<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.1

 * Copyright (C) 2006-2007 Dan Fuhry

 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

class PageUtils {

  /**

   * Tell if a username is used or not.

   * @param $name the name to check for

   * @return string

   */

  public static function checkusername($name)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $name = str_replace('_', ' ', $name);

    $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');

    if ( !$q )

    {

      die($db->get_error());

    }

    if ( $db->numrows() < 1)

    {

      $db->free_result(); return('good');

    }

    else

    {

      $db->free_result(); return('bad');

    }

  }

  /**

   * Get the wiki formatting source for a page

   * @param $page the full page id (Namespace:Pagename)

   * @return string

   * @todo (DONE) Make it require a password (just for security purposes)

   */

  public static function getsource($page, $password = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if(!isset($paths->pages[$page]))

    {

      return '';

    }

    if(strlen($paths->pages[$page]['password']) == 40)

    {

      if(!$password || ( $password != $paths->pages[$page]['password']))

      {

        return 'invalid_password';

      }

    }

    if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges

      return 'access_denied';

    $pid = RenderMan::strToPageID($page);

    if($pid[1] == 'Special' || $pid[1] == 'Admin')

    {

      die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');

    }

    $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');

    if ( !$e )

    {

      $db->_die('The page text could not be selected.');

    }

    if( $db->numrows() < 1 )

    {

      return ''; //$db->_die('There were no rows in the text table that matched the page text query.');

    }

    $r = $db->fetchrow();

    $db->free_result();

    $message = $r['page_text'];

    return htmlspecialchars($message);

  }

  /**

   * DEPRECATED. Previously returned the full rendered contents of a page.

   * @param $page the full page id (Namespace:Pagename)

   * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise

   * @return string

   */

  public static function getpage($page, $send_headers = false, $hist_id = false)

  {

    die('PageUtils->getpage is deprecated.');

  }

  /**

   * Writes page data to the database, after verifying permissions and running the XSS filter

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @param $message the text to save

   * @return string

   */

  public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $uid = sha1(microtime());

    $pname = $paths->nslist[$namespace] . $page_id;

    if(!$session->get_permissions('edit_page'))

      return 'Access to edit pages is denied.';

    if(!isset($paths->pages[$pname]))

    {

      $create = PageUtils::createPage($page_id, $namespace);

      if ( $create != 'good' )

        return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;

      $paths->page_exists = true;

    }

    // Check page protection

    $is_protected = false;

    $page_data =& $paths->pages[$pname];

    // Is the protection semi?

    if ( $page_data['protected'] == 2 )

    {

      $is_protected = true;

      // Page is semi-protected. Has the user been here for at least 4 days?

      // 345600 seconds = 4 days

      if ( $session->user_logged_in && ( $session->reg_time + 345600 ) <= time() )

        $is_protected = false;

    }

    // Is the protection full?

    else if ( $page_data['protected'] == 1 )

    {

      $is_protected = true;

    }

    // If it's protected and we DON'T have even_when_protected rights, bail out

    if ( $is_protected && !$session->get_permissions('even_when_protected') )

    {

      return 'You don\'t have the necessary permissions to edit this page.';

    }

    // We're skipping the wiki mode check here because by default edit_page pemissions are AUTH_WIKIMODE.

    // The exception here is the user's own userpage, which is overridden at the time of account creation.

    // At that point it's set to AUTH_ALLOW, but obviously only for the user's own userpage.

    // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings

    $message = RenderMan::preprocess_text($message, false, false);

    $msg = $db->escape($message);

    $minor = $minor ? ENANO_SQL_BOOLEAN_TRUE : ENANO_SQL_BOOLEAN_FALSE;

    $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $paths->page_id . '\', \'' . $paths->namespace . '\', ' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';

    if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');

    $q = 'UPDATE ' . table_prefix.'page_text SET page_text=' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';

    $e = $db->sql_query($q);

    if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');

    $paths->rebuild_page_index($page_id, $namespace);

    return 'good';

  }

  /**

   * Creates a page, both in memory and in the database.

   * @param string $page_id

   * @param string $namespace

   * @return bool true on success, false on failure

   */

  public static function createPage($page_id, $namespace, $name = false, $visible = 1)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if(in_array($namespace, Array('Special', 'Admin')))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';

      return 'You can\'t create a special page in the database';

    }

    if(!isset($paths->nslist[$namespace]))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';

      return 'Couldn\'t look up the namespace';

    }

    $pname = $paths->nslist[$namespace] . $page_id;

    if(isset($paths->pages[$pname]))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';

      return 'Page already exists';

    }

    if(!$session->get_permissions('create_page'))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';

      return 'Not authorized to create pages';

    }

    if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';

      return 'Not authorized to create system messages';

    }

    if ( substr($page_id, 0, 8) == 'Project:' )

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';

      return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';

    }

    /*

    // Dunno why this was here. Enano can handle more flexible names than this...

    $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';

    if(!preg_match($regex, $name))

    {

      //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';

      return 'Name contains invalid characters';

    }

    */

    $page_id = dirtify_page_id($page_id);

    if ( !$name )

      $name = str_replace('_', ' ', $page_id);

    $page_id = sanitize_page_id( $page_id );

    $prot = ( $namespace == 'System' ) ? 1 : 0;

    $ips = array(

      'ip' => array(),

      'u' => array()

      );

    $page_data = Array(

      'name'=>$name,

      'urlname'=>$page_id,

      'namespace'=>$namespace,

      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,

    );

    // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');

    $paths->add_page($page_data);

    $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');

    $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');

    $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');

    if($qa && $qb && $qc)

      return 'good';

    else

    {

      return $db->get_error();

    }

  }

  /**

   * Sets the protection level on a page.

   * @param $page_id string the page ID

   * @param $namespace string the namespace

   * @param $level int level of protection - 0 is off, 1 is full, 2 is semi

   * @param $reason string why the page is being (un)protected

   * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )

   */

  public static function protect($page_id, $namespace, $level, $reason)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $pname = $paths->nslist[$namespace] . $page_id;

    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;

    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;

    if ( !$session->get_permissions('protect') )

    {

      return('Insufficient access rights');

    }

    if ( !$wiki )

    {

      return('Page protection only has an effect when Wiki Mode is enabled.');

    }

    if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )

    {

      return('Invalid $level parameter.');

    }

    switch($level)

    {

      case 0:

        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';

        break;

      case 1:

        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';

        break;

      case 2:

        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';

        break;

      default:

        return 'PageUtils::protect(): Invalid value for $level';

        break;

    }

    if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');

    $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');

    if ( !$q )

    {

      $db->_die('The pages table was not updated.');

    }

    return('good');

  }

  /**

   * Generates an HTML table with history information in it.

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @return string

   */

  public static function histlist($page_id, $namespace)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    if(!$session->get_permissions('history_view'))

      return 'Access denied';

    ob_start();

    $pname = $paths->nslist[$namespace] . $page_id;

    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;

    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;

    $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;';

    if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');

    echo $lang->get('history_page_subtitle') . '

          <h3>' . $lang->get('history_heading_edits') . '</h3>';

    $numrows = $db->numrows();

    if ( $numrows < 1 )

    {

      echo $lang->get('history_no_entries');

    }

    else

    {

      echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">

            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />

            ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '

            ' . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '') . '

            <input type="hidden" name="do" value="diff" />

            <br /><span>&nbsp;</span>

            <div class="tblholder">

            <table border="0" width="100%" cellspacing="1" cellpadding="4">

            <tr>

              <th colspan="2">' . $lang->get('history_col_diff') . '</th>

              <th>' . $lang->get('history_col_datetime') . '</th>

              <th>' . $lang->get('history_col_user') . '</th>

              <th>' . $lang->get('history_col_summary') . '</th>

              <th>' . $lang->get('history_col_minor') . '</th>

              <th colspan="3">' . $lang->get('history_col_actions') . '</th>

            </tr>'."\n"."\n";

      $cls = 'row2';

      $ticker = 0;

      while ( $r = $db->fetchrow() )

      {

        $ticker++;

        if($cls == 'row2') $cls = 'row1';

        else $cls = 'row2';

        echo '<tr>'."\n";

        // Diff selection

        if($ticker == 1)

        {

          $s1 = '';

          $s2 = 'checked="checked" ';

        }

        elseif($ticker == 2)

        {

          $s1 = 'checked="checked" ';

          $s2 = '';

        }

        else

        {

          $s1 = '';

          $s2 = '';

        }

        if($ticker > 1)        echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';

        if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';

        // Date and time

        echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";

        // User

        if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )

        {

          $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';

        }

        else

        {

          $rc = '';

        }

        echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';

        if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )

        {

          echo 'class="wikilink-nonexistent"';

        }

        echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";

        // Edit summary

        if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )

        {

          $r['edit_summary'] = $lang->get('history_summary_clearlogs');

        }

        echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";

        // Minor edit

        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";

        // Actions!

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&amp;revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";

        echo '</tr>'."\n"."\n";

      }

      echo '</table>

            </div>

            <br />

            <input type="hidden" name="do" value="diff" />

            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />

            </form>

            <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';

    }

    $db->free_result();

    echo '<h3>' . $lang->get('history_heading_other') . '</h3>';

    $q = 'SELECT log_id,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';

    if ( !$db->sql_query($q) )

    {

      $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');

    }

    if ( $db->numrows() < 1 )

    {

      echo $lang->get('history_no_entries');

    }

    else

    {

      echo '<div class="tblholder">

              <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>

                <th>' . $lang->get('history_col_datetime') . '</th>

                <th>' . $lang->get('history_col_user') . '</th>

                <th>' . $lang->get('history_col_minor') . '</th>

                <th>' . $lang->get('history_col_action_taken') . '</th>

                <th>' . $lang->get('history_col_extra') . '</th>

                <th colspan="2"></th>

              </tr>';

      $cls = 'row2';

      while($r = $db->fetchrow()) {

        if($cls == 'row2') $cls = 'row1';

        else $cls = 'row2';

        echo '<tr>';

        // Date and time

        echo '<td class="' . $cls . '">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">';

        // User

        echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';

        if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';

        echo '>' . $r['author'] . '</a></td class="' . $cls . '">';

        // Minor edit

        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';

        // Action taken

        echo '<td class="' . $cls . '">';

        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.

        if    ($r['action']=='prot')     echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">'     . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='unprot')   echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">'   . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='rename')   echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);

        elseif($r['action']=='create')   echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';

        elseif($r['action']=='delete')   echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];

        echo '</td>';

        // Actions!