in} |
|
691 $LOGOUT_LINK |
|
692 {/if} |
|
693 {!if user_logged_in} |
|
694 Create an account |
|
695 Log in |
|
696 {/if} |
|
697 {/slider}</pre> |
|
698 <?php |
|
699 } |
|
700 |
|
701 function page_Admin_UserManager() { |
|
702 global $db, $session, $paths, $template, $plugins; // Common objects |
|
703 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
704 { |
|
705 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
706 return; |
|
707 } |
|
708 |
|
709 if(isset($_POST['go'])) { |
|
710 // We need the user ID before we can do anything |
|
711 $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\''); |
|
712 if(!$q) die('Error selecting user ID: '.mysql_error()); |
|
713 if($db->numrows() < 1) { echo('User does not exist, please enter another username.'); return; } |
|
714 $r = $db->fetchrow(); |
|
715 $db->free_result(); |
|
716 if(isset($_POST['save'])) |
|
717 { |
|
718 $_POST['level'] = intval($_POST['level']); |
|
719 |
|
720 $new_level = $_POST['level']; |
|
721 $old_level = intval($r['user_level']); |
|
722 |
|
723 $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']); |
|
724 |
|
725 if($re == 'success') |
|
726 { |
|
727 |
|
728 if ( $new_level != $old_level ) |
|
729 { |
|
730 $user_id = intval($r['user_id']); |
|
731 // We need to update group memberships |
|
732 if ( $old_level == USER_LEVEL_ADMIN ) |
|
733 { |
|
734 $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
|
735 } |
|
736 else if ( $old_level == USER_LEVEL_MOD ) |
|
737 { |
|
738 $session->remove_user_from_group($user_id, GROUP_ID_MOD); |
|
739 } |
|
740 |
|
741 if ( $new_level == USER_LEVEL_ADMIN ) |
|
742 { |
|
743 $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
|
744 } |
|
745 else if ( $new_level == USER_LEVEL_MOD ) |
|
746 { |
|
747 $session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
|
748 } |
|
749 } |
|
750 |
|
751 echo('<div class="info-box">Your changes have been saved.</div>'); |
|
752 } |
|
753 else |
|
754 { |
|
755 echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>'); |
|
756 } |
|
757 $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\''); |
|
758 if ( !$q ) |
|
759 { |
|
760 die('Error selecting user ID: '.mysql_error()); |
|
761 } |
|
762 if($db->numrows($q) < 1) |
|
763 { |
|
764 die('User does not exist, please enter another username.'); |
|
765 } |
|
766 $r = mysql_fetch_object($q); |
|
767 $db->free_result(); |
|
768 } |
|
769 elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf'])) |
|
770 { |
|
771 $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';'); |
|
772 if($q) |
|
773 { |
|
774 echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>'; |
|
775 } |
|
776 else |
|
777 { |
|
778 echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>'; |
|
779 } |
|
780 } |
|
781 else |
|
782 { |
|
783 echo(' |
|
784 <h3>Edit User Info</h3> |
|
785 <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"> |
|
786 <table border="0" style="margin-left: 0.2in;"> |
|
787 <tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr> |
|
788 <tr><td>New Password:</td><td><input type="password" name="new_pass" /></td></tr> |
|
789 <tr><td>E-mail:</td><td><input type="text" name="email" value="'.$r['email'].'" /></td></tr> |
|
790 <tr><td>Real Name:</td><td><input type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr> |
|
791 <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr> |
|
792 <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label> |
|
793 <tr><td align="center" colspan="2"> |
|
794 <input type="submit" name="save" value="Save Changes" /></td></tr> |
|
795 </table> |
|
796 </form> |
|
797 '); |
|
798 } |
|
799 } elseif(isset($_POST['clearsessions'])) { |
|
800 // Get the current session information so the user doesn't get logged out |
|
801 $aes = new AESCrypt(); |
|
802 $sk = md5($session->sid_super); |
|
803 $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); |
|
804 if(!$qb) die('Error selecting session key info block B: '.$db->get_error()); |
|
805 if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process'); |
|
806 $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); |
|
807 if(!$qa) die('Error selecting session key info block A: '.$db->get_error()); |
|
808 if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process'); |
|
809 $ra = mysql_fetch_object($qa); |
|
810 $rb = mysql_fetch_object($qb); |
|
811 $db->free_result($qa); |
|
812 $db->free_result($qb); |
|
813 $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); |
|
814 $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )'); |
|
815 echo(' |
|
816 <div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div> |
|
817 '); |
|
818 } |
|
819 echo(' |
|
820 <h3>User Management</h3> |
|
821 <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;"> |
|
822 <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p> |
|
823 <h3>Clear session keys table</h3> |
|
824 <p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p> |
|
825 <p><input type="submit" name="clearsessions" value="Clear session keys table" /></p> |
|
826 </form> |
|
827 '); |
|
828 if(isset($_GET['action']) && isset($_GET['user'])) |
|
829 { |
|
830 switch($_GET['action']) |
|
831 { |
|
832 case "activate": |
|
833 $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
|
834 if($e) |
|
835 { |
|
836 $row = $db->fetchrow(); |
|
837 $db->free_result(); |
|
838 if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
|
839 else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>'; |
|
840 } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>'; |
|
841 break; |
|
842 case "sendemail": |
|
843 if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
|
844 else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>'; |
|
845 break; |
|
846 case "deny": |
|
847 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';'); |
|
848 if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>'; |
|
849 else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>'; |
|
850 break; |
|
851 } |
|
852 } |
|
853 $q = $db->sql_query('SELECT log_type, action, time_id, date_string, author, edit_summary FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); |
|
854 if($q) |
|
855 { |
|
856 if($db->numrows() > 0) |
|
857 { |
|
858 $n = $db->numrows(); |
|
859 if($n == 1) $s = $n . ' user is'; |
|
860 else $s = $n . ' users are'; |
|
861 echo '<h3>'.$s . ' awaiting account activation</h3>'; |
|
862 echo '<div class="tblholder"> |
|
863 <table border="0" cellspacing="1" cellpadding="4" width="100%"> |
|
864 <tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th colspan="3">Actions</th></tr>'; |
|
865 $cls = 'row2'; |
|
866 while($row = $db->fetchrow()) |
|
867 { |
|
868 if($cls == 'row2') $cls = 'row1'; |
|
869 else $cls = 'row2'; |
|
870 echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>'; |
|
871 } |
|
872 echo '</table>'; |
|
873 } |
|
874 $db->free_result(); |
|
875 } |
|
876 } |
|
877 |
|
878 function page_Admin_GroupManager() |
|
879 { |
|
880 global $db, $session, $paths, $template, $plugins; // Common objects |
|
881 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
882 { |
|
883 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
884 return; |
|
885 } |
|
886 |
|
887 if(isset($_POST['do_create_stage1'])) |
|
888 { |
|
889 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
890 { |
|
891 echo '<p>The group name you chose is invalid.</p>'; |
|
892 return; |
|
893 } |
|
894 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
895 echo '<div class="tblholder"> |
|
896 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
897 <tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr> |
|
898 <tr> |
|
899 <td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td> |
|
900 </tr> |
|
901 <tr><td class="row2">Group status</td><td class="row2"> |
|
902 <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br /> |
|
903 <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br /> |
|
904 <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br /> |
|
905 <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label> |
|
906 </td></tr> |
|
907 <tr> |
|
908 <th class="subhead" colspan="2"> |
|
909 <input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" /> |
|
910 <input type="submit" name="do_create_stage2" value="Create group" /> |
|
911 </th> |
|
912 </tr> |
|
913 </table> |
|
914 </div>'; |
|
915 echo '</form>'; |
|
916 return; |
|
917 } |
|
918 elseif(isset($_POST['do_create_stage2'])) |
|
919 { |
|
920 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name'])) |
|
921 { |
|
922 echo '<p>The group name you chose is invalid.</p>'; |
|
923 return; |
|
924 } |
|
925 if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST))) |
|
926 { |
|
927 echo '<p>Hacking attempt</p>'; |
|
928 return; |
|
929 } |
|
930 $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
931 if(!$e) |
|
932 { |
|
933 echo $db->get_error(); |
|
934 return; |
|
935 } |
|
936 if($db->numrows() > 0) |
|
937 { |
|
938 echo '<p>The group name you entered already exists.</p>'; |
|
939 return; |
|
940 } |
|
941 $db->free_result(); |
|
942 $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )'); |
|
943 if(!$q) |
|
944 { |
|
945 echo $db->get_error(); |
|
946 return; |
|
947 } |
|
948 $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';'); |
|
949 if(!$e) |
|
950 { |
|
951 echo $db->get_error(); |
|
952 return; |
|
953 } |
|
954 if($db->numrows() < 1) |
|
955 { |
|
956 echo '<p>The username you entered could not be found.</p>'; |
|
957 return; |
|
958 } |
|
959 $row = $db->fetchrow(); |
|
960 $id = $row['user_id']; |
|
961 $db->free_result(); |
|
962 $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';'); |
|
963 if(!$e) |
|
964 { |
|
965 echo $db->get_error(); |
|
966 return; |
|
967 } |
|
968 if($db->numrows() < 1) |
|
969 { |
|
970 echo '<p>The group ID could not be looked up.</p>'; |
|
971 return; |
|
972 } |
|
973 $row = $db->fetchrow(); |
|
974 $gid = $row['group_id']; |
|
975 $db->free_result(); |
|
976 $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);'); |
|
977 if(!$e) |
|
978 { |
|
979 echo $db->get_error(); |
|
980 return; |
|
981 } |
|
982 echo "<div class='info-box'> |
|
983 <b>Information</b><br /> |
|
984 The group {$_POST['create_group_name']} has been created successfully. |
|
985 </div>"; |
|
986 } |
|
987 if(isset($_POST['do_edit']) || isset($_POST['edit_do'])) |
|
988 { |
|
989 // Fetch the group name |
|
990 $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
991 if(!$q) |
|
992 { |
|
993 echo $db->get_error(); |
|
994 return; |
|
995 } |
|
996 if($db->numrows() < 1) |
|
997 { |
|
998 echo '<p>Error: couldn\'t look up group name</p>'; |
|
999 } |
|
1000 $row = $db->fetchrow(); |
|
1001 $name = $row['group_name']; |
|
1002 $db->free_result(); |
|
1003 if(isset($_POST['edit_do'])) |
|
1004 { |
|
1005 if(isset($_POST['edit_do']['del_group'])) |
|
1006 { |
|
1007 if ( $row['system_group'] == 1 ) |
|
1008 { |
|
1009 echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>'; |
|
1010 } |
|
1011 else |
|
1012 { |
|
1013 $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1014 if(!$q) |
|
1015 { |
|
1016 echo $db->get_error(); |
|
1017 return; |
|
1018 } |
|
1019 $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1020 if(!$q) |
|
1021 { |
|
1022 echo $db->get_error(); |
|
1023 return; |
|
1024 } |
|
1025 echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>'; |
|
1026 return; |
|
1027 } |
|
1028 } |
|
1029 if(isset($_POST['edit_do']['save_name'])) |
|
1030 { |
|
1031 if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name'])) |
|
1032 { |
|
1033 echo '<p>The group name you chose is invalid.</p>'; |
|
1034 return; |
|
1035 } |
|
1036 $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\' |
|
1037 WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1038 if(!$q) |
|
1039 { |
|
1040 echo $db->get_error(); |
|
1041 return; |
|
1042 } |
|
1043 else |
|
1044 { |
|
1045 echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1046 The group name has been updated. |
|
1047 </div>'; |
|
1048 } |
|
1049 $name = $_POST['group_name']; |
|
1050 |
|
1051 } |
|
1052 $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members |
|
1053 WHERE group_id='.intval($_POST['group_edit_id']).';'); |
|
1054 if(!$q) |
|
1055 { |
|
1056 echo $db->get_error(); |
|
1057 return; |
|
1058 } |
|
1059 if($db->numrows() > 0) |
|
1060 { |
|
1061 while($row = $db->fetchrow($q)) |
|
1062 { |
|
1063 if(isset($_POST['edit_do']['del_' . $row['member_id']])) |
|
1064 { |
|
1065 $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']); |
|
1066 if(!$e) |
|
1067 { |
|
1068 echo $db->get_error(); |
|
1069 return; |
|
1070 } |
|
1071 } |
|
1072 } |
|
1073 } |
|
1074 $db->free_result(); |
|
1075 if(isset($_POST['edit_do']['add_member'])) |
|
1076 { |
|
1077 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';'); |
|
1078 if(!$q) |
|
1079 { |
|
1080 echo $db->get_error(); |
|
1081 return; |
|
1082 } |
|
1083 if($db->numrows() > 0) |
|
1084 { |
|
1085 $row = $db->fetchrow(); |
|
1086 $user_id = $row['user_id']; |
|
1087 $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0'; |
|
1088 $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');'); |
|
1089 if(!$q) |
|
1090 { |
|
1091 echo $db->get_error(); |
|
1092 return; |
|
1093 } |
|
1094 else |
|
1095 { |
|
1096 echo '<div class="info-box" style="margin: 0 0 10px 0;""> |
|
1097 The user "'.$_POST['edit_add_username'].'" has been added to this usergroup. |
|
1098 </div>'; |
|
1099 } |
|
1100 } |
|
1101 else |
|
1102 echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>'; |
|
1103 } |
|
1104 } |
|
1105 $sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" '; |
|
1106 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1107 echo '<div class="tblholder"> |
|
1108 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1109 <tr><th>Edit group name</th></tr> |
|
1110 <tr> |
|
1111 <td class="row1"> |
|
1112 Group name: <input type="text" name="group_name" value="'.$name.'" /> |
|
1113 </td> |
|
1114 </tr> |
|
1115 <tr> |
|
1116 <th class="subhead"> |
|
1117 <input type="submit" name="edit_do[save_name]" value="Save name" /> |
|
1118 <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' /> |
|
1119 </th> |
|
1120 </tr> |
|
1121 </table> |
|
1122 </div> |
|
1123 <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1124 echo '</form>'; |
|
1125 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1126 echo '<div class="tblholder"> |
|
1127 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1128 <tr><th colspan="3">Edit group members</th></tr>'; |
|
1129 $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m |
|
1130 LEFT JOIN '.table_prefix.'users AS u |
|
1131 ON u.user_id=m.user_id |
|
1132 WHERE m.group_id='.intval($_POST['group_edit_id']).' |
|
1133 ORDER BY m.is_mod DESC, u.username ASC;'); |
|
1134 if(!$q) |
|
1135 { |
|
1136 echo $db->get_error(); |
|
1137 return; |
|
1138 } |
|
1139 if($db->numrows() < 1) |
|
1140 { |
|
1141 echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>'; |
|
1142 } |
|
1143 else |
|
1144 { |
|
1145 $cls = 'row2'; |
|
1146 while($row = $db->fetchrow()) |
|
1147 { |
|
1148 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1149 $mod = ( $row['is_mod'] == 1 ) ? 'Mod' : ''; |
|
1150 echo '<tr> |
|
1151 <td class="'.$cls.'" style="width: 100%;"> |
|
1152 ' . $row['username'] . ' |
|
1153 </td> |
|
1154 <td class="'.$cls.'"> |
|
1155 '.$mod.' |
|
1156 </td> |
|
1157 <td class="'.$cls.'"> |
|
1158 <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" /> |
|
1159 </td> |
|
1160 </tr>'; |
|
1161 } |
|
1162 } |
|
1163 $db->free_result(); |
|
1164 echo '</table> |
|
1165 </div> |
|
1166 <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1167 echo '</form>'; |
|
1168 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1169 echo '<div class="tblholder"> |
|
1170 <table border="0" style="width:100%;" cellspacing="1" cellpadding="4"> |
|
1171 <tr> |
|
1172 <th>Add a new member</th> |
|
1173 </tr> |
|
1174 <tr> |
|
1175 <td class="row1"> |
|
1176 Username: ' . $template->username_field('edit_add_username') . ' |
|
1177 </td> |
|
1178 </tr> |
|
1179 <tr> |
|
1180 <td class="row2"> |
|
1181 <label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members) |
|
1182 </td> |
|
1183 </tr> |
|
1184 <tr> |
|
1185 <th class="subhead"> |
|
1186 <input type="submit" name="edit_do[add_member]" value="Add user to group" /> |
|
1187 </th> |
|
1188 </tr> |
|
1189 </table> |
|
1190 </div> |
|
1191 <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />'; |
|
1192 echo '</form>'; |
|
1193 return; |
|
1194 } |
|
1195 echo '<h3>Manage Usergroups</h3>'; |
|
1196 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1197 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
1198 if(!$q) |
|
1199 { |
|
1200 echo $db->get_error(); |
|
1201 } |
|
1202 else |
|
1203 { |
|
1204 echo '<div class="tblholder"> |
|
1205 <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1206 <tr> |
|
1207 <th>Edit an existing group</th> |
|
1208 </tr>'; |
|
1209 echo '<tr><td class="row2"><select name="group_edit_id">'; |
|
1210 while ( $row = $db->fetchrow() ) |
|
1211 { |
|
1212 if ( $row['group_name'] != 'Everyone' ) |
|
1213 { |
|
1214 echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>'; |
|
1215 } |
|
1216 } |
|
1217 $db->free_result(); |
|
1218 echo '</select></td></tr>'; |
|
1219 echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr> |
|
1220 </table> |
|
1221 </div> |
|
1222 </form><br />'; |
|
1223 } |
|
1224 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1225 echo '<div class="tblholder"> |
|
1226 <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;"> |
|
1227 <tr> |
|
1228 <th colspan="2">Create a new group</th> |
|
1229 </tr>'; |
|
1230 echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>'; |
|
1231 echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr> |
|
1232 </table> |
|
1233 </div>'; |
|
1234 echo '</form>'; |
|
1235 } |
|
1236 |
|
1237 function page_Admin_PageManager() |
|
1238 { |
|
1239 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1240 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1241 { |
|
1242 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1243 return; |
|
1244 } |
|
1245 |
|
1246 |
|
1247 echo '<h2>Page management</h2>'; |
|
1248 |
|
1249 if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) { |
|
1250 // The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms... |
|
1251 $source = ( isset($_GET['source']) ) ? $_GET['source'] : false; |
|
1252 if ( $source == 'ajax' ) |
|
1253 { |
|
1254 $_POST['search'] = true; |
|
1255 $_POST['page_url'] = $_GET['page_id']; |
|
1256 } |
|
1257 if(isset($_POST['search'])) $pid = $_POST['page_url']; |
|
1258 elseif(isset($_POST['select'])) $pid = $_POST['page_force_url']; |
|
1259 else { echo 'Internal error selecting page search terms'; return false; } |
|
1260 // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
1261 $k = array_keys($paths->nslist); |
|
1262 for($i=0;$i<sizeof($paths->nslist);$i++) |
|
1263 { |
|
1264 $ln = strlen($paths->nslist[$k[$i]]); |
|
1265 if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]]) |
|
1266 { |
|
1267 $ns = $k[$i]; |
|
1268 $page_id = substr($pid, $ln, strlen($pid)); |
|
1269 } |
|
1270 } |
|
1271 // The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id |
|
1272 // Now, iterate through $paths->pages searching for a page with this name or ID |
|
1273 for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1274 { |
|
1275 if(!isset($final_pid)) |
|
1276 { |
|
1277 if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id); |
|
1278 elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1279 elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1280 elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1281 if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; } |
|
1282 } |
|
1283 } |
|
1284 if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1285 $_POST['namespace'] = $ns; |
|
1286 $_POST['old_namespace'] = $ns; |
|
1287 $_POST['page_id'] = $final_pid; |
|
1288 $_POST['old_page_id'] = $final_pid; |
|
1289 if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1290 } |
|
1291 |
|
1292 if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel'])) |
|
1293 { |
|
1294 $cpage = $paths->pages[$paths->nslist[$_POST['namespace']].$_POST['old_page_id']]; |
|
1295 if(isset($_POST['submit'])) |
|
1296 { |
|
1297 // Create a list of things to update |
|
1298 $page_info = Array( |
|
1299 'name'=>$_POST['name'], |
|
1300 'urlname'=>$_POST['page_id'], |
|
1301 'namespace'=>$_POST['namespace'], |
|
1302 'special'=>isset($_POST['special']) ? '1' : '0', |
|
1303 'visible'=>isset($_POST['visible']) ? '1' : '0', |
|
1304 'comments_on'=>isset($_POST['comments_on']) ? '1' : '0', |
|
1305 'protected'=>isset($_POST['protected']) ? '1' : '0' |
|
1306 ); |
|
1307 // Build the query |
|
1308 $q = 'UPDATE '.table_prefix.'pages SET '; |
|
1309 $k = array_keys($page_info); |
|
1310 foreach($k as $c) |
|
1311 { |
|
1312 $q .= $c.'=\''.$db->escape($page_info[$c]).'\','; |
|
1313 } |
|
1314 $q = substr($q, 0, strlen($q)-1); |
|
1315 // Build the WHERE statements |
|
1316 $q .= ' WHERE '; |
|
1317 $k = array_keys($cpage); |
|
1318 foreach($k as $c) |
|
1319 { |
|
1320 if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected') $q .= $c.'=\''.$cpage[$c].'\' AND '; |
|
1321 elseif($c == 'urlname') $q .= $c.'=\''.$cpage['urlname_nons'].'\' AND '; |
|
1322 } |
|
1323 $q = substr($q, 0, strlen($q)-5) . ';'; |
|
1324 // Send the completed query to MySQL |
|
1325 $e = $db->sql_query($q); |
|
1326 if(!$e) $db->_die('The page data could not be updated.'); |
|
1327 // Update any additional tables |
|
1328 $q = Array( |
|
1329 'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1330 'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1331 'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1332 'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1333 ); |
|
1334 foreach($q as $cq) |
|
1335 { |
|
1336 $e = $db->sql_query($cq); |
|
1337 if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); |
|
1338 } |
|
1339 // Update $cpage |
|
1340 $cpage = $page_info; |
|
1341 $cpage['urlname_nons'] = $cpage['urlname']; |
|
1342 $cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname']; |
|
1343 $_POST['old_page_id'] = $page_info['urlname']; |
|
1344 $_POST['old_namespace'] = $page_info['namespace']; |
|
1345 echo '<div class="info-box">Your changes have been saved.</div>'; |
|
1346 } elseif(isset($_POST['delete'])) { |
|
1347 $q = Array( |
|
1348 'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1349 'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1350 'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1351 'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', |
|
1352 ); |
|
1353 foreach($q as $cq) |
|
1354 { |
|
1355 $e = $db->sql_query($cq); |
|
1356 if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.'); |
|
1357 } |
|
1358 |
|
1359 if(!$db->sql_query( |
|
1360 'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";' |
|
1361 )) $db->_die('The page could not be deleted.'); |
|
1362 echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>'; |
|
1363 return; |
|
1364 } |
|
1365 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration'.htmlspecialchars(urlSeparator).(( isset($_GET['sqldbg']) ) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">'; |
|
1366 ?> |
|
1367 <h3>Modify page: <?php echo $_POST['name']; ?></h3> |
|
1368 <table border="0"> |
|
1369 <tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr> |
|
1370 <tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo $cpage['name']; ?>" /></td></tr> |
|
1371 <tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo $cpage['urlname_nons']; ?>" /></td></tr> |
|
1372 <tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr> |
|
1373 <tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr> |
|
1374 <tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr> |
|
1375 <tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr> |
|
1376 <tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr> |
|
1377 <tr><td colspan="2" style="text-align: center;"><hr /></td></tr> |
|
1378 <tr><td colspan="2" style="text-align: right;"> |
|
1379 <input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" /> |
|
1380 <input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" /> |
|
1381 <input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr> |
|
1382 </table> |
|
1383 <?php |
|
1384 echo '</form>'; |
|
1385 } else { |
|
1386 echo '<h3>Please select a page</h3>'; |
|
1387 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1388 ?> |
|
1389 <p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p> |
|
1390 <p>Select page title from a list: <select name="page_force_url"> |
|
1391 <?php |
|
1392 for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1393 { |
|
1394 if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n"; |
|
1395 } |
|
1396 ?> |
|
1397 </select> <input type="submit" name="select" value="Select" /></p> |
|
1398 <?php |
|
1399 echo '</form>'; |
|
1400 |
|
1401 } |
|
1402 } |
|
1403 |
|
1404 function page_Admin_PageEditor() |
|
1405 { |
|
1406 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1407 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1408 { |
|
1409 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1410 return; |
|
1411 } |
|
1412 |
|
1413 |
|
1414 echo '<h2>Edit page content</h2>'; |
|
1415 |
|
1416 if(isset($_POST['search']) || isset($_POST['select'])) { |
|
1417 // The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms... |
|
1418 if(isset($_POST['search'])) $pid = $_POST['page_url']; |
|
1419 elseif(isset($_POST['select'])) $pid = $_POST['page_force_url']; |
|
1420 else { echo 'Internal error selecting page search terms'; return false; } |
|
1421 // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
1422 $k = array_keys($paths->nslist); |
|
1423 for($i=0;$i<sizeof($paths->nslist);$i++) |
|
1424 { |
|
1425 $ln = strlen($paths->nslist[$k[$i]]); |
|
1426 if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]]) |
|
1427 { |
|
1428 $ns = $k[$i]; |
|
1429 $page_id = substr($pid, $ln, strlen($pid)); |
|
1430 } |
|
1431 } |
|
1432 // The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id |
|
1433 // Now, iterate through $paths->pages searching for a page with this name or ID |
|
1434 for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1435 { |
|
1436 if(!isset($final_pid)) |
|
1437 { |
|
1438 if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id); |
|
1439 elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1440 elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1441 elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons']; |
|
1442 if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; } |
|
1443 } |
|
1444 } |
|
1445 if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1446 $_POST['namespace'] = $ns; |
|
1447 $_POST['page_id'] = $final_pid; |
|
1448 if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; } |
|
1449 } |
|
1450 |
|
1451 if(isset($_POST['page_id']) && !isset($_POST['cancel'])) |
|
1452 { |
|
1453 echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
|
1454 if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false); |
|
1455 else $content = $_POST['content']; |
|
1456 if(isset($_POST['save'])) |
|
1457 { |
|
1458 $data = $content; |
|
1459 $id = md5( microtime() . mt_rand() ); |
|
1460 |
|
1461 $minor = isset($_POST['minor']) ? 'true' : 'false'; |
|
1462 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');'; |
|
1463 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
|
1464 |
|
1465 $query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';'; |
|
1466 $e = $db->sql_query($query); |
|
1467 if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>'; |
|
1468 else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>'; |
|
1469 } elseif(isset($_POST['preview'])) { |
|
1470 echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>'; |
|
1471 } |
|
1472 ?> |
|
1473 <p> |
|
1474 <textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br /> |
|
1475 Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br /> |
|
1476 <label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label> |
|
1477 </p> |
|
1478 <p> |
|
1479 <input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" /> |
|
1480 <input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" /> |
|
1481 <input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" /> |
|
1482 </p> |
|
1483 <?php |
|
1484 echo '</form>'; |
|
1485 } else { |
|
1486 echo '<h3>Please select a page</h3>'; |
|
1487 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">'; |
|
1488 ?> |
|
1489 <p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p> |
|
1490 <p>Select page title from a list: <select name="page_force_url"> |
|
1491 <?php |
|
1492 for($i=0;$i<sizeof($paths->pages)/2;$i++) |
|
1493 { |
|
1494 if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n"; |
|
1495 } |
|
1496 ?> |
|
1497 </select> <input type="submit" name="select" value="Select" /></p> |
|
1498 <?php |
|
1499 echo '</form>'; |
|
1500 } |
|
1501 } |
|
1502 |
|
1503 function page_Admin_ThemeManager() |
|
1504 { |
|
1505 |
|
1506 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1507 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1508 { |
|
1509 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1510 return; |
|
1511 } |
|
1512 |
|
1513 |
|
1514 // Get the list of styles in the themes/ dir |
|
1515 $h = opendir('./themes'); |
|
1516 $l = Array(); |
|
1517 if(!$h) die('Error opening directory "./themes" for reading.'); |
|
1518 while(false !== ($n = readdir($h))) { |
|
1519 if($n != '.' && $n != '..' && is_dir('./themes/'.$n)) |
|
1520 $l[] = $n; |
|
1521 } |
|
1522 closedir($h); |
|
1523 echo(' |
|
1524 <h3>Theme Management</h3> |
|
1525 <p>Install, uninstall, and manage Enano themes.</p> |
|
1526 '); |
|
1527 if(isset($_POST['disenable'])) { |
|
1528 $q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1529 $s = $db->sql_query($q); |
|
1530 if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1531 $r = $db->fetchrow_num($s); |
|
1532 $db->free_result(); |
|
1533 if($r[0] == 1) $e = 0; |
|
1534 else $e = 1; |
|
1535 $s=true; |
|
1536 if($e==0) |
|
1537 { |
|
1538 $c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1'); |
|
1539 if(!$c) $db->_die('The backup check for having at least on theme enabled failed.'); |
|
1540 if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; } |
|
1541 } |
|
1542 $db->free_result(); |
|
1543 if($s) { |
|
1544 $q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1545 $a = $db->sql_query($q); |
|
1546 if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1547 else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>'); |
|
1548 } |
|
1549 } |
|
1550 elseif(isset($_POST['edit'])) { |
|
1551 |
|
1552 $dir = './themes/'.$_POST['theme_id'].'/css/'; |
|
1553 $list = Array(); |
|
1554 // Open a known directory, and proceed to read its contents |
|
1555 if (is_dir($dir)) { |
|
1556 if ($dh = opendir($dir)) { |
|
1557 while (($file = readdir($dh)) !== false) { |
|
1558 if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { |
|
1559 $list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4)); |
|
1560 } |
|
1561 } |
|
1562 closedir($dh); |
|
1563 } |
|
1564 } |
|
1565 $lk = array_keys($list); |
|
1566 |
|
1567 $q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1568 $s = $db->sql_query($q); |
|
1569 if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1570 $r = $db->fetchrow_num($s); |
|
1571 $db->free_result(); |
|
1572 echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'); |
|
1573 echo('<div class="question-box"> |
|
1574 Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br /> |
|
1575 Default stylesheet: <select name="defaultcss">'); |
|
1576 foreach ($lk as $l) |
|
1577 { |
|
1578 if($r[1] == $l) $v = ' selected="selected"'; |
|
1579 else $v = ''; |
|
1580 echo "<option value='{$l}'$v>{$list[$l]}</option>"; |
|
1581 } |
|
1582 echo('</select><br /><br /> |
|
1583 <input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" /> |
|
1584 </div>'); |
|
1585 echo('</form>'); |
|
1586 } |
|
1587 elseif(isset($_POST['editsave'])) { |
|
1588 $q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1589 $s = $db->sql_query($q); |
|
1590 if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1591 else echo('<div class="info-box">Theme data updated.</div>'); |
|
1592 } |
|
1593 elseif(isset($_POST['up'])) { |
|
1594 // If there is only one theme or if the selected theme is already at the top, do nothing |
|
1595 $q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;'; |
|
1596 $s = $db->sql_query($q); |
|
1597 if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1598 $q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1599 $sn = $db->sql_query($q); |
|
1600 if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1601 $r = $db->fetchrow_num($sn); |
|
1602 if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else { |
|
1603 // Get the order IDs of the selected theme and the theme before it |
|
1604 $q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\''; |
|
1605 $s = $db->sql_query($q); |
|
1606 if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1607 $r = $db->fetchrow_num($s); |
|
1608 $r = $r[0]; |
|
1609 $rb = $r - 1; |
|
1610 // Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;) |
|
1611 $q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1612 $q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1613 $q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1614 echo('<div class="info-box">Theme moved up.</div>'); |
|
1615 } |
|
1616 $db->free_result($s); |
|
1617 $db->free_result($sn); |
|
1618 } |
|
1619 elseif(isset($_POST['down'])) { |
|
1620 // If there is only one theme or if the selected theme is already at the top, do nothing |
|
1621 $q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;'; |
|
1622 $s = $db->sql_query($q); |
|
1623 if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1624 $r = $db->fetchrow_num($s); |
|
1625 if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else { |
|
1626 // Get the order IDs of the selected theme and the theme before it |
|
1627 $q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\''; |
|
1628 $s = $db->sql_query($q); |
|
1629 if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1630 $r = $db->fetchrow_num($s); |
|
1631 $r = $r[0]; |
|
1632 $rb = $r + 1; |
|
1633 // Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;) |
|
1634 $q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1635 $q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1636 $q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1637 echo('<div class="info-box">Theme moved down.</div>'); |
|
1638 } |
|
1639 } |
|
1640 else if(isset($_POST['uninstall'])) |
|
1641 { |
|
1642 $q = 'SELECT * FROM '.table_prefix.'themes;'; |
|
1643 $s = $db->sql_query($q); |
|
1644 if ( !$s ) |
|
1645 { |
|
1646 die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1647 } |
|
1648 $n = $db->numrows($s); |
|
1649 $db->free_result(); |
|
1650 |
|
1651 if ( $_POST['theme_id'] == 'oxygen' ) |
|
1652 { |
|
1653 echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>'; |
|
1654 } |
|
1655 else |
|
1656 { |
|
1657 if($n < 2) |
|
1658 { |
|
1659 echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>'; |
|
1660 } |
|
1661 else |
|
1662 { |
|
1663 $q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;'; |
|
1664 $s = $db->sql_query($q); |
|
1665 if ( !$s ) |
|
1666 { |
|
1667 die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1668 } |
|
1669 else |
|
1670 { |
|
1671 echo('<div class="info-box">Theme uninstalled.</div>'); |
|
1672 } |
|
1673 } |
|
1674 } |
|
1675 } |
|
1676 elseif(isset($_POST['install'])) { |
|
1677 $q = 'SELECT * FROM '.table_prefix.'themes;'; |
|
1678 $s = $db->sql_query($q); |
|
1679 if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1680 $n = $db->numrows($s); |
|
1681 $n++; |
|
1682 $theme_id = $_POST['theme_id']; |
|
1683 $theme = Array(); |
|
1684 include('./themes/'.$theme_id.'/theme.cfg'); |
|
1685 $q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled) VALUES(\''.$theme['theme_id'].'\', \''.$theme['theme_name'].'\', '.$n.', 1)'; |
|
1686 $s = $db->sql_query($q); |
|
1687 if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q); |
|
1688 else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>'); |
|
1689 } |
|
1690 echo(' |
|
1691 <h3>Currently installed themes</h3> |
|
1692 <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"> |
|
1693 <p> |
|
1694 <select name="theme_id"> |
|
1695 '); |
|
1696 $q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order'; |
|
1697 $s = $db->sql_query($q); |
|
1698 if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q); |
|
1699 while ( $r = $db->fetchrow_num($s) ) { |
|
1700 if($r[2] < 1) $r[1] .= ' (disabled)'; |
|
1701 echo('<option value="'.$r[0].'">'.$r[1].'</option>'); |
|
1702 } |
|
1703 $db->free_result(); |
|
1704 echo(' |
|
1705 </select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" /> |
|
1706 </p> |
|
1707 </form> |
|
1708 <h3>Install a new theme</h3> |
|
1709 '); |
|
1710 $theme = Array(); |
|
1711 $obb = ''; |
|
1712 for($i=0;$i<sizeof($l);$i++) { |
|
1713 if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) { |
|
1714 include('./themes/'.$l[$i].'/theme.cfg'); |
|
1715 $q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\''; |
|
1716 $s = $db->sql_query($q); |
|
1717 if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q); |
|
1718 if($db->numrows($s) < 1) { |
|
1719 $obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>'; |
|
1720 } |
|
1721 $db->free_result(); |
|
1722 } |
|
1723 } |
|
1724 if($obb != '') { |
|
1725 echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>'); |
|
1726 echo('<select name="theme_id">'); |
|
1727 echo($obb); |
|
1728 echo('</select>'); |
|
1729 echo(' |
|
1730 <input type="submit" name="install" value="Install this theme" /> |
|
1731 </p></form>'); |
|
1732 } else echo('<p>All themes are currently installed.</p>'); |
|
1733 } |
|
1734 |
|
1735 function page_Admin_BanControl() |
|
1736 { |
|
1737 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1738 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1739 { |
|
1740 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1741 return; |
|
1742 } |
|
1743 |
|
1744 if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '') |
|
1745 { |
|
1746 $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . ''); |
|
1747 if(!$e) $db->_die('The ban list entry was not deleted.'); |
|
1748 } |
|
1749 if(isset($_POST['create'])) |
|
1750 { |
|
1751 $q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\''; |
|
1752 if(isset($_POST['regex'])) $q .= ', 1'; |
|
1753 else $q .= ', 0'; |
|
1754 $q .= ');'; |
|
1755 $e = $db->sql_query($q); |
|
1756 if(!$e) $db->_die('The banlist could not be updated.'); |
|
1757 } |
|
1758 $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;'); |
|
1759 if(!$q) $db->_die('The banlist data could not be selected.'); |
|
1760 echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
1761 echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>'; |
|
1762 if($db->numrows() < 1) echo '<td colspan="4">No ban rules yet.</td>'; |
|
1763 while($r = $db->fetchrow()) |
|
1764 { |
|
1765 if($r['ban_type']==BAN_IP) $t = 'IP address'; |
|
1766 elseif($r['ban_type']==BAN_USER) $t = 'Username'; |
|
1767 elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address'; |
|
1768 if($r['is_regex']) $g = 'Yes'; else $g = 'No'; |
|
1769 echo '<tr><td>'.$t.'</td><td>'.$r['ban_value'].'</td><td>'.$g.'</td><td><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>'; |
|
1770 } |
|
1771 $db->free_result(); |
|
1772 echo '</table>'; |
|
1773 echo '<h3>Create new ban rule</h3>'; |
|
1774 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
|
1775 ?> |
|
1776 Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br /> |
|
1777 Rule: <input type="text" name="value" size="30" /><br /> |
|
1778 Reason to show to the banned user: <textarea name="reason" rows="7" cols="20"></textarea><br /> |
|
1779 <input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br /> |
|
1780 <input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" /> |
|
1781 <?php |
|
1782 echo '</form>'; |
|
1783 } |
|
1784 |
|
1785 function page_Admin_MassEmail() |
|
1786 { |
|
1787 global $db, $session, $paths, $template, $plugins; // Common objects |
|
1788 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
1789 { |
|
1790 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
1791 return; |
|
1792 } |
|
1793 |
|
1794 global $enano_config; |
|
1795 if ( isset($_POST['do_send']) ) |
|
1796 { |
|
1797 $use_smtp = getConfig('smtp_enabled') == '1'; |
|
1798 |
|
1799 // |
|
1800 // Let's do some checking to make sure that mass mail functions |
|
1801 // are working in win32 versions of php. (copied from phpBB) |
|
1802 // |
|
1803 if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp) |
|
1804 { |
|
1805 $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; |
|
1806 |
|
1807 // We are running on windows, force delivery to use our smtp functions |
|
1808 // since php's are broken by default |
|
1809 $use_smtp = true; |
|
1810 $enano_config['smtp_server'] = @$ini_val('SMTP'); |
|
1811 } |
|
1812 |
|
1813 $mail = new emailer( !empty($use_smtp) ); |
|
1814 |
|
1815 // Validate subject/message body |
|
1816 $subject = stripslashes(trim($_POST['subject'])); |
|
1817 $message = stripslashes(trim($_POST['message'])); |
|
1818 |
|
1819 if ( empty($subject) ) |
|
1820 $errors[] = 'Please enter a subject.'; |
|
1821 if ( empty($message) ) |
|
1822 $errors[] = 'Please enter a message.'; |
|
1823 |
|
1824 // Get list of members |
|
1825 if ( !empty($_POST['userlist']) ) |
|
1826 { |
|
1827 $userlist = str_replace(', ', ',', $_POST['userlist']); |
|
1828 $userlist = explode(',', $userlist); |
|
1829 foreach ( $userlist as $k => $u ) |
|
1830 { |
|
1831 if ( $u == $session->username ) |
|
1832 { |
|
1833 // Message is automatically sent to the sender |
|
1834 unset($userlist[$k]); |
|
1835 } |
|
1836 else |
|
1837 { |
|
1838 $userlist[$k] = $db->escape($u); |
|
1839 } |
|
1840 } |
|
1841 $userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\''; |
|
1842 |
|
1843 $q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';'); |
|
1844 if ( !$q ) |
|
1845 $db->_die(); |
|
1846 |
|
1847 if ( $row = $db->fetchrow() ) |
|
1848 { |
|
1849 do { |
|
1850 $mail->cc($row['email']); |
|
1851 } while ( $row = $db->fetchrow() ); |
|
1852 } |
|
1853 |
|
1854 $db->free_result(); |
|
1855 |
|
1856 } |
|
1857 else |
|
1858 { |
|
1859 // Sending to a usergroup |
|
1860 |
|
1861 $group_id = intval($_POST['group_id']); |
|
1862 if ( $group_id < 1 ) |
|
1863 { |
|
1864 $errors[] = 'Invalid group ID'; |
|
1865 } |
|
1866 else |
|
1867 { |
|
1868 $q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g |
|
1869 LEFT JOIN '.table_prefix.'users AS u |
|
1870 ON (u.user_id=g.user_id) |
|
1871 WHERE g.group_id=' . $group_id . ';'); |
|
1872 if ( !$q ) |
|
1873 $db->_die(); |
|
1874 |
|
1875 if ( $row = $db->fetchrow() ) |
|
1876 { |
|
1877 do { |
|
1878 $mail->cc($row['email']); |
|
1879 } while ( $row = $db->fetchrow() ); |
|
1880 } |
|
1881 |
|
1882 $db->free_result(); |
|
1883 } |
|
1884 } |
|
1885 |
|
1886 if ( sizeof($errors) < 1 ) |
|
1887 { |
|
1888 |
|
1889 $mail->from(getConfig('contact_email')); |
|
1890 $mail->replyto(getConfig('contact_email')); |
|
1891 $mail->set_subject($subject); |
|
1892 $mail->email_address(getConfig('contact_email')); |
|
1893 |
|
1894 // Copied/modified from phpBB |
|
1895 $email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n"; |
|
1896 $email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n"; |
|
1897 $email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n"; |
|
1898 $email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n"; |
|
1899 |
|
1900 $mail->extra_headers($email_headers); |
|
1901 |
|
1902 $tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at: |
|
1903 |
|
1904 {CONTACT_EMAIL} |
|
1905 |
|
1906 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
1907 {MESSAGE} |
|
1908 '; |
|
1909 |
|
1910 $mail->use_template($tpl); |
|
1911 |
|
1912 $mail->assign_vars(array( |
|
1913 'SENDER' => $session->username, |
|
1914 'SITE_NAME' => getConfig('site_name'), |
|
1915 'CONTACT_EMAIL' => getConfig('contact_email'), |
|
1916 'MESSAGE' => $message |
|
1917 )); |
|
1918 |
|
1919 //echo '<pre>'.print_r($mail,true).'</pre>'; |
|
1920 |
|
1921 // All done |
|
1922 $mail->send(); |
|
1923 $mail->reset(); |
|
1924 |
|
1925 echo '<div class="info-box">Your message has been sent.</div>'; |
|
1926 |
|
1927 } |
|
1928 else |
|
1929 { |
|
1930 echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>'; |
|
1931 } |
|
1932 |
|
1933 } |
|
1934 echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">'; |
|
1935 ?> |
|
1936 <div class="tblholder"> |
|
1937 <table border="0" cellspacing="1" cellpadding="4"> |
|
1938 <tr> |
|
1939 <th colspan="2">Send mass e-mail</th> |
|
1940 </tr> |
|
1941 <tr> |
|
1942 <td class="row2" rowspan="2" style="width: 30%; min-width: 200px;"> |
|
1943 Send message to:<br /> |
|
1944 <small> |
|
1945 By default, this message will be sent to the group selected here. You may instead send the message to a specific |
|
1946 list of users by entering them in the second row, with usernames separated by a single comma (no space). |
|
1947 </small> |
|
1948 </td> |
|
1949 <td class="row1"> |
|
1950 <select name="group_id"> |
|
1951 <?php |
|
1952 $q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;'); |
|
1953 if ( !$q ) |
|
1954 $db->_die(); |
|
1955 while ( $row = $db->fetchrow() ) |
|
1956 { |
|
1957 echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; |
|
1958 } |
|
1959 ?> |
|
1960 </select> |
|
1961 </td> |
|
1962 </tr> |
|
1963 <tr> |
|
1964 <td class="row1"> |
|
1965 Usernames: <input type="text" name="userlist" size="50" /> |
|
1966 </td> |
|
1967 </tr> |
|
1968 <tr> |
|
1969 <td class="row2" style="width: 30%; min-width: 200px;"> |
|
1970 Subject: |
|
1971 </td> |
|
1972 <td class="row1"> |
|
1973 <input name="subject" type="text" size="50" /> |
|
1974 </td> |
|
1975 </tr> |
|
1976 <tr> |
|
1977 <td class="row2" style="width: 30%; min-width: 200px;"> |
|
1978 Message: |
|
1979 </td> |
|
1980 <td class="row1"> |
|
1981 <textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea> |
|
1982 </td> |
|
1983 </tr> |
|
1984 <tr> |
|
1985 <th class="subhead" colspan="2" style="text-align: left;" valign="middle"> |
|
1986 <div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div> |
|
1987 <small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small> |
|
1988 </th> |
|
1989 </tr> |
|
1990 |
|
1991 </table> |
|
1992 </div> |
|
1993 <?php |
|
1994 echo '</form>'; |
|
1995 } |
|
1996 |
|
1997 function page_Admin_DBBackup() |
|
1998 { |
|
1999 global $db, $session, $paths, $template, $plugins; // Common objects |
|
2000 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2001 { |
|
2002 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2003 return; |
|
2004 } |
|
2005 |
|
2006 global $system_table_list; |
|
2007 if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes') |
|
2008 { |
|
2009 |
|
2010 if(defined('SQL_BACKUP_CRYPT')) |
|
2011 // Try to increase our time limit |
|
2012 @set_time_limit(300); // five minutes |
|
2013 // Do the actual export |
|
2014 $aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : ''; |
|
2015 $filename = 'enano_backup_' . date('dmy') . '.sql' . $aesext; |
|
2016 ob_start(); |
|
2017 header('Content-disposition: attachment, filename="'.$filename.'";'); |
|
2018 header('Content-type: application/transact-sql'); |
|
2019 // Spew some headers |
|
2020 $headdate = date('F d, Y \a\t h:i a'); |
|
2021 echo <<<HEADER |
|
2022 -- Enano CMS SQL backup |
|
2023 -- Generated on {$headdate} by {$session->username} |
|
2024 |
|
2025 HEADER; |
|
2026 // build the table list |
|
2027 $base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array(); |
|
2028 $add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array(); |
|
2029 $tables = array_merge($base, $add); |
|
2030 |
|
2031 // Log it! |
|
2032 $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); |
|
2033 if ( !$e ) |
|
2034 $db->_die(); |
|
2035 |
|
2036 foreach($tables as $i => $t) |
|
2037 { |
|
2038 if(!preg_match('#^([a-z0-9_]+)$#i', $t)) |
|
2039 die('Hacking attempt'); |
|
2040 // if($t == table_prefix.'files' && isset($_POST['do_data'])) |
|
2041 // unset($tables[$i]); |
|
2042 } |
|
2043 foreach($tables as $t) |
|
2044 { |
|
2045 // Sorry folks - this script CAN'T backup enano_files, enano_search_index, and enano_search_cache due to the sheer size of the tables. |
|
2046 // If encryption is enabled the log data will be excluded too. |
|
2047 echo export_table( |
|
2048 $t, |
|
2049 isset($_POST['do_struct']), |
|
2050 ( isset($_POST['do_data']) /* && $t != table_prefix.'files' && $t != table_prefix.'search_index' && $t != table_prefix.'search_cache' && ( !defined('SQL_BACKUP_CRYPT') || ( defined('SQL_BACKUP_CRYPT') && $t != table_prefix.'logs' ) ) */ ), |
|
2051 false |
|
2052 ) . "\n"; |
|
2053 } |
|
2054 $data = ob_get_contents(); |
|
2055 ob_end_clean(); |
|
2056 if(defined('SQL_BACKUP_CRYPT')) |
|
2057 { |
|
2058 // Free some memory, we don't need this stuff any more |
|
2059 $db->close(); |
|
2060 unset($paths, $db, $template, $plugins); |
|
2061 $tea = new TEACrypt(); |
|
2062 $data = $tea->encrypt($data, $session->private_key); |
|
2063 } |
|
2064 header('Content-length: '.strlen($data)); |
|
2065 echo $data; |
|
2066 exit; |
|
2067 } |
|
2068 else |
|
2069 { |
|
2070 // Show the UI |
|
2071 echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">'; |
|
2072 ?> |
|
2073 <p>This page allows you to back up your Enano database should something go miserably wrong.</p> |
|
2074 <p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p> |
|
2075 <p>Additional tables to export:</p> |
|
2076 <p><select name="additional_tables[]" multiple="multiple"> |
|
2077 <?php |
|
2078 $q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.'); |
|
2079 while($row = $db->fetchrow_num()) |
|
2080 { |
|
2081 if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>'; |
|
2082 } |
|
2083 ?> |
|
2084 </select> |
|
2085 </p> |
|
2086 <p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br /> |
|
2087 <label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label> |
|
2088 </p> |
|
2089 <p><input type="submit" value="Create backup" /></p> |
|
2090 <?php |
|
2091 echo '</form>'; |
|
2092 } |
|
2093 } |
|
2094 |
|
2095 function page_Admin_AdminLogout() |
|
2096 { |
|
2097 global $db, $session, $paths, $template, $plugins; // Common objects |
|
2098 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
|
2099 { |
|
2100 echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>'; |
|
2101 return; |
|
2102 } |
|
2103 |
|
2104 $session->logout(USER_LEVEL_ADMIN); |
|
2105 echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>'; |
|
2106 } |
|
2107 |
|
2108 function page_Special_Administration() |
|
2109 { |
|
2110 global $db, $session, $paths, $template, $plugins; // Common objects |
|
2111 |
|
2112 if($session->auth_level < USER_LEVEL_ADMIN) { |
|
2113 redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0); |
|
2114 exit; |
|
2115 } |
|
2116 else |
|
2117 { |
|
2118 $template->load_theme('admin', 'default'); |
|
2119 $template->init_vars(); |
|
2120 if( !isset( $_GET['noheaders'] ) ) |
|
2121 { |
|
2122 $template->header(); |
|
2123 } |
|
2124 echo 'Administer your Enano website.'; |
|
2125 ?> |
|
2126 <script type="text/javascript"> |
|
2127 function ajaxPage(t) |
|
2128 { |
|
2129 if ( t == namespace_list.Admin + 'AdminLogout' ) |
|
2130 { |
|
2131 var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.'); |
|
2132 mb.onclick['Yes'] = function() { |
|
2133 var tigraentry = document.getElementById('i_div0_0').parentNode; |
|
2134 var tigraobj = $(tigraentry); |
|
2135 var div = document.createElement('div'); |
|
2136 div.style.backgroundColor = '#FFFFFF'; |
|
2137 domObjChangeOpac(70, div); |
|
2138 div.style.position = 'absolute'; |
|
2139 var top = tigraobj.Top(); |
|
2140 var left = tigraobj.Left(); |
|
2141 var width = tigraobj.Width(); |
|
2142 var height = tigraobj.Height(); |
|
2143 div.style.top = top + 'px'; |
|
2144 div.style.left = left + 'px'; |
|
2145 div.style.width = width + 'px'; |
|
2146 div.style.height = height + 'px'; |
|
2147 var body = document.getElementsByTagName('body')[0]; |
|
2148 enlighten(true); |
|
2149 body.appendChild(div); |
|
2150 ajaxPageBin(namespace_list.Admin + 'AdminLogout'); |
|
2151 } |
|
2152 return; |
|
2153 } |
|
2154 ajaxPageBin(t); |
|
2155 } |
|
2156 function ajaxPageBin(t) |
|
2157 { |
|
2158 document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>'; |
|
2159 ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() { |
|
2160 if(ajax.readyState == 4) { |
|
2161 document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText; |
|
2162 fadeInfoBoxes(); |
|
2163 } |
|
2164 }); |
|
2165 } |
|
2166 function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); } |
|
2167 var TREE_TPL = { |
|
2168 'target' : '_self', // name of the frame links will be opened in |
|
2169 // other possible values are: _blank, _parent, _search, _self and _top |
|
2170 |
|
2171 'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image |
|
2172 'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line |
|
2173 'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal |
|
2174 'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected |
|
2175 'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal |
|
2176 'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected |
|
2177 'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened |
|
2178 'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected |
|
2179 'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal |
|
2180 'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected |
|
2181 'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened |
|
2182 'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened |
|
2183 'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal |
|
2184 'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected |
|
2185 'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened |
|
2186 'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected |
|
2187 'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf |
|
2188 'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf |
|
2189 'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node |
|
2190 'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node |
|
2191 'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node |
|
2192 'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node |
|
2193 }; |
|
2194 <?php |
|
2195 echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree |
|
2196 if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?> |
|
2197 </script> |
|
2198 <table border="0" width="100%"> |
|
2199 <tr> |
|
2200 <td class="holder" valign="top"> |
|
2201 <div class="pad" style="padding-right: 20px;"> |
|
2202 <script type="text/javascript"> |
|
2203 new tree(TREE_ITEMS, TREE_TPL); |
|
2204 </script> |
|
2205 </div> |
|
2206 </td> |
|
2207 <td width="100%" valign="top"> |
|
2208 <div class="pad" id="ajaxPageContainer"> |
|
2209 <?php |
|
2210 if(isset($_GET['module'])) |
|
2211 { |
|
2212 // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary |
|
2213 $k = array_keys($paths->nslist); |
|
2214 for ( $i = 0; $i < sizeof($paths->nslist); $i++ ) |
|
2215 { |
|
2216 $ln = strlen( $paths->nslist[ $k[ $i ] ] ); |
|
2217 if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] ) |
|
2218 { |
|
2219 $ns = $k[$i]; |
|
2220 $nm = substr($_GET['module'], $ln, strlen($_GET['module'])); |
|
2221 } |
|
2222 } |
|
2223 $fname = 'page_'.$ns.'_'.$nm; |
|
2224 $s = strpos($fname, '?noheaders'); |
|
2225 if($s) $fname = substr($fname, 0, $s); |
|
2226 $paths->cpage['module'] = $_GET['module']; |
|
2227 if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' ) |
|
2228 { |
|
2229 eval($fname.'();'); |
|
2230 } |
|
2231 } |
|
2232 else |
|
2233 { |
|
2234 echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>'; |
|
2235 } |
|
2236 ?> |
|
2237 </div> |
|
2238 </td> |
|
2239 </tr> |
|
2240 </table> |
|
2241 |
|
2242 <?php |
|
2243 } |
|
2244 if(!isset($_GET['noheaders'])) |
|
2245 { |
|
2246 $template->footer(); |
|
2247 } |
|
2248 } |
|
2249 |
|
2250 function page_Special_EditSidebar() |
|
2251 { |
|
2252 global $db, $session, $paths, $template, $plugins; // Common objects |
|
2253 |
|
2254 if($session->auth_level < USER_LEVEL_ADMIN) |
|
2255 { |
|
2256 redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); |
|
2257 exit; |
|
2258 } |
|
2259 else |
|
2260 { |
|
2261 |
|
2262 $template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>'); |
|
2263 $template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>'); |
|
2264 $template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>'); |
|
2265 $template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />'); |
|
2266 |
|
2267 // Knock the sidebars dead to keep javascript in plugins from interfering |
|
2268 $template->tpl_strings['SIDEBAR_LEFT'] = ''; |
|
2269 $template->tpl_strings['SIDEBAR_RIGHT'] = ''; |
|
2270 |
|
2271 $template->load_theme('oxygen', 'bleu'); |
|
2272 $template->init_vars(); |
|
2273 |
|
2274 $template->header(); |
|
2275 |
|
2276 if(isset($_POST['save'])) |
|
2277 { |
|
2278 // Write the new block order to the database |
|
2279 // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... |
|
2280 // Anyone know a better way to do this? |
|
2281 $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
|
2282 if ( !$q ) |
|
2283 { |
|
2284 $db->_die('The sidebar order data could not be selected.'); |
|
2285 } |
|
2286 $orders = Array(); |
|
2287 while($row = $db->fetchrow()) |
|
2288 { |
|
2289 $orders[] = Array( |
|
2290 count($orders), |
|
2291 $row['item_id'], |
|
2292 $row['sidebar_id'], |
|
2293 ); |
|
2294 } |
|
2295 $db->free_result(); |
|
2296 |
|
2297 // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. |
|
2298 $ol = explode(',', $_POST['order_left']); |
|
2299 $odr = explode(',', $_POST['order_right']); |
|
2300 $om = array_merge($ol, $odr); |
|
2301 unset($ol, $odr); |
|
2302 $queries = Array(); |
|
2303 foreach($orders as $k => $v) |
|
2304 { |
|
2305 $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';'; |
|
2306 } |
|
2307 foreach($queries as $sql) |
|
2308 { |
|
2309 $q = $db->sql_query($sql); |
|
2310 if(!$q) |
|
2311 { |
|
2312 $t = $db->get_error(); |
|
2313 echo $t; |
|
2314 $template->footer(); |
|
2315 exit; |
|
2316 } |
|
2317 } |
|
2318 echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>'; |
|
2319 } |
|
2320 elseif(isset($_POST['create'])) |
|
2321 { |
|
2322 switch((int)$_POST['type']) |
|
2323 { |
|
2324 case BLOCK_WIKIFORMAT: |
|
2325 $content = $_POST['wikiformat_content']; |
|
2326 break; |
|
2327 case BLOCK_TEMPLATEFORMAT: |
|
2328 $content = $_POST['templateformat_content']; |
|
2329 break; |
|
2330 case BLOCK_HTML: |
|
2331 $content = $_POST['html_content']; |
|
2332 break; |
|
2333 case BLOCK_PHP: |
|
2334 $content = $_POST['php_content']; |
|
2335 break; |
|
2336 case BLOCK_PLUGIN: |
|
2337 $content = $_POST['plugin_id']; |
|
2338 break; |
|
2339 } |
|
2340 // Get the value of item_order |
|
2341 |
|
2342 $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';'); |
|
2343 if(!$q) $db->_die('The order number could not be selected'); |
|
2344 $io = $db->numrows(); |
|
2345 |
|
2346 $db->free_result(); |
|
2347 |
|
2348 $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; |
|
2349 $result = $db->sql_query($q); |
|
2350 if(!$result) |
|
2351 { |
|
2352 echo $db->get_error(); |
|
2353 $template->footer(); |
|
2354 exit; |
|
2355 } |
|
2356 |
|
2357 echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>'; |
|
2358 |
|
2359 } |
|
2360 |
|
2361 if(isset($_GET['action']) && isset($_GET['id'])) |
|
2362 { |
|
2363 if(preg_match('#^([0-9]*)$#', $_GET['id'])) |
|
2364 { |
|
2365 } else { |
|
2366 echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>'; |
|
2367 } |
|
2368 switch($_GET['action']) |
|
2369 { |
|
2370 case 'new': |
|
2371 ?> |
|
2372 <script type="text/javascript"> |
|
2373 function setType(input) |
|
2374 { |
|
2375 val = input.value; |
|
2376 if(!val) |
|
2377 { |
|
2378 return false; |
|
2379 } |
|
2380 var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2381 for(var i in divs) |
|
2382 { |
|
2383 if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block'; |
|
2384 else divs[i].style.display = 'none'; |
|
2385 } |
|
2386 } |
|
2387 </script> |
|
2388 |
|
2389 <form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
|
2390 |
|
2391 <p> |
|
2392 What type of block should this be? |
|
2393 </p> |
|
2394 <p> |
|
2395 <select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?> |
|
2396 <option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option> |
|
2397 <option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option> |
|
2398 <option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option> |
|
2399 <option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option> |
|
2400 <option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option> |
|
2401 </select> |
|
2402 </p> |
|
2403 |
|
2404 <p> |
|
2405 |
|
2406 Block title: <input name="title" type="text" size="40" /><br /> |
|
2407 Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select> |
|
2408 |
|
2409 </p> |
|
2410 |
|
2411 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>"> |
|
2412 <p> |
|
2413 Wikitext: |
|
2414 </p> |
|
2415 <p> |
|
2416 <textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea> |
|
2417 </p> |
|
2418 </div> |
|
2419 |
|
2420 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>"> |
|
2421 <p> |
|
2422 Template code: |
|
2423 </p> |
|
2424 <p> |
|
2425 <textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea> |
|
2426 </p> |
|
2427 </div> |
|
2428 |
|
2429 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>"> |
|
2430 <p> |
|
2431 HTML to place inside the sidebar: |
|
2432 </p> |
|
2433 <p> |
|
2434 <textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea> |
|
2435 </p> |
|
2436 </div> |
|
2437 |
|
2438 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>"> |
|
2439 <p> |
|
2440 <b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here. |
|
2441 ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type. |
|
2442 </p> |
|
2443 <p> |
|
2444 <span style="color: red;"> |
|
2445 It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save. |
|
2446 </span> You have been warned. |
|
2447 </p> |
|
2448 <p> |
|
2449 Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script. |
|
2450 </p> |
|
2451 <p> |
|
2452 The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error. |
|
2453 </p> |
|
2454 <p> |
|
2455 PHP code: |
|
2456 </p> |
|
2457 <p> |
|
2458 <textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea> |
|
2459 </p> |
|
2460 </div> |
|
2461 |
|
2462 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>"> |
|
2463 <p> |
|
2464 Plugin: |
|
2465 </p> |
|
2466 <p> |
|
2467 <select name="plugin_id"> |
|
2468 <?php |
|
2469 foreach($template->plugin_blocks as $k => $c) |
|
2470 { |
|
2471 echo '<option value="'.$k.'">'.$k.'</option>'; |
|
2472 } |
|
2473 ?> |
|
2474 </select> |
|
2475 </p> |
|
2476 </div> |
|
2477 |
|
2478 <p> |
|
2479 |
|
2480 <input type="submit" name="create" value="Create new block" style="font-weight: bold;" /> |
|
2481 <input type="submit" name="cancel" value="Cancel" /> |
|
2482 |
|
2483 </p> |
|
2484 |
|
2485 </form> |
|
2486 |
|
2487 <script type="text/javascript"> |
|
2488 var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2489 for(var i in divs) |
|
2490 { |
|
2491 if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); |
|
2492 } |
|
2493 </script> |
|
2494 |
|
2495 <?php |
|
2496 $template->footer(); |
|
2497 return; |
|
2498 break; |
|
2499 case 'move': |
|
2500 if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
|
2501 { |
|
2502 echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
|
2503 break; |
|
2504 } |
|
2505 $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2506 if(!$query) |
|
2507 { |
|
2508 echo $db->get_error(); |
|
2509 $template->footer(); |
|
2510 exit; |
|
2511 } |
|
2512 echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>'; |
|
2513 break; |
|
2514 case 'delete': |
|
2515 $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-) |
|
2516 if(!$query) |
|
2517 { |
|
2518 echo $db->get_error(); |
|
2519 $template->footer(); |
|
2520 exit; |
|
2521 } |
|
2522 if(isset($_GET['ajax'])) |
|
2523 { |
|
2524 ob_end_clean(); |
|
2525 die('GOOD'); |
|
2526 } |
|
2527 echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>'; |
|
2528 break; |
|
2529 case 'disenable'; |
|
2530 $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2531 if(!$q) |
|
2532 { |
|
2533 echo $db->get_error(); |
|
2534 $template->footer(); |
|
2535 exit; |
|
2536 } |
|
2537 $r = $db->fetchrow(); |
|
2538 $db->free_result(); |
|
2539 $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
|
2540 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2541 if(!$q) |
|
2542 { |
|
2543 echo $db->get_error(); |
|
2544 $template->footer(); |
|
2545 exit; |
|
2546 } |
|
2547 if(isset($_GET['ajax'])) |
|
2548 { |
|
2549 ob_end_clean(); |
|
2550 die('GOOD'); |
|
2551 } |
|
2552 break; |
|
2553 case 'getsource': |
|
2554 $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2555 if(!$q) |
|
2556 { |
|
2557 echo $db->get_error(); |
|
2558 $template->footer(); |
|
2559 exit; |
|
2560 } |
|
2561 ob_end_clean(); |
|
2562 $r = $db->fetchrow(); |
|
2563 $db->free_result(); |
|
2564 if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); |
|
2565 die($r['block_content']); |
|
2566 break; |
|
2567 case 'save': |
|
2568 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2569 if(!$q) |
|
2570 { |
|
2571 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
2572 exit; |
|
2573 } |
|
2574 $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); |
|
2575 if(!$q) |
|
2576 { |
|
2577 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
2578 exit; |
|
2579 } |
|
2580 $row = $db->fetchrow(); |
|
2581 $db->free_result(); |
|
2582 switch($row['block_type']) |
|
2583 { |
|
2584 case BLOCK_WIKIFORMAT: |
|
2585 default: |
|
2586 $c = RenderMan::render($row['block_content']); |
|
2587 break; |
|
2588 case BLOCK_TEMPLATEFORMAT: |
|
2589 $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
|
2590 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2591 break; |
|
2592 case BLOCK_HTML: |
|
2593 $c = $row['block_content']; |
|
2594 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2595 break; |
|
2596 case BLOCK_PHP: |
|
2597 ob_start(); |
|
2598 eval($row['block_content']); |
|
2599 $c = ob_get_contents(); |
|
2600 ob_end_clean(); |
|
2601 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2602 break; |
|
2603 case BLOCK_PLUGIN: |
|
2604 $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
|
2605 break; |
|
2606 } |
|
2607 die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');'); |
|
2608 break; |
|
2609 } |
|
2610 } |
|
2611 |
|
2612 $q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
|
2613 if(!$q) $db->_die('The sidebar text data could not be selected.'); |
|
2614 |
|
2615 $vars = $template->extract_vars('sidebar-editor.tpl'); |
|
2616 |
|
2617 $parser = $template->makeParserText($vars['sidebar_button']); |
|
2618 $parser->assign_vars(Array( |
|
2619 'HREF'=>'#', |
|
2620 'FLAGS'=>'onclick="return false;"', |
|
2621 'TEXT'=>'Change theme' |
|
2622 )); |
|
2623 $template->tpl_strings['THEME_LINK'] = $parser->run(); |
|
2624 $parser->assign_vars(Array( |
|
2625 'TEXT'=>'Log out', |
|
2626 )); |
|
2627 $template->tpl_strings['LOGOUT_LINK'] = $parser->run(); |
|
2628 |
|
2629 $n1 = Array(); |
|
2630 $n2 = Array(); |
|
2631 $n =& $n1; |
|
2632 |
|
2633 echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">'; |
|
2634 //if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']); |
|
2635 |
|
2636 // Time for the loop |
|
2637 // what this loop does is fetch the row data, then send it out to the appropriate parser for formatting, |
|
2638 // then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code. |
|
2639 while($row = $db->fetchrow()) |
|
2640 { |
|
2641 if(isset($current_side)) |
|
2642 { |
|
2643 if($current_side != $row['sidebar_id']) |
|
2644 { |
|
2645 // Time to switch! |
|
2646 //if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']); |
|
2647 echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">'; |
|
2648 //echo '</td><td valign="top">'; |
|
2649 //if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']); |
|
2650 $n =& $n2; |
|
2651 } |
|
2652 } |
|
2653 $n[] = count($n); |
|
2654 $current_side = $row['sidebar_id']; |
|
2655 switch($row['block_type']) |
|
2656 { |
|
2657 case BLOCK_WIKIFORMAT: |
|
2658 default: |
|
2659 $parser = $template->makeParserText($vars['sidebar_section']); |
|
2660 $c = RenderMan::render($row['block_content']); |
|
2661 break; |
|
2662 case BLOCK_TEMPLATEFORMAT: |
|
2663 $parser = $template->makeParserText($vars['sidebar_section']); |
|
2664 $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
|
2665 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2666 break; |
|
2667 case BLOCK_HTML: |
|
2668 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
2669 $c = $row['block_content']; |
|
2670 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2671 break; |
|
2672 case BLOCK_PHP: |
|
2673 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
2674 ob_start(); |
|
2675 eval($row['block_content']); |
|
2676 $c = ob_get_contents(); |
|
2677 ob_end_clean(); |
|
2678 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
2679 break; |
|
2680 case BLOCK_PLUGIN: |
|
2681 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
|
2682 $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
|
2683 break; |
|
2684 } |
|
2685 $t = $template->tplWikiFormat($row['block_name']); |
|
2686 if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>'; |
|
2687 else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>'; |
|
2688 $side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT; |
|
2689 $tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a> |
|
2690 <a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a> |
|
2691 <a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a> |
|
2692 <a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>'; |
|
2693 $as = ''; |
|
2694 $ae = ' '.$tb; |
|
2695 $parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae)); |
|
2696 echo $parser->run(); |
|
2697 unset($parser); |
|
2698 |
|
2699 } |
|
2700 $db->free_result(); |
|
2701 //if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']); |
|
2702 echo '</div></td></tr></table>'; |
|
2703 echo '<form action="'.makeUrl($paths->page).'" method="post">'; |
|
2704 $order = implode(',', $n1); |
|
2705 echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />"; |
|
2706 $order = implode(',', $n2); |
|
2707 echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />"; |
|
2708 echo ' |
|
2709 <div style="margin: 0 auto 0 auto; text-align: center;"> |
|
2710 <input type="submit" name="save" style="font-weight: bold;" value="Save changes" /> |
|
2711 <input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" /> |
|
2712 <br /> |
|
2713 <a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a> |
|
2714 </div> |
|
2715 </form> |
|
2716 '; |
|
2717 } |
|
2718 |
|
2719 $template->footer(); |
|
2720 } |
|
2721 |
|
2722 ?> |