<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * pageprocess.php - intelligent retrieval of pages

 * Copyright (C) 2006-2009 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

/**

 * Class to handle fetching page text (possibly from a cache) and formatting it.

 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.

 * @package Enano

 * @subpackage UI

 * @copyright 2007 Dan Fuhry

 * @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>

 */

class PageProcessor

{

  /**

   * Page ID and namespace of the page handled by this instance

   * @var string

   */

  var $page_id;

  var $namespace;

  /**

   * The instance of the namespace processor for the namespace we're doing.

   * @var object

   */

  var $ns;

  /**

   * The title of the page sent to the template parser

   * @var string

   */

  var $title = '';

  /**

   * The information about the page(s) we were redirected from

   * @var array

   */

  var $redirect_stack = array();

  /**

   * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.

   * @var int

   */

  var $revision_id = 0;

  /**

   * The time this revision was saved, as a UNIX timestamp

   * @var int

   */

  var $revision_time = 0;

  /**

   * Unsanitized page ID.

   * @var string

   */

  var $page_id_unclean;

  /**

   * Tracks if the page we're loading exists in the database or not.

   * @var bool

   */

  var $page_exists = false;

  /**

   * Permissions!

   * @var object

   */

  var $perms = null;

  /**

   * The SHA1 hash of the user-inputted password for the page

   * @var string

   */

  var $password = '';

  /**

   * Switch to track if redirects are allowed. Defaults to true.

   * @var bool

   */

  var $allow_redir = true;

  /**

   * Holds any error message from redirection code. Defaults to false (no error).

   * @var mixed

   */

  var $redir_error = false;

  /**

   * If this is set to true, this will call the header and footer funcs on $template when render() is called.

   * @var bool

   */

  var $send_headers = false;

  /**

   * Cache the fetched text so we don't fetch it from the DB twice.

   * @var string

   */

  var $text_cache = '';

  /**

   * Debugging information to track errors. You can set enable to false to disable sending debug information.

   * @var array

   */

  var $debug = array(

      'enable' => false,

      'works'  => false

    );

  /**

   * The list of errors raised in the class.

   * @var array

   */

  var $_errors = array();

  /**

   * Constructor.

   * @param string The page ID (urlname) of the page

   * @param string The namespace of the page

   * @param int Optional. The revision ID to send.

   */

  function __construct( $page_id, $namespace, $revision_id = 0 )

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");

    // See if we can get some debug info

    if ( function_exists('debug_backtrace') && $this->debug['enable'] )

    {

      $this->debug['works'] = true;

      $this->debug['backtrace'] = enano_debug_print_backtrace(true);

    }

    // First things first - check page existence and permissions

    if ( !isset($paths->nslist[$namespace]) )

    {

      $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');

    }

    if ( !is_int($revision_id) )

      $revision_id = 0;

    $this->_setup( $page_id, $namespace, $revision_id );

  }

  /**

   * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.

   * @param bool If true, the stat counter is called. Defaults to false.

   */

  function send( $do_stats = false )

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang, $output;

    profiler_log('PageProcessor: send() called');

    if ( !$this->perms->get_permissions('read') )

    {

      // Permission denied to read page. Is this one of our core pages that must always be allowed?

      // NOTE: Not even the administration panel will work if ACLs deny access to it.

      if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )

      {

        // Do nothing; allow execution to continue

      }

      else

      {

        // Page isn't whitelisted, behave as normal

        $this->err_access_denied();

        return false;

      }

    }

    if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )

    {

      $this->err_access_denied();

      return false;

    }

    // Is there a custom function registered for handling this namespace?

    // DEPRECATED (even though it only saw its way into one alpha release.)

    if ( $proc = $paths->get_namespace_processor($this->namespace) )

    {

      // yes, just call that

      // this is protected aggressively by the PathManager against overriding critical namespaces

      return call_user_func($proc, $this);

    }

    $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;

    $strict_no_headers = false;

    $admin_fail = false;

    if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )

    {

      $this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));

      $funcname = "page_{$this->namespace}_{$this->page_id}";

      if ( function_exists($funcname) )

      {

        $this->page_exists = true;

      }

    }

    if ( isPage($pathskey) )

    {

      $cdata = $this->ns->get_cdata();

      if ( $cdata['special'] == 1 )

      {

        $this->send_headers = false;

        $strict_no_headers = true;

        $GLOBALS['output'] = new Output_Naked();

      }

      if ( isset($cdata['password']) )

      {

        if ( $cdata['password'] != '' && $cdata['password'] != sha1('') )

        {

          $password =& $cdata['password'];

          if ( $this->password != $password )

          {

            $this->err_wrong_password();

            return false;

          }

        }

      }

      if ( isset($cdata['require_admin']) && $cdata['require_admin'] )

      {

        if ( $session->auth_level < USER_LEVEL_ADMIN )

        {

          $admin_fail = true;

        }

      }

    }

    else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )

    {

      if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )

      {

        if ( $session->auth_level < USER_LEVEL_ADMIN )

        {

          $admin_fail = true;

        }

      }

    }

    if ( $admin_fail )

    {

      header('Content-type: text/javascript');

      echo enano_json_encode(array(

          'mode' => 'error',

          'error' => 'need_auth_to_admin'

        ));

      return true;

    }

    if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )

    {

      require_once(ENANO_ROOT.'/includes/stats.php');

      doStats($this->page_id, $this->namespace);

    }

    // We are all done. Ship off the page.

    if ( !$this->allow_redir )

    {

      if ( method_exists($this->ns, 'get_redirect') )

      {

        if ( $result = $this->ns->get_redirect() )

          display_redirect_notice($result['page_id'], $result['namespace']);

      }

    }

    else

    {

      $this->process_redirects();

      if ( count($this->redirect_stack) > 0 )

      {

        $stack = array_reverse($this->redirect_stack);

        foreach ( $stack as $stackel )

        {

          $url = makeUrlNS($stackel['old_namespace'], $stackel['old_page_id'], 'redirect=no', true);

          $page_data = $this->ns->get_cdata();

          $title = $stackel['old_title'];

          $a = '<a href="' . $url . '">' . htmlspecialchars($title) . '</a>';

          $output->add_after_header('<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>');

        }

        $template->set_page($this);

      }

      if ( $this->redir_error )

      {

        $output->add_after_header('<div class="usermessage"><b>' . $this->redir_error . '</b></div>');

        $result = $this->ns->get_redirect();

        display_redirect_notice($result['page_id'], $result['namespace']);

      }

    }

    $this->ns->send();

  }

  /**

   * Sends the page through by fetching it from the database.

   */

  function send_from_db($strict_no_headers = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    $this->ns->send_from_db();

  }

  /**

   * Fetches the wikitext or HTML source for the page.

   * @return string

   */

  function fetch_source()

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if ( !$this->perms->get_permissions('view_source') )

    {

      return false;

    }

    if ( !$this->page_exists )

    {

      return '';

    }

    $cdata = $this->ns->get_cdata();

    if ( isset($cdata['password']) )

    {

      if ( $cdata['password'] != sha1('') && $cdata['password'] !== $this->password && !empty($cdata['password']) )

      {

        return false;

      }

    }

    return $this->fetch_text();

  }

  /**

   * Updates (saves/changes/edits) the content of the page.

   * @param string The new text for the page

   * @param string A summary of edits made to the page.

   * @param bool If true, the edit is marked as a minor revision

   * @param string Page format - wikitext or xhtml. REQUIRED, and new in 1.1.6.

   * @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()

   */

  function update_page($text, $edit_summary = false, $minor_edit = false, $page_format)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    // Create the page if it doesn't exist

    if ( !$this->page_exists )

    {

      if ( !$this->create_page() )

      {

        return false;

      }

    }

    //

    // Validation

    //

    $page_id = $db->escape($this->page_id);

    $namespace = $db->escape($this->namespace);

    $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");

    if ( !$q )

      $db->_die('PageProcess updating page content');

    if ( $db->numrows() < 1 )

    {

      $this->raise_error($lang->get('editor_err_no_rows'));

      return false;

    }

    // Do we have permission to edit the page?

    if ( !$this->perms->get_permissions('edit_page') )

    {

      $this->raise_error($lang->get('editor_err_no_permission'));

      return false;

    }

    list($protection) = $db->fetchrow_num();

    $db->free_result();

    if ( $protection == 1 )

    {

      // The page is protected - do we have permission to edit protected pages?

      if ( !$this->perms->get_permissions('even_when_protected') )

      {

        $this->raise_error($lang->get('editor_err_page_protected'));

        return false;

      }

    }

    else if ( $protection == 2 )

    {

      // The page is semi-protected.

      if (

           ( !$session->user_logged_in || // Is the user logged in?

             ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?

           && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?

      {

        $this->raise_error($lang->get('editor_err_page_protected'));

        return false;

      }

    }

    // Spam check

    if ( !spamalyze($text) )

    {

      $this->raise_error($lang->get('editor_err_spamcheck_failed'));

      return false;

    }

    // Page format check

    if ( !in_array($page_format, array('xhtml', 'wikitext')) )

    {

      $this->raise_error("format \"$page_format\" not one of [xhtml, wikitext]");

      return false;

    }

    //

    // Protection validated; update page content

    //

    $text_undb = RenderMan::preprocess_text($text, false, false);

    $text = $db->escape($text_undb);

    $author = $db->escape($session->username);

    $time = time();

    $edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';

    $minor_edit = ( $minor_edit ) ? '1' : '0';

    $date_string = enano_date(ED_DATE | ED_TIME);

    // Insert log entry

    $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, author_uid, page_text, edit_summary, minor_edit, page_format )\n"

         . "  VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', $session->user_id, '$text', '$edit_summary', $minor_edit, '$page_format' );";

    if ( !$db->sql_query($sql) )

    {

      $this->raise_error($db->get_error());

      return false;

    }

    // Update the master text entry

    $sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";

    if ( !$db->sql_query($sql) )

    {

      $this->raise_error($db->get_error());

      return false;

    }

    // If there's an identical draft copy, delete it

    $sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";

    if ( !$db->sql_query($sql) )

    {

      $this->raise_error($db->get_error());

      return false;

    }

    // Set page_format

    // Using @ due to warning thrown when saving new page

    $cdata = $this->ns->get_cdata();

    if ( @$cdata['page_format'] !== $page_format )

    {

      // Note: no SQL injection to worry about here. Everything that goes into this is sanitized already, barring some rogue plugin.

      // (and if there's a rogue plugin running, we have bigger things to worry about anyway.)

      if ( !$db->sql_query('UPDATE ' . table_prefix . "pages SET page_format = '$page_format' WHERE urlname = '$this->page_id' AND namespace = '$this->namespace';") )

      {

        $this->raise_error($db->get_error());