plugins/PunBB.php
author Dan
Sat, 11 Apr 2009 16:47:10 -0400
changeset 10 98d80b672f3c
parent 9 a932ce8c4827
permissions -rwxr-xr-x
Signatures are now pulled from Enano.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     1
<?php
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     2
/*
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     3
Plugin Name: PunBB forum integration
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     4
Plugin URI: http://enanocms.org/PunBB_plugin
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     5
Description: Provides a complete forum solution in PunBB, a separately maintained and very lightweight GPL forum.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     6
Author: Dan Fuhry
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
     7
Version: 1.3-beta
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     8
Author URI: http://enanocms.org/
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     9
*/
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    10
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    11
/*
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    12
 * PunBB Plugin for Enano CMS
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    13
 * Version 1.3-beta
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    14
 * Copyright (C) 2006-2008 Dan Fuhry
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    15
 * Copyright (C) 2002-2008 Rickard Andersson
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    16
 *
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    17
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    18
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    19
 *
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    20
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    21
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    22
 */
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    23
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    24
$plugins->attachHook('base_classes_initted', '
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    25
    global $paths;
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    26
    
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    27
    $paths->add_page(Array(
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    28
      \'name\'=>\'Forum\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    29
      \'urlname\'=>\'Forum\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    30
      \'namespace\'=>\'Special\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    31
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    32
    ));
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    33
    
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    34
  ');
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    35
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    36
$plugins->attachHook('session_started', '
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    37
    $pid = RenderMan::strToPageId($paths->get_pageid_from_url());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    38
8
8baccbad4a55 Fixed images
Dan
parents: 6
diff changeset
    39
    $is_style_or_script = ( ( strpos($_SERVER["REQUEST_URI"], "/style/") || strpos($_SERVER["REQUEST_URI"], "/include/js/") || strpos($_SERVER["REQUEST_URI"], "/img/") ) && !strpos($_SERVER["REQUEST_URI"], "/help/") );
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    40
    if ( getConfig("punbb_installed") == "yes" && getConfig("punbb_version") == PUNANO_VERSION && $pid[0] == "Forum" && $pid[1] == "Special" && !$is_style_or_script )
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    41
    {
5
e3d7322305bf Merging Scribus and Nighthawk branches
Dan
parents: 4
diff changeset
    42
      require( "punbb/include/common.php" );
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    43
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    44
    ');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    45
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
    46
$plugins->attachHook('user_registered', 'pun_handle_reg_event($user_id, $username);');
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
    47
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    48
define('PUNANO_VERSION', '0.1.3-beta');
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    49
define('PUNBB_VERSION',  '1.3-beta');
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    50
define('PUN_ROOT', ENANO_ROOT . '/punbb/');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    51
define('PUN', '');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    52
define('PUN_DISABLE_BUFFERING', '');
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    53
// define('PUN_SHOW_QUERIES', '');
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    54
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    55
function page_Special_Forum()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    56
{
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    57
  global $db, $session, $paths, $template, $plugins; // Common objects
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    58
  if ( getConfig('punbb_installed') != 'yes' )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    59
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    60
    punano_installer();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    61
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    62
  else if ( getConfig('punbb_version') != PUNANO_VERSION )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    63
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    64
    punano_upgrade();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    65
  }
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    66
  else if ( $paths->getParam(0) == 'admin' )
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    67
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    68
    punano_admin_console();
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    69
  }
8
8baccbad4a55 Fixed images
Dan
parents: 6
diff changeset
    70
  else if ( ( $paths->getParam(0) == 'style' ) || ( $paths->getParam(0) == 'include' && $paths->getParam(1) == 'js' ) || ( $paths->getParam(0) == 'img' ) )
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    71
  {
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    72
    $path = $paths->getAllParams();
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    73
    header('Location: ' . scriptPath . '/punbb/' . $path);
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    74
    exit();
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
    75
  }
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    76
  else
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    77
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    78
    punano_main();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    79
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    80
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    81
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    82
function punano_installer()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    83
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    84
  global $db, $session, $paths, $template, $plugins; // Common objects
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    85
  // First check our permissions
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    86
  if ( $session->user_level < USER_LEVEL_ADMIN )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    87
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    88
    die_friendly('Punano initialization error', '<p>The Punano plugin doesn\'t have its database schema installed yet, and your user account doesn\'t have permission to install it. Please ask the administrator of this site to set up Punano.</p>');
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    89
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    90
  else if ( $session->auth_level < USER_LEVEL_ADMIN )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    91
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    92
    $url = makeUrlNS('Special', 'Login/' . $paths->page, 'level=' . USER_LEVEL_ADMIN, true);
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
    93
    redirect($url, 'Permission denied', 'You need to have an active high-privilege session to set up Punano.', 4);
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    94
  }
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    95
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    96
  $template->header();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    97
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    98
  // Permissions are good
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    99
  if ( isset($_POST['do_install']) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   100
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   101
    $result = _punano_perform_install();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   102
    if ( $result )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   103
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   104
      echo '<p>PunBB installation has succeeded.</p>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   105
      echo '<p><b><a href="' . makeUrlNS('Special', 'Forum') . '">Take me to my forum!</a></b></p>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   106
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   107
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   108
  else
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   109
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   110
    $url = makeUrlNS('Special', 'Forum');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   111
    ?>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   112
    <form action="<?php echo $url; ?>" method="post">
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   113
      <p><b>Before Punano can be used, you need to install the database.</b></p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   114
      <p>This process will create several new tables in your database, and then fill them in with a default configuration for PunBB.
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   115
         You should only continue if you have CREATE TABLE and CREATE INDEX privileges on your database.</p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   116
      <p><input type="submit" style="font-weight: bold;" name="do_install" value="Install PunBB" /></p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   117
    </form>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   118
    <?php
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   119
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   120
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   121
  $template->footer();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   122
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   123
}
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   124
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   125
function _punano_perform_install()
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   126
{
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   127
  global $db, $session, $paths, $template, $plugins; // Common objects
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   128
  global $dbdriver;
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   129
  
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   130
  $db_prefix = table_prefix . 'pun_';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   131
  $admin_email = getConfig('contact_email');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   132
  $pun_version = PUNBB_VERSION;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   133
  
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   134
  $schema = file_get_contents( ENANO_ROOT . "/punbb/install-$dbdriver.sql" );
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   135
  if ( empty($schema) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   136
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   137
    echo 'ERROR: cannot load schema file!';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   138
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   139
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   140
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   141
  $replace = array(
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   142
      '{{TABLE_PREFIX}}' => $db_prefix,
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   143
      '{{ENANO_ADMIN_EMAIL}}' => $admin_email,
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   144
      '{{PUN_VERSION}}' => $pun_version,
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   145
      '{{NOW}}' => strval(time())
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   146
    );
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   147
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   148
  $schema = strtr($schema, $replace);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   149
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   150
  // Build an array of queries (from Enano's install.php)
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   151
  $schema = explode("\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   152
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   153
  foreach ( $schema as $i => $sql )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   154
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   155
    $query =& $schema[$i];
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   156
    $t = trim($query);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   157
    if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   158
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   159
      unset($schema[$i]);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   160
      unset($query);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   161
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   162
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   163
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   164
  $schema = array_values($schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   165
  $schema = implode("\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   166
  $schema = explode(";\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   167
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   168
  foreach ( $schema as $i => $sql )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   169
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   170
    $query =& $schema[$i];
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   171
    if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   172
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   173
      $query .= ';';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   174
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   175
    if ( !$db->check_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   176
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   177
      echo 'ERROR: Query safety check failed.<pre>' . $query . '</pre>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   178
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   179
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   180
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   181
  foreach ( $schema as $query )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   182
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   183
    if ( !$db->sql_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   184
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   185
      echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   186
      return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   187
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   188
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   189
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   190
  // Insert users
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   191
  $q = $db->sql_query('SELECT user_id, user_level FROM '.table_prefix.'users WHERE user_id > 1;');
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   192
  if ( !$q )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   193
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   194
    echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   195
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   196
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   197
  $uid_list = array();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   198
  while ( $row = $db->fetchrow_num() )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   199
  {
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   200
    $g_id = 4;
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   201
    switch ( $row[1] )
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   202
    {
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   203
      case USER_LEVEL_ADMIN: $g_id = 1; break;
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   204
      case USER_LEVEL_MOD:   $g_id = 3; break;
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   205
    }
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   206
    $uid_list[] = "{$row[0]}, {$g_id}";
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   207
  }
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   208
  $query = 'INSERT INTO '.table_prefix.'pun_users(id, group_id) VALUES(' . implode('),(', $uid_list) . ');';
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   209
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   210
  if ( !$db->sql_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   211
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   212
    echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   213
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   214
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   215
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   216
  setConfig('punbb_installed', 'yes');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   217
  setConfig('punbb_version', PUNANO_VERSION);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   218
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   219
  return true;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   220
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   221
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   222
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   223
function punano_upgrade()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   224
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   225
  global $db, $session, $paths, $template, $plugins; // Common objects
5
e3d7322305bf Merging Scribus and Nighthawk branches
Dan
parents: 4
diff changeset
   226
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   227
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   228
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   229
function punano_main()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   230
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   231
  global $db, $session, $paths, $template, $plugins; // Common objects
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   232
  
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   233
  // At this point, the PunBB API is already loaded
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   234
  // So we'll include one of the Pun frontend files
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   235
  
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   236
  /*
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   237
  $valid = array('delete', 'edit', 'extern', 'help', 'index', 'misc', 'moderate', 'post', 'profile', 'search', 'userlist', 'viewforum', 'viewtopic');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   238
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   239
  $file = 'index';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   240
  if ( $x = $paths->getParam(0) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   241
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   242
    $x = preg_replace('/\.php$/', '', $x);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   243
    if ( in_array(strtolower($x), $valid) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   244
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   245
      $file = strtolower($x);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   246
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   247
  }
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   248
  */
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   249
  $file = 'rewrite';
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   250
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   251
  // Don't worry. This is sanitized.
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   252
  $file = PUN_ROOT . $file . '.php';
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   253
  require $file;
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   254
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   255
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   256
function punano_admin_console()
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   257
{
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   258
  global $db, $session, $paths, $template, $plugins; // Common objects
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   259
  
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   260
  $valid = array('bans', 'categories', 'censoring', 'extensions', 'forums', 'groups', 'index', 'options', 'prune', 'ranks', 'reindex', 'reports', 'users');
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   261
  $mod   = array();
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   262
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   263
  $file = 'index';
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   264
  
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   265
  if ( $x = $paths->getParam(1) )
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   266
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   267
    $x = preg_replace('/\.php$/', '', $x);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   268
    $x = preg_replace('/^admin_/i', '', $x);
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   269
    if ( in_array(strtolower($x), $valid) || in_array(strtolower($x), $mod) )
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   270
    {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   271
      $file = strtolower($x);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   272
    }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   273
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   274
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   275
  if ( in_array($file, $mod) )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   276
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   277
    $need_level = USER_LEVEL_MOD;
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   278
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   279
  else
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   280
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   281
    $need_level = USER_LEVEL_ADMIN;
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   282
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   283
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   284
  if ( $session->auth_level < $need_level )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   285
  {
5
e3d7322305bf Merging Scribus and Nighthawk branches
Dan
parents: 4
diff changeset
   286
    redirect( makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, false), 'Permission denied', 'You need to have permission level ' . $session->userlevel_to_string($need_level) . ' to use the PunBB administration console.', 2);
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   287
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   288
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   289
  // Don't worry. This is sanitized.
6
5e1f1e916419 Big upgrade to 1.3 beta. Basic things are working.
Dan
parents: 5
diff changeset
   290
  require PUN_ROOT . 'admin/' . $file . '.php';
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   291
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   292
}
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   293
9
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   294
function pun_handle_reg_event($user_id, $username)
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   295
{
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   296
  global $db, $session, $paths, $template, $plugins; // Common objects
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   297
  if ( getConfig('punbb_installed') != 'yes' )
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   298
  {
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   299
    return false;
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   300
  }
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   301
  
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   302
  // register the new user in PunBB
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   303
  // at this point $username has been SQL-injection-proofed already by the session manager
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   304
  $q = $db->sql_query('INSERT INTO ' . table_prefix . "pun_users ( id, username ) VALUES ( $user_id, '$username' );");
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   305
  if ( !$q )
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   306
    $db->_die();
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   307
}
a932ce8c4827 More progress, compatibility updates for 1.1.4, etc.
Dan
parents: 8
diff changeset
   308
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   309
?>