<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.6 (Caoineag beta 1)

 * Copyright (C) 2006-2008 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

  define('ENANO_INTERFACE_AJAX', '');

  require('includes/common.php');

  global $db, $session, $paths, $template, $plugins; // Common objects

  if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');

  $_ob = '';

  switch($_GET['_mode']) {

    case "checkusername":

      require_once(ENANO_ROOT.'/includes/pageutils.php');

      echo PageUtils::checkusername($_GET['name']);

      break;

    case "getsource":

      header('Content-type: text/plain');

      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;

      $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;

      $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);

      $page->password = $password;

      $have_draft = false;

      if ( $src = $page->fetch_source() )

      {

        $allowed = true;

        $q = $db->sql_query('SELECT author, time_id, page_text, edit_summary, page_format FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'

                               AND page_id = \'' . $db->escape($paths->page_id) . '\'

                               AND namespace = \'' . $db->escape($paths->namespace) . '\'

                               AND is_draft = 1;');

        if ( !$q )

          $db->die_json();

        if ( $db->numrows() > 0 )

        {

          $have_draft = true;

          $draft_row = $db->fetchrow($q);

        }

      }

      else if ( $src !== false )

      {

        $allowed = true;

        $src = '';

      }

      else

      {

        $allowed = false;

        $src = '';

      }

      $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );

      $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );

      $return = array(

          'mode' => 'editor',

          'src' => $src,

          'auth_view_source' => $allowed,

          'auth_edit' => $auth_edit,

          'time' => time(),

          'require_captcha' => false,

          'allow_wysiwyg' => $auth_wysiwyg,

          'revid' => $revid,

          'have_draft' => false

        );

      $return['page_format'] = $paths->cpage['page_format'];

      if ( $return['page_format'] == 'xhtml' )

      {

        // gently process headings to make tinymce format them correctly

        if ( preg_match_all('/^ *?(={1,6}) *(.+?) *\\1 *$/m', $return['src'], $matches) )

        {

          foreach ( $matches[0] as $i => $match )

          {

            $hi = strlen($matches[1][$i]);

            $heading = "<h{$hi}>{$matches[2][$i]}</h{$hi}>";

            $return['src'] = str_replace_once($match, $heading, $return['src']);

          }

        }

      }

      if ( $have_draft )

      {

        $row =& $draft_row;

        $return['have_draft'] = true;

        $return['draft_author'] = $row['author'];

        $return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));

        if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )

        {

          $return['src'] = $row['page_text'];

          $return['edit_summary'] = $row['edit_summary'];

          $return['page_format'] = $row['page_format'];

        }

      }

      $return['undo_info'] = array();

      if ( $revid > 0 )

      {

        // Retrieve information about this revision and the current one

        $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1

  LEFT JOIN ' . table_prefix . 'logs AS l2

    ON ( l2.log_id = ' . $revid . '

         AND l2.log_type  = \'page\'

         AND l2.action    = \'edit\'

         AND l2.page_id   = \'' . $db->escape($paths->page_id)   . '\'

         AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'

         AND l2.is_draft != 1

        )

  WHERE l1.log_type  = \'page\'

    AND l1.action    = \'edit\'

    AND l1.page_id   = \'' . $db->escape($paths->page_id)   . '\'

    AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'

    AND l1.time_id   > ' . $page->revision_time . '

    AND l1.is_draft != 1

  ORDER BY l1.time_id DESC;');

        if ( !$q )

          $db->die_json();

        if ( $db->numrows() > 0 )

        {

          $rev_count = $db->numrows() - 1;

          if ( $rev_count == -1 )

          {

            $return = array(

                'mode' => 'error',

                'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'

              );

          }

          else

          {

            $row = $db->fetchrow();

            $return['undo_info'] = array(

              'old_author'     => $row['oldrev_author'],

              'current_author' => $row['currentrev_author'],

              'undo_count'     => $rev_count

            );

          }

        }

        else

        {

          $return['revid'] = $revid = 0;

        }

      }

      if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )

      {

        $return['require_captcha'] = true;

        $return['captcha_id'] = $session->make_captcha();

      }

      $template->load_theme();

      $return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');

      echo enano_json_encode($return);

      break;

    case "getpage":

      // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));

      $output = new Output_Striptease();

      $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );

      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );

      $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';

      $page->password = $pagepass;

      $page->send();

      break;

    case "savepage":

      /* **** OBSOLETE **** */

      break;

    case "savepage_json":

      header('Content-type: application/json');

      if ( !isset($_POST['r']) )

        die('Invalid request');

      try

      {

        $request = enano_json_decode($_POST['r']);

        if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )

          die('Invalid request');

      }

      catch(Zend_Json_Exception $e)

      {

        die("JSON parsing failed. View as HTML to see full report.\n<br /><br />\n<pre>" . htmlspecialchars(strval($e)) . "</pre><br />Request: <pre>" . htmlspecialchars($_POST['r']) . "</pre>");

      }

      $time = intval($request['time']);

      if ( $request['draft'] )

      {

        //

        // The user wants to save a draft version of the page.

        //

        // Validate permissions

        if ( !$session->get_permissions('edit_page') )

        {

          $return = array(

            'mode' => 'error',

            'error' => 'access_denied'

          );

        }

        else

        {

          // Delete any draft copies if they exist

          $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'

                                 AND page_id = \'' . $db->escape($paths->page_id) . '\'

                                 AND namespace = \'' . $db->escape($paths->namespace) . '\'

                                 AND is_draft = 1;');

          if ( !$q )

            $db->die_json();

          // are we just supposed to delete the draft?

          if ( $request['src'] === -1 )

          {

            $return = array(

              'mode' => 'success',

              'is_draft' => 'delete'

            );

          }

          else

          {

            $src = RenderMan::preprocess_text($request['src'], false, false);

            $draft_format = $request['format'];

            if ( !in_array($draft_format, array('xhtml', 'wikitext')) )

            {

              $return = array(

                'mode' => 'error',

                'error' => 'invalid_format'

              );

            }

            else

            {

              // Save the draft

              $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id, page_format )

                                     VALUES (

                                       \'page\',

                                       \'edit\',

                                       \'' . $db->escape($paths->page_id) . '\',

                                       \'' . $db->escape($paths->namespace) . '\',

                                       \'' . $db->escape($session->username) . '\',

                                       \'' . $db->escape($request['summary']) . '\',

                                       \'' . $db->escape($src) . '\',

                                       1,

                                       ' . time() . ',

                                       \'' . $draft_format . '\'

                                     );');

              // Done!

              $return = array(

                  'mode' => 'success',

                  'is_draft' => true

                );

            }

          }

        }

      }

      else

      {

        // Verify that no edits have been made since the editor was requested

        $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");

        if ( !$q )

          $db->die_json();

        $row = $db->fetchrow();

        $db->free_result();

        if ( $row['time_id'] > $time )

        {

          $return = array(

            'mode' => 'obsolete',

            'author' => $row['author'],

            'date_string' => enano_date('d M Y h:i a', $row['time_id']),

            'time' => $row['time_id'] // time() ???

            );

          echo enano_json_encode($return);

          break;

        }

        // Verify captcha, if needed

        if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )

        {

          if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )

          {

            die('Invalid request, need captcha metadata');

          }

          $code_correct = strtolower($session->get_captcha($request['captcha_id']));

          $code_input = strtolower($request['captcha_code']);

          if ( $code_correct !== $code_input )

          {

            $return = array(

              'mode' => 'errors',

              'errors' => array($lang->get('editor_err_captcha_wrong')),

              'new_captcha' => $session->make_captcha()

            );

            echo enano_json_encode($return);

            break;

          }

        }

        // Verification complete. Start the PageProcessor and let it do the dirty work for us.

        $page = new PageProcessor($paths->page_id, $paths->namespace);

        if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 ), $request['format']) )

        {

          $return = array(

              'mode' => 'success',

              'is_draft' => false

            );

        }

        else

        {

          $errors = array();

          while ( $err = $page->pop_error() )

          {

            $errors[] = $err;

          }

          $return = array(

            'mode' => 'errors',

            'errors' => array_values($errors)

            );

          if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )

          {

            $return['new_captcha'] = $session->make_captcha();

          }

        }

      }

      // If this is based on a draft version, delete the draft - we no longer need it.

      if ( @$request['used_draft'] && !$request['draft'] )

      {

        $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'

                               AND page_id = \'' . $db->escape($paths->page_id) . '\'

                               AND namespace = \'' . $db->escape($paths->namespace) . '\'

                               AND is_draft = 1;');

      }

      echo enano_json_encode($return);

      break;

    case "diff_cur":

      // Lie about our content type to fool ad scripts

      header('Content-type: application/xhtml+xml');

      if ( !isset($_POST['text']) )

        die('Invalid request');

      $page = new PageProcessor($paths->page_id, $paths->namespace);

      if ( !($src = $page->fetch_source()) )

      {

        die('Access denied');

      }

      $diff = RenderMan::diff($src, $_POST['text']);

      if ( $diff == '<table class="diff"></table>' )

      {

        $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';

      }

      echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';

      echo $diff;

      break;

    case "protect":

      // echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);

      if ( @$_POST['reason'] === '__ROLLBACK__' )

      {

        // __ROLLBACK__ is a keyword for log entries.

        die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');

      }

      $page = new PageProcessor($paths->page_id, $paths->namespace);

      header('Content-type: application/json');