Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
<?php
/*
Plugin Name: PunBB forum integration
Plugin URI: http://enanocms.org/PunBB_plugin
Description: Provides a complete forum solution in PunBB, a separately maintained and very lightweight GPL forum.
Author: Dan Fuhry
Version: 0.1.12.15
Author URI: http://enanocms.org/
*/
/*
* PunBB Plugin for Enano CMS
* Version 0.1.12.15
* Copyright (C) 2006-2007 Dan Fuhry
* Copyright (C) 2002-2007 Rickard Andersson
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
$plugins->attachHook('base_classes_initted', '
global $paths;
$paths->add_page(Array(
\'name\'=>\'Forum\',
\'urlname\'=>\'Forum\',
\'namespace\'=>\'Special\',
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
));
');
$plugins->attachHook('session_started', '
$pid = RenderMan::strToPageId($paths->get_pageid_from_url());
if ( getConfig("punbb_installed") == "yes" && getConfig("punbb_version") == PUNANO_VERSION && $pid[0] == "Forum" && $pid[1] == "Special" )
{
require( "punbb/include/common.php" );
}
');
define('PUNANO_VERSION', '0.1.12.15');
define('PUNBB_VERSION', '1.2.15');
define('PUN_ROOT', ENANO_ROOT . '/punbb/');
define('PUN', '');
define('PUN_DISABLE_BUFFERING', '');
function page_Special_Forum()
{
if ( getConfig('punbb_installed') != 'yes' )
{
punano_installer();
}
else if ( getConfig('punbb_version') != PUNANO_VERSION )
{
punano_upgrade();
}
else
{
punano_main();
}
}
function punano_installer()
{
global $db, $session, $paths, $template, $plugins; // Common objects
// First check our permissions
if ( $session->user_level < USER_LEVEL_ADMIN )
{
die_friendly('Punano initialization error', '<p>The Punano plugin doesn\'t have its database schema installed yet, and your user account doesn\'t have permission to install it. Please ask the administrator of this site to set up Punano.</p>');
}
else if ( $session->auth_level < USER_LEVEL_ADMIN )
{
$url = makeUrlNS('Special', 'Login/' . $paths->page, 'level=' . USER_LEVEL_ADMIN, true);
redirect($url, 'Permission denied', 'You need to have an active high-privilege session to set up Punano.', 4);
}
$template->header();
// Permissions are good
if ( isset($_POST['do_install']) )
{
$result = _punano_perform_install();
if ( $result )
{
echo '<p>PunBB installation has succeeded.</p>';
echo '<p><b><a href="' . makeUrlNS('Special', 'Forum') . '">Take me to my forum!</a></b></p>';
}
}
else
{
$url = makeUrlNS('Special', 'Forum');
?>
<form action="<?php echo $url; ?>" method="post">
<p><b>Before Punano can be used, you need to install the database.</b></p>
<p>This process will create several new tables in your database, and then fill them in with a default configuration for PunBB.
You should only continue if you have CREATE TABLE and CREATE INDEX privileges on your database.</p>
<p><input type="submit" style="font-weight: bold;" name="do_install" value="Install PunBB" /></p>
</form>
<?php
}
$template->footer();
}
function _punano_perform_install()
{
global $db, $session, $paths, $template, $plugins; // Common objects
$db_prefix = table_prefix . 'pun_';
$admin_email = getConfig('contact_email');
$pun_version = PUNBB_VERSION;
$schema = file_get_contents( ENANO_ROOT . '/punbb/schema.sql' );
if ( empty($schema) )
{
echo 'ERROR: cannot load schema file!';
return false;
}
$replace = array(
'{{TABLE_PREFIX}}' => $db_prefix,
'{{ENANO_ADMIN_EMAIL}}' => $admin_email,
'{{PUN_VERSION}}' => $pun_version
);
$schema = strtr($schema, $replace);
// Build an array of queries (from Enano's install.php)
$schema = explode("\n", $schema);
foreach ( $schema as $i => $sql )
{
$query =& $schema[$i];
$t = trim($query);
if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
{
unset($schema[$i]);
unset($query);
}
}
$schema = array_values($schema);
$schema = implode("\n", $schema);
$schema = explode(";\n", $schema);
foreach ( $schema as $i => $sql )
{
$query =& $schema[$i];
if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
{
$query .= ';';
}
if ( !$db->check_query($query) )
{
echo 'ERROR: Query safety check failed.<pre>' . $query . '</pre>';
}
}
foreach ( $schema as $query )
{
if ( !$db->sql_query($query) )
{
echo $db->get_error();
return false;
}
}
// Insert users
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 1;');
if ( !$q )
{
echo $db->get_error();
return false;
}
$uid_list = array();
while ( $row = $db->fetchrow_num() )
{
$uid_list[] = $row[0];
}
$query = 'INSERT INTO '.table_prefix.'pun_users(id) VALUES(' . implode('),(', $uid_list) . ');';
if ( !$db->sql_query($query) )
{
echo $db->get_error();
return false;
}
setConfig('punbb_installed', 'yes');
setConfig('punbb_version', PUNANO_VERSION);
return true;
}
function punano_upgrade()
{
global $db, $session, $paths, $template, $plugins; // Common objects
}
function punano_main()
{
global $db, $session, $paths, $template, $plugins; // Common objects
// At this point, the PunBB API is already loaded
// So we'll include one of the Pun frontend files
$valid = array('delete', 'edit', 'extern', 'help', 'index', 'misc', 'moderate', 'post', 'profile', 'search', 'userlist', 'viewforum', 'viewtopic');
$file = 'index';
if ( $x = $paths->getParam(0) )
{
$x = preg_replace('/\.php$/', '', $x);
if ( in_array(strtolower($x), $valid) )
{
$file = strtolower($x);
}
}
// Don't worry. This is sanitized.
require PUN_ROOT . $file . '.php';
}
?>