plugins/SpecialAdmin.php
changeset 343 eefe9ab7fe7c
parent 336 bfa2e9c23f03
child 345 4ccdfeee9a11
equal deleted inserted replaced
342:ac34de920762 343:eefe9ab7fe7c
     1 <?php
     1 <?php
     2 /*
     2 /*
     3 Plugin Name: Runt - the Enano administration panel
     3 Plugin Name: plugin_specialadmin_title
     4 Plugin URI: http://enanocms.org/
     4 Plugin URI: http://enanocms.org/
     5 Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
     5 Description: plugin_specialadmin_desc
     6 Author: Dan Fuhry
     6 Author: Dan Fuhry
     7 Version: 1.0.3
     7 Version: 1.0.3
     8 Author URI: http://enanocms.org/
     8 Author URI: http://enanocms.org/
     9 */
     9 */
    10 
    10 
    38       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    38       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
    39       ));
    39       ));
    40   ');
    40   ');
    41 
    41 
    42 // Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
    42 // Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
       
    43 require(ENANO_ROOT . '/plugins/admin/PageManager.php');
    43 require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
    44 require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
    44 require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
    45 require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
    45 require(ENANO_ROOT . '/plugins/admin/UserManager.php');
    46 require(ENANO_ROOT . '/plugins/admin/UserManager.php');
    46 
    47 
    47 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
    48 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
    88     }
    89     }
    89     return;
    90     return;
    90   }
    91   }
    91   
    92   
    92   // Basic information
    93   // Basic information
    93   echo RenderMan::render(
    94   echo '<h2>' . $lang->get('acphome_heading_main') . '</h2>';
    94 '== Welcome to Runt, the Enano administration panel. ==
    95   echo '<p>' . $lang->get('acphome_welcome_line1') . '</p>';
    95 
    96   echo '<p>' . $lang->get('acphome_welcome_line2') . '</p>';
    96 Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
       
    97 
       
    98 Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
       
    99   
    97   
   100   // Demo mode
    98   // Demo mode
   101   if ( defined('ENANO_DEMO_MODE') )
    99   if ( defined('ENANO_DEMO_MODE') )
   102   {
   100   {
   103     echo '<h3>Enano is running in demo mode.</h3>
   101     echo '<h3>' . $lang->get('acphome_msg_demo_title') . '</h3>
   104           <p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
   102           <p>' . $lang->get('acphome_msg_demo_body', array('reset_url' => makeUrlNS('Special', 'DemoReset', false, true))) . '</p>';
   105   }
   103   }
   106   
   104   
   107   // Check for the installer scripts
   105   // Check for the installer scripts
   108   if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
   106   if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
   109   {
   107   {
   110     echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
   108     echo '<div class="error-box">
   111   }
   109             ' . $lang->get('acphome_msg_install_files') . '
   112   
   110           </div>';
   113   echo '<h3>Check for updates</h3>';
   111   }
   114   echo '<p>Periodically, new releases of Enano will be made available. Click the button below to check for updates to Enano. During this process, a request will be sent to the Enano CMS server (germantown.enanocms.org) over HTTP for an <a href="http://germantown.enanocms.org/meta/updates.xml">XML file</a> containing a list of the latest releases. No information about your Enano installation will be transmitted.</p>';
   112   
   115   echo '<div id="update_check_container"><input type="button" onclick="ajaxUpdateCheck(this.parentNode.id);" value="Check for updates" /></div>';
   113   echo '<h3>' . $lang->get('acphome_heading_updates') . '</h3>';
       
   114   echo '<p>' . $lang->get('acphome_msg_updates_info', array('updates_url' => 'http://germantown.enanocms.org/meta/updates.xml')) . '</p>';
       
   115   echo '<div id="update_check_container"><input type="button" onclick="ajaxUpdateCheck(this.parentNode.id);" value="' . $lang->get('acphome_btn_check_updates') . '" /></div>';
   116   
   116   
   117   // Inactive users
   117   // Inactive users
   118   $q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
   118   $q = $db->sql_query('SELECT time_id FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
   119   if($q)
   119   if ( $q )
   120     if($db->numrows() > 0)
   120   {
       
   121     if ( $db->numrows() > 0 )
   121     {
   122     {
   122       $n = $db->numrows();
   123       $n = $db->numrows();
   123       if($n == 1) $s = $n . ' user is';
   124       $um_flags = 'href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;"';
   124       else $s = $n . ' users are';
   125       if ( $n == 1 )
   125       echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
   126         $s = $lang->get('acphome_msg_inactive_users_one', array('um_flags' => $um_flags));
   126     }
   127       else
       
   128         $s = $lang->get('acphome_msg_inactive_users_plural', array('um_flags' => $um_flags));
       
   129       echo '<div class="warning-box">
       
   130               ' . $s . '
       
   131             </div>';
       
   132     }
       
   133   }
   127   $db->free_result();
   134   $db->free_result();
   128   // Stats
   135   // Stats
   129   if(getConfig('log_hits') == '1')
   136   if(getConfig('log_hits') == '1')
   130   {
   137   {
   131     $stats = stats_top_pages(10);
   138     $stats = stats_top_pages(10);
   132     //die('<pre>'.print_r($stats,true).'</pre>');
   139     //die('<pre>'.print_r($stats,true).'</pre>');
   133     $c = 0;
   140     $c = 0;
   134     $cls = 'row2';
   141     $cls = 'row2';
   135     echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
   142     echo '<h3>' . $lang->get('acphome_heading_top_pages') . '</h3>
       
   143           <div class="tblholder">
       
   144             <table style="width: 100%;" border="0" cellspacing="1" cellpadding="4">
       
   145               <tr>
       
   146                 <th>' . $lang->get('acphome_th_toppages_page') . '</th>
       
   147                 <th>' . $lang->get('acphome_th_toppages_hits') . '</th>
       
   148               </tr>';
   136     foreach($stats as $data)
   149     foreach($stats as $data)
   137     {
   150     {
   138       echo '<tr>';
   151       echo   '<tr>';
   139       $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
   152       $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
   140       echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';
   153       echo     '<td class="'.$cls.'">
   141       echo '</tr>';
   154                   <a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits']
   142     }
   155              . '</td>';
   143     echo '</table></div>';
   156       echo   '</tr>';
       
   157     }
       
   158     echo '  </table>
       
   159           </div>';
   144   }
   160   }
   145   
   161   
   146   // Security log
   162   // Security log
   147   echo '<h3>Security log</h3>';
   163   echo '<h3>' . $lang->get('acphome_heading_seclog') . '</h3>';
   148   $seclog = get_security_log(5);
   164   $seclog = get_security_log(5);
   149   echo $seclog;
   165   echo $seclog;
   150   
   166   
   151   echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>';
   167   echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">' . $lang->get('acphome_btn_seclog_full') . '</a></p>';
   152   
   168   
   153 }
   169 }
   154 
   170 
   155 function page_Admin_GeneralConfig() {
   171 function page_Admin_GeneralConfig() {
   156   global $db, $session, $paths, $template, $plugins; // Common objects
   172   global $db, $session, $paths, $template, $plugins; // Common objects
   276       {
   292       {
   277         setConfig('avatar_directory', $_POST['avatar_directory']);
   293         setConfig('avatar_directory', $_POST['avatar_directory']);
   278       }
   294       }
   279       else
   295       else
   280       {
   296       {
   281         echo '<div class="error-box">You have entered an invalid avatar directory.</div>';
   297         echo '<div class="error-box">' . $lang->get('acpgc_err_avatar_dir_invalid') . '</div>';
   282       }
   298       }
   283     }
   299     }
   284     else
   300     else
   285     {
   301     {
   286       echo '<div class="error-box">You have entered an invalid avatar directory.</div>';
   302       echo '<div class="error-box">' . $lang->get('acpgc_err_avatar_dir_invalid') . '</div>';
   287     }
   303     }
   288     
   304     
   289     echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
   305     echo '<div class="info-box">' . $lang->get('acpgc_msg_save_success') . '</div><br />';
   290     
   306     
   291   }
   307   }
   292   else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
   308   else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
   293   {
   309   {
   294     echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
   310     echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
   298   <div class="tblholder">
   314   <div class="tblholder">
   299     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   315     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   300       
   316       
   301     <!-- Global options -->
   317     <!-- Global options -->
   302     
   318     
   303       <tr><th colspan="2">Global site options</th></tr>
   319       <tr><th colspan="2"><?php echo $lang->get('acpgc_heading_main'); ?></th></tr>
   304       <tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
   320       <tr><th colspan="2" class="subhead"><?php echo $lang->get('acpgc_heading_submain'); ?></th></tr>
   305       
   321       
   306       <tr><td class="row1" style="width: 50%;">Site name:</td>  <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
   322       <tr><td class="row1" style="width: 50%;"><?php echo $lang->get('acpgc_field_site_name'); ?></td>  <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
   307       <tr><td class="row2">Site description:</td>               <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
   323       <tr><td class="row2"><?php echo $lang->get('acpgc_field_site_desc'); ?></td>               <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
   308       <tr><td class="row1">Main page:</td>                      <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
   324       <tr><td class="row1"><?php echo $lang->get('acpgc_field_main_page'); ?></td>                      <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
   309       <tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
   325       <tr><td class="row2"><?php echo $lang->get('acpgc_field_copyright'); ?></td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
   310       <tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "&copy;" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
   326       <tr><td class="row1" colspan="2"><?php echo $lang->get('acpgc_field_copyright_hint'); ?></td></tr>
   311       <tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
   327       <tr><td class="row2"><?php echo $lang->get('acpgc_field_contactemail'); ?><br /><small><?php echo $lang->get('acpgc_field_contactemail_hint'); ?></small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
   312       
   328       
   313     <!-- Wiki mode -->
   329     <!-- Wiki mode -->
   314       
   330       
   315       <tr><th class="subhead" colspan="2">Wiki mode</th></tr>
   331       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_wikimode'); ?></th></tr>
   316       
   332       
   317       <tr>
   333       <tr>
   318         <td class="row3" rowspan="2">
   334         <td class="row3" rowspan="2">
   319           Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
   335           <?php echo $lang->get('acpgc_field_wikimode_intro'); ?><br /><br />
   320           In Wiki Mode, certain HTML tags such as &lt;script&gt; and &lt;object&gt; are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
   336           <?php echo $lang->get('acpgc_field_wikimode_info_sanitize'); ?><br /><br />
   321           Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
   337           <?php echo $lang->get('acpgc_field_wikimode_info_history'); ?>
   322         </td>
   338         </td>
   323         <td class="row1">
   339         <td class="row1">
   324           <input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
   340           <input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode"><?php echo $lang->get('acpgc_field_wikimode'); ?></label>
   325         </td>
   341         </td>
   326       </tr>
   342       </tr>
   327       
   343       
   328       <tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
   344       <tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
   329       
   345       
   330       <tr>
   346       <tr>
   331         <td class="row3" rowspan="2">
   347         <td class="row3" rowspan="2">
   332           <b>Edit page notice</b><br />
   348           <b><?php echo $lang->get('acpgc_field_editnotice_title'); ?></b><br />
   333           When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
   349           <?php echo $lang->get('acpgc_field_editnotice_info'); ?>
   334         </td>
   350         </td>
   335         <td class="row1">
   351         <td class="row1">
   336           <input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
   352           <input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/>
       
   353           <label for="editmsg"><?php echo $lang->get('acpgc_field_editnotice'); ?></label>
   337         </td>
   354         </td>
   338       </tr>
   355       </tr>
   339       
   356       
   340       <tr>
   357       <tr>
   341         <td class="row2">
   358         <td class="row2">
   343         </td>
   360         </td>
   344       </tr>
   361       </tr>
   345       
   362       
   346       <tr>
   363       <tr>
   347         <td class="row1">
   364         <td class="row1">
   348           <b>Require visual confirmation for guests editing pages</b><br />
   365           <b><?php echo $lang->get('acpgc_field_edit_require_captcha_title'); ?></b><br />
   349           If this is enabled, guests will be asked to enter a visual confirmation code before saving changes to a page.
   366           <?php echo $lang->get('acpgc_field_edit_require_captcha_hint'); ?>
   350         </td>
   367         </td>
   351         <td class="row1">
   368         <td class="row1">
   352           <label>
   369           <label>
   353             <input type="checkbox" name="guest_edit_require_captcha" <?php if ( getConfig('guest_edit_require_captcha') == '1' ) echo 'checked="checked" '; ?>/>
   370             <input type="checkbox" name="guest_edit_require_captcha" <?php if ( getConfig('guest_edit_require_captcha') == '1' ) echo 'checked="checked" '; ?>/>
   354             Require guests to complete a CAPTCHA when editing pages
   371             <?php echo $lang->get('acpgc_field_edit_require_captcha'); ?>
   355           </label>
   372           </label>
   356         </td>
   373         </td>
   357       </tr>
   374       </tr>
   358       
   375       
   359     <!-- Site statistics -->
   376     <!-- Site statistics -->
   360     
   377     
   361       <tr><th class="subhead" colspan="2">Statistics and hit counting</th></tr>
   378       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_stats'); ?></th></tr>
   362       
   379       
   363       <tr>
   380       <tr>
   364         <td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
   381         <td class="row1">
   365         <td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/>  Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
   382           <?php echo $lang->get('acpgc_stats_intro'); ?><br /><br />
       
   383           <?php echo $lang->get('acpgc_stats_hint_privacy'); ?>
       
   384         </td>
       
   385         <td class="row1">
       
   386           <label>
       
   387             <input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/>
       
   388             <?php echo $lang->get('acpgc_field_stats_enable'); ?>
       
   389           </label><br />
       
   390           <small><?php echo $lang->get('acpgc_field_stats_hint'); ?></small>
       
   391         </td>
   366       </tr>
   392       </tr>
   367       
   393       
   368     <!-- Comment options -->
   394     <!-- Comment options -->
   369       
   395       
   370       <tr><th class="subhead" colspan="2">Comment system</th></tr>
   396       <tr>
   371       <tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label>                      </td><td class="row1"><input name="enable-comments"  id="enable-comments"  type="checkbox" <?php if(getConfig('enable_comments')=='1')  echo('CHECKED '); ?>/></td></tr>
   397         <th class="subhead" colspan="2">
   372       <tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
   398           <?php echo $lang->get('acpgc_heading_comments'); ?>
   373       <tr><td class="row1">Guest comment posting allowed                                                              </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
   399         </th>
   374                                                                                                                                             <label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
   400       </tr>
   375     <!-- Default permissions -->                                                                                                            <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
   401       
       
   402       <tr>
       
   403         <td class="row1">
       
   404           <label for="enable-comments">
       
   405             <b><?php echo $lang->get('acpgc_field_enable_comments'); ?></b>
       
   406           </label>
       
   407         </td>
       
   408         <td class="row1">
       
   409           <input name="enable-comments"  id="enable-comments"  type="checkbox" <?php if(getConfig('enable_comments')=='1')  echo('CHECKED '); ?>/>
       
   410         </td>
       
   411       </tr>
       
   412       
       
   413       <tr>
       
   414         <td class="row2">
       
   415           <label for="comment-approval">
       
   416             <?php echo $lang->get('acpgc_field_approve_comments'); ?>
       
   417           </label>
       
   418         </td>
       
   419         <td class="row2">
       
   420           <input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/>
       
   421         </td>
       
   422       </tr>
       
   423       
       
   424       <tr>
       
   425         <td class="row1">
       
   426           <?php echo $lang->get('acpgc_field_comment_allow_guests'); ?>
       
   427         </td>
       
   428         <td class="row1">
       
   429           <label>
       
   430             <input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'checked="checked" '; ?>/>
       
   431             <?php echo $lang->get('acpgc_field_comment_allow_guests_yes'); ?>
       
   432           </label>
       
   433           <label>
       
   434             <input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'checked="checked" '; ?>/>
       
   435             <?php echo $lang->get('acpgc_field_comment_allow_guests_captcha'); ?>
       
   436           </label>
       
   437           <label>
       
   438             <input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'checked="checked" '; ?>/>
       
   439             <?php echo $lang->get('acpgc_field_comment_allow_guests_no'); ?>
       
   440           </label>
       
   441         </td>
       
   442       </tr>
       
   443             
       
   444     <!-- Default permissions -->
   376     
   445     
   377     <!--
   446     <!--
   378     
   447     
   379     READ: Do not try to enable this, backend support for it has been disabled. To edit default
   448     READ: Do not try to enable this, backend support for it has been disabled. To edit default
   380           permissions, select The Entire Website in any permissions editor window.
   449           permissions, select The Entire Website in any permissions editor window.
   388       
   457       
   389       -->
   458       -->
   390       
   459       
   391     <!-- Site disablement -->
   460     <!-- Site disablement -->
   392     
   461     
   393       <tr><th class="subhead" colspan="2">Disable all site access</th></tr>
   462       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_disablesite'); ?></th></tr>
   394       
   463       
   395       <tr>
   464       <tr>
   396         <td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
   465         <td class="row3" rowspan="2">
   397         <td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/>  Disable this site</label></td>
   466           <?php echo $lang->get('acpgc_field_disablesite_hint'); ?>
       
   467         </td>
       
   468         <td class="row1">
       
   469           <label>
       
   470             <input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/>
       
   471             <?php echo $lang->get('acpgc_field_disablesite'); ?>
       
   472           </label>
       
   473         </td>
   398       </tr>
   474       </tr>
   399       <tr>
   475       <tr>
   400         <td class="row2">
   476         <td class="row2">
   401           <div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
   477           <div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
   402             Message to show to users:<br />
   478             <?php echo $lang->get('acpgc_field_disablesite_message'); ?><br />
   403             <textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
   479             <textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
   404           </div>
   480           </div>
   405         </td>
   481         </td>
   406       </tr>
   482       </tr>
   407       
   483       
   410         
   486         
   411     <div class="tblholder">
   487     <div class="tblholder">
   412     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   488     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   413     
   489     
   414     <tr>
   490     <tr>
   415       <th colspan="2">Users and communication</th>
   491       <th colspan="2"><?php echo $lang->get('acpgc_heading_users'); ?></th>
   416     </tr>
   492     </tr>
   417     
   493     
   418     <!-- Account activation -->
   494     <!-- Account activation -->
   419       
   495       
   420       <tr><th class="subhead" colspan="2">User account activation</th></tr>
   496       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_activate'); ?></th></tr>
   421       
   497       
   422       <tr>
   498       <tr>
   423         <td class="row3" colspan="2">
   499         <td class="row3" colspan="2">
   424           If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
   500           <?php echo $lang->get('acpgc_activate_intro_line1'); ?><br /><br />
   425           You may also disable registration completely if needed.<br /><br />
   501           <?php echo $lang->get('acpgc_activate_intro_line2'); ?><br /><br />
   426           <b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
   502           <b><?php echo $lang->get('acpgc_activate_intro_sfnet_warning'); ?></b>
   427         </td>
   503         </td>
   428       </tr>
   504       </tr>
   429       
   505       
   430       <tr>
   506       <tr>
   431       <td class="row1" style="width: 50%;">Account activation:</td><td class="row1">
   507       <td class="row1" style="width: 50%;"><?php echo $lang->get('acpgc_field_activate'); ?></td><td class="row1">
   432           <?php
   508           <?php
   433           echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
   509           echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> ' . $lang->get('acpgc_field_activate_disable') . '</label><br />';
   434           echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
   510           echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> ' . $lang->get('acpgc_field_activate_none') . '</label>';
   435           echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
   511           echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> ' . $lang->get('acpgc_field_activate_user') . '</label>';
   436           echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
   512           echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> ' . $lang->get('acpgc_field_activate_admin') . '</label>';
   437           ?>
   513           ?>
   438         </td>
   514         </td>
   439       </tr>
   515       </tr>
   440       
   516       
   441     <!-- Account lockout -->
   517     <!-- Account lockout -->
   442     
   518     
   443       <tr><th class="subhead" colspan="2">Account lockouts</th></tr>
   519       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_lockout'); ?></th></tr>
   444       
   520       
   445       <tr><td class="row3" colspan="2">Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times.</td></tr>
   521       <tr><td class="row3" colspan="2"><?php echo $lang->get('acpgc_lockout_intro'); ?></td></tr>
   446       
   522       
   447       <tr>
   523       <tr>
   448         <td class="row2">Lockout threshold:<br />
   524         <td class="row2"><?php echo $lang->get('acpgc_field_lockout_threshold'); ?><br />
   449           <small>How many times can a user enter wrong credentials before a lockout goes into effect?</small>
   525           <small><?php echo $lang->get('acpgc_field_lockout_threshold_hint'); ?></small>
   450         </td>
   526         </td>
   451         <td class="row2">
   527         <td class="row2">
   452           <input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />
   528           <input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />
   453         </td>
   529         </td>
   454       </tr>
   530       </tr>
   455       
   531       
   456       <tr>
   532       <tr>
   457         <td class="row1">Lockout duration:<br />
   533         <td class="row1"><?php echo $lang->get('acpgc_field_lockout_duration'); ?><br />
   458           <small>This is how long an account lockout should last, in minutes.</small>
   534           <small><?php echo $lang->get('acpgc_field_lockout_duration_hint'); ?></small>
   459         </td>
   535         </td>
   460         <td class="row1">
   536         <td class="row1">
   461           <input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />
   537           <input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />
   462         </td>
   538         </td>
   463       </tr>
   539       </tr>
   464       
   540       
   465       <tr>
   541       <tr>
   466         <td class="row2">Lockout policy:<br />
   542         <td class="row2"><?php echo $lang->get('acpgc_field_lockout_policy'); ?><br />
   467           <small>What should be done when a lockout goes into effect?</small>
   543           <small><?php echo $lang->get('acpgc_field_lockout_policy_hint'); ?></small>
   468         </td>
   544         </td>
   469         <td class="row2">
   545         <td class="row2">
   470           <label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> Don't do anything</label><br />
   546           <label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> <?php echo $lang->get('acpgc_field_lockout_policy_nothing'); ?></label><br />
   471           <label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> Require visual confirmation</label><br />
   547           <label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> <?php echo $lang->get('acpgc_field_lockout_policy_captcha'); ?></label><br />
   472           <label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> Prevent all login attempts</label>
   548           <label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> <?php echo $lang->get('acpgc_field_lockout_policy_lockout'); ?></label>
   473         </td>
   549         </td>
   474       </tr>
   550       </tr>
   475       
   551       
   476     <!-- Password strength -->
   552     <!-- Password strength -->
   477       
   553       
   478       <tr><th class="subhead" colspan="2">Password strength</th></tr>
   554       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_passstrength'); ?></th></tr>
   479       
   555       
   480       <tr>
   556       <tr>
   481         <td class="row2">
   557         <td class="row2">
   482           <b>Enable password strength analysis</b><br />
   558           <b><?php echo $lang->get('acpgc_field_passstrength_title'); ?></b><br />
   483           <small>This should be enabled in most cases. When this is enabled, a strength meter and a numerical score will be displayed wherever a password can be changed.</small>
   559           <small><?php echo $lang->get('acpgc_field_passstrength_hint'); ?></small>
   484         </td>
   560         </td>
   485         <td class="row2">
   561         <td class="row2">
   486           <label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label>
   562           <label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> <?php echo $lang->get('acpgc_field_passstrength'); ?></label>
   487         </td>
   563         </td>
   488       </tr>
   564       </tr>
   489       
   565       
   490       <tr>
   566       <tr>
   491         <td class="row1">
   567         <td class="row1">
   492           <b>Minimum strength score</b><br />
   568           <b><?php echo $lang->get('acpgc_field_passminimum_title'); ?></b><br />
   493           <small>This is the lowest score a password will be allowed to have. -10 will allow any password. A score of under -3 is considered weak, under 1 is fair, under 4 is good, under 10 is strong, and 10 and above are very strong. The scale is open-ended. This only has an effect if the meter is enabled above.</small>
   569           <small><?php echo $lang->get('acpgc_field_passminimum_hint'); ?></small>
   494         </td>
   570         </td>
   495         <td class="row1">
   571         <td class="row1">
   496           <input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" />
   572           <input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" />
   497         </td>
   573         </td>
   498       </tr>
   574       </tr>
   499       
   575       
   500     <!-- E-mail options -->
   576     <!-- E-mail options -->
   501     
   577     
   502       <tr><th class="subhead" colspan="2">E-mail sent from the site</th></tr>
   578       <tr>
   503       <tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
   579         <th class="subhead" colspan="2">
   504           <td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
   580           <?php echo $lang->get('acpgc_heading_email'); ?>
   505                            <label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
   581         </th>
   506           </tr>
   582       </tr>
   507       <tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
   583       
   508           <td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
   584       <tr>
   509           </tr>
   585         <td class="row1">
   510       <tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
   586           <?php echo $lang->get('acpgc_field_email_method'); ?><br />
   511           <td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
   587           <small><?php echo $lang->get('acpgc_field_email_method_hint'); ?></small>
   512               Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
   588         </td>
   513           </tr>
   589         <td class="row1">
       
   590           <label>
       
   591             <input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />
       
   592             <?php echo $lang->get('acpgc_field_email_method_builtin'); ?>
       
   593           </label>
       
   594           
       
   595           <br />
       
   596           
       
   597           <label>
       
   598             <input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />
       
   599             <?php echo $lang->get('acpgc_field_email_method_smtp'); ?>
       
   600           </label>
       
   601         </td>
       
   602       </tr>
       
   603       
       
   604       <tr>
       
   605         <td class="row2">
       
   606           <?php echo $lang->get('acpgc_field_email_smtp_hostname'); ?><br />
       
   607           <small><?php echo $lang->get('acpgc_field_email_smtp_hostname_hint'); ?></small>
       
   608         </td>
       
   609         <td class="row2">
       
   610           <input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" />
       
   611         </td>
       
   612       </tr>
       
   613       
       
   614       <tr>
       
   615         <td class="row1">
       
   616           <?php echo $lang->get('acpgc_field_email_smtp_auth'); ?><br />
       
   617           <small><?php echo $lang->get('acpgc_field_email_smtp_hostname_hint'); ?></small>
       
   618         </td>
       
   619         <td class="row1">
       
   620           <?php echo $lang->get('acpgc_field_email_smtp_username'); ?> <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
       
   621           <?php echo $lang->get('acpgc_field_email_smtp_password'); ?> <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" />
       
   622         </td>
       
   623       </tr>
   514         
   624         
   515     <!-- Avatar support -->
   625     <!-- Avatar support -->
   516     
   626     
   517       <tr>
   627       <tr>
   518         <th class="subhead" colspan="2">Avatars</th>
   628         <th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_avatars'); ?></th>
   519       </tr>
   629       </tr>
   520       
   630       
   521       <tr>
   631       <tr>
   522         <td class="row3" colspan="2">
   632         <td class="row3" colspan="2">
   523           Avatars are small images that users can display on their profiles and in comments.
   633           <?php echo $lang->get('acpgc_avatars_intro'); ?>
   524         </th>
   634         </th>
   525       </tr>
   635       </tr>
   526       
   636       
   527       <tr>
   637       <tr>
   528         <td class="row1">
   638         <td class="row1">
   529           Enable avatar support:<br />
   639           <?php echo $lang->get('acpgc_field_avatar_enable'); ?><br />
   530           <small>Supported formats are JPEG, PNG, and GIF&trade;.</small>
   640           <small><?php echo $lang->get('acpgc_field_avatar_enable_hint'); ?></small>
   531         </td>
   641         </td>
   532         <td class="row1">
   642         <td class="row1">
   533           <label><input type="checkbox" name="avatar_enable" <?php if ( getConfig('avatar_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label>
   643           <label><input type="checkbox" name="avatar_enable" <?php if ( getConfig('avatar_enable') == '1' ) echo 'checked="checked" '; ?>/> <?php echo $lang->get('acpgc_field_avatar_enable_label'); ?></label>
   534         </td>
   644         </td>
   535       </tr>
   645       </tr>
   536       
   646       
   537       <tr>
   647       <tr>
   538         <td class="row2">
   648         <td class="row2">
   539           Maximum avatar file size:<br />
   649           <?php echo $lang->get('acpgc_field_avatar_max_filesize'); ?><br />
   540           <small>For smaller sites, the highest value for this should be about 50KB, 51200. Larger sites with more visitors will likely want to use something much smaller, such as 10KB.</small>
   650           <small><?php echo $lang->get('acpgc_field_avatar_max_filesize_hint'); ?></small>
   541         </td>
   651         </td>
   542         <td class="row2">
   652         <td class="row2">
   543           <input type="text" name="avatar_max_size" size="7" <?php if ( ($x = getConfig('avatar_max_size')) !== false ) echo "value=\"$x\" "; else echo "value=\"10240\" "; ?>/> bytes
   653           <input type="text" name="avatar_max_size" size="7" <?php if ( ($x = getConfig('avatar_max_size')) !== false ) echo "value=\"$x\" "; else echo "value=\"10240\" "; ?>/> <?php echo $lang->get('etc_unit_bytes'); ?>
   544         </td>
   654         </td>
   545       </tr>
   655       </tr>
   546       
   656       
   547       <tr>
   657       <tr>
   548         <td class="row1">
   658         <td class="row1">
   549           Maximum avatar dimensions:<br />
   659           <?php echo $lang->get('acpgc_field_avatar_max_dimensions'); ?><br />
   550           <small>The format is width &#215; height. Typically you want to have this square (the same width and height). These are only maximum dimensions; users are not prevented from having smaller images.</small>
   660           <small><?php echo $lang->get('acpgc_field_avatar_max_dimensions_hint'); ?></small>
   551         </td>
   661         </td>
   552         <td class="row1">
   662         <td class="row1">
   553           <input type="text" name="avatar_max_width" size="7" <?php if ( $x = getConfig('avatar_max_width') ) echo "value=\"$x\" "; else echo "value=\"150\" "; ?>/> &#215;
   663           <input type="text" name="avatar_max_width" size="7" <?php if ( $x = getConfig('avatar_max_width') ) echo "value=\"$x\" "; else echo "value=\"150\" "; ?>/> &#215;
   554           <input type="text" name="avatar_max_height" size="7" <?php if ( $x = getConfig('avatar_max_height') ) echo "value=\"$x\" "; else echo "value=\"150\" "; ?>/> pixels
   664           <input type="text" name="avatar_max_height" size="7" <?php if ( $x = getConfig('avatar_max_height') ) echo "value=\"$x\" "; else echo "value=\"150\" "; ?>/> <?php echo $lang->get('etc_unit_pixels'); ?>
   555         </td>
   665         </td>
   556       </tr>
   666       </tr>
   557       
   667       
   558       <tr>
   668       <tr>
   559         <td class="row2">
   669         <td class="row2">
   560           Allow animated avatars:<br />
   670           <?php echo $lang->get('acpgc_field_avatar_allow_anim_title'); ?><br />
   561           <small>If this is checked, users can upload APNG and Animated GIF&trade; avatars. Sometimes such images can be specifically made to be distracting, like rapidly flashing images. If this is unchecked, these formats will be blocked, and only still PNGs and GIFs will be allowed.</small>
   671           <small><?php echo $lang->get('acpgc_field_avatar_allow_anim_hint'); ?></small>
   562         </td>
   672         </td>
   563         <td class="row2">
   673         <td class="row2">
   564           <label><input type="checkbox" name="avatar_enable_anim" <?php if ( getConfig('avatar_enable_anim') == '1' ) echo 'checked="checked" '; ?>/> Don't block animated images</label>
   674           <label><input type="checkbox" name="avatar_enable_anim" <?php if ( getConfig('avatar_enable_anim') == '1' ) echo 'checked="checked" '; ?>/> <?php echo $lang->get('acpgc_field_avatar_allow_anim'); ?></label>
   565         </td>
   675         </td>
   566       </tr>
   676       </tr>
   567       
   677       
   568       <tr>
   678       <tr>
   569         <td class="row1">
   679         <td class="row1">
   570           Allowed upload methods:<br />
   680           <?php echo $lang->get('acpgc_field_avatar_upload_methods'); ?><br />
   571           <small></small>
   681           <small></small>
   572         </td>
   682         </td>
   573         <td class="row1">
   683         <td class="row1">
   574           <label><input type="checkbox" name="avatar_upload_file" <?php if ( getConfig('avatar_upload_file') == '1' || getConfig('avatar_upload_file') === false ) echo 'checked="checked" '; ?>/> Allow users to upload image files from their computers</label><br />
   684           <label>
   575           <label><input type="checkbox" name="avatar_upload_http" <?php if ( getConfig('avatar_upload_http') == '1' || getConfig('avatar_upload_http') === false ) echo 'checked="checked" '; ?>/> Allow users to enter a URL to their desired avatar</label>
   685             <input type="checkbox" name="avatar_upload_file" <?php if ( getConfig('avatar_upload_file') == '1' || getConfig('avatar_upload_file') === false ) echo 'checked="checked" '; ?>/>
       
   686             <?php echo $lang->get('acpgc_field_avatar_upload_file'); ?>
       
   687           </label>
       
   688           
       
   689           <br />
       
   690           
       
   691           <label>
       
   692             <input type="checkbox" name="avatar_upload_http" <?php if ( getConfig('avatar_upload_http') == '1' || getConfig('avatar_upload_http') === false ) echo 'checked="checked" '; ?>/>
       
   693             <?php echo $lang->get('acpgc_field_avatar_upload_http'); ?>
       
   694           </label>
   576         </td>
   695         </td>
   577       </tr>
   696       </tr>
   578       
   697       
   579       <tr>
   698       <tr>
   580         <td class="row2">
   699         <td class="row2">
   581           Avatar storage directory:<br />
   700           <?php echo $lang->get('acpgc_field_avatar_directory'); ?><br />
   582           <small>This should be relative to your Enano root and should contain only alphanumeric characters and forward slashes, even if your server runs Windows.</small>
   701           <small><?php echo $lang->get('acpgc_field_avatar_directory_hint'); ?></small>
   583         </td>
   702         </td>
   584         <td class="row2">
   703         <td class="row2">
   585           <input type="text" name="avatar_directory" size="30" <?php if ( $x = getConfig('avatar_directory') ) echo "value=\"$x\" "; else echo "value=\"files/avatars\" "; ?>/>
   704           <input type="text" name="avatar_directory" size="30" <?php if ( $x = getConfig('avatar_directory') ) echo "value=\"$x\" "; else echo "value=\"files/avatars\" "; ?>/>
   586         </td>
   705         </td>
   587       </tr>
   706       </tr>
   591         
   710         
   592     <div class="tblholder">
   711     <div class="tblholder">
   593     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   712     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   594     
   713     
   595     <tr>
   714     <tr>
   596       <th colspan="2">Sidebar links</th>
   715       <th colspan="2"><?php echo $lang->get('acpgc_heading_sidebar'); ?></th>
   597     </tr>
   716     </tr>
   598     
   717     
   599     <!-- enanocms.org link -->
   718     <!-- enanocms.org link -->
   600     
   719     
   601     <tr>
   720     <tr>
   602       <th colspan="2" class="subhead">Promote Enano</th>
   721       <th colspan="2" class="subhead"><?php echo $lang->get('acpgc_heading_promoteenano'); ?></th>
   603     </tr>
   722     </tr>                      
   604     <tr>
   723     <tr>
   605     <td class="row3" style="width: 50%;">
   724       <td class="row3" style="width: 50%;">
   606         If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
   725         <?php echo $lang->get('acpgc_field_enano_link_title'); ?>
   607         homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
       
   608         Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
       
   609         using this link.
       
   610       </td>
   726       </td>
   611       <td class="row1">
   727       <td class="row1">
   612         <label>
   728         <label>
   613           <input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> />&nbsp;&nbsp;Place a link to enanocms.org on the sidebar
   729           <input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> />&nbsp;&nbsp;<?php echo $lang->get('acpgc_field_enano_link'); ?>
   614         </label>
   730         </label>
   615       </td>
   731       </td>
   616     </tr>
   732     </tr>
   617       
   733       
   618     <!-- SourceForge.net logo -->
   734     <!-- SourceForge.net logo -->
   619       
   735       
   620       <tr><th class="subhead" colspan="2">SourceForge.net logo</th></tr>
   736       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_sfnet_logo'); ?></th></tr>
   621       
   737       
   622       <tr>
   738       <tr>
   623         <td colspan="2" class="row3">
   739         <td colspan="2" class="row3">
   624           All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages.  If you want
   740           <?php echo $lang->get('acpgc_sfnet_intro'); ?>
   625           to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
       
   626         </td>
   741         </td>
   627       </tr>
   742       </tr>
   628       
   743       
   629       <?php
   744       <?php
   630       if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
   745       if ( getConfig("sflogo_enabled") == '1' )
   631       else $c='';
   746         $c='checked="checked" ';
   632       if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
   747       else
   633       else $g='';
   748         $c='';
   634       if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
   749         
   635       else $t='1';
   750       if ( getConfig("sflogo_groupid") )
       
   751         $g = getConfig("sflogo_groupid");
       
   752       else
       
   753         $g = '';
       
   754         
       
   755       if ( getConfig("sflogo_type") )
       
   756         $t = getConfig("sflogo_type");
       
   757       else
       
   758         $t = '1';
   636       ?>
   759       ?>
   637       
   760       
   638       <tr>
   761       <tr>
   639         <td class="row1">Display the SourceForge.net logo on the right sidebar</td>
   762         <td class="row1"><?php echo $lang->get('acpgc_field_sfnet_display'); ?></td>
   640         <td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
   763         <td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
   641       </tr>
   764       </tr>
   642       
   765       
   643       <tr>
   766       <tr>
   644         <td class="row2">Group ID:</td>
   767         <td class="row2"><?php echo $lang->get('acpgc_field_sfnet_group_id'); ?></td>
   645         <td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
   768         <td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
   646       </tr>
   769       </tr>
   647       
   770       
   648       <tr>
   771       <tr>
   649         <td class="row1">Logo style:</td>
   772         <td class="row1"><?php echo $lang->get('acpgc_field_sfnet_logo_style'); ?></td>
   650         <td class="row1">
   773         <td class="row1">
   651           <select name="sflogo">
   774           <select name="sflogo">
   652             <option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
   775             <option <?php if($t=='1') echo('selected="selected" '); ?>value=1><?php echo $lang->get('acpgc_field_sfnet_logo_style_1'); ?></option>
   653             <option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
   776             <option <?php if($t=='2') echo('selected="selected" '); ?>value=2><?php echo $lang->get('acpgc_field_sfnet_logo_style_2'); ?></option>
   654             <option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
   777             <option <?php if($t=='3') echo('selected="selected" '); ?>value=3><?php echo $lang->get('acpgc_field_sfnet_logo_style_3'); ?></option>
   655             <option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
   778             <option <?php if($t=='4') echo('selected="selected" '); ?>value=4><?php echo $lang->get('acpgc_field_sfnet_logo_style_4'); ?></option>
   656             <option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
   779             <option <?php if($t=='5') echo('selected="selected" '); ?>value=5><?php echo $lang->get('acpgc_field_sfnet_logo_style_5'); ?></option>
   657             <option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
   780             <option <?php if($t=='6') echo('selected="selected" '); ?>value=6><?php echo $lang->get('acpgc_field_sfnet_logo_style_6'); ?></option>
   658             <option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
   781             <option <?php if($t=='7') echo('selected="selected" '); ?>value=7><?php echo $lang->get('acpgc_field_sfnet_logo_style_7'); ?></option>
   659           </select>
   782           </select>
   660         </td>
   783         </td>
   661       </tr>
   784       </tr>
   662       
   785       
   663     <!-- W3C validator buttons -->
   786     <!-- W3C validator buttons -->
   664       
   787       
   665       <tr><th class="subhead" colspan="2">W3C compliance logos</th></tr>
   788       <tr><th class="subhead" colspan="2"><?php echo $lang->get('acpgc_heading_w3clogos'); ?></th></tr>
   666       <tr><td colspan="2" class="row3">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS.  If you want to show this off, check the appropriate boxes below.</th></tr>
   789       <tr><td colspan="2" class="row3"><?php echo $lang->get('acpgc_w3clogos_intro'); ?></th></tr>
   667       
   790       
   668       <tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label>     </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1')     echo('CHECKED '); ?> id="w3c-vh32"     name="w3c-vh32"     /></td></tr>
   791       <tr><td class="row1"><label for="w3c-vh32"><?php     echo $lang->get('acpgc_w3clogos_btn_html32');  ?></label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1')     echo('checked="checked" '); ?> id="w3c-vh32"     name="w3c-vh32"     /></td></tr>
   669       <tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label>     </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1')     echo('CHECKED '); ?> id="w3c-vh40"     name="w3c-vh40"     /></td></tr>
   792       <tr><td class="row2"><label for="w3c-vh40"><?php     echo $lang->get('acpgc_w3clogos_btn_html40');  ?></label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1')     echo('checked="checked" '); ?> id="w3c-vh40"     name="w3c-vh40"     /></td></tr>
   670       <tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label>   </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1')    echo('CHECKED '); ?> id="w3c-vh401"    name="w3c-vh401"    /></td></tr>
   793       <tr><td class="row1"><label for="w3c-vh401"><?php    echo $lang->get('acpgc_w3clogos_btn_html401'); ?></label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1')    echo('checked="checked" '); ?> id="w3c-vh401"    name="w3c-vh401"    /></td></tr>
   671       <tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
   794       <tr><td class="row2"><label for="w3c-vxhtml10"><?php echo $lang->get('acpgc_w3clogos_btn_xhtml10'); ?></label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('checked="checked" '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
   672       <tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
   795       <tr><td class="row1"><label for="w3c-vxhtml11"><?php echo $lang->get('acpgc_w3clogos_btn_xhtml11'); ?></label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('checked="checked" '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
   673       <tr><td class="row2"><label for="w3c-vcss">CSS</label>          </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1')     echo('CHECKED '); ?> id="w3c-vcss"     name="w3c-vcss"     /></td></tr>
   796       <tr><td class="row2"><label for="w3c-vcss"><?php     echo $lang->get('acpgc_w3clogos_btn_css');     ?></label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1')     echo('checked="checked" '); ?> id="w3c-vcss"     name="w3c-vcss"     /></td></tr>
   674 
   797 
   675     <!-- DefectiveByDesign.org ad -->      
   798     <!-- DefectiveByDesign.org ad -->      
   676       
   799       
   677       <tr><th class="subhead" colspan="2">Defective By Design Anti-DRM button</th></tr>
   800       <tr>
   678       <tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
   801         <th class="subhead" colspan="2">
   679       <tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1')  echo('checked="checked" '); ?>/></td></tr>
   802           <?php echo $lang->get('acpgc_heading_dbd'); ?>
       
   803         </th>
       
   804       </tr>
       
   805       
       
   806       <tr>
       
   807         <td colspan="2" class="row3">
       
   808           <b><?php echo $lang->get('acpgc_dbd_intro'); ?></b>
       
   809           <?php echo $lang->get('acpgc_dbd_explain'); ?>
       
   810         </td>
       
   811       </tr>
       
   812       
       
   813       <tr>
       
   814         <td class="row1">
       
   815           <label for="dbdbutton">
       
   816             <?php echo $lang->get('acpgc_field_stopdrm'); ?>
       
   817           </label>
       
   818         </td>
       
   819         <td class="row1">
       
   820           <input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1')  echo('checked="checked" '); ?>/>
       
   821         </td>
       
   822       </tr>
   680       
   823       
   681     <!-- Save button -->
   824     <!-- Save button -->
   682     
   825     
   683     </table>
   826     </table>
   684     </div>
   827     </div>
   685         
   828         
   686     <div class="tblholder">
   829     <div class="tblholder">
   687     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   830     <table border="0" width="100%" cellspacing="1" cellpadding="4">
   688       
   831       
   689       <tr><th colspan="2"><input type="submit" name="submit" value="Save changes" /></th></tr>
   832       <tr><th colspan="2"><input type="submit" name="submit" value="<?php echo $lang->get('acpgc_btn_save_changes'); ?>" /></th></tr>
   690       
   833       
   691     </table>
   834     </table>
   692   </div>
   835   </div>
   693 </form>
   836 </form>
   694   <?php
   837   <?php
   781       setConfig('max_file_size', $max_upload.'');
   924       setConfig('max_file_size', $max_upload.'');
   782     }
   925     }
   783   }
   926   }
   784   echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
   927   echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
   785   ?>
   928   ?>
   786   <h3>File upload configuration</h3>
   929   <h3><?php echo $lang->get('acpup_heading_main'); ?></h3>
   787   <p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
   930   
   788      and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
   931   <p>
   789      and executable files can sometimes be uploaded.</p>
   932     <?php echo $lang->get('acpup_intro'); ?>
   790   <p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
   933   </p>
   791   <p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
   934   <p>
   792   <p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
   935     <label>
   793      does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
   936       <input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> />
   794      are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
   937       <b><?php echo $lang->get('acpup_field_enable'); ?></b>
   795      large images many times can cost you quite a lot of bandwidth.</p>
   938     </label>
   796   <p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
   939   </p>
   797      Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
   940   <p>
   798      On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
   941     <?php echo $lang->get('acpup_field_max_size'); ?>
   799      ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
   942     <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" />
   800      </p>
   943     <select name="fs_units">
   801   <p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
   944       <option value="1" selected="selected"><?php echo $lang->get('etc_unit_bytes'); ?></option>
   802      may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
   945       <option value="1024"><?php echo $lang->get('etc_unit_kilobytes_short'); ?></option>
   803   <p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
   946       <option value="1048576"><?php echo $lang->get('etc_unit_megabytes_short'); ?></option>
   804      Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
   947     </select>
   805      more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
   948   </p>
   806      is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
   949   
   807   <p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
   950   <p><?php echo $lang->get('acpup_info_magick'); ?></p>
   808   <p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
   951   <p>
   809      changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
   952     <label>
   810      enabled unless you have less than 250MB of MySQL database space.</p>
   953       <input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> />
   811   <p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
   954       <?php echo $lang->get('acpup_field_magick_enable'); ?>
       
   955     </label>
       
   956     <br />
       
   957     <?php echo $lang->get('acpup_field_magick_path'); ?> <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
       
   958     <?php echo $lang->get('acpup_field_magick_path_hint'); ?>
       
   959   </p>
       
   960      
       
   961   <p><?php echo $lang->get('acpup_info_cache'); ?></p>
       
   962   <p>
       
   963     <?php echo $lang->get('acpup_info_cache_chmod'); ?>
       
   964   
       
   965     <?php
       
   966       if(!is_writable(ENANO_ROOT.'/cache/'))
       
   967         echo $lang->get('acpup_msg_cache_not_writable');
       
   968     ?>
       
   969   </p>
       
   970   
       
   971   <p>
       
   972     <label>
       
   973       <input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; else if ( ! is_writable(ENANO_ROOT . '/cache/') ) echo 'readonly="readonly"'; ?> />
       
   974       <?php echo $lang->get('acpup_field_cache'); ?>
       
   975     </label>
       
   976   </p>
       
   977   
       
   978   <p><?php echo $lang->get('acpup_info_history'); ?></p>
       
   979   <p>
       
   980     <label>
       
   981       <input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> />
       
   982       <?php echo $lang->get('acpup_field_history'); ?>
       
   983     </label>
       
   984   </p>
       
   985   
   812   <hr style="margin-left: 1em;" />
   986   <hr style="margin-left: 1em;" />
   813   <p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
   987   <p><input type="submit" name="save" value="<?php echo $lang->get('acpup_btn_save'); ?>" style="font-weight: bold;" /></p>
   814   <?php
   988   <?php
   815   echo '</form>';
   989   echo '</form>';
   816 }
   990 }
   817 
   991 
   818 function page_Admin_PluginManager() {
   992 function page_Admin_UploadAllowedMimeTypes()
       
   993 {
   819   global $db, $session, $paths, $template, $plugins; // Common objects
   994   global $db, $session, $paths, $template, $plugins; // Common objects
   820   global $lang;
   995   global $lang;
   821   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   996   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   822   {
   997   {
   823     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
   998     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
   824     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
   999     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
   825     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1000     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   826     return;
  1001     return;
   827   }
  1002   }
   828   
  1003   
       
  1004   global $mime_types, $mimetype_exps, $mimetype_extlist;
       
  1005   if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
       
  1006   {
       
  1007     $bits = '';
       
  1008     $keys = array_keys($mime_types);
       
  1009     foreach($keys as $i => $k)
       
  1010     {
       
  1011       if(isset($_POST['ext_'.$k])) $bits .= '1';
       
  1012       else $bits .= '0';
       
  1013     }
       
  1014     $bits = compress_bitfield($bits);
       
  1015     setConfig('allowed_mime_types', $bits);
       
  1016     echo '<div class="info-box">' . $lang->get('acpft_msg_saved') . '</div>';
       
  1017   }
       
  1018   else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
       
  1019   {
       
  1020     echo '<div class="error-box">' . $lang->get('acpft_msg_demo_mode') . '</div>';
       
  1021   }
       
  1022   $allowed = fetch_allowed_extensions();
       
  1023   ?>
       
  1024   <h3><?php echo $lang->get('acpft_heading_main'); ?></h3>
       
  1025    <p><?php echo $lang->get('acpft_hint'); ?></p>
       
  1026   <?php
       
  1027   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&amp;' : '') .'module='.$paths->cpage['module']).'" method="post">';
       
  1028     $c = -1;
       
  1029     $t = -1;
       
  1030     $cl = 'row1';
       
  1031     echo "\n".'    <div class="tblholder">'."\n".'      <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".'        <tr>'."\n        ";
       
  1032     ksort($mime_types);
       
  1033     foreach($mime_types as $e => $m)
       
  1034     {
       
  1035       $c++;
       
  1036       $t++;
       
  1037       if($c == 3)
       
  1038       {
       
  1039         $c = 0;
       
  1040         $cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
       
  1041         echo '</tr>'."\n".'        <tr>'."\n        ";
       
  1042       }
       
  1043       $seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
       
  1044       $chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
       
  1045       echo "  <td class='$cl'>\n            <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n            ({$m})</label>\n          </td>\n        ";
       
  1046     }
       
  1047     while($c < 2)
       
  1048     {
       
  1049       $c++;
       
  1050       echo "  <td class='{$cl}'></td>\n        ";
       
  1051     }
       
  1052     echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="' . $lang->get('etc_save_changes') . '" /></th></tr>';
       
  1053     echo '</tr>'."\n".'      </table>'."\n".'    </div>';
       
  1054     echo '</form>';
       
  1055   ?>
       
  1056   <?php
       
  1057 }
       
  1058 
       
  1059 function page_Admin_PluginManager()
       
  1060 {
       
  1061   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1062   global $lang;
       
  1063   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  1064   {
       
  1065     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1066     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1067     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  1068     return;
       
  1069   }
       
  1070   
   829   if(isset($_GET['action']))
  1071   if(isset($_GET['action']))
   830   {
  1072   {
   831     switch($_GET['action'])
  1073     if ( !isset($_GET['plugin']) )
   832     {
  1074     {
   833       case "enable":
  1075       echo '<div class="error-box">No plugin specified.</div>';
   834         $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
  1076     }
   835         if ( !$q )
  1077     else if ( !preg_match('/^[A-z0-9_-]+\.php$/', $_GET['plugin']) )
   836           $db->_die();
  1078     {
   837         setConfig('plugin_'.$_GET['plugin'], '1');
  1079       echo '<div class="error-box">Hacking attempt</div>';
   838         break;
  1080     }
   839       case "disable":
  1081     else
   840         if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
  1082     {
   841         {
  1083       $plugin =& $_GET['plugin'];
   842           echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
  1084       switch($_GET['action'])
   843           break;
  1085       {
   844         }
  1086         case "enable":
   845         if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
  1087           $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
   846         {
       
   847           $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
       
   848           if ( !$q )
  1088           if ( !$q )
   849             $db->_die();
  1089             $db->_die();
   850           setConfig('plugin_'.$_GET['plugin'], '0');
  1090           setConfig("plugin_$plugin", '1');
   851         }
  1091           break;
   852         else 
  1092         case "disable":
   853         {
  1093           if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
   854           echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>');
  1094           {
   855         }
  1095             echo('<h3>' . $lang->get('acppl_err_heading') . '</h3>
   856         break;
  1096                    <p>' . $lang->get('acppl_err_demo_plugin') . '</p>');
       
  1097             break;
       
  1098           }
       
  1099           if ( !in_array($plugin, $plugins->system_plugins) )
       
  1100           {
       
  1101             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
       
  1102             if ( !$q )
       
  1103               $db->_die();
       
  1104             setConfig("plugin_$plugin", '0');
       
  1105           }
       
  1106           else 
       
  1107           {
       
  1108             echo '<h3>' . $lang->get('acppl_err_heading') . '</h3>
       
  1109                    <p>' . $lang->get('acppl_err_system_plugin') . '</p>';
       
  1110           }
       
  1111           break;
       
  1112       }
   857     }
  1113     }
   858   }
  1114   }
   859   $dir = './plugins/';
  1115   $dir = './plugins/';
   860   $plugin_list = Array();
  1116   $plugin_list = Array();
   861   $system = Array();
  1117   $system = Array();
   894           $thelist[$file]['uri']  = $f[1];
  1150           $thelist[$file]['uri']  = $f[1];
   895           $thelist[$file]['desc'] = $f[2];
  1151           $thelist[$file]['desc'] = $f[2];
   896           $thelist[$file]['auth'] = $f[3];
  1152           $thelist[$file]['auth'] = $f[3];
   897           $thelist[$file]['vers'] = $f[4];
  1153           $thelist[$file]['vers'] = $f[4];
   898           $thelist[$file]['aweb'] = $f[5];
  1154           $thelist[$file]['aweb'] = $f[5];
       
  1155           
       
  1156           if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['name']) )
       
  1157             $thelist[$file]['name'] = $lang->get($thelist[$file]['name']);
       
  1158           
       
  1159           if ( preg_match('/^[a-z0-9]+_[a-z0-9_]+$/', $thelist[$file]['desc']) )
       
  1160             $thelist[$file]['desc'] = $lang->get($thelist[$file]['desc']);
       
  1161           
   899         }
  1162         }
   900       }
  1163       }
   901       closedir($dh);
  1164       closedir($dh);
   902     }
  1165     }
   903     else
  1166     else
   904     {
  1167     {
   905       echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
  1168       echo '<div class="error-box">' . $lang->get('acppl_err_open_dir') . '</div>';
   906       return;
  1169       return;
   907     }
  1170     }
   908   }
  1171   }
   909   else
  1172   else
   910   {
  1173   {
   911     echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
  1174     echo '<div class="error-box">' . $lang->get('acppl_err_missing_dir') . '</div>';
   912     return;
  1175     return;
   913   }
  1176   }
   914   echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
  1177   echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
   915       <tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
  1178       <tr>
       
  1179         <th>' . $lang->get('acppl_col_filename') . '</th>
       
  1180         <th>' . $lang->get('acppl_col_name') . '</th>
       
  1181         <th>' . $lang->get('acppl_col_description') . '</th>
       
  1182         <th>' . $lang->get('acppl_col_author') . '</th>
       
  1183         <th>' . $lang->get('acppl_col_version') . '</th>
       
  1184         <th></th>
       
  1185       </tr>');
   916     $plugin_files_1 = array_keys($plugin_list);
  1186     $plugin_files_1 = array_keys($plugin_list);
   917     $plugin_files_2 = array_keys($system);
  1187     $plugin_files_2 = array_keys($system);
   918     $plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
  1188     $plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
   919     $cls = 'row2';
  1189     $cls = 'row2';
   920     for ( $i = 0; $i < sizeof($plugin_files); $i++ )
  1190     for ( $i = 0; $i < sizeof($plugin_files); $i++ )
   936               <td class="'.$cls.'"'.$bgcolor.'>';
  1206               <td class="'.$cls.'"'.$bgcolor.'>';
   937       if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
  1207       if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
   938       {
  1208       {
   939         if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
  1209         if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
   940         {
  1210         {
   941           echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&amp;show_system=' . ( $show_system ? 'yes' : 'no' ) . '&amp;action=disable&amp;plugin='.$plugin_files[$i].'">Disable</a>';
  1211           echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&amp;show_system=' . ( $show_system ? 'yes' : 'no' ) . '&amp;action=disable&amp;plugin='.$plugin_files[$i].'">' . $lang->get('acppl_btn_disable') . '</a>';
   942         }
  1212         }
   943         else
  1213         else
   944         {
  1214         {
   945           echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&amp;show_system=' . ( $show_system ? 'yes' : 'no' ) . '&amp;action=enable&amp;plugin='.$plugin_files[$i].'">Enable</a>';
  1215           echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&amp;show_system=' . ( $show_system ? 'yes' : 'no' ) . '&amp;action=enable&amp;plugin='.$plugin_files[$i].'">' . $lang->get('acppl_btn_enable') . '</a>';
   946         }
  1216         }
   947       }
  1217       }
   948       else
  1218       else
   949       {
  1219       {
   950         echo '[System]';
  1220         echo $lang->get('acppl_lbl_system_plugin');
   951       }
  1221       }
   952       echo '</td></tr>';
  1222       echo '</td></tr>';
   953     }
  1223     }
   954     $showhide_link = ( $show_system ) ?
  1224     $showhide_link = ( $show_system ) ?
   955     '<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' :
  1225     '<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">' . $lang->get('acppl_btn_hide_system') . '</a>' :
   956     '<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ;
  1226     '<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">' . $lang->get('acppl_btn_show_system') . '</a>' ;
   957     echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
  1227     echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
   958     echo '</table></div>';
  1228     echo '</table></div>';
   959 }
  1229 }
   960 
  1230 
   961 function page_Admin_UploadAllowedMimeTypes()
  1231 /*
   962 {
       
   963   global $db, $session, $paths, $template, $plugins; // Common objects
       
   964   global $lang;
       
   965   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
   966   {
       
   967     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   968     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   969     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
   970     return;
       
   971   }
       
   972   
       
   973   global $mime_types, $mimetype_exps, $mimetype_extlist;
       
   974   if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
       
   975   {
       
   976     $bits = '';
       
   977     $keys = array_keys($mime_types);
       
   978     foreach($keys as $i => $k)
       
   979     {
       
   980       if(isset($_POST['ext_'.$k])) $bits .= '1';
       
   981       else $bits .= '0';
       
   982     }
       
   983     $bits = compress_bitfield($bits);
       
   984     setConfig('allowed_mime_types', $bits);
       
   985     echo '<div class="info-box">Your changes have been saved.</div>';
       
   986   }
       
   987   else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
       
   988   {
       
   989     echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
       
   990   }
       
   991   $allowed = fetch_allowed_extensions();
       
   992   ?>
       
   993   <h3>Allowed file types</h3>
       
   994    <p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
       
   995   <?php
       
   996   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&amp;' : '') .'module='.$paths->cpage['module']).'" method="post">';
       
   997     $c = -1;
       
   998     $t = -1;
       
   999     $cl = 'row1';
       
  1000     echo "\n".'    <div class="tblholder">'."\n".'      <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".'        <tr>'."\n        ";
       
  1001     ksort($mime_types);
       
  1002     foreach($mime_types as $e => $m)
       
  1003     {
       
  1004       $c++;
       
  1005       $t++;
       
  1006       if($c == 3)
       
  1007       {
       
  1008         $c = 0;
       
  1009         $cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
       
  1010         echo '</tr>'."\n".'        <tr>'."\n        ";
       
  1011       }
       
  1012       $seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
       
  1013       $chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
       
  1014       echo "  <td class='$cl'>\n            <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n            ({$m})</label>\n          </td>\n        ";
       
  1015     }
       
  1016     while($c < 2)
       
  1017     {
       
  1018       $c++;
       
  1019       echo "  <td class='{$cl}'></td>\n        ";
       
  1020     }
       
  1021     echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
       
  1022     echo '</tr>'."\n".'      </table>'."\n".'    </div>';
       
  1023     echo '</form>';
       
  1024   ?>
       
  1025   <?php
       
  1026 }
       
  1027 
       
  1028 function page_Admin_Sidebar()
       
  1029 {
       
  1030   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1031   global $lang;
       
  1032   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  1033   {
       
  1034     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1035     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1036     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  1037     return;
       
  1038   }
       
  1039   
       
  1040   ?>
       
  1041   <h2>Editing and managing the Enano sidebar</h2>
       
  1042    <p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
       
  1043       provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
       
  1044       markup language.
       
  1045       </p>
       
  1046    <p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (&lt;example&gt;like this&lt;/example&gt;) for the
       
  1047       main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (&lt; and &gt;).</p>
       
  1048    <p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
       
  1049       on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
       
  1050       use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
       
  1051       external sites.</p>
       
  1052    <p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
       
  1053    <pre>{slider=Navigation}
       
  1054   [[Main Page|Home]]
       
  1055   [[Enano:Sidebar|Edit the sidebar]]
       
  1056 {/slider}</pre>
       
  1057    <p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
       
  1058       to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
       
  1059       "user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
       
  1060       wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
       
  1061       effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
       
  1062    <p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
       
  1063       variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
       
  1064       The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
       
  1065       the "change theme" button can be added with $STYLE_LINK.</p>
       
  1066    <p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
       
  1067    <pre>{slider=$USERNAME}
       
  1068   [[User:$USERNAME|User page]]
       
  1069   [[Special:Contributions?user=$USERNAME|My Contributions]]
       
  1070   {if user_logged_in}
       
  1071     [[Special:Preferences|Preferences]]
       
  1072     $THEME_LINK
       
  1073   {/if}
       
  1074   {if auth_admin}
       
  1075     [[Special:Administration|Administration]]
       
  1076   {/if}
       
  1077   {if user_logged_in}
       
  1078     $LOGOUT_LINK
       
  1079   {/if}
       
  1080   {!if user_logged_in}
       
  1081     Create an account
       
  1082     Log in
       
  1083   {/if}
       
  1084 {/slider}</pre>
       
  1085   <?php
       
  1086 }
       
  1087 
       
  1088 function page_Admin_GroupManager()
       
  1089 {
       
  1090   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1091   global $lang;
       
  1092   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  1093   {
       
  1094     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1095     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1096     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  1097     return;
       
  1098   }
       
  1099   
       
  1100   if(isset($_POST['do_create_stage1']))
       
  1101   {
       
  1102     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
  1103     {
       
  1104       echo '<p>The group name you chose is invalid.</p>';
       
  1105       return;
       
  1106     }
       
  1107     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1108     echo '<div class="tblholder">
       
  1109           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  1110           <tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
       
  1111           <tr>
       
  1112             <td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
       
  1113           </tr>
       
  1114           <tr><td class="row2">Group status</td><td class="row2">
       
  1115             <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
       
  1116             <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
       
  1117             <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
       
  1118             <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
       
  1119           </td></tr>
       
  1120           <tr>
       
  1121             <th class="subhead" colspan="2">
       
  1122               <input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
       
  1123               <input type="submit" name="do_create_stage2" value="Create group" />
       
  1124             </th>
       
  1125           </tr>
       
  1126           </table>
       
  1127           </div>';
       
  1128     echo '</form>';
       
  1129     return;
       
  1130   }
       
  1131   elseif(isset($_POST['do_create_stage2']))
       
  1132   {
       
  1133     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
  1134     {
       
  1135       echo '<p>The group name you chose is invalid.</p>';
       
  1136       return;
       
  1137     }
       
  1138     if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
       
  1139     {
       
  1140       echo '<p>Hacking attempt</p>';
       
  1141       return;
       
  1142     }
       
  1143     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
  1144     if(!$e)
       
  1145     {
       
  1146       echo $db->get_error();
       
  1147       return;
       
  1148     }
       
  1149     if($db->numrows() > 0)
       
  1150     {
       
  1151       echo '<p>The group name you entered already exists.</p>';
       
  1152       return;
       
  1153     }
       
  1154     $db->free_result();
       
  1155     $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
       
  1156     if(!$q)
       
  1157     {
       
  1158       echo $db->get_error();
       
  1159       return;
       
  1160     }
       
  1161     $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
       
  1162     if(!$e)
       
  1163     {
       
  1164       echo $db->get_error();
       
  1165       return;
       
  1166     }
       
  1167     if($db->numrows() < 1)
       
  1168     {
       
  1169       echo '<p>The username you entered could not be found.</p>';
       
  1170       return;
       
  1171     }
       
  1172     $row = $db->fetchrow();
       
  1173     $id = $row['user_id'];
       
  1174     $db->free_result();
       
  1175     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
  1176     if(!$e)
       
  1177     {
       
  1178       echo $db->get_error();
       
  1179       return;
       
  1180     }
       
  1181     if($db->numrows() < 1)
       
  1182     {
       
  1183       echo '<p>The group ID could not be looked up.</p>';
       
  1184       return;
       
  1185     }
       
  1186     $row = $db->fetchrow();
       
  1187     $gid = $row['group_id'];
       
  1188     $db->free_result();
       
  1189     $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
       
  1190     if(!$e)
       
  1191     {
       
  1192       echo $db->get_error();
       
  1193       return;
       
  1194     }
       
  1195     echo "<div class='info-box'>
       
  1196             <b>Information</b><br />
       
  1197             The group {$_POST['create_group_name']} has been created successfully.
       
  1198           </div>";
       
  1199   }
       
  1200   if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
       
  1201   {
       
  1202     // Fetch the group name
       
  1203     $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  1204     if(!$q)
       
  1205     {
       
  1206       echo $db->get_error();
       
  1207       return;
       
  1208     }
       
  1209     if($db->numrows() < 1)
       
  1210     {
       
  1211       echo '<p>Error: couldn\'t look up group name</p>';
       
  1212     }
       
  1213     $row = $db->fetchrow();
       
  1214     $name = $row['group_name'];
       
  1215     $db->free_result();
       
  1216     if(isset($_POST['edit_do']))
       
  1217     {
       
  1218       if(isset($_POST['edit_do']['del_group']))
       
  1219       {
       
  1220         if ( $row['system_group'] == 1 )
       
  1221         {
       
  1222           echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
       
  1223         }
       
  1224         else
       
  1225         {
       
  1226           $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  1227           if(!$q)
       
  1228           {
       
  1229             echo $db->get_error();
       
  1230             return;
       
  1231           }
       
  1232           $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  1233           if(!$q)
       
  1234           {
       
  1235             echo $db->get_error();
       
  1236             return;
       
  1237           }
       
  1238           echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
       
  1239           return;
       
  1240         }
       
  1241       }
       
  1242       if(isset($_POST['edit_do']['save_name']))
       
  1243       {
       
  1244         if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
       
  1245         {
       
  1246           echo '<p>The group name you chose is invalid.</p>';
       
  1247           return;
       
  1248         }
       
  1249         $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
       
  1250             WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  1251         if(!$q)
       
  1252         {
       
  1253           echo $db->get_error();
       
  1254           return;
       
  1255         }
       
  1256         else
       
  1257         {
       
  1258           echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
  1259                   The group name has been updated.
       
  1260                 </div>';
       
  1261         }
       
  1262         $name = $_POST['group_name'];
       
  1263         
       
  1264       }
       
  1265       $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
       
  1266                              WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  1267       if(!$q)
       
  1268       {
       
  1269         echo $db->get_error();
       
  1270         return;
       
  1271       }
       
  1272       if($db->numrows() > 0)
       
  1273       {
       
  1274         while($row = $db->fetchrow($q))
       
  1275         {
       
  1276           if(isset($_POST['edit_do']['del_' . $row['member_id']]))
       
  1277           {
       
  1278             $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
       
  1279             if(!$e)
       
  1280             {
       
  1281               echo $db->get_error();
       
  1282               return;
       
  1283             }
       
  1284           }
       
  1285         }
       
  1286       }
       
  1287       $db->free_result();
       
  1288       if(isset($_POST['edit_do']['add_member']))
       
  1289       {
       
  1290         $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
       
  1291         if(!$q)
       
  1292         {
       
  1293           echo $db->get_error();
       
  1294           return;
       
  1295         }
       
  1296         if($db->numrows() > 0)
       
  1297         {
       
  1298           $row = $db->fetchrow();
       
  1299           $user_id = $row['user_id'];
       
  1300           $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
       
  1301           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
       
  1302           if(!$q)
       
  1303           {
       
  1304             echo $db->get_error();
       
  1305             return;
       
  1306           }
       
  1307           else
       
  1308           {
       
  1309             echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
  1310                     The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
       
  1311                   </div>';
       
  1312           }
       
  1313         }
       
  1314         else
       
  1315           echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
       
  1316       }
       
  1317     }
       
  1318     $sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
       
  1319     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1320     echo '<div class="tblholder">
       
  1321           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  1322           <tr><th>Edit group name</th></tr>
       
  1323           <tr>
       
  1324             <td class="row1">
       
  1325               Group name: <input type="text" name="group_name" value="'.$name.'" />
       
  1326             </td>
       
  1327           </tr>
       
  1328           <tr>
       
  1329             <th class="subhead">
       
  1330               <input type="submit" name="edit_do[save_name]" value="Save name" />
       
  1331               <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
       
  1332             </th>
       
  1333           </tr>
       
  1334           </table>
       
  1335           </div>
       
  1336           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  1337     echo '</form>';
       
  1338     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1339     echo '<div class="tblholder">
       
  1340           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  1341           <tr><th colspan="3">Edit group members</th></tr>';
       
  1342     $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
       
  1343                            LEFT JOIN '.table_prefix.'users AS u
       
  1344                              ON u.user_id=m.user_id
       
  1345                              WHERE m.group_id='.intval($_POST['group_edit_id']).'
       
  1346                            ORDER BY m.is_mod DESC, u.username ASC;');
       
  1347     if(!$q)
       
  1348     {
       
  1349       echo $db->get_error();
       
  1350       return;
       
  1351     }
       
  1352     if($db->numrows() < 1)
       
  1353     {
       
  1354       echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
       
  1355     }
       
  1356     else
       
  1357     {
       
  1358       $cls = 'row2';
       
  1359       while($row = $db->fetchrow())
       
  1360       {
       
  1361         $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
       
  1362         $mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
       
  1363         echo '<tr>
       
  1364                 <td class="'.$cls.'" style="width: 100%;">
       
  1365                   ' . $row['username'] . '
       
  1366                 </td>
       
  1367                 <td class="'.$cls.'">
       
  1368                   '.$mod.'
       
  1369                 </td>
       
  1370                 <td class="'.$cls.'">
       
  1371                   <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
       
  1372                 </td>
       
  1373               </tr>';
       
  1374       }
       
  1375     }
       
  1376     $db->free_result();
       
  1377     echo '</table>
       
  1378           </div>
       
  1379           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  1380     echo '</form>';
       
  1381     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1382     echo '<div class="tblholder">
       
  1383           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  1384             <tr>
       
  1385               <th>Add a new member</th>
       
  1386             </tr>
       
  1387             <tr>
       
  1388               <td class="row1">
       
  1389                 Username: ' . $template->username_field('edit_add_username') . '
       
  1390               </td>
       
  1391             </tr>
       
  1392             <tr>
       
  1393               <td class="row2">
       
  1394                 <label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
       
  1395               </td>
       
  1396             </tr>
       
  1397             <tr>
       
  1398               <th class="subhead">
       
  1399                 <input type="submit" name="edit_do[add_member]" value="Add user to group" />
       
  1400               </th>
       
  1401             </tr>
       
  1402           </table>
       
  1403           </div>
       
  1404           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  1405     echo '</form>';
       
  1406     return;
       
  1407   }
       
  1408   echo '<h3>Manage Usergroups</h3>';
       
  1409   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1410   $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
       
  1411   if(!$q)
       
  1412   {
       
  1413     echo $db->get_error();
       
  1414   }
       
  1415   else
       
  1416   {
       
  1417     echo '<div class="tblholder">
       
  1418           <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
  1419           <tr>
       
  1420           <th>Edit an existing group</th>
       
  1421           </tr>';
       
  1422     echo '<tr><td class="row2"><select name="group_edit_id">';
       
  1423     while ( $row = $db->fetchrow() )
       
  1424     {
       
  1425       if ( $row['group_name'] != 'Everyone' )
       
  1426       {
       
  1427         echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
       
  1428       }
       
  1429     }
       
  1430     $db->free_result();
       
  1431     echo '</select></td></tr>';
       
  1432     echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
       
  1433           </table>
       
  1434           </div>
       
  1435           </form><br />';
       
  1436   }
       
  1437   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1438   echo '<div class="tblholder">
       
  1439         <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
  1440         <tr>
       
  1441         <th colspan="2">Create a new group</th>
       
  1442         </tr>';
       
  1443   echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
       
  1444   echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
       
  1445         </table>
       
  1446         </div>';
       
  1447   echo '</form>';
       
  1448 }
       
  1449 
       
  1450 function page_Admin_COPPA()
       
  1451 {
       
  1452   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1453   global $lang;
       
  1454   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  1455   {
       
  1456     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1457     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1458     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  1459     return;
       
  1460   }
       
  1461   
       
  1462   echo '<h2>Background information</h2>';
       
  1463   echo '<p>
       
  1464           The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
       
  1465           children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
       
  1466           in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano 
       
  1467           provides an easy way to allow you, as the website administrator, to obtain this authorization.
       
  1468         </p>';
       
  1469   
       
  1470   // Start form
       
  1471   
       
  1472   if ( isset($_POST['coppa_address']) )
       
  1473   {
       
  1474     // Saving changes
       
  1475     $enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
       
  1476     setConfig('enable_coppa', $enable_coppa);
       
  1477     
       
  1478     $address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
       
  1479     setConfig('coppa_address', $address);
       
  1480     
       
  1481     echo '<div class="info-box">Your changes have been saved.</div>';
       
  1482   }
       
  1483   
       
  1484   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&amp;' : '') .'module='.$paths->cpage['module']).'" method="post">';
       
  1485   
       
  1486   echo '<div class="tblholder">';
       
  1487   echo '<table border="0" cellspacing="1" cellpadding="4">';
       
  1488   echo '<tr>
       
  1489           <th colspan="2">
       
  1490             COPPA support
       
  1491           </th>
       
  1492         </tr>';
       
  1493         
       
  1494   echo '<tr>
       
  1495           <td class="row1">
       
  1496             Enable COPPA support:
       
  1497           </td>
       
  1498           <td class="row2">
       
  1499             <label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
       
  1500             <small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
       
  1501           </td>
       
  1502         </tr>';
       
  1503         
       
  1504   echo '<tr>
       
  1505           <td class="row1">
       
  1506             Your mailing address:<br />
       
  1507             <small>This is the address to which parents will send authorization forms.</small>
       
  1508           </td>
       
  1509           <td class="row2">
       
  1510             <textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
       
  1511           </td>
       
  1512         </tr>';
       
  1513         
       
  1514   echo '<tr>
       
  1515           <th colspan="2" class="subhead">
       
  1516             <input type="submit" value="Save changes" />
       
  1517           </th>
       
  1518         </tr>';
       
  1519         
       
  1520   echo '</table>';
       
  1521   
       
  1522   echo '</form>';
       
  1523   
       
  1524 }
       
  1525 
       
  1526 function page_Admin_PageManager()
  1232 function page_Admin_PageManager()
  1527 {
  1233 {
  1528   global $db, $session, $paths, $template, $plugins; // Common objects
  1234   global $db, $session, $paths, $template, $plugins; // Common objects
  1529   global $lang;
  1235   global $lang;
  1530   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1236   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1533     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
  1239     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
  1534     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1240     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1535     return;
  1241     return;
  1536   }
  1242   }
  1537   
  1243   
  1538   
       
  1539   echo '<h2>Page management</h2>';
  1244   echo '<h2>Page management</h2>';
  1540   
  1245   
  1541   if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
  1246   if ( isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' ) )
       
  1247   {
  1542     // The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
  1248     // The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
  1543     $source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
  1249     $source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
  1544     if ( $source == 'ajax' )
  1250     if ( $source == 'ajax' )
  1545     {
  1251     {
  1546       $_POST['search'] = true;
  1252       $_POST['search'] = true;
  1547       $_POST['page_url'] = $_GET['page_id'];
  1253       $_POST['page_url'] = $_GET['page_id'];
  1548     }
  1254     }
  1549     if(isset($_POST['search'])) $pid = $_POST['page_url'];
  1255     if ( isset($_POST['search']) )
  1550     elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
  1256     {
  1551     else { echo 'Internal error selecting page search terms'; return false; }
  1257       $pid = $_POST['page_url'];
       
  1258     }
       
  1259     elseif ( isset($_POST['select']) )
       
  1260     {
       
  1261       $pid = $_POST['page_force_url'];
       
  1262     }
       
  1263     else
       
  1264     {
       
  1265       echo 'Internal error selecting page search terms';
       
  1266       return false;
       
  1267     }
  1552     // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
  1268     // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
  1553     $k = array_keys($paths->nslist);
  1269     $k = array_keys($paths->nslist);
  1554     for($i=0;$i<sizeof($paths->nslist);$i++)
  1270     for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
  1555     {
  1271     {
  1556       $ln = strlen($paths->nslist[$k[$i]]);
  1272       $ln = strlen($paths->nslist[$k[$i]]);
  1557       if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
  1273       if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
  1558       {
  1274       {
  1559         $ns = $k[$i];
  1275         $ns = $k[$i];
  1560         $page_id = substr($pid, $ln, strlen($pid));
  1276         $page_id = substr($pid, $ln, strlen($pid));
  1561       }
  1277       }
  1562     }
  1278     }
  1563     // The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
  1279     // The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
  1564     // Now, iterate through $paths->pages searching for a page with this name or ID
  1280     // Now, iterate through $paths->pages searching for a page with this name or ID
  1565     for($i=0;$i<sizeof($paths->pages)/2;$i++)
  1281     for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ )
  1566     {
  1282     {
  1567       if(!isset($final_pid))
  1283       if ( !isset($final_pid) )
  1568       {
  1284       {
  1569         if    ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
  1285         if ( $paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id) )
  1570         elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
  1286         {
  1571         elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
  1287           $final_pid = str_replace(' ', '_', $page_id);
  1572         elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
  1288         }
  1573         if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
  1289         else if ( $paths->pages[$i]['name'] == $page_id )
  1574       }
  1290         {
  1575     }
  1291           $final_pid = $paths->pages[$i]['urlname_nons'];
  1576     if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
  1292         }
       
  1293         else if ( strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id)) )
       
  1294         {
       
  1295           $final_pid = $paths->pages[$i]['urlname_nons'];
       
  1296         }
       
  1297         else if ( strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id)) )
       
  1298         {
       
  1299           $final_pid = $paths->pages[$i]['urlname_nons'];
       
  1300         }
       
  1301         if ( isset($final_pid) )
       
  1302         {
       
  1303           $_POST['name'] = $paths->pages[$i]['name'];
       
  1304           $_POST['urlname'] = $paths->pages[$i]['urlname_nons'];
       
  1305         }
       
  1306       }
       
  1307     }
       
  1308     if ( !isset($final_pid) )
       
  1309     {
       
  1310       echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>';
       
  1311       return false;
       
  1312     }
  1577     $_POST['namespace'] = $ns;
  1313     $_POST['namespace'] = $ns;
  1578     $_POST['old_namespace'] = $ns;
  1314     $_POST['old_namespace'] = $ns;
  1579     $_POST['page_id'] = $final_pid;
  1315     $_POST['page_id'] = $final_pid;
  1580     $_POST['old_page_id'] = $final_pid;
  1316     $_POST['old_page_id'] = $final_pid;
  1581     if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
  1317     if ( !isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']]) )
  1582   }
  1318     {
  1583   
  1319       echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>';
  1584   if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
  1320       return false;
       
  1321     }
       
  1322   }
       
  1323   
       
  1324   if ( isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']) )
  1585   {
  1325   {
  1586     $cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
  1326     $cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
  1587     if(isset($_POST['submit']))
  1327     if(isset($_POST['submit']))
  1588     {
  1328     {
  1589       switch(true)
  1329       switch(true)
  1685     $url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true);
  1425     $url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true);
  1686     echo '<form action="'.$url.'" method="post">';
  1426     echo '<form action="'.$url.'" method="post">';
  1687     ?>
  1427     ?>
  1688     <h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
  1428     <h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
  1689      <table border="0">
  1429      <table border="0">
  1690        <tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
  1430        <tr>
  1691        <tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr>
  1431          <td>Namespace:</td>
  1692        <tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
  1432          <td>
  1693        <tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" />  <label for="cmt">Enable comments for this page</label></td></tr>
  1433            <select name="namespace">
  1694        <tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" />  <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
  1434              <?php
  1695        <tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" />  <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
  1435              $nm = array_keys($paths->nslist);
  1696        <tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" />  <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
  1436              foreach ( $nm as $ns )
  1697        <tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
  1437              {
  1698        <tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
  1438                if ( $ns != 'Special' && $ns != 'Admin' )
  1699        <tr><td colspan="2" style="text-align: right;">
  1439                {
  1700        <input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
  1440                  echo '<option ';
  1701        <input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
  1441                  if ( $_POST['namespace'] == $ns )
  1702        <input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" />  <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
  1442                  echo 'selected="selected" ';
       
  1443                  echo 'value="'.$ns.'">';
       
  1444                  if ( $paths->nslist[$ns] == '' )
       
  1445                    echo '[No prefix]';
       
  1446                  else
       
  1447                    echo $paths->nslist[$ns];
       
  1448                  echo '</option>';
       
  1449                }
       
  1450              } ?>
       
  1451            </select>
       
  1452          </td>
       
  1453        </tr>
       
  1454        <tr>
       
  1455          <td>
       
  1456            Page title:
       
  1457          </td>
       
  1458          <td>
       
  1459            <input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" />
       
  1460          </td>
       
  1461        </tr>
       
  1462        <tr>
       
  1463          <td>
       
  1464            Page URL string:<br />
       
  1465            <small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />
       
  1466                   Changing this value is usually not a good idea, especially for templates and project pages.</small>
       
  1467           </td>
       
  1468           <td>
       
  1469             <input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" />
       
  1470           </td>
       
  1471        </tr>
       
  1472        <tr>
       
  1473          <td></td>
       
  1474          <td>
       
  1475            <input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" />
       
  1476            <label for="cmt">Enable comments for this page</label>
       
  1477          </td>
       
  1478        </tr>
       
  1479        <tr>
       
  1480          <td></td>
       
  1481          <td>
       
  1482            <input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" />
       
  1483            <label for="spc">Bypass the template engine for this page</label><br />
       
  1484            <small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small>
       
  1485          </td>
       
  1486        </tr>
       
  1487        <tr>
       
  1488          <td></td>
       
  1489          <td>
       
  1490            <input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" />
       
  1491            <label for="vis">Allow this page to be shown in page lists</label><br />
       
  1492            <small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small>
       
  1493          </td>
       
  1494        </tr>
       
  1495        <tr>
       
  1496          <td></td>
       
  1497          <td>
       
  1498            <input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" />
       
  1499            <label for="prt">Prevent non-administrators from editing this page</label><br />
       
  1500            <small>This option only has an effect when Wiki Mode is enabled.</small>
       
  1501          </td>
       
  1502        </tr>
       
  1503        <tr>
       
  1504          <td></td>
       
  1505          <td>
       
  1506            <input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" />
       
  1507          </td>
       
  1508        </tr>
       
  1509        <tr>
       
  1510          <td colspan="2" style="text-align: center;">
       
  1511            <hr />
       
  1512          </td>
       
  1513        </tr>
       
  1514        <tr>
       
  1515          <td colspan="2" style="text-align: right;">
       
  1516            <input type="hidden" name="old_page_id" value="<?php echo htmlspecialchars($_POST['old_page_id']); ?>" />
       
  1517            <input type="hidden" name="old_namespace" value="<?php echo htmlspecialchars($_POST['old_namespace']); ?>" />
       
  1518            <input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" />
       
  1519            <input type="submit" name="cancel" value="Cancel changes" />
       
  1520          </td>
       
  1521        </tr>
  1703      </table>
  1522      </table>
  1704     <?php
  1523     <?php
  1705     echo '</form>';
  1524     echo '</form>';
  1706   } else {
  1525   }
       
  1526   else
       
  1527   {
  1707     echo '<h3>Please select a page</h3>';
  1528     echo '<h3>Please select a page</h3>';
  1708     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
  1529     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
  1709     ?>
  1530     ?>
  1710       <p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?>  <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
  1531       <p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?>  <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
  1711       <p>Select page title from a list: <select name="page_force_url">
  1532       <p>Select page title from a list: <select name="page_force_url">
  1719     <?php
  1540     <?php
  1720     echo '</form>';
  1541     echo '</form>';
  1721     
  1542     
  1722   }
  1543   }
  1723 }
  1544 }
       
  1545 */
  1724 
  1546 
  1725 function page_Admin_PageEditor()
  1547 function page_Admin_PageEditor()
  1726 {
  1548 {
  1727   global $db, $session, $paths, $template, $plugins; // Common objects
  1549   global $db, $session, $paths, $template, $plugins; // Common objects
  1728   global $lang;
  1550   global $lang;
  2087       echo('</select>');
  1909       echo('</select>');
  2088       echo('
  1910       echo('
  2089       <input type="submit" name="install" value="Install this theme" />
  1911       <input type="submit" name="install" value="Install this theme" />
  2090       </p></form>');
  1912       </p></form>');
  2091     } else echo('<p>All themes are currently installed.</p>');
  1913     } else echo('<p>All themes are currently installed.</p>');
       
  1914 }
       
  1915 
       
  1916 function page_Admin_GroupManager()
       
  1917 {
       
  1918   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1919   global $lang;
       
  1920   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  1921   {
       
  1922     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1923     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1924     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  1925     return;
       
  1926   }
       
  1927   
       
  1928   if(isset($_POST['do_create_stage1']))
       
  1929   {
       
  1930     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
  1931     {
       
  1932       echo '<p>The group name you chose is invalid.</p>';
       
  1933       return;
       
  1934     }
       
  1935     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  1936     echo '<div class="tblholder">
       
  1937           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  1938           <tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
       
  1939           <tr>
       
  1940             <td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
       
  1941           </tr>
       
  1942           <tr><td class="row2">Group status</td><td class="row2">
       
  1943             <label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
       
  1944             <label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
       
  1945             <label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
       
  1946             <label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
       
  1947           </td></tr>
       
  1948           <tr>
       
  1949             <th class="subhead" colspan="2">
       
  1950               <input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
       
  1951               <input type="submit" name="do_create_stage2" value="Create group" />
       
  1952             </th>
       
  1953           </tr>
       
  1954           </table>
       
  1955           </div>';
       
  1956     echo '</form>';
       
  1957     return;
       
  1958   }
       
  1959   elseif(isset($_POST['do_create_stage2']))
       
  1960   {
       
  1961     if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
       
  1962     {
       
  1963       echo '<p>The group name you chose is invalid.</p>';
       
  1964       return;
       
  1965     }
       
  1966     if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
       
  1967     {
       
  1968       echo '<p>Hacking attempt</p>';
       
  1969       return;
       
  1970     }
       
  1971     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
  1972     if(!$e)
       
  1973     {
       
  1974       echo $db->get_error();
       
  1975       return;
       
  1976     }
       
  1977     if($db->numrows() > 0)
       
  1978     {
       
  1979       echo '<p>The group name you entered already exists.</p>';
       
  1980       return;
       
  1981     }
       
  1982     $db->free_result();
       
  1983     $q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
       
  1984     if(!$q)
       
  1985     {
       
  1986       echo $db->get_error();
       
  1987       return;
       
  1988     }
       
  1989     $e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
       
  1990     if(!$e)
       
  1991     {
       
  1992       echo $db->get_error();
       
  1993       return;
       
  1994     }
       
  1995     if($db->numrows() < 1)
       
  1996     {
       
  1997       echo '<p>The username you entered could not be found.</p>';
       
  1998       return;
       
  1999     }
       
  2000     $row = $db->fetchrow();
       
  2001     $id = $row['user_id'];
       
  2002     $db->free_result();
       
  2003     $e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
       
  2004     if(!$e)
       
  2005     {
       
  2006       echo $db->get_error();
       
  2007       return;
       
  2008     }
       
  2009     if($db->numrows() < 1)
       
  2010     {
       
  2011       echo '<p>The group ID could not be looked up.</p>';
       
  2012       return;
       
  2013     }
       
  2014     $row = $db->fetchrow();
       
  2015     $gid = $row['group_id'];
       
  2016     $db->free_result();
       
  2017     $e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
       
  2018     if(!$e)
       
  2019     {
       
  2020       echo $db->get_error();
       
  2021       return;
       
  2022     }
       
  2023     echo "<div class='info-box'>
       
  2024             <b>Information</b><br />
       
  2025             The group {$_POST['create_group_name']} has been created successfully.
       
  2026           </div>";
       
  2027   }
       
  2028   if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
       
  2029   {
       
  2030     // Fetch the group name
       
  2031     $q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  2032     if(!$q)
       
  2033     {
       
  2034       echo $db->get_error();
       
  2035       return;
       
  2036     }
       
  2037     if($db->numrows() < 1)
       
  2038     {
       
  2039       echo '<p>Error: couldn\'t look up group name</p>';
       
  2040     }
       
  2041     $row = $db->fetchrow();
       
  2042     $name = $row['group_name'];
       
  2043     $db->free_result();
       
  2044     if(isset($_POST['edit_do']))
       
  2045     {
       
  2046       if(isset($_POST['edit_do']['del_group']))
       
  2047       {
       
  2048         if ( $row['system_group'] == 1 )
       
  2049         {
       
  2050           echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
       
  2051         }
       
  2052         else
       
  2053         {
       
  2054           $q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  2055           if(!$q)
       
  2056           {
       
  2057             echo $db->get_error();
       
  2058             return;
       
  2059           }
       
  2060           $q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  2061           if(!$q)
       
  2062           {
       
  2063             echo $db->get_error();
       
  2064             return;
       
  2065           }
       
  2066           echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
       
  2067           return;
       
  2068         }
       
  2069       }
       
  2070       if(isset($_POST['edit_do']['save_name']))
       
  2071       {
       
  2072         if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
       
  2073         {
       
  2074           echo '<p>The group name you chose is invalid.</p>';
       
  2075           return;
       
  2076         }
       
  2077         $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
       
  2078             WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  2079         if(!$q)
       
  2080         {
       
  2081           echo $db->get_error();
       
  2082           return;
       
  2083         }
       
  2084         else
       
  2085         {
       
  2086           echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
  2087                   The group name has been updated.
       
  2088                 </div>';
       
  2089         }
       
  2090         $name = $_POST['group_name'];
       
  2091         
       
  2092       }
       
  2093       $q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
       
  2094                              WHERE group_id='.intval($_POST['group_edit_id']).';');
       
  2095       if(!$q)
       
  2096       {
       
  2097         echo $db->get_error();
       
  2098         return;
       
  2099       }
       
  2100       if($db->numrows() > 0)
       
  2101       {
       
  2102         while($row = $db->fetchrow($q))
       
  2103         {
       
  2104           if(isset($_POST['edit_do']['del_' . $row['member_id']]))
       
  2105           {
       
  2106             $e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
       
  2107             if(!$e)
       
  2108             {
       
  2109               echo $db->get_error();
       
  2110               return;
       
  2111             }
       
  2112           }
       
  2113         }
       
  2114       }
       
  2115       $db->free_result();
       
  2116       if(isset($_POST['edit_do']['add_member']))
       
  2117       {
       
  2118         $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
       
  2119         if(!$q)
       
  2120         {
       
  2121           echo $db->get_error();
       
  2122           return;
       
  2123         }
       
  2124         if($db->numrows() > 0)
       
  2125         {
       
  2126           $row = $db->fetchrow();
       
  2127           $user_id = $row['user_id'];
       
  2128           $is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
       
  2129           $q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
       
  2130           if(!$q)
       
  2131           {
       
  2132             echo $db->get_error();
       
  2133             return;
       
  2134           }
       
  2135           else
       
  2136           {
       
  2137             echo '<div class="info-box" style="margin: 0 0 10px 0;"">
       
  2138                     The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
       
  2139                   </div>';
       
  2140           }
       
  2141         }
       
  2142         else
       
  2143           echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
       
  2144       }
       
  2145     }
       
  2146     $sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
       
  2147     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  2148     echo '<div class="tblholder">
       
  2149           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  2150           <tr><th>Edit group name</th></tr>
       
  2151           <tr>
       
  2152             <td class="row1">
       
  2153               Group name: <input type="text" name="group_name" value="'.$name.'" />
       
  2154             </td>
       
  2155           </tr>
       
  2156           <tr>
       
  2157             <th class="subhead">
       
  2158               <input type="submit" name="edit_do[save_name]" value="Save name" />
       
  2159               <input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
       
  2160             </th>
       
  2161           </tr>
       
  2162           </table>
       
  2163           </div>
       
  2164           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  2165     echo '</form>';
       
  2166     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  2167     echo '<div class="tblholder">
       
  2168           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  2169           <tr><th colspan="3">Edit group members</th></tr>';
       
  2170     $q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
       
  2171                            LEFT JOIN '.table_prefix.'users AS u
       
  2172                              ON u.user_id=m.user_id
       
  2173                              WHERE m.group_id='.intval($_POST['group_edit_id']).'
       
  2174                            ORDER BY m.is_mod DESC, u.username ASC;');
       
  2175     if(!$q)
       
  2176     {
       
  2177       echo $db->get_error();
       
  2178       return;
       
  2179     }
       
  2180     if($db->numrows() < 1)
       
  2181     {
       
  2182       echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
       
  2183     }
       
  2184     else
       
  2185     {
       
  2186       $cls = 'row2';
       
  2187       while($row = $db->fetchrow())
       
  2188       {
       
  2189         $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
       
  2190         $mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
       
  2191         echo '<tr>
       
  2192                 <td class="'.$cls.'" style="width: 100%;">
       
  2193                   ' . $row['username'] . '
       
  2194                 </td>
       
  2195                 <td class="'.$cls.'">
       
  2196                   '.$mod.'
       
  2197                 </td>
       
  2198                 <td class="'.$cls.'">
       
  2199                   <input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
       
  2200                 </td>
       
  2201               </tr>';
       
  2202       }
       
  2203     }
       
  2204     $db->free_result();
       
  2205     echo '</table>
       
  2206           </div>
       
  2207           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  2208     echo '</form>';
       
  2209     echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  2210     echo '<div class="tblholder">
       
  2211           <table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
       
  2212             <tr>
       
  2213               <th>Add a new member</th>
       
  2214             </tr>
       
  2215             <tr>
       
  2216               <td class="row1">
       
  2217                 Username: ' . $template->username_field('edit_add_username') . '
       
  2218               </td>
       
  2219             </tr>
       
  2220             <tr>
       
  2221               <td class="row2">
       
  2222                 <label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
       
  2223               </td>
       
  2224             </tr>
       
  2225             <tr>
       
  2226               <th class="subhead">
       
  2227                 <input type="submit" name="edit_do[add_member]" value="Add user to group" />
       
  2228               </th>
       
  2229             </tr>
       
  2230           </table>
       
  2231           </div>
       
  2232           <input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
       
  2233     echo '</form>';
       
  2234     return;
       
  2235   }
       
  2236   echo '<h3>Manage Usergroups</h3>';
       
  2237   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  2238   $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
       
  2239   if(!$q)
       
  2240   {
       
  2241     echo $db->get_error();
       
  2242   }
       
  2243   else
       
  2244   {
       
  2245     echo '<div class="tblholder">
       
  2246           <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
  2247           <tr>
       
  2248           <th>Edit an existing group</th>
       
  2249           </tr>';
       
  2250     echo '<tr><td class="row2"><select name="group_edit_id">';
       
  2251     while ( $row = $db->fetchrow() )
       
  2252     {
       
  2253       if ( $row['group_name'] != 'Everyone' )
       
  2254       {
       
  2255         echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
       
  2256       }
       
  2257     }
       
  2258     $db->free_result();
       
  2259     echo '</select></td></tr>';
       
  2260     echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
       
  2261           </table>
       
  2262           </div>
       
  2263           </form><br />';
       
  2264   }
       
  2265   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
       
  2266   echo '<div class="tblholder">
       
  2267         <table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
       
  2268         <tr>
       
  2269         <th colspan="2">Create a new group</th>
       
  2270         </tr>';
       
  2271   echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
       
  2272   echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
       
  2273         </table>
       
  2274         </div>';
       
  2275   echo '</form>';
       
  2276 }
       
  2277 
       
  2278 function page_Admin_COPPA()
       
  2279 {
       
  2280   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2281   global $lang;
       
  2282   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
  2283   {
       
  2284     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  2285     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  2286     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
       
  2287     return;
       
  2288   }
       
  2289   
       
  2290   echo '<h2>Background information</h2>';
       
  2291   echo '<p>
       
  2292           The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
       
  2293           children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
       
  2294           in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano 
       
  2295           provides an easy way to allow you, as the website administrator, to obtain this authorization.
       
  2296         </p>';
       
  2297   
       
  2298   // Start form
       
  2299   
       
  2300   if ( isset($_POST['coppa_address']) )
       
  2301   {
       
  2302     // Saving changes
       
  2303     $enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
       
  2304     setConfig('enable_coppa', $enable_coppa);
       
  2305     
       
  2306     $address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
       
  2307     setConfig('coppa_address', $address);
       
  2308     
       
  2309     echo '<div class="info-box">Your changes have been saved.</div>';
       
  2310   }
       
  2311   
       
  2312   echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&amp;' : '') .'module='.$paths->cpage['module']).'" method="post">';
       
  2313   
       
  2314   echo '<div class="tblholder">';
       
  2315   echo '<table border="0" cellspacing="1" cellpadding="4">';
       
  2316   echo '<tr>
       
  2317           <th colspan="2">
       
  2318             COPPA support
       
  2319           </th>
       
  2320         </tr>';
       
  2321         
       
  2322   echo '<tr>
       
  2323           <td class="row1">
       
  2324             Enable COPPA support:
       
  2325           </td>
       
  2326           <td class="row2">
       
  2327             <label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
       
  2328             <small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
       
  2329           </td>
       
  2330         </tr>';
       
  2331         
       
  2332   echo '<tr>
       
  2333           <td class="row1">
       
  2334             Your mailing address:<br />
       
  2335             <small>This is the address to which parents will send authorization forms.</small>
       
  2336           </td>
       
  2337           <td class="row2">
       
  2338             <textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
       
  2339           </td>
       
  2340         </tr>';
       
  2341         
       
  2342   echo '<tr>
       
  2343           <th colspan="2" class="subhead">
       
  2344             <input type="submit" value="Save changes" />
       
  2345           </th>
       
  2346         </tr>';
       
  2347         
       
  2348   echo '</table>';
       
  2349   
       
  2350   echo '</form>';
       
  2351   
  2092 }
  2352 }
  2093 
  2353 
  2094 function page_Admin_BanControl()
  2354 function page_Admin_BanControl()
  2095 {
  2355 {
  2096   global $db, $session, $paths, $template, $plugins; // Common objects
  2356   global $db, $session, $paths, $template, $plugins; // Common objects