PageRenderTime 37ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/index.php

https://code.google.com/p/enanocms/
PHP | 702 lines | 630 code | 33 blank | 39 comment | 90 complexity | eb28c0e34ce967547310abcff8c79252 MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. /*
  3. * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
  4. * Copyright (C) 2006-2009 Dan Fuhry
  5. *
  6. * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
  7. * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
  10. * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
  11. *
  12. * @package Enano
  13. * @subpackage Frontend
  14. */
  15. define('ENANO_INTERFACE_INDEX', '');
  16. // start up Enano
  17. require('includes/common.php');
  18. // decide on HTML compacting
  19. $aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']);
  20. // Set up gzip encoding before any output is sent
  21. global $do_gzip;
  22. $do_gzip = true;
  23. error_reporting(E_ALL);
  24. if($aggressive_optimize_html || $do_gzip)
  25. {
  26. ob_start();
  27. }
  28. global $db, $session, $paths, $template, $plugins; // Common objects
  29. $page_timestamp = time();
  30. if ( !isset($_GET['do']) )
  31. {
  32. $_GET['do'] = 'view';
  33. }
  34. switch($_GET['do'])
  35. {
  36. default:
  37. $code = $plugins->setHook('page_action');
  38. ob_start();
  39. foreach ( $code as $cmd )
  40. {
  41. eval($cmd);
  42. }
  43. if ( $contents = ob_get_contents() )
  44. {
  45. ob_end_clean();
  46. echo $contents;
  47. }
  48. else
  49. {
  50. die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>');
  51. }
  52. break;
  53. case 'view':
  54. // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
  55. $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
  56. $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
  57. // Feed this PageProcessor to the template processor. This prevents $template from starting another
  58. // PageProcessor when we already have one going.
  59. $template->set_page($page);
  60. $page->send_headers = true;
  61. $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
  62. $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
  63. $page->password = $pagepass;
  64. $page->send(true);
  65. $page_timestamp = $page->revision_time;
  66. break;
  67. case 'comments':
  68. $output->header();
  69. require_once(ENANO_ROOT.'/includes/pageutils.php');
  70. $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false;
  71. switch($sub)
  72. {
  73. case 'admin':
  74. default:
  75. $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false;
  76. $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1;
  77. echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id));
  78. break;
  79. case 'postcomment':
  80. if(empty($_POST['name']) ||
  81. empty($_POST['subj']) ||
  82. empty($_POST['text'])
  83. ) { echo 'Invalid request'; break; }
  84. $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false;
  85. $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false;
  86. require_once('includes/comment.php');
  87. $comments = new Comments($paths->page_id, $paths->namespace);
  88. $submission = array(
  89. 'mode' => 'submit',
  90. 'captcha_id' => $cid,
  91. 'captcha_code' => $cin,
  92. 'name' => $_POST['name'],
  93. 'subj' => $_POST['subj'],
  94. 'text' => $_POST['text'],
  95. );
  96. $result = $comments->process_json($submission);
  97. if ( $result['mode'] == 'error' )
  98. {
  99. echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>';
  100. }
  101. else
  102. {
  103. echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>';
  104. }
  105. echo PageUtils::comments_html($paths->page_id, $paths->namespace);
  106. break;
  107. case 'editcomment':
  108. if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; }
  109. $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']);
  110. if(!$q) $db->_die('The comment data could not be selected.');
  111. $row = $db->fetchrow();
  112. $db->free_result();
  113. $row['subject'] = str_replace('\'', '&#039;', $row['subject']);
  114. echo '<form action="'.makeUrl($paths->page, 'do=comments&amp;sub=savecomment').'" method="post">';
  115. echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'>
  116. <tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
  117. <tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
  118. <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr>
  119. </table></div>";
  120. echo '</form>';
  121. break;
  122. case 'savecomment':
  123. if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; }
  124. $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']);
  125. if($r != 'good') { echo "<pre>$r</pre>"; break; }
  126. echo PageUtils::comments_html($paths->page_id, $paths->namespace);
  127. break;
  128. case 'deletecomment':
  129. if(!empty($_GET['id']))
  130. {
  131. PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']);
  132. }
  133. echo PageUtils::comments_html($paths->page_id, $paths->namespace);
  134. break;
  135. }
  136. $output->footer();
  137. break;
  138. case 'edit':
  139. if(isset($_POST['_cancel']))
  140. {
  141. redirect(makeUrl($paths->page), '', '', 0);
  142. break;
  143. }
  144. require_once(ENANO_ROOT.'/includes/pageutils.php');
  145. if(isset($_POST['_save']))
  146. {
  147. $captcha_valid = true;
  148. if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
  149. {
  150. $captcha_valid = false;
  151. if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) )
  152. {
  153. $hash_correct = strtolower($session->get_captcha($_POST['captcha_id']));
  154. $hash_input = strtolower($_POST['captcha_code']);
  155. if ( $hash_input === $hash_correct )
  156. $captcha_valid = true;
  157. }
  158. }
  159. if ( $captcha_valid )
  160. {
  161. $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor']));
  162. if ( $e == 'good' )
  163. {
  164. redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3);
  165. }
  166. }
  167. }
  168. $template->header();
  169. if ( isset($captcha_valid) )
  170. {
  171. echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>';
  172. }
  173. if(isset($_POST['_preview']))
  174. {
  175. $text = $_POST['page_text'];
  176. $edsumm = $_POST['edit_summary'];
  177. echo PageUtils::genPreview($_POST['page_text']);
  178. $text = htmlspecialchars($text);
  179. $revid = 0;
  180. }
  181. else
  182. {
  183. $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
  184. $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
  185. $text = $page->fetch_source();
  186. $edsumm = '';
  187. // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
  188. }
  189. if ( $revid > 0 )
  190. {
  191. $time = $page->revision_time;
  192. // Retrieve information about this revision and the current one
  193. $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
  194. LEFT JOIN ' . table_prefix . 'logs AS l2
  195. ON ( l2.log_id = ' . $revid . '
  196. AND l2.log_type = \'page\'
  197. AND l2.action = \'edit\'
  198. AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
  199. AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
  200. AND l1.is_draft != 1
  201. )
  202. WHERE l1.log_type = \'page\'
  203. AND l1.action = \'edit\'
  204. AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
  205. AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
  206. AND l1.time_id > ' . $time . '
  207. AND l1.is_draft != 1
  208. ORDER BY l1.time_id DESC;');
  209. if ( !$q )
  210. $db->die_json();
  211. if ( $db->numrows() > 0 )
  212. {
  213. echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>';
  214. $rev_count = $db->numrows() - 2;
  215. $row = $db->fetchrow();
  216. $undo_info = array(
  217. 'old_author' => $row['oldrev_author'],
  218. 'current_author' => $row['currentrev_author'],
  219. 'undo_count' => max($rev_count, 1),
  220. 'last_rev_id' => $revid
  221. );
  222. }
  223. else
  224. {
  225. $revid = 0;
  226. }
  227. $db->free_result();
  228. }
  229. echo '
  230. <form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data">
  231. <br />
  232. <textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br />
  233. <br />
  234. ';
  235. $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm;
  236. echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />';
  237. if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
  238. {
  239. echo '<br /><table border="0"><tr><td>';
  240. echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />'
  241. . '<br />'
  242. . $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />'
  243. . $lang->get('editor_msg_captcha_blind');
  244. echo '</td><td>';
  245. $hash = $session->make_captcha();
  246. echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />';
  247. echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />';
  248. echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />';
  249. echo '</td></tr></table>';
  250. }
  251. echo '<br />
  252. <input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" />
  253. <input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" />
  254. <input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" />
  255. <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" />
  256. </form>
  257. ';
  258. if ( getConfig('wiki_edit_notice', '0') == '1' )
  259. {
  260. $notice = getConfig('wiki_edit_notice_text');
  261. echo RenderMan::render($notice);
  262. }
  263. $template->footer();
  264. break;
  265. case 'viewsource':
  266. $template->header();
  267. $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false);
  268. $text = htmlspecialchars($text);
  269. echo '
  270. <form action="'.makeUrl($paths->page, 'do=edit').'" method="post">
  271. <br />
  272. <textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>';
  273. echo '<br />
  274. <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" />
  275. </form>
  276. ';
  277. $template->footer();
  278. break;
  279. case 'history':
  280. require_once(ENANO_ROOT.'/includes/pageutils.php');
  281. $hist = PageUtils::histlist($paths->page_id, $paths->namespace);
  282. $template->header();
  283. echo $hist;
  284. $template->footer();
  285. break;
  286. case 'rollback':
  287. $id = (isset($_GET['id'])) ? $_GET['id'] : false;
  288. if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
  289. $id = intval($id);
  290. $page = new PageProcessor($paths->page_id, $paths->namespace);
  291. $result = $page->rollback_log_entry($id);
  292. if ( $result['success'] )
  293. {
  294. $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline']));
  295. }
  296. else
  297. {
  298. $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action']));
  299. }
  300. $template->header();
  301. echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>';
  302. $template->footer();
  303. break;
  304. case 'catedit':
  305. require_once(ENANO_ROOT.'/includes/pageutils.php');
  306. if(isset($_POST['save']))
  307. {
  308. unset($_POST['save']);
  309. $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST['categories']);
  310. if($val == 'GOOD')
  311. {
  312. header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
  313. } else {
  314. die_friendly('Error saving category information', '<p>'.$val.'</p>');
  315. }
  316. }
  317. elseif(isset($_POST['__enanoCatCancel']))
  318. {
  319. header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
  320. }
  321. $template->header();
  322. $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace);
  323. echo $c[1];
  324. $template->footer();
  325. break;
  326. case 'moreoptions':
  327. $template->header();
  328. echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>';
  329. $template->footer();
  330. break;
  331. case 'protect':
  332. if ( !$session->sid_super )
  333. {
  334. redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
  335. }
  336. if ( isset($_POST['level']) && isset($_POST['reason']) )
  337. {
  338. $level = intval($_POST['level']);
  339. if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) )
  340. {
  341. $errors[] = 'bad level';
  342. }
  343. $reason = trim($_POST['reason']);
  344. if ( empty($reason) )
  345. {
  346. $errors[] = $lang->get('onpage_protect_err_need_reason');
  347. }
  348. $page = new PageProcessor($paths->page_id, $paths->namespace);
  349. $result = $page->protect_page($level, $reason);
  350. if ( $result['success'] )
  351. {
  352. redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3);
  353. }
  354. else
  355. {
  356. $errors[] = $lang->get('page_err_' . $result['error']);
  357. }
  358. }
  359. $template->header();
  360. ?>
  361. <form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post">
  362. <h3><?php echo $lang->get('onpage_protect_heading'); ?></h3>
  363. <p><?php echo $lang->get('onpage_protect_msg_select_level'); ?></p>
  364. <?php
  365. if ( !empty($errors) )
  366. {
  367. echo '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
  368. }
  369. ?>
  370. <div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
  371. <label>
  372. <input type="radio" name="level" value="<?php echo PROTECT_FULL; ?>" />
  373. <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 0, 0); ?>
  374. <?php echo $lang->get('onpage_protect_btn_full'); ?>
  375. </label>
  376. </div>
  377. <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
  378. <?php echo $lang->get('onpage_protect_btn_full_hint'); ?>
  379. </div>
  380. <div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
  381. <label>
  382. <input type="radio" name="level" value="<?php echo PROTECT_SEMI; ?>" />
  383. <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 22, 0); ?>
  384. <?php echo $lang->get('onpage_protect_btn_semi'); ?>
  385. </label>
  386. </div>
  387. <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
  388. <?php echo $lang->get('onpage_protect_btn_semi_hint'); ?>
  389. </div>
  390. <div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
  391. <label>
  392. <input type="radio" name="level" value="<?php echo PROTECT_NONE; ?>" />
  393. <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 44, 0); ?>
  394. <?php echo $lang->get('onpage_protect_btn_none'); ?>
  395. </label>
  396. </div>
  397. <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
  398. <?php echo $lang->get('onpage_protect_btn_none_hint'); ?>
  399. </div>
  400. <table style="margin-left: 1em;" cellspacing="10">
  401. <tr>
  402. <td valign="top">
  403. <?php echo $lang->get('onpage_protect_lbl_reason'); ?>
  404. </td>
  405. <td>
  406. <input type="text" name="reason" size="40" /><br />
  407. <small><?php echo $lang->get('onpage_protect_lbl_reason_hint'); ?></small>
  408. </td>
  409. </tr>
  410. </table>
  411. <p>
  412. <input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" />
  413. <a class="abutton" href="<?php echo makeUrl($paths->page, false, true); ?>"><?php echo $lang->get('etc_cancel'); ?></a>
  414. </p>
  415. </form>
  416. <?php
  417. $template->footer();
  418. break;
  419. case 'rename':
  420. require_once(ENANO_ROOT.'/includes/pageutils.php');
  421. if(!empty($_POST['newname']))
  422. {
  423. $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']);
  424. die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>');
  425. }
  426. $template->header();
  427. ?>
  428. <form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post">
  429. <?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?>
  430. <p><?php echo $lang->get('page_rename_lbl'); ?></p>
  431. <p><input type="text" name="newname" size="40" /></p>
  432. <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p>
  433. </form>
  434. <?php
  435. $template->footer();
  436. break;
  437. case 'flushlogs':
  438. if(!$session->get_permissions('clear_logs'))
  439. {
  440. die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
  441. }
  442. if ( !$session->sid_super )
  443. {
  444. redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
  445. }
  446. require_once(ENANO_ROOT.'/includes/pageutils.php');
  447. if(isset($_POST['_downthejohn']))
  448. {
  449. $template->header();
  450. $result = PageUtils::flushlogs($paths->page_id, $paths->namespace);
  451. echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
  452. $template->footer();
  453. break;
  454. }
  455. $template->header();
  456. ?>
  457. <form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post">
  458. <?php echo $lang->get('page_flushlogs_warning_stern'); ?>
  459. <p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
  460. </form>
  461. <?php
  462. $template->footer();
  463. break;
  464. case 'delvote':
  465. require_once(ENANO_ROOT.'/includes/pageutils.php');
  466. if(isset($_POST['_ballotbox']))
  467. {
  468. $template->header();
  469. $result = PageUtils::delvote($paths->page_id, $paths->namespace);
  470. echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
  471. $template->footer();
  472. break;
  473. }
  474. $template->header();
  475. ?>
  476. <form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post">
  477. <?php
  478. echo $lang->get('page_delvote_warning_stern');
  479. echo '<p>';
  480. switch($paths->cpage['delvotes'])
  481. {
  482. case 0: echo $lang->get('page_delvote_count_zero'); break;
  483. case 1: echo $lang->get('page_delvote_count_one'); break;
  484. default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break;
  485. }
  486. echo '</p>';
  487. ?>
  488. <p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p>
  489. </form>
  490. <?php
  491. $template->footer();
  492. break;
  493. case 'resetvotes':
  494. require_once(ENANO_ROOT.'/includes/pageutils.php');
  495. if(!$session->get_permissions('vote_reset'))
  496. {
  497. die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
  498. }
  499. if(isset($_POST['_youmaylivealittlelonger']))
  500. {
  501. $template->header();
  502. $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
  503. echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
  504. $template->footer();
  505. break;
  506. }
  507. $template->header();
  508. ?>
  509. <form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post">
  510. <p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p>
  511. <p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p>
  512. </form>
  513. <?php
  514. $template->footer();
  515. break;
  516. case 'deletepage':
  517. if ( !$session->get_permissions('delete_page') )
  518. {
  519. die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
  520. }
  521. if ( !$session->sid_super )
  522. {
  523. redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
  524. }
  525. require_once(ENANO_ROOT . '/includes/pageutils.php');
  526. if ( isset($_POST['_adiossucker']) )
  527. {
  528. $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
  529. if ( empty($reason) )
  530. $error = $lang->get('ajax_delete_prompt_reason');
  531. else
  532. {
  533. $template->header();
  534. $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
  535. echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
  536. $template->footer();
  537. break;
  538. }
  539. }
  540. $template->header();
  541. ?>
  542. <form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post">
  543. <?php echo $lang->get('page_delete_warning_stern'); ?>
  544. <?php if ( isset($error) ) echo "<p>$error</p>"; ?>
  545. <p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p>
  546. <p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="font-weight: bold;" /></p>
  547. </form>
  548. <?php
  549. $template->footer();
  550. break;
  551. case 'setwikimode':
  552. if(!$session->get_permissions('set_wiki_mode'))
  553. {
  554. die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
  555. }
  556. if ( isset($_POST['finish']) )
  557. {
  558. $level = intval($_POST['level']);
  559. if ( !in_array($level, array(0, 1, 2) ) )
  560. {
  561. die_friendly('Invalid request', '<p>Level not specified</p>');
  562. }
  563. $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
  564. if ( !$q )
  565. $db->_die();
  566. redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2);
  567. }
  568. else
  569. {
  570. $template->header();
  571. if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>');
  572. $level = intval($_GET['level']);
  573. if ( !in_array($level, array(0, 1, 2) ) )
  574. {
  575. die_friendly('Invalid request', '<p>Level not specified</p>');
  576. }
  577. echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">';
  578. echo '<input type="hidden" name="finish" value="foo" />';
  579. echo '<input type="hidden" name="level" value="' . $level . '" />';
  580. $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' );
  581. $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable';
  582. ?>
  583. <h3><?php echo $lang->get('page_wikimode_heading'); ?></h3>
  584. <p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p>
  585. <p><?php echo $lang->get('page_wikimode_warning'); ?></p>
  586. <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p>
  587. <?php
  588. echo '</form>';
  589. $template->footer();
  590. }
  591. break;
  592. case 'diff':
  593. require_once(ENANO_ROOT.'/includes/pageutils.php');
  594. require_once(ENANO_ROOT.'/includes/diff.php');
  595. $template->header();
  596. $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
  597. $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
  598. if ( !$id1 || !$id2 )
  599. {
  600. echo '<p>Invalid request.</p>';
  601. $template->footer();
  602. break;
  603. }
  604. if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) )
  605. {
  606. echo '<p>SQL injection attempt</p>';
  607. $template->footer();
  608. break;
  609. }
  610. echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
  611. $template->footer();
  612. break;
  613. case 'detag':
  614. if ( $session->user_level < USER_LEVEL_ADMIN )
  615. {
  616. die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
  617. }
  618. if ( $paths->page_exists )
  619. {
  620. die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>');
  621. }
  622. $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
  623. if ( !$q )
  624. $db->_die('Detag query, index.php:'.__LINE__);
  625. die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>');
  626. break;
  627. case 'aclmanager':
  628. if ( !$session->sid_super )
  629. {
  630. redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
  631. }
  632. require_once(ENANO_ROOT.'/includes/pageutils.php');
  633. $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups');
  634. PageUtils::aclmanager($data);
  635. break;
  636. case 'sql_report':
  637. $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
  638. $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
  639. $page->send_headers = true;
  640. $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
  641. $page->password = $pagepass;
  642. $page->send(true);
  643. ob_end_clean();
  644. ob_start();
  645. $db->sql_report();
  646. break;
  647. }
  648. // Generate an ETag
  649. /*
  650. // format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex
  651. $etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' .
  652. "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" .
  653. dechex($page_timestamp);
  654. if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
  655. {
  656. if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
  657. {
  658. header('HTTP/1.1 304 Not Modified');
  659. exit();
  660. }
  661. }
  662. header("ETag: \"$etag\"");
  663. */
  664. $db->close();
  665. gzip_output();
  666. @ob_end_flush();
  667. ?>