<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.1

 * Copyright (C) 2006-2007 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

  define('ENANO_INTERFACE_AJAX', '');

  // fillusername should be done without the help of the rest of Enano - all we need is the DBAL

  if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )

  {

    // setup and load a very basic, specialized instance of the Enano API

    function microtime_float()

    {

      list($usec, $sec) = explode(" ", microtime());

      return ((float)$usec + (float)$sec);

    }

    // Determine directory (special case for development servers)

    if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )

    {

      $filename = str_replace('/repo/', '/', __FILE__);

    }

    else

    {

      $filename = __FILE__;

    }

    define('ENANO_ROOT', dirname($filename));

    require(ENANO_ROOT.'/includes/functions.php');

    require(ENANO_ROOT.'/includes/dbal.php');

    require(ENANO_ROOT.'/includes/json2.php');

    require(ENANO_ROOT . '/config.php');

    unset($dbuser, $dbpasswd);

    if ( !isset($dbdriver) )

      $dbdriver = 'mysql';

    $db = new $dbdriver();

    $db->connect();

    // result is sent using JSON

    $return = Array(

        'mode' => 'success',

        'users_real' => Array()

      );

    // should be connected to the DB now

    $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;

    if ( !$name )

    {

      $return = array(

        'mode' => 'error',

        'error' => 'Invalid URI'

      );

      die( enano_json_encode($return) );

    }

    $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';

    $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');

    if ( !$q )

    {

      $db->die_json();

    }

    $i = 0;

    while($r = $db->fetchrow())

    {

      $return['users_real'][] = $r['username'];

      $i++;

    }

    $db->free_result();

    // all done! :-)

    $db->close();

    echo enano_json_encode( $return );

    exit;

  }

  require('includes/common.php');

  global $db, $session, $paths, $template, $plugins; // Common objects

  if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');

  $_ob = '';

  switch($_GET['_mode']) {

    case "checkusername":

      echo PageUtils::checkusername($_GET['name']);

      break;

    case "getsource":

      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;

      $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;

      $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);

      $page->password = $password;

      if ( $src = $page->fetch_source() )

      {

        $allowed = true;

      }

      else if ( $src !== false )

      {

        $allowed = true;

        $src = '';

      }

      else

      {

        $allowed = false;

        $src = '';

      }

      $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );

      $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );

      $return = array(

          'mode' => 'editor',

          'src' => $src,

          'auth_view_source' => $allowed,

          'auth_edit' => $auth_edit,

          'time' => time(),

          'require_captcha' => false,

          'allow_wysiwyg' => $auth_wysiwyg,

        );

      if ( $revid > 0 )

      {

        // Retrieve information about this revision and the current one

        $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1

  LEFT JOIN ' . table_prefix . 'logs AS l2

    ON ( l2.time_id = ' . $revid . '

         AND l2.log_type  = \'page\'

         AND l2.action    = \'edit\'

        )

  WHERE l1.log_type  = \'page\'

    AND l1.action    = \'edit\'

    AND l1.time_id >= ' . $revid . '

  ORDER BY l1.time_id DESC;');

        if ( !$q )

          $db->die_json();

        $rev_count = $db->numrows() - 1;

      }

      if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )

      {

        $return['require_captcha'] = true;

        $return['captcha_id'] = $session->make_captcha();

      }

      echo enano_json_encode($return);

      break;

    case "getpage":

      // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));

      $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );

      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );

      $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';

      $page->password = $pagepass;

      $page->send();

      break;

    case "savepage":

      $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';

      $minor = isset($_POST['minor']);

      $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);

      {

        $page = new PageProcessor($paths->page_id, $paths->namespace);

        $page->send();

      }

      else

      {

        echo '<p>Error saving the page: '.$e.'</p>';

      }

      break;

    case "savepage_json":

      header('Content-type: application/json');

      if ( !isset($_POST['r']) )

      $request = enano_json_decode($_POST['r']);

      $time = intval($request['time']);

      {

        $return = array(

          );

      }

      else

      {

        {

        }

        if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )

        {

        }

      }

      echo enano_json_encode($return);

      break;

    case "diff_cur":

      // Lie about our content type to fool ad scripts

      header('Content-type: application/xhtml+xml');

      if ( !isset($_POST['text']) )

        die('Invalid request');

      $page = new PageProcessor($paths->page_id, $paths->namespace);

      if ( !($src = $page->fetch_source()) )

      {

        die('Access denied');

      }

      $diff = RenderMan::diff($src, $_POST['text']);

      if ( $diff == '<table class="diff"></table>' )

      {

        $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';

      }

      echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';

      echo $diff;

      break;

    case "protect":

      echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);

      break;

    case "histlist":

      echo PageUtils::histlist($paths->page_id, $paths->namespace);

      break;

    case "rollback":

      echo PageUtils::rollback( (int)$_GET['id'] );