0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Runt - the Enano administration panel
+ − 4
Plugin URI: http://enanocms.org/
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 5
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
0
+ − 6
Author: Dan Fuhry
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
diff
changeset
+ − 7
Version: 1.0.2
0
+ − 8
Author URI: http://enanocms.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 13
* Version 1.0.2 (Coblynau)
0
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 24
+ − 25
$plugins->attachHook('base_classes_initted', '
+ − 26
global $paths;
+ − 27
$paths->add_page(Array(
+ − 28
\'name\'=>\'Administration\',
+ − 29
\'urlname\'=>\'Administration\',
+ − 30
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 31
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 32
));
+ − 33
+ − 34
$paths->add_page(Array(
+ − 35
\'name\'=>\'Manage the Sidebar\',
+ − 36
\'urlname\'=>\'EditSidebar\',
+ − 37
\'namespace\'=>\'Special\',
116
77c75179bb95
Made most special pages "visible"; fixup for non-existent special page redirect in paths.php; rewrote Special:AllPages to have pagination (WiP, Special:SpecialPages is possibly next, depending on whether paginate_array works or not)
Dan
diff
changeset
+ − 38
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
0
+ − 39
));
+ − 40
');
+ − 41
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 42
// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 43
require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 44
require(ENANO_ROOT . '/plugins/admin/SecurityLog.php');
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 45
require(ENANO_ROOT . '/plugins/admin/UserManager.php');
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 46
0
+ − 47
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
+ − 48
+ − 49
function page_Admin_Home() {
+ − 50
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 51
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 52
{
+ − 53
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 54
return;
+ − 55
}
+ − 56
+ − 57
// Basic information
+ − 58
echo RenderMan::render(
+ − 59
'== Welcome to Runt, the Enano administration panel. ==
+ − 60
+ − 61
Thank you for choosing Enano as your CMS. This screen allows you to see some information about your website, plus some details about how your site is doing statistically.
+ − 62
+ − 63
Using the links on the left you can control every aspect of your website\'s look and feel, plus you can manage users, work with pages, and install plugins to make your Enano installation even better.');
+ − 64
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 65
// Demo mode
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 66
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 67
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 68
echo '<h3>Enano is running in demo mode.</h3>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 69
<p>If you borked something up, or if you\'re done testing, you can <a href="' . makeUrlNS('Special', 'DemoReset', false, true) . '">reset this site</a>. The site is reset automatically once every two hours. When a reset is performed, all custom modifications to the site are lost and replaced with default values.</p>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 70
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 71
0
+ − 72
// Check for the installer scripts
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 73
if( ( file_exists(ENANO_ROOT.'/install.php') || file_exists(ENANO_ROOT.'/schema.sql') ) && !defined('ENANO_DEMO_MODE') )
0
+ − 74
{
+ − 75
echo '<div class="error-box"><b>NOTE:</b> It appears that your install.php and/or schema.sql files still exist. It is HIGHLY RECOMMENDED that you delete or rename these files, to prevent getting your server hacked.</div>';
+ − 76
}
+ − 77
+ − 78
// Inactive users
+ − 79
$q = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\';');
+ − 80
if($q)
+ − 81
if($db->numrows() > 0)
+ − 82
{
+ − 83
$n = $db->numrows();
+ − 84
if($n == 1) $s = $n . ' user is';
+ − 85
else $s = $n . ' users are';
+ − 86
echo '<div class="warning-box">It appears that '.$s.' awaiting account activation. You can activate those accounts by going to the <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'UserManager\'); return false;">User Manager</a>.</div>';
+ − 87
}
+ − 88
$db->free_result();
+ − 89
// Stats
+ − 90
if(getConfig('log_hits') == '1')
+ − 91
{
+ − 92
$stats = stats_top_pages(10);
61
+ − 93
//die('<pre>'.print_r($stats,true).'</pre>');
0
+ − 94
$c = 0;
+ − 95
$cls = 'row2';
+ − 96
echo '<h3>Most requested pages</h3><div class="tblholder"><table style="width: 100%;" border="0" cellspacing="1" cellpadding="4"><tr><th>Page</th><th>Hits</th></tr>';
61
+ − 97
foreach($stats as $data)
0
+ − 98
{
61
+ − 99
echo '<tr>';
+ − 100
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 101
echo '<td class="'.$cls.'"><a href="'.makeUrl($data['page_urlname']).'">'.$data['page_title'].'</a></td><td style="text-align: center;" class="'.$cls.'">'.$data['num_hits'].'</td>';
+ − 102
echo '</tr>';
0
+ − 103
}
+ − 104
echo '</table></div>';
+ − 105
}
+ − 106
+ − 107
// Security log
+ − 108
echo '<h3>Security log</h3>';
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 109
$seclog = get_security_log(5);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 110
echo $seclog;
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 111
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 112
echo '<p><a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'SecurityLog\'); return false;">Full security log</a></p>';
0
+ − 113
+ − 114
}
+ − 115
+ − 116
function page_Admin_GeneralConfig() {
+ − 117
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 118
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 119
{
+ − 120
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 121
return;
+ − 122
}
+ − 123
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 124
if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 125
{
0
+ − 126
+ − 127
// Global site options
+ − 128
setConfig('site_name', $_POST['site_name']);
+ − 129
setConfig('site_desc', $_POST['site_desc']);
+ − 130
setConfig('main_page', str_replace(' ', '_', $_POST['main_page']));
+ − 131
setConfig('copyright_notice', $_POST['copyright']);
+ − 132
setConfig('contact_email', $_POST['contact_email']);
+ − 133
+ − 134
// Wiki mode
+ − 135
if(isset($_POST['wikimode'])) setConfig('wiki_mode', '1');
+ − 136
else setConfig('wiki_mode', '0');
+ − 137
if(isset($_POST['wiki_mode_require_login'])) setConfig('wiki_mode_require_login', '1');
+ − 138
else setConfig('wiki_mode_require_login', '0');
+ − 139
if(isset($_POST['editmsg'])) setConfig('wiki_edit_notice', '1');
+ − 140
else setConfig('wiki_edit_notice', '0');
+ − 141
setConfig('wiki_edit_notice_text', $_POST['editmsg_text']);
+ − 142
+ − 143
// Stats
+ − 144
if(isset($_POST['log_hits'])) setConfig('log_hits', '1');
+ − 145
else setConfig('log_hits', '0');
+ − 146
+ − 147
// Disablement
+ − 148
if(isset($_POST['site_disabled'])) { setConfig('site_disabled', '1'); setConfig('site_disabled_notice', $_POST['site_disabled_notice']); }
+ − 149
else setConfig('site_disabled', '0');
+ − 150
+ − 151
// Account activation
+ − 152
setConfig('account_activation', $_POST['account_activation']);
+ − 153
+ − 154
// W3C compliance buttons
+ − 155
if(isset($_POST['w3c-vh32'])) setConfig("w3c_vh32", "1");
+ − 156
else setConfig("w3c_vh32", "0");
+ − 157
if(isset($_POST['w3c-vh40'])) setConfig("w3c_vh40", "1");
+ − 158
else setConfig("w3c_vh40", "0");
+ − 159
if(isset($_POST['w3c-vh401'])) setConfig("w3c_vh401", "1");
+ − 160
else setConfig("w3c_vh401", "0");
+ − 161
if(isset($_POST['w3c-vxhtml10'])) setConfig("w3c_vxhtml10", "1");
+ − 162
else setConfig("w3c_vxhtml10", "0");
+ − 163
if(isset($_POST['w3c-vxhtml11'])) setConfig("w3c_vxhtml11", "1");
+ − 164
else setConfig("w3c_vxhtml11", "0");
+ − 165
if(isset($_POST['w3c-vcss'])) setConfig("w3c_vcss", "1");
+ − 166
else setConfig("w3c_vcss", "0");
+ − 167
+ − 168
// SourceForge.net logo
+ − 169
if(isset($_POST['showsf'])) setConfig('sflogo_enabled', '1');
+ − 170
else setConfig('sflogo_enabled', '0');
+ − 171
setConfig('sflogo_groupid', $_POST['sfgroup']);
+ − 172
setConfig('sflogo_type', $_POST['sflogo']);
+ − 173
+ − 174
// Comment options
+ − 175
if(isset($_POST['comment-approval'])) setConfig('approve_comments', '1');
+ − 176
else setConfig('approve_comments', '0');
+ − 177
if(isset($_POST['enable-comments'])) setConfig('enable_comments', '1');
+ − 178
else setConfig('enable_comments', '0');
+ − 179
setConfig('comments_need_login', $_POST['comments_need_login']);
+ − 180
+ − 181
// Powered by link
+ − 182
if ( isset($_POST['enano_powered_link']) ) setConfig('powered_btn', '1');
+ − 183
else setConfig('powered_btn', '0');
+ − 184
+ − 185
if(isset($_POST['dbdbutton'])) setConfig('dbd_button', '1');
+ − 186
else setConfig('dbd_button', '0');
+ − 187
+ − 188
if($_POST['emailmethod'] == 'phpmail') setConfig('smtp_enabled', '0');
+ − 189
else setConfig('smtp_enabled', '1');
+ − 190
+ − 191
setConfig('smtp_server', $_POST['smtp_host']);
+ − 192
setConfig('smtp_user', $_POST['smtp_user']);
+ − 193
if($_POST['smtp_pass'] != 'XXXXXXXXXXXX') setConfig('smtp_password', $_POST['smtp_pass']);
+ − 194
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 195
// Password strength
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 196
if ( isset($_POST['pw_strength_enable']) ) setConfig('pw_strength_enable', '1');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 197
else setConfig('pw_strength_enable', '0');
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 198
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 199
$strength = intval($_POST['pw_strength_minimum']);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 200
if ( $strength >= -10 && $strength <= 30 )
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 201
{
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 202
$strength = strval($strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 203
setConfig('pw_strength_minimum', $strength);
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 204
}
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 205
0
+ − 206
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
+ − 207
+ − 208
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 209
else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 210
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 211
echo '<div class="error-box">Saving the general site configuration is blocked in the administration demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 212
}
0
+ − 213
echo('<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post" onsubmit="if(!submitAuthorized) return false;">');
+ − 214
?>
+ − 215
<div class="tblholder">
+ − 216
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 217
+ − 218
<!-- Global options -->
+ − 219
+ − 220
<tr><th colspan="2">Global site options</th></tr>
+ − 221
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
+ − 222
40
+ − 223
<tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ − 224
<tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ − 225
<tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ − 226
<tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
0
+ − 227
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
+ − 228
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
+ − 229
+ − 230
<!-- Wiki mode -->
+ − 231
+ − 232
<tr><th colspan="2">Wiki mode</th></tr>
+ − 233
+ − 234
<tr>
+ − 235
<td class="row3" rowspan="2">
+ − 236
Enano can also act as a wiki, meaning anyone can edit and create pages. To enable Wiki Mode, check the box to the right.<br /><br />
+ − 237
In Wiki Mode, certain HTML tags such as <script> and <object> are disabled, and all PHP code is disabled, except if the person editing the page is an administrator.<br /><br />
+ − 238
Also, Enano keeps complete page history, which makes restoring vandalized pages easy. You can also protect pages so that they cannot be edited.
+ − 239
</td>
+ − 240
<td class="row1">
+ − 241
<input type="checkbox" name="wikimode" id="wikimode" <?php if(getConfig('wiki_mode')=='1') echo('CHECKED '); ?> /><label for="wikimode">Enable Wiki Mode</label>
+ − 242
</td>
+ − 243
</tr>
+ − 244
+ − 245
<tr><td class="row2"><label><input type="checkbox" name="wiki_mode_require_login"<?php if(getConfig('wiki_mode_require_login')=='1') echo('CHECKED '); ?>/> Only for logged in users</label></td></tr>
+ − 246
+ − 247
<tr>
+ − 248
<td class="row3" rowspan="2">
+ − 249
<b>Edit page notice</b><br />
+ − 250
When Wiki Mode is enabled, anyone can edit pages. Check the box below and enter a message to display it whenever the page editor is opened.
+ − 251
</td>
+ − 252
<td class="row1">
+ − 253
<input onclick="if(this.checked) document.getElementById('editmsg_text').style.display='block'; else document.getElementById('editmsg_text').style.display='none';" type="checkbox" name="editmsg" id="editmsg" <?php if(getConfig('wiki_edit_notice')=='1') echo('CHECKED '); ?>/> <label for="editmsg">Show a message whenever pages are edited</label>
+ − 254
</td>
+ − 255
</tr>
+ − 256
+ − 257
<tr>
+ − 258
<td class="row2">
+ − 259
<textarea <?php if(getConfig('wiki_edit_notice')!='1') echo('style="display:none" '); ?>rows="5" cols="30" name="editmsg_text" id="editmsg_text"><?php echo getConfig('wiki_edit_notice_text'); ?></textarea>
+ − 260
</td>
+ − 261
</tr>
+ − 262
+ − 263
<!-- Site statistics -->
+ − 264
+ − 265
<tr><th colspan="2">Statistics and hit counting</th></tr>
+ − 266
+ − 267
<tr>
+ − 268
<td class="row1">Enano has the ability to show statistics for every page on the site. This allows you to keep very close track of who is visiting your site, and from where.<br /><br />Unfortunately, some users don't like being logged. For this reason, you should state clearly what is logged (usually the username or IP address, current time, page name, and referer URL) in your privacy policy. If your site is primarily geared towards children, and you are a United States citizen, you are required to have a privacy policy stating exactly what is being logged under the terms of the Childrens' Online Privacy Protection Act.</td>
+ − 269
<td class="row1"><label><input type="checkbox" name="log_hits" <?php if(getConfig('log_hits') == '1') echo 'checked="checked" '; ?>/> Log all page hits</label><br /><small>This excludes special and administration pages.</small></td>
+ − 270
</tr>
+ − 271
+ − 272
<!-- Comment options -->
+ − 273
+ − 274
<tr><th colspan="2">Comment system</th></tr>
+ − 275
<tr><td class="row1"><label for="enable-comments"><b>Enable the comment system</b></label> </td><td class="row1"><input name="enable-comments" id="enable-comments" type="checkbox" <?php if(getConfig('enable_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 276
<tr><td class="row2"><label for="comment-approval">Require approval before article comments can be shown</label></td><td class="row2"><input name="comment-approval" id="comment-approval" type="checkbox" <?php if(getConfig('approve_comments')=='1') echo('CHECKED '); ?>/></td></tr>
+ − 277
<tr><td class="row1">Guest comment posting allowed </td><td class="row1"><label><input name="comments_need_login" type="radio" value="0" <?php if(getConfig('comments_need_login')=='0') echo 'CHECKED '; ?>/> Yes</label>
+ − 278
<label><input name="comments_need_login" type="radio" value="1" <?php if(getConfig('comments_need_login')=='1') echo 'CHECKED '; ?>/> Require visual confirmation</label>
+ − 279
<!-- Default permissions --> <label><input name="comments_need_login" type="radio" value="2" <?php if(getConfig('comments_need_login')=='2') echo 'CHECKED '; ?>/> No (require login)</label></td></tr>
+ − 280
+ − 281
<!--
+ − 282
+ − 283
READ: Do not try to enable this, backend support for it has been disabled. To edit default
+ − 284
permissions, select The Entire Website in any permissions editor window.
+ − 285
+ − 286
<tr><th colspan="2">Default permissions for pages</th></tr>
+ − 287
+ − 288
<tr>
+ − 289
<td class="row1">You can edit the default set of permissions used when no other permissions are available. Permissions set here are used when no other permissions are available. As with other ACL rules, you can assign these defaults to every user or one specific user or group.</td>
+ − 290
<td class="row1"><a href="#" onclick="ajaxOpenACLManager('__DefaultPermissions', 'Special'); return false;">Manage default permissions</a></td>
+ − 291
</tr>
+ − 292
+ − 293
-->
+ − 294
+ − 295
<!-- enanocms.org link -->
+ − 296
+ − 297
<tr>
+ − 298
<th colspan="2">Promote Enano</th>
+ − 299
</tr>
+ − 300
<tr>
+ − 301
<td class="row3">
+ − 302
If you think Enano is nice, or if you want to show your support for the Enano team, you can do so by placing a link to the Enano
+ − 303
homepage in your Links sidebar block. You absolutely don't have to do this, and you won't get degraded support if you don't. Because
+ − 304
Enano is still relatively new in the CMS world, it needs all the attention it can get - and you can easily help to spread the word
+ − 305
using this link.
+ − 306
</td>
+ − 307
<td class="row1">
+ − 308
<label>
36
+ − 309
<input name="enano_powered_link" type="checkbox" <?php if(getConfig('powered_btn') == '1') echo 'checked="checked"'; ?> /> Place a link to enanocms.org on the sidebar
0
+ − 310
</label>
+ − 311
</td>
+ − 312
</tr>
+ − 313
+ − 314
<!-- Site disablement -->
+ − 315
+ − 316
<tr><th colspan="2">Disable all site access</th></tr>
+ − 317
+ − 318
<tr>
+ − 319
<td class="row3" rowspan="2">Disabling the site allows you to work on the site without letting non-administrators see or use it.</td>
+ − 320
<td class="row1"><label><input onclick="if(this.checked) document.getElementById('site_disabled_notice').style.display='block'; else document.getElementById('site_disabled_notice').style.display='none';" type="checkbox" name="site_disabled" <?php if(getConfig('site_disabled') == '1') echo 'checked="checked" '; ?>/> Disable this site</label></td>
+ − 321
</tr>
+ − 322
<tr>
+ − 323
<td class="row2">
30
+ − 324
<div id="site_disabled_notice"<?php if(getConfig('site_disabled')!='1') echo(' style="display:none"'); ?>>
0
+ − 325
Message to show to users:<br />
+ − 326
<textarea name="site_disabled_notice" rows="7" cols="30"><?php echo getConfig('site_disabled_notice'); ?></textarea>
+ − 327
</div>
+ − 328
</td>
+ − 329
</tr>
+ − 330
+ − 331
<!-- Account activation -->
+ − 332
+ − 333
<tr><th colspan="2">User account activation</th></tr>
+ − 334
+ − 335
<tr>
+ − 336
<td class="row3" colspan="2">
+ − 337
If you would like to require users to confirm their e-mail addresses by way of account activation, you can enable this behavior here. If this option is set to "None", users will be able to register and use this site without confirming their e-mail addresses. If this option is set to "User", users will automatically be sent e-mails upon registration with a link to activate their accounts. And lastly, if this option is set to "Admin", users' accounts will not be active until an administrator activates the account.<br /><br />
+ − 338
You may also disable registration completely if needed.<br /><br />
+ − 339
<b>Note: because of abuse by project administrators, sending account activation e-mails will not work on SourceForge.net servers.</b>
+ − 340
</td>
+ − 341
</tr>
+ − 342
+ − 343
<tr>
+ − 344
<td class="row1">Account activation:</td><td class="row1">
+ − 345
<?php
+ − 346
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
222
+ − 347
echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
0
+ − 348
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
+ − 349
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
+ − 350
?>
+ − 351
</td>
+ − 352
</tr>
+ − 353
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 354
<tr><th colspan="2">Password strength</th></tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 355
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 356
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 357
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 358
<b>Enable password strength analysis</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 359
<small>This should be enabled in most cases. When this is enabled, a strength meter and a numerical score will be displayed wherever a password can be changed.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 360
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 361
<td class="row2">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 362
<label><input type="checkbox" name="pw_strength_enable" <?php if ( getConfig('pw_strength_enable') == '1' ) echo 'checked="checked" '; ?>/> Enabled</label>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 363
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 364
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 365
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 366
<tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 367
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 368
<b>Minimum strength score</b><br />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 369
<small>This is the lowest score a password will be allowed to have. -10 will allow any password. A score of under -3 is considered weak, under 1 is fair, under 4 is good, under 10 is strong, and 10 and above are very strong. The scale is open-ended. This only has an effect if the meter is enabled above.</small>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 370
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 371
<td class="row1">
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 372
<input type="text" name="pw_strength_minimum" value="<?php echo ( $x = getConfig('pw_strength_minimum') ) ? $x : '-10'; ?>" />
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 373
</td>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 374
</tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 375
0
+ − 376
<!-- E-mail options -->
+ − 377
+ − 378
<tr><th colspan="2">E-mail sent from the site</th></tr>
+ − 379
<tr><td class="row1">E-mail sending method:<br /><small>Try using the built-in e-mail method first. If that doesn't work, you will need to enter valid SMTP information here.</small></td>
+ − 380
<td class="row1"><label><input <?php if(getConfig('smtp_enabled') != '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="phpmail" />PHP's built-in mail() function</label><br />
+ − 381
<label><input <?php if(getConfig('smtp_enabled') == '1') echo 'checked="checked"'; ?> type="radio" name="emailmethod" value="smtp" />Use an external SMTP server</label></td>
+ − 382
</tr>
+ − 383
<tr><td class="row2">SMTP hostname:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 384
<td class="row2"><input value="<?php echo getConfig('smtp_server'); ?>" name="smtp_host" type="text" size="30" /></td>
+ − 385
</tr>
+ − 386
<tr><td class="row1">SMTP credentials:<br /><small>This option only applies to the external SMTP mode.</small></td>
+ − 387
<td class="row1">Username: <input value="<?php echo getConfig('smtp_user'); ?>" name="smtp_user" type="text" size="30" /><br />
+ − 388
Password: <input value="<?php if(getConfig('smtp_password') != false) echo 'XXXXXXXXXXXX'; ?>" name="smtp_pass" type="password" size="30" /></td>
+ − 389
</tr>
+ − 390
+ − 391
<!-- SourceForge.net logo -->
+ − 392
+ − 393
<tr><th colspan="2">SourceForge.net logo</th></tr>
+ − 394
+ − 395
<tr>
+ − 396
<td colspan="2" class="row3">
+ − 397
All projects hosted by SourceForge.net are required to display an official SourceForge.net logo on their pages. If you want
+ − 398
to display a SourceForge.net logo on the sidebar, check the box below, enter your group ID, and select an image type.
+ − 399
</td>
+ − 400
</tr>
+ − 401
+ − 402
<?php
+ − 403
if(getConfig("sflogo_enabled")=='1') $c='CHECKED ';
+ − 404
else $c='';
+ − 405
if(getConfig("sflogo_groupid")) $g=getConfig("sflogo_groupid");
+ − 406
else $g='';
+ − 407
if(getConfig("sflogo_type")) $t=getConfig("sflogo_type");
+ − 408
else $t='1';
+ − 409
?>
+ − 410
+ − 411
<tr>
+ − 412
<td class="row1">Display the SourceForge.net logo on the right sidebar</td>
+ − 413
<td class="row1"><input type=checkbox name="showsf" id="showsf" <?php echo $c; ?> /></td>
+ − 414
</tr>
+ − 415
+ − 416
<tr>
+ − 417
<td class="row2">Group ID:</td>
+ − 418
<td class="row2"><input value="<?php echo $g; ?>" type=text size=15 name=sfgroup /></td>
+ − 419
</tr>
+ − 420
+ − 421
<tr>
+ − 422
<td class="row1">Logo style:</td>
+ − 423
<td class="row1">
+ − 424
<select name="sflogo">
+ − 425
<option <?php if($t=='1') echo('SELECTED '); ?>value=1>88x31px, white</option>
+ − 426
<option <?php if($t=='2') echo('SELECTED '); ?>value=2>125x37px, white</option>
+ − 427
<option <?php if($t=='3') echo('SELECTED '); ?>value=3>125x37px, black</option>
+ − 428
<option <?php if($t=='4') echo('SELECTED '); ?>value=4>125x37px, blue</option>
+ − 429
<option <?php if($t=='5') echo('SELECTED '); ?>value=5>210x62px, white</option>
+ − 430
<option <?php if($t=='6') echo('SELECTED '); ?>value=6>210x62px, black</option>
+ − 431
<option <?php if($t=='7') echo('SELECTED '); ?>value=7>210x62px, blue</option>
+ − 432
</select>
+ − 433
</td>
+ − 434
</tr>
+ − 435
+ − 436
<!-- W3C validator buttons -->
+ − 437
+ − 438
<tr><th colspan="2">W3C compliance logos</th></tr>
+ − 439
<tr><th colspan="2" class="subhead">Enano generates (by default) Valid XHTML 1.1 code, plus valid CSS. If you want to show this off, check the appropriate boxes below.</th></tr>
+ − 440
+ − 441
<tr><td class="row1"><label for="w3c-vh32">HTML 3.2</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh32')=='1') echo('CHECKED '); ?> id="w3c-vh32" name="w3c-vh32" /></td></tr>
+ − 442
<tr><td class="row2"><label for="w3c-vh40">HTML 4.0</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vh40')=='1') echo('CHECKED '); ?> id="w3c-vh40" name="w3c-vh40" /></td></tr>
+ − 443
<tr><td class="row1"><label for="w3c-vh401">HTML 4.01</label> </td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vh401')=='1') echo('CHECKED '); ?> id="w3c-vh401" name="w3c-vh401" /></td></tr>
+ − 444
<tr><td class="row2"><label for="w3c-vxhtml10">XHTML 1.0</label></td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vxhtml10')=='1') echo('CHECKED '); ?> id="w3c-vxhtml10" name="w3c-vxhtml10" /></td></tr>
+ − 445
<tr><td class="row1"><label for="w3c-vxhtml11">XHTML 1.1</label></td><td class="row1"><input type="checkbox" <?php if(getConfig('w3c_vxhtml11')=='1') echo('CHECKED '); ?> id="w3c-vxhtml11" name="w3c-vxhtml11" /></td></tr>
+ − 446
<tr><td class="row2"><label for="w3c-vcss">CSS</label> </td><td class="row2"><input type="checkbox" <?php if(getConfig('w3c_vcss')=='1') echo('CHECKED '); ?> id="w3c-vcss" name="w3c-vcss" /></td></tr>
+ − 447
+ − 448
<!-- DefectiveByDesign.org ad -->
+ − 449
+ − 450
<tr><th colspan="2">Defective By Design Anti-DRM button</th></tr>
+ − 451
<tr><td colspan="2" class="row3"><b>The Enano project is strongly against Digital Restrictions Management.</b> DRM removes the freedoms that every consumer should have: to freely copy and use digital media items they legally purchased to their own devices. Showing your opposition to DRM is as easy as checking the box below to place a link to <a href="http://www.defectivebydesign.org">DefectiveByDesign.org</a> on your sidebar.</td></tr>
+ − 452
<tr><td class="row1"><label for="dbdbutton">Help stop DRM by placing a link to DBD on the sidebar!</label></td><td class="row1"><input type="checkbox" name="dbdbutton" id="dbdbutton" <?php if(getConfig('dbd_button')=='1') echo('checked="checked" '); ?>/></td></tr>
+ − 453
+ − 454
<!-- Save button -->
+ − 455
+ − 456
<tr><th style="text-align: right" class="subhead" colspan="2"><input type=submit name=submit value="Save changes" /></th></tr>
+ − 457
+ − 458
</table>
+ − 459
</div>
+ − 460
</form>
+ − 461
<?php
+ − 462
}
+ − 463
+ − 464
function page_Admin_UploadConfig()
+ − 465
{
+ − 466
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 467
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 468
{
+ − 469
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 470
return;
+ − 471
}
+ − 472
+ − 473
if(isset($_POST['save']))
+ − 474
{
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 475
if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 476
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 477
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 478
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 479
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 480
setConfig('enable_uploads', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 481
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 482
else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 483
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 484
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 485
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 486
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 487
setConfig('enable_uploads', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 488
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 489
if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 490
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 491
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 492
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 493
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 494
setConfig('enable_imagemagick', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 495
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 496
else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 497
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 498
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 499
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 500
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 501
setConfig('enable_imagemagick', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 502
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 503
if(isset($_POST['cache_thumbs']))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 504
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 505
setConfig('cache_thumbs', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 506
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 507
else
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 508
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 509
setConfig('cache_thumbs', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 510
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 511
if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 512
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 513
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 514
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 515
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 516
setConfig('file_history', '1');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 517
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 518
else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 519
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 520
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 521
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 522
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 523
setConfig('file_history', '0');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 524
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 525
if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path'))
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 526
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 527
$old = getConfig('imagemagick_path');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 528
$oldnew = "{$old}||{$_POST['imagemagick_path']}";
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 529
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","magick_path",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($oldnew) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 530
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 531
$db->_die();
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 532
setConfig('imagemagick_path', $_POST['imagemagick_path']);
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 533
}
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 534
else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 535
{
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 536
echo '<span style="color: red"><b>Warning:</b> the file "'.htmlspecialchars($_POST['imagemagick_path']).'" was not found, and the ImageMagick file path was not updated.</span>';
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 537
}
0
+ − 538
$max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']);
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 539
if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 540
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 541
echo '<div class="error-box">Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 542
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 543
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 544
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 545
setConfig('max_file_size', $max_upload.'');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 546
}
0
+ − 547
}
+ − 548
echo '<form name="main" action="'.htmlspecialchars(makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module'])).'" method="post">';
+ − 549
?>
+ − 550
<h3>File upload configuration</h3>
+ − 551
<p>Enano supports the ability to upload files to your website and store the files in the database. This enables you to embed images
+ − 552
and such into pages without manually writing the HTML. However, the upload feature can sometimes pose a risk to your site, as viruses
+ − 553
and executable files can sometimes be uploaded.</p>
+ − 554
<p><label><input type="checkbox" name="enable_uploads" <?php if(getConfig('enable_uploads')=='1') echo 'checked="checked"'; ?> /> <b>Enable file uploads</b></label></p>
+ − 555
<p>Maximum file size: <input name="max_file_size" onkeyup="if(!this.value.match(/^([0-9\.]+)$/ig)) this.value = this.value.substr(0,this.value.length-1);" value="<?php echo getConfig('max_file_size'); ?>" /> <select name="fs_units"><option value="1" selected="selected">bytes</option><option value="1024">KB</option><option value="1048576">MB</option></select></p>
+ − 556
<p>You can allow Enano to generate thumbnails of images automatically. This feature requires ImageMagick to work properly. If your server
+ − 557
does not have ImageMagick on it, Enano will simply make your users' browsers scale the images. In most cases this is fine, but if you
+ − 558
are uploading large (>100KB) images and embedding them inside of pages, you should try to enable ImageMagick because transferring these
+ − 559
large images many times can cost you quite a lot of bandwidth.</p>
+ − 560
<p><label><input type="checkbox" name="enable_imagemagick" <?php if(getConfig('enable_imagemagick')=='1') echo 'checked="checked"'; ?> /> Use ImageMagick to scale images</label><br />
+ − 561
Path to ImageMagick: <input type="text" name="imagemagick_path" value="<?php if(getConfig('imagemagick_path')) echo getConfig('imagemagick_path'); else echo '/usr/bin/convert'; ?>" /><br />
+ − 562
On Linux and Unix servers, the most likely options here are /usr/bin/convert and /usr/local/bin/convert. If you server runs Windows, then
+ − 563
ImageMagick is most likely to be C:\Windows\Convert.exe or C:\Windows\System32\Convert.exe.
+ − 564
</p>
+ − 565
<p>If you use ImageMagick to scale images, your server will be very busy constantly scaling images if your website is busy, and your site
+ − 566
may experience slowdowns. You can dramatically speed up this scaling process if you use a directory to cache thumbnail images.</p>
+ − 567
<p><b>Please note:</b> the cache/ directory on your server <u>must</u> be writable by the server. While this is not usually a problem on
+ − 568
Windows servers, most Linux/Unix servers will require you to CHMOD the cache/ directory to 777. See your FTP client's user guide for
+ − 569
more information on how to do this.<?php if(!is_writable(ENANO_ROOT.'/cache/')) echo ' <b>At present, it seems that the cache directory
+ − 570
is not writable. The checkbox below has been disabled to maintain the stability of Enano.</b>'; ?></p>
+ − 571
<p><label><input type="checkbox" name="cache_thumbs" <?php if(getConfig('cache_thumbs')=='1' && is_writable(ENANO_ROOT.'/cache/')) echo 'checked="checked"'; elseif(!is_writable(ENANO_ROOT.'/cache/')) echo 'readonly="readonly"'; ?> /> Cache thumbnailed images</label></p>
+ − 572
<p>Lastly, you can choose whether file history will be saved. If this option is turned on, you will be able to roll back any malicious
+ − 573
changes made to uploaded files, but this requires a significant amount of database storage. You should probably leave this option
+ − 574
enabled unless you have less than 250MB of MySQL database space.</p>
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 575
<p><label><input type="checkbox" name="file_history" <?php if(getConfig('file_history')=='1') echo 'checked="checked"'; ?> /> Keep a history of uploaded files</label></p>
0
+ − 576
<hr style="margin-left: 1em;" />
+ − 577
<p><input type="submit" name="save" value="Save changes" style="font-weight: bold;" /></p>
+ − 578
<?php
+ − 579
echo '</form>';
+ − 580
}
+ − 581
+ − 582
function page_Admin_PluginManager() {
+ − 583
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 584
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 585
{
+ − 586
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 587
return;
+ − 588
}
+ − 589
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 590
if(isset($_GET['action']))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 591
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 592
switch($_GET['action'])
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 593
{
0
+ − 594
case "enable":
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 595
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 596
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 597
$db->_die();
0
+ − 598
setConfig('plugin_'.$_GET['plugin'], '1');
+ − 599
break;
+ − 600
case "disable":
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 601
if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 602
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 603
echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 604
break;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 605
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 606
if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 607
{
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 608
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 609
if ( !$q )
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 610
$db->_die();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 611
setConfig('plugin_'.$_GET['plugin'], '0');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 612
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 613
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 614
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 615
echo('<h3>Error disabling plugin</h3><p>The plugin you selected cannot be disabled because it is a system plugin.</p>');
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 616
}
0
+ − 617
break;
+ − 618
}
+ − 619
}
+ − 620
$dir = './plugins/';
+ − 621
$plugin_list = Array();
+ − 622
$system = Array();
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 623
$show_system = ( isset($_GET['show_system']) && $_GET['show_system'] == 'yes' );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 624
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 625
if (is_dir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 626
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 627
if ($dh = opendir($dir))
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 628
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 629
while (($file = readdir($dh)) !== false)
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 630
{
0
+ − 631
if(preg_match('#^(.*?)\.php$#is', $file) && $file != 'index.php')
+ − 632
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 633
unset($thelist);
0
+ − 634
if ( in_array($file, $plugins->system_plugins) )
+ − 635
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 636
if ( !$show_system )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 637
continue;
0
+ − 638
$thelist =& $system;
+ − 639
}
+ − 640
else
+ − 641
{
+ − 642
$thelist =& $plugin_list;
+ − 643
}
+ − 644
$f = file_get_contents($dir . $file);
+ − 645
$f = explode("\n", $f);
+ − 646
$f = array_slice($f, 2, 7);
+ − 647
$f[0] = substr($f[0], 13, strlen($f[0]));
+ − 648
$f[1] = substr($f[1], 12, strlen($f[1]));
+ − 649
$f[2] = substr($f[2], 13, strlen($f[2]));
+ − 650
$f[3] = substr($f[3], 8, strlen($f[3]));
+ − 651
$f[4] = substr($f[4], 9, strlen($f[4]));
+ − 652
$f[5] = substr($f[5], 12, strlen($f[5]));
+ − 653
$thelist[$file] = Array();
+ − 654
$thelist[$file]['name'] = $f[0];
+ − 655
$thelist[$file]['uri'] = $f[1];
+ − 656
$thelist[$file]['desc'] = $f[2];
+ − 657
$thelist[$file]['auth'] = $f[3];
+ − 658
$thelist[$file]['vers'] = $f[4];
+ − 659
$thelist[$file]['aweb'] = $f[5];
+ − 660
}
+ − 661
}
+ − 662
closedir($dh);
+ − 663
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 664
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 665
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 666
echo '<div class="error-box">The plugins/ directory could not be opened.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 667
return;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 668
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 669
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 670
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 671
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 672
echo '<div class="error-box">The plugins/ directory is missing from your Enano installation.</div>';
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 673
return;
0
+ − 674
}
+ − 675
echo('<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 676
<tr><th>Plugin filename</th><th>Plugin name</th><th>Description</th><th>Author</th><th>Version</th><th></th></tr>');
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 677
$plugin_files_1 = array_keys($plugin_list);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 678
$plugin_files_2 = array_keys($system);
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 679
$plugin_files = array_values(array_merge($plugin_files_1, $plugin_files_2));
0
+ − 680
$cls = 'row2';
+ − 681
for ( $i = 0; $i < sizeof($plugin_files); $i++ )
+ − 682
{
+ − 683
$cls = ( $cls == 'row2' ) ? 'row3' : 'row2';
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 684
$this_plugin = ( isset($system[$plugin_files[$i]]) ) ? $system[$plugin_files[$i]] : $plugin_list[$plugin_files[$i]];
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 685
$is_system = ( $system[$plugin_files[$i]] );
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 686
$bgcolor = '';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 687
if ( $is_system && $cls == 'row2' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 688
$bgcolor = ' style="background-color: #FFD8D8;"';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 689
else if ( $is_system && $cls == 'row3' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 690
$bgcolor = ' style="background-color: #FFD0D0;"';
0
+ − 691
echo '<tr>
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 692
<td class="'.$cls.'"'.$bgcolor.'>'.$plugin_files[$i].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 693
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['uri'].'">'.$this_plugin['name'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 694
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['desc'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 695
<td class="'.$cls.'"'.$bgcolor.'><a href="'.$this_plugin['aweb'].'">'.$this_plugin['auth'].'</a></td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 696
<td class="'.$cls.'"'.$bgcolor.'>'.$this_plugin['vers'].'</td>
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 697
<td class="'.$cls.'"'.$bgcolor.'>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 698
if ( !in_array($plugin_files[$i], $plugins->system_plugins) )
0
+ − 699
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 700
if ( getConfig('plugin_'.$plugin_files[$i]) == '1' )
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 701
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 702
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=disable&plugin='.$plugin_files[$i].'">Disable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 703
}
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 704
else
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 705
{
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 706
echo '<a href="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'&show_system=' . ( $show_system ? 'yes' : 'no' ) . '&action=enable&plugin='.$plugin_files[$i].'">Enable</a>';
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 707
}
0
+ − 708
}
+ − 709
else
+ − 710
{
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 711
echo '[System]';
0
+ − 712
}
+ − 713
echo '</td></tr>';
+ − 714
}
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 715
$showhide_link = ( $show_system ) ?
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 716
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=no', true) . '">Hide system plugins</a>' :
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 717
'<a style="color: white;" href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'] . '&show_system=yes', true) . '">Show system plugins</a>' ;
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 718
echo '<tr><th colspan="6" class="subhead">'.$showhide_link.'</th></tr>';
0
+ − 719
echo '</table></div>';
+ − 720
}
+ − 721
+ − 722
function page_Admin_UploadAllowedMimeTypes()
+ − 723
{
+ − 724
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 725
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 726
{
+ − 727
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 728
return;
+ − 729
}
+ − 730
+ − 731
global $mime_types, $mimetype_exps, $mimetype_extlist;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 732
if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
0
+ − 733
{
+ − 734
$bits = '';
+ − 735
$keys = array_keys($mime_types);
+ − 736
foreach($keys as $i => $k)
+ − 737
{
+ − 738
if(isset($_POST['ext_'.$k])) $bits .= '1';
+ − 739
else $bits .= '0';
+ − 740
}
+ − 741
$bits = compress_bitfield($bits);
+ − 742
setConfig('allowed_mime_types', $bits);
+ − 743
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 744
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 745
else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 746
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 747
echo '<div class="error-box">Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 748
}
0
+ − 749
$allowed = fetch_allowed_extensions();
+ − 750
?>
+ − 751
<h3>Allowed file types</h3>
+ − 752
<p>Using the form below, you can decide which file types are allowed to be uploaded to this site.</p>
+ − 753
<?php
+ − 754
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 755
$c = -1;
+ − 756
$t = -1;
+ − 757
$cl = 'row1';
+ − 758
echo "\n".' <div class="tblholder">'."\n".' <table cellspacing="1" cellpadding="2" style="margin: 0; padding: 0;" border="0">'."\n".' <tr>'."\n ";
294
4ab30e8dd168
Nothing special. ksort()ing list of allowed filetypes in the admin panel to make editing the list marginally easier
Dan
diff
changeset
+ − 759
ksort($mime_types);
0
+ − 760
foreach($mime_types as $e => $m)
+ − 761
{
+ − 762
$c++;
+ − 763
$t++;
+ − 764
if($c == 3)
+ − 765
{
+ − 766
$c = 0;
+ − 767
$cl = ( $cl == 'row1' ) ? 'row2' : 'row1';
+ − 768
echo '</tr>'."\n".' <tr>'."\n ";
+ − 769
}
+ − 770
$seed = "extchkbx_{$e}_".md5(microtime() . mt_rand());
+ − 771
$chk = (!empty($allowed[$e])) ? ' checked="checked"' : '';
+ − 772
echo " <td class='$cl'>\n <label><input id='{$seed}' type='checkbox' name='ext_{$e}'{$chk} />.{$e}\n ({$m})</label>\n </td>\n ";
+ − 773
}
+ − 774
while($c < 2)
+ − 775
{
+ − 776
$c++;
+ − 777
echo " <td class='{$cl}'></td>\n ";
+ − 778
}
+ − 779
echo '<tr><th class="subhead" colspan="3"><input type="submit" name="save" value="Save changes" /></th></tr>';
+ − 780
echo '</tr>'."\n".' </table>'."\n".' </div>';
+ − 781
echo '</form>';
+ − 782
?>
+ − 783
<?php
+ − 784
}
+ − 785
+ − 786
function page_Admin_Sidebar()
+ − 787
{
+ − 788
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 789
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 790
{
+ − 791
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 792
return;
+ − 793
}
+ − 794
+ − 795
?>
+ − 796
<h2>Editing and managing the Enano sidebar</h2>
+ − 797
<p>The Enano sidebar is a versatile tool when scripted correctly. You don't have to be a programmer to enjoy the features the Sidebar
+ − 798
provides; however, editing the sidebar requires a small bit of programming knowledge and an understanding of Enano's system message
+ − 799
markup language.
+ − 800
</p>
+ − 801
<p>The Enano system markup language is somewhat similar to HTML, in that it uses tags (<example>like this</example>) for the
+ − 802
main syntax. However, Enano uses curly brackets ({ and }) as opposed to less-than and greater-than signs (< and >).</p>
+ − 803
<p>Programming the Enano sidebar requires the use of two tags: {slider} and {if}. The {slider} tag is used to create a new heading
+ − 804
on the sidebar, and all text enclosed in that tag will be collapsed when the heading is clicked. To specify the text on the heading,
+ − 805
use an equals sign (=) after the "slider" text. Then insert any links (they should be wiki-formatted) to internal Enano pages and
+ − 806
external sites.</p>
+ − 807
<p>So here is what the language for the default sidebar's "Navigation" heading looks like:</p>
+ − 808
<pre>{slider=Navigation}
+ − 809
[[Main Page|Home]]
+ − 810
[[Enano:Sidebar|Edit the sidebar]]
+ − 811
{/slider}</pre>
+ − 812
<p>Pretty simple, huh? Good, now we're going to learn another common aspect of Enano programming: conditionals. The {if} tag allows you
+ − 813
to decide whether a portion of the sidebar will be displayed based on a template variable. Currently the only available conditions are
+ − 814
"user_logged_in" and "auth_admin", but more will be added soon. To use a conditional, enter {if conditional_name}, and then the
+ − 815
wiki-formatted text that you want to be under that condition, and then close the tag with {/if}. In the same way, you can reverse the
+ − 816
effect with {!if}. With {!if}, the closing tag is still {/if}, so keep that in mind. An {else} tag will be supported soon.</p>
+ − 817
<p>Now it's time for some real fun: variables. All template variables can be accessed from the sidebar. A variable is simply the
+ − 818
variable name, prefixed by a dollar sign ($). Some of the most common variables are $USERNAME, $SITE_NAME, $SITE_DESC, and $PAGE_NAME.
+ − 819
The sidebar also has some special variables that it uses for some of its links. The logout link can be added with $LOGOUT_LINK, and
+ − 820
the "change theme" button can be added with $STYLE_LINK.</p>
+ − 821
<p>So here is the Enano markup for the portion of the sidebar that contains the user tools:</p>
+ − 822
<pre>{slider=$USERNAME}
+ − 823
[[User:$USERNAME|User page]]
+ − 824
[[Special:Contributions?user=$USERNAME|My Contributions]]
+ − 825
{if user_logged_in}
+ − 826
[[Special:Preferences|Preferences]]
+ − 827
$THEME_LINK
+ − 828
{/if}
+ − 829
{if auth_admin}
+ − 830
[[Special:Administration|Administration]]
+ − 831
{/if}
+ − 832
{if user_logged_in}
+ − 833
$LOGOUT_LINK
+ − 834
{/if}
+ − 835
{!if user_logged_in}
+ − 836
Create an account
+ − 837
Log in
+ − 838
{/if}
+ − 839
{/slider}</pre>
+ − 840
<?php
+ − 841
}
+ − 842
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 843
/*
0
+ − 844
function page_Admin_UserManager() {
+ − 845
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 846
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 847
{
+ − 848
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 849
return;
+ − 850
}
+ − 851
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 852
if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 853
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 854
$_POST['go'] = true;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 855
$_POST['username'] = $_GET['user'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 856
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 857
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 858
if(isset($_POST['go']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 859
{
0
+ − 860
// We need the user ID before we can do anything
102
+ − 861
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 862
if ( !$q )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 863
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 864
die('Error selecting user ID: '.mysql_error());
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 865
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 866
if ( $db->numrows() < 1 )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 867
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 868
echo('User does not exist, please enter another username.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 869
return;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 870
}
0
+ − 871
$r = $db->fetchrow();
+ − 872
$db->free_result();
+ − 873
if(isset($_POST['save']))
+ − 874
{
+ − 875
$_POST['level'] = intval($_POST['level']);
+ − 876
+ − 877
$new_level = $_POST['level'];
+ − 878
$old_level = intval($r['user_level']);
+ − 879
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 880
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 881
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 882
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 883
$re = Array('permission denied');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 884
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 885
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 886
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 887
$re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 888
}
0
+ − 889
+ − 890
if($re == 'success')
+ − 891
{
+ − 892
+ − 893
if ( $new_level != $old_level )
+ − 894
{
+ − 895
$user_id = intval($r['user_id']);
+ − 896
// We need to update group memberships
+ − 897
if ( $old_level == USER_LEVEL_ADMIN )
+ − 898
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 899
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 900
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 901
$db->_die();
0
+ − 902
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
+ − 903
}
+ − 904
else if ( $old_level == USER_LEVEL_MOD )
+ − 905
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 906
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 907
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 908
$db->_die();
0
+ − 909
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
+ − 910
}
+ − 911
+ − 912
if ( $new_level == USER_LEVEL_ADMIN )
+ − 913
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 914
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 915
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 916
$db->_die();
0
+ − 917
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
+ − 918
}
+ − 919
else if ( $new_level == USER_LEVEL_MOD )
+ − 920
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 921
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 922
if ( !$q )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 923
$db->_die();
0
+ − 924
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
+ − 925
}
+ − 926
}
+ − 927
102
+ − 928
// update account activation
+ − 929
if ( isset($_POST['account_active']) )
+ − 930
{
+ − 931
// activate account
+ − 932
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');
+ − 933
if ( !$q )
+ − 934
$db->_die();
+ − 935
}
+ − 936
else
+ − 937
{
+ − 938
// deactivate account and throw away the old key
+ − 939
$actkey = sha1 ( microtime() . mt_rand() );
+ − 940
$q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');
+ − 941
if ( !$q )
+ − 942
$db->_die();
+ − 943
}
+ − 944
0
+ − 945
echo('<div class="info-box">Your changes have been saved.</div>');
+ − 946
}
+ − 947
else
+ − 948
{
+ − 949
echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
+ − 950
}
102
+ − 951
$q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
0
+ − 952
if ( !$q )
+ − 953
{
+ − 954
die('Error selecting user ID: '.mysql_error());
+ − 955
}
+ − 956
if($db->numrows($q) < 1)
+ − 957
{
+ − 958
die('User does not exist, please enter another username.');
+ − 959
}
+ − 960
$r = mysql_fetch_object($q);
+ − 961
$db->free_result();
+ − 962
}
+ − 963
elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
+ − 964
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 965
if ( defined('ENANO_DEMO_MODE') )
0
+ − 966
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 967
echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
0
+ − 968
}
+ − 969
else
+ − 970
{
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 971
$q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 972
if($q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 973
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 974
echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 975
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 976
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 977
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 978
echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 979
}
0
+ − 980
}
+ − 981
}
+ − 982
else
+ − 983
{
22
+ − 984
$disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 985
$evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 986
$meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';
0
+ − 987
echo('
+ − 988
<h3>Edit User Info</h3>
+ − 989
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 990
<table border="0" style="margin-left: 0.2in;">
+ − 991
<tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 992
<tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 993
'.$meter.'
22
+ − 994
<tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
+ − 995
<tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
+ − 996
' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
0
+ − 997
<tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
102
+ − 998
<tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>
0
+ − 999
<tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
+ − 1000
<tr><td align="center" colspan="2">
+ − 1001
<input type="submit" name="save" value="Save Changes" /></td></tr>
+ − 1002
</table>
+ − 1003
</form>
+ − 1004
');
+ − 1005
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1006
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1007
else if(isset($_POST['clearsessions']))
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1008
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1009
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1010
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1011
echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1012
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1013
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1014
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1015
// Get the current session information so the user doesn't get logged out
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1016
$aes = new AESCrypt();
22
+ − 1017
$sk = md5(strrev($session->sid_super));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1018
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
22
+ − 1019
if ( !$qb )
+ − 1020
{
+ − 1021
die('Error selecting session key info block B: '.$db->get_error());
+ − 1022
}
+ − 1023
if ( $db->numrows($qb) < 1 )
+ − 1024
{
+ − 1025
die('Error: cannot read admin session info block B, aborting table clear process');
+ − 1026
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1027
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
22
+ − 1028
if ( !$qa )
+ − 1029
{
+ − 1030
die('Error selecting session key info block A: '.$db->get_error());
+ − 1031
}
+ − 1032
if ( $db->numrows($qa) < 1 )
+ − 1033
{
+ − 1034
die('Error: cannot read user session info block A, aborting table clear process');
+ − 1035
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1036
$ra = mysql_fetch_object($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1037
$rb = mysql_fetch_object($qb);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1038
$db->free_result($qa);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1039
$db->free_result($qb);
22
+ − 1040
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1041
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1042
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
22
+ − 1043
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1044
echo('
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1045
<div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1046
');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1047
}
0
+ − 1048
}
+ − 1049
echo('
+ − 1050
<h3>User Management</h3>
+ − 1051
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
+ − 1052
<p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
+ − 1053
<h3>Clear session keys table</h3>
+ − 1054
<p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
+ − 1055
<p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
+ − 1056
</form>
+ − 1057
');
+ − 1058
if(isset($_GET['action']) && isset($_GET['user']))
+ − 1059
{
+ − 1060
switch($_GET['action'])
+ − 1061
{
+ − 1062
case "activate":
+ − 1063
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
+ − 1064
if($e)
+ − 1065
{
+ − 1066
$row = $db->fetchrow();
+ − 1067
$db->free_result();
+ − 1068
if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 1069
else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ − 1070
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
+ − 1071
break;
+ − 1072
case "sendemail":
+ − 1073
if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ − 1074
else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ − 1075
break;
+ − 1076
case "deny":
+ − 1077
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ − 1078
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
+ − 1079
else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ − 1080
break;
+ − 1081
}
+ − 1082
}
30
+ − 1083
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
+ − 1084
LEFT JOIN '.table_prefix.'users AS u
+ − 1085
ON ( u.username = l.edit_summary OR u.username IS NULL )
+ − 1086
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
0
+ − 1087
if($q)
+ − 1088
{
+ − 1089
if($db->numrows() > 0)
+ − 1090
{
+ − 1091
$n = $db->numrows();
+ − 1092
if($n == 1) $s = $n . ' user is';
+ − 1093
else $s = $n . ' users are';
+ − 1094
echo '<h3>'.$s . ' awaiting account activation</h3>';
+ − 1095
echo '<div class="tblholder">
+ − 1096
<table border="0" cellspacing="1" cellpadding="4" width="100%">
30
+ − 1097
<tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
0
+ − 1098
$cls = 'row2';
+ − 1099
while($row = $db->fetchrow())
+ − 1100
{
+ − 1101
if($cls == 'row2') $cls = 'row1';
+ − 1102
else $cls = 'row2';
30
+ − 1103
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
+ − 1104
echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
0
+ − 1105
}
+ − 1106
echo '</table>';
+ − 1107
}
+ − 1108
$db->free_result();
+ − 1109
}
+ − 1110
}
140
40f7fa5fd061
Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code.
Dan
diff
changeset
+ − 1111
*/
0
+ − 1112
+ − 1113
function page_Admin_GroupManager()
+ − 1114
{
+ − 1115
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1116
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1117
{
+ − 1118
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1119
return;
+ − 1120
}
+ − 1121
+ − 1122
if(isset($_POST['do_create_stage1']))
+ − 1123
{
+ − 1124
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1125
{
+ − 1126
echo '<p>The group name you chose is invalid.</p>';
+ − 1127
return;
+ − 1128
}
+ − 1129
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1130
echo '<div class="tblholder">
+ − 1131
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1132
<tr><th colspan="2">Creating group: '.$_POST['create_group_name'].'</th></tr>
+ − 1133
<tr>
+ − 1134
<td class="row1">Group moderator</td><td class="row1">' . $template->username_field('group_mod') . '</td>
+ − 1135
</tr>
+ − 1136
<tr><td class="row2">Group status</td><td class="row2">
+ − 1137
<label><input type="radio" name="group_status" value="'.GROUP_CLOSED.'" checked="checked" /> Closed to new members</label><br />
+ − 1138
<label><input type="radio" name="group_status" value="'.GROUP_REQUEST.'" /> Members can ask to be added</label><br />
+ − 1139
<label><input type="radio" name="group_status" value="'.GROUP_OPEN.'" /> Members can join freely</label><br />
+ − 1140
<label><input type="radio" name="group_status" value="'.GROUP_HIDDEN.'" /> Group is hidden</label>
+ − 1141
</td></tr>
+ − 1142
<tr>
+ − 1143
<th class="subhead" colspan="2">
+ − 1144
<input type="hidden" name="create_group_name" value="'.$_POST['create_group_name'].'" />
+ − 1145
<input type="submit" name="do_create_stage2" value="Create group" />
+ − 1146
</th>
+ − 1147
</tr>
+ − 1148
</table>
+ − 1149
</div>';
+ − 1150
echo '</form>';
+ − 1151
return;
+ − 1152
}
+ − 1153
elseif(isset($_POST['do_create_stage2']))
+ − 1154
{
+ − 1155
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['create_group_name']))
+ − 1156
{
+ − 1157
echo '<p>The group name you chose is invalid.</p>';
+ − 1158
return;
+ − 1159
}
+ − 1160
if(!in_array(intval($_POST['group_status']), Array(GROUP_CLOSED, GROUP_OPEN, GROUP_HIDDEN, GROUP_REQUEST)))
+ − 1161
{
+ − 1162
echo '<p>Hacking attempt</p>';
+ − 1163
return;
+ − 1164
}
+ − 1165
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1166
if(!$e)
+ − 1167
{
+ − 1168
echo $db->get_error();
+ − 1169
return;
+ − 1170
}
+ − 1171
if($db->numrows() > 0)
+ − 1172
{
+ − 1173
echo '<p>The group name you entered already exists.</p>';
+ − 1174
return;
+ − 1175
}
+ − 1176
$db->free_result();
+ − 1177
$q = $db->sql_query('INSERT INTO '.table_prefix.'groups(group_name,group_type) VALUES( \''.$db->escape($_POST['create_group_name']).'\', ' . intval($_POST['group_status']) . ' )');
+ − 1178
if(!$q)
+ − 1179
{
+ − 1180
echo $db->get_error();
+ − 1181
return;
+ − 1182
}
+ − 1183
$e = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['group_mod']).'\';');
+ − 1184
if(!$e)
+ − 1185
{
+ − 1186
echo $db->get_error();
+ − 1187
return;
+ − 1188
}
+ − 1189
if($db->numrows() < 1)
+ − 1190
{
+ − 1191
echo '<p>The username you entered could not be found.</p>';
+ − 1192
return;
+ − 1193
}
+ − 1194
$row = $db->fetchrow();
+ − 1195
$id = $row['user_id'];
+ − 1196
$db->free_result();
+ − 1197
$e = $db->sql_query('SELECT group_id FROM '.table_prefix.'groups WHERE group_name=\''.$db->escape($_POST['create_group_name']).'\';');
+ − 1198
if(!$e)
+ − 1199
{
+ − 1200
echo $db->get_error();
+ − 1201
return;
+ − 1202
}
+ − 1203
if($db->numrows() < 1)
+ − 1204
{
+ − 1205
echo '<p>The group ID could not be looked up.</p>';
+ − 1206
return;
+ − 1207
}
+ − 1208
$row = $db->fetchrow();
+ − 1209
$gid = $row['group_id'];
+ − 1210
$db->free_result();
+ − 1211
$e = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.$gid.', '.$id.', 1);');
+ − 1212
if(!$e)
+ − 1213
{
+ − 1214
echo $db->get_error();
+ − 1215
return;
+ − 1216
}
+ − 1217
echo "<div class='info-box'>
+ − 1218
<b>Information</b><br />
+ − 1219
The group {$_POST['create_group_name']} has been created successfully.
+ − 1220
</div>";
+ − 1221
}
+ − 1222
if(isset($_POST['do_edit']) || isset($_POST['edit_do']))
+ − 1223
{
+ − 1224
// Fetch the group name
+ − 1225
$q = $db->sql_query('SELECT group_name,system_group FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1226
if(!$q)
+ − 1227
{
+ − 1228
echo $db->get_error();
+ − 1229
return;
+ − 1230
}
+ − 1231
if($db->numrows() < 1)
+ − 1232
{
+ − 1233
echo '<p>Error: couldn\'t look up group name</p>';
+ − 1234
}
+ − 1235
$row = $db->fetchrow();
+ − 1236
$name = $row['group_name'];
+ − 1237
$db->free_result();
+ − 1238
if(isset($_POST['edit_do']))
+ − 1239
{
+ − 1240
if(isset($_POST['edit_do']['del_group']))
+ − 1241
{
+ − 1242
if ( $row['system_group'] == 1 )
+ − 1243
{
+ − 1244
echo '<div class="error-box">The group "' . $name . '" could not be deleted because it is a system group required for site functionality.</div>';
+ − 1245
}
+ − 1246
else
+ − 1247
{
+ − 1248
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1249
if(!$q)
+ − 1250
{
+ − 1251
echo $db->get_error();
+ − 1252
return;
+ − 1253
}
+ − 1254
$q = $db->sql_query('DELETE FROM '.table_prefix.'groups WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1255
if(!$q)
+ − 1256
{
+ − 1257
echo $db->get_error();
+ − 1258
return;
+ − 1259
}
+ − 1260
echo '<div class="info-box">The group "'.$name.'" has been deleted. Return to the <a href="javascript:ajaxPage(\'Admin:GroupManager\');">group manager</a>.</div>';
+ − 1261
return;
+ − 1262
}
+ − 1263
}
+ − 1264
if(isset($_POST['edit_do']['save_name']))
+ − 1265
{
+ − 1266
if(!preg_match('/^([A-z0-9 -]+)$/', $_POST['group_name']))
+ − 1267
{
+ − 1268
echo '<p>The group name you chose is invalid.</p>';
+ − 1269
return;
+ − 1270
}
+ − 1271
$q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_name=\''.$db->escape($_POST['group_name']).'\'
+ − 1272
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1273
if(!$q)
+ − 1274
{
+ − 1275
echo $db->get_error();
+ − 1276
return;
+ − 1277
}
+ − 1278
else
+ − 1279
{
+ − 1280
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1281
The group name has been updated.
+ − 1282
</div>';
+ − 1283
}
+ − 1284
$name = $_POST['group_name'];
+ − 1285
+ − 1286
}
+ − 1287
$q = $db->sql_query('SELECT member_id FROM '.table_prefix.'group_members
+ − 1288
WHERE group_id='.intval($_POST['group_edit_id']).';');
+ − 1289
if(!$q)
+ − 1290
{
+ − 1291
echo $db->get_error();
+ − 1292
return;
+ − 1293
}
+ − 1294
if($db->numrows() > 0)
+ − 1295
{
+ − 1296
while($row = $db->fetchrow($q))
+ − 1297
{
+ − 1298
if(isset($_POST['edit_do']['del_' . $row['member_id']]))
+ − 1299
{
+ − 1300
$e = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id='.$row['member_id']);
+ − 1301
if(!$e)
+ − 1302
{
+ − 1303
echo $db->get_error();
+ − 1304
return;
+ − 1305
}
+ − 1306
}
+ − 1307
}
+ − 1308
}
+ − 1309
$db->free_result();
+ − 1310
if(isset($_POST['edit_do']['add_member']))
+ − 1311
{
+ − 1312
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['edit_add_username']).'\';');
+ − 1313
if(!$q)
+ − 1314
{
+ − 1315
echo $db->get_error();
+ − 1316
return;
+ − 1317
}
+ − 1318
if($db->numrows() > 0)
+ − 1319
{
+ − 1320
$row = $db->fetchrow();
+ − 1321
$user_id = $row['user_id'];
+ − 1322
$is_mod = ( isset( $_POST['add_mod'] ) ) ? '1' : '0';
+ − 1323
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES('.intval($_POST['group_edit_id']).','.$user_id.','.$is_mod.');');
+ − 1324
if(!$q)
+ − 1325
{
+ − 1326
echo $db->get_error();
+ − 1327
return;
+ − 1328
}
+ − 1329
else
+ − 1330
{
+ − 1331
echo '<div class="info-box" style="margin: 0 0 10px 0;"">
+ − 1332
The user "'.$_POST['edit_add_username'].'" has been added to this usergroup.
+ − 1333
</div>';
+ − 1334
}
+ − 1335
}
+ − 1336
else
+ − 1337
echo '<div class="warning-box"><b>The user "'.$_POST['edit_add_username'].'" could not be added.</b><br />This username does not exist.</div>';
+ − 1338
}
+ − 1339
}
+ − 1340
$sg_disabled = ( $row['system_group'] == 1 ) ? ' value="Can\'t delete system group" disabled="disabled" style="color: #FF9773" ' : ' value="Delete this group" style="color: #FF3713" ';
+ − 1341
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1342
echo '<div class="tblholder">
+ − 1343
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1344
<tr><th>Edit group name</th></tr>
+ − 1345
<tr>
+ − 1346
<td class="row1">
+ − 1347
Group name: <input type="text" name="group_name" value="'.$name.'" />
+ − 1348
</td>
+ − 1349
</tr>
+ − 1350
<tr>
+ − 1351
<th class="subhead">
+ − 1352
<input type="submit" name="edit_do[save_name]" value="Save name" />
+ − 1353
<input type="submit" name="edit_do[del_group]" '.$sg_disabled.' />
+ − 1354
</th>
+ − 1355
</tr>
+ − 1356
</table>
+ − 1357
</div>
+ − 1358
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1359
echo '</form>';
+ − 1360
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1361
echo '<div class="tblholder">
+ − 1362
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1363
<tr><th colspan="3">Edit group members</th></tr>';
+ − 1364
$q = $db->sql_query('SELECT m.member_id,m.is_mod,u.username FROM '.table_prefix.'group_members AS m
+ − 1365
LEFT JOIN '.table_prefix.'users AS u
+ − 1366
ON u.user_id=m.user_id
+ − 1367
WHERE m.group_id='.intval($_POST['group_edit_id']).'
+ − 1368
ORDER BY m.is_mod DESC, u.username ASC;');
+ − 1369
if(!$q)
+ − 1370
{
+ − 1371
echo $db->get_error();
+ − 1372
return;
+ − 1373
}
+ − 1374
if($db->numrows() < 1)
+ − 1375
{
+ − 1376
echo '<tr><td colspan="3" class="row1">This group has no members.</td></tr>';
+ − 1377
}
+ − 1378
else
+ − 1379
{
+ − 1380
$cls = 'row2';
+ − 1381
while($row = $db->fetchrow())
+ − 1382
{
+ − 1383
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 1384
$mod = ( $row['is_mod'] == 1 ) ? 'Mod' : '';
+ − 1385
echo '<tr>
+ − 1386
<td class="'.$cls.'" style="width: 100%;">
+ − 1387
' . $row['username'] . '
+ − 1388
</td>
+ − 1389
<td class="'.$cls.'">
+ − 1390
'.$mod.'
+ − 1391
</td>
+ − 1392
<td class="'.$cls.'">
+ − 1393
<input type="submit" name="edit_do[del_'.$row['member_id'].']" value="Remove member" />
+ − 1394
</td>
+ − 1395
</tr>';
+ − 1396
}
+ − 1397
}
+ − 1398
$db->free_result();
+ − 1399
echo '</table>
+ − 1400
</div>
+ − 1401
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1402
echo '</form>';
+ − 1403
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1404
echo '<div class="tblholder">
+ − 1405
<table border="0" style="width:100%;" cellspacing="1" cellpadding="4">
+ − 1406
<tr>
+ − 1407
<th>Add a new member</th>
+ − 1408
</tr>
+ − 1409
<tr>
+ − 1410
<td class="row1">
+ − 1411
Username: ' . $template->username_field('edit_add_username') . '
+ − 1412
</td>
+ − 1413
</tr>
+ − 1414
<tr>
+ − 1415
<td class="row2">
+ − 1416
<label><input type="checkbox" name="add_mod" /> Is a group moderator</label> (can add and delete other members)
+ − 1417
</td>
+ − 1418
</tr>
+ − 1419
<tr>
+ − 1420
<th class="subhead">
+ − 1421
<input type="submit" name="edit_do[add_member]" value="Add user to group" />
+ − 1422
</th>
+ − 1423
</tr>
+ − 1424
</table>
+ − 1425
</div>
+ − 1426
<input type="hidden" name="group_edit_id" value="'.$_POST['group_edit_id'].'" />';
+ − 1427
echo '</form>';
+ − 1428
return;
+ − 1429
}
+ − 1430
echo '<h3>Manage Usergroups</h3>';
+ − 1431
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1432
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1433
if(!$q)
+ − 1434
{
+ − 1435
echo $db->get_error();
+ − 1436
}
+ − 1437
else
+ − 1438
{
+ − 1439
echo '<div class="tblholder">
+ − 1440
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1441
<tr>
+ − 1442
<th>Edit an existing group</th>
+ − 1443
</tr>';
+ − 1444
echo '<tr><td class="row2"><select name="group_edit_id">';
+ − 1445
while ( $row = $db->fetchrow() )
+ − 1446
{
+ − 1447
if ( $row['group_name'] != 'Everyone' )
+ − 1448
{
+ − 1449
echo '<option value="' . $row['group_id'] . '">' . htmlspecialchars( $row['group_name'] ) . '</option>';
+ − 1450
}
+ − 1451
}
+ − 1452
$db->free_result();
+ − 1453
echo '</select></td></tr>';
+ − 1454
echo '<tr><td class="row1" style="text-align: center;"><input type="submit" name="do_edit" value="Edit group" /></td></tr>
+ − 1455
</table>
+ − 1456
</div>
+ − 1457
</form><br />';
+ − 1458
}
+ − 1459
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1460
echo '<div class="tblholder">
+ − 1461
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
+ − 1462
<tr>
+ − 1463
<th colspan="2">Create a new group</th>
+ − 1464
</tr>';
+ − 1465
echo '<tr><td class="row2">Group name:</td><td class="row2"><input type="text" name="create_group_name" /></td></tr>';
+ − 1466
echo '<tr><td colspan="2" class="row1" style="text-align: center;"><input type="submit" name="do_create_stage1" value="Continue >" /></td></tr>
+ − 1467
</table>
+ − 1468
</div>';
+ − 1469
echo '</form>';
+ − 1470
}
+ − 1471
30
+ − 1472
function page_Admin_COPPA()
+ − 1473
{
+ − 1474
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1475
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1476
{
+ − 1477
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1478
return;
+ − 1479
}
+ − 1480
+ − 1481
echo '<h2>Background information</h2>';
+ − 1482
echo '<p>
+ − 1483
The United States Childrens\' Online Privacy Protection Act (COPPA) was a law passed in 2001 that requires sites oriented towards
+ − 1484
children under 13 years old or with a significant amount of under-13 children clearly state what information is being collected
+ − 1485
in a privacy policy and obtain authorization from a parent or legal guardian before allowing children to use the site. Enano
+ − 1486
provides an easy way to allow you, as the website administrator, to obtain this authorization.
+ − 1487
</p>';
+ − 1488
+ − 1489
// Start form
+ − 1490
+ − 1491
if ( isset($_POST['coppa_address']) )
+ − 1492
{
+ − 1493
// Saving changes
+ − 1494
$enable_coppa = ( isset($_POST['enable_coppa']) ) ? '1' : '0';
+ − 1495
setConfig('enable_coppa', $enable_coppa);
+ − 1496
+ − 1497
$address = $_POST['coppa_address']; // RenderMan::preprocess_text($_POST['coppa_address'], true, false);
+ − 1498
setConfig('coppa_address', $address);
+ − 1499
+ − 1500
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1501
}
+ − 1502
+ − 1503
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', (( isset($_GET['sqldbg'])) ? 'sqldbg&' : '') .'module='.$paths->cpage['module']).'" method="post">';
+ − 1504
+ − 1505
echo '<div class="tblholder">';
+ − 1506
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1507
echo '<tr>
+ − 1508
<th colspan="2">
+ − 1509
COPPA support
+ − 1510
</th>
+ − 1511
</tr>';
+ − 1512
+ − 1513
echo '<tr>
+ − 1514
<td class="row1">
+ − 1515
Enable COPPA support:
+ − 1516
</td>
+ − 1517
<td class="row2">
+ − 1518
<label><input type="checkbox" name="enable_coppa" ' . ( ( getConfig('enable_coppa') == '1' ) ? 'checked="checked"' : '' ) . ' /> COPPA enabled</label><br />
+ − 1519
<small>If this is checked, users will be asked if they are under 13 years of age before registering</small>
+ − 1520
</td>
+ − 1521
</tr>';
+ − 1522
+ − 1523
echo '<tr>
+ − 1524
<td class="row1">
+ − 1525
Your mailing address:<br />
+ − 1526
<small>This is the address to which parents will send authorization forms.</small>
+ − 1527
</td>
+ − 1528
<td class="row2">
+ − 1529
<textarea name="coppa_address" rows="7" cols="40">' . getConfig('coppa_address') . '</textarea>
+ − 1530
</td>
+ − 1531
</tr>';
+ − 1532
+ − 1533
echo '<tr>
+ − 1534
<th colspan="2" class="subhead">
+ − 1535
<input type="submit" value="Save changes" />
+ − 1536
</th>
+ − 1537
</tr>';
+ − 1538
+ − 1539
echo '</table>';
+ − 1540
+ − 1541
echo '</form>';
+ − 1542
+ − 1543
}
+ − 1544
0
+ − 1545
function page_Admin_PageManager()
+ − 1546
{
+ − 1547
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1548
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1549
{
+ − 1550
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1551
return;
+ − 1552
}
+ − 1553
+ − 1554
+ − 1555
echo '<h2>Page management</h2>';
+ − 1556
+ − 1557
if(isset($_POST['search']) || isset($_POST['select']) || ( isset($_GET['source']) && $_GET['source'] == 'ajax' )) {
+ − 1558
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1559
$source = ( isset($_GET['source']) ) ? $_GET['source'] : false;
+ − 1560
if ( $source == 'ajax' )
+ − 1561
{
+ − 1562
$_POST['search'] = true;
+ − 1563
$_POST['page_url'] = $_GET['page_id'];
+ − 1564
}
+ − 1565
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1566
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1567
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1568
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1569
$k = array_keys($paths->nslist);
+ − 1570
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1571
{
+ − 1572
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1573
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1574
{
+ − 1575
$ns = $k[$i];
+ − 1576
$page_id = substr($pid, $ln, strlen($pid));
+ − 1577
}
+ − 1578
}
+ − 1579
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1580
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1581
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1582
{
+ − 1583
if(!isset($final_pid))
+ − 1584
{
+ − 1585
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1586
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1587
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1588
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1589
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1590
}
+ − 1591
}
+ − 1592
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1593
$_POST['namespace'] = $ns;
+ − 1594
$_POST['old_namespace'] = $ns;
+ − 1595
$_POST['page_id'] = $final_pid;
+ − 1596
$_POST['old_page_id'] = $final_pid;
+ − 1597
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1598
}
+ − 1599
+ − 1600
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
+ − 1601
{
40
+ − 1602
$cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
0
+ − 1603
if(isset($_POST['submit']))
+ − 1604
{
22
+ − 1605
switch(true)
0
+ − 1606
{
22
+ − 1607
case true:
+ − 1608
// Create a list of things to update
+ − 1609
$page_info = Array(
+ − 1610
'name'=>$_POST['name'],
+ − 1611
'urlname'=>sanitize_page_id($_POST['page_id']),
+ − 1612
'namespace'=>$_POST['namespace'],
+ − 1613
'special'=>isset($_POST['special']) ? '1' : '0',
+ − 1614
'visible'=>isset($_POST['visible']) ? '1' : '0',
+ − 1615
'comments_on'=>isset($_POST['comments_on']) ? '1' : '0',
+ − 1616
'protected'=>isset($_POST['protected']) ? '1' : '0'
+ − 1617
);
+ − 1618
40
+ − 1619
$updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
22
+ − 1620
+ − 1621
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
+ − 1622
{
+ − 1623
echo '<div class="error-box">The namespace you selected is not properly registered.</div>';
+ − 1624
break;
+ − 1625
}
+ − 1626
if ( isset($paths->pages[ $paths->nslist[$page_info['namespace']] . $page_info[ 'urlname' ] ]) && $updating_urlname_or_namespace )
+ − 1627
{
+ − 1628
echo '<div class="error-box">There is already a page that exists with that URL string and namespace.</div>';
+ − 1629
break;
+ − 1630
}
+ − 1631
// Build the query
+ − 1632
$q = 'UPDATE '.table_prefix.'pages SET ';
+ − 1633
$k = array_keys($page_info);
+ − 1634
foreach($k as $c)
+ − 1635
{
+ − 1636
$q .= $c.'=\''.$db->escape($page_info[$c]).'\',';
+ − 1637
}
+ − 1638
$q = substr($q, 0, strlen($q)-1);
+ − 1639
// Build the WHERE statements
+ − 1640
$q .= ' WHERE ';
+ − 1641
$k = array_keys($cpage);
40
+ − 1642
if ( !isset($cpage) )
110
+ − 1643
die('[internal] no cpage');
22
+ − 1644
foreach($k as $c)
+ − 1645
{
+ − 1646
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
+ − 1647
{
+ − 1648
$q .= $c.'=\''.$db->escape($cpage[$c]).'\' AND ';
+ − 1649
}
+ − 1650
else if($c == 'urlname')
+ − 1651
{
+ − 1652
$q .= $c.'=\''.$db->escape($cpage['urlname_nons']).'\' AND ';
+ − 1653
}
+ − 1654
}
+ − 1655
// Trim off the last " AND " and append a semicolon
+ − 1656
$q = substr($q, 0, strlen($q)-5) . ';';
+ − 1657
// Send the completed query to MySQL
+ − 1658
$e = $db->sql_query($q);
+ − 1659
if(!$e) $db->_die('The page data could not be updated.');
+ − 1660
// Update any additional tables
+ − 1661
$q = Array(
+ − 1662
'UPDATE '.table_prefix.'categories SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1663
'UPDATE '.table_prefix.'comments SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1664
'UPDATE '.table_prefix.'logs SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1665
'UPDATE '.table_prefix.'page_text SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
72
bda11e521e8a
Fixed a few presentation bugs in installer, made installer more "legally binding", and fixed global permissions inheritance in $session->fetch_page_acl()
Dan
diff
changeset
+ − 1666
'UPDATE '.table_prefix.'acl SET page_id=\''.$page_info['urlname'].'\',namespace=\''.$page_info['namespace'].'\' WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';'
22
+ − 1667
);
+ − 1668
foreach($q as $cq)
+ − 1669
{
+ − 1670
$e = $db->sql_query($cq);
+ − 1671
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1672
}
+ − 1673
// Update $cpage
+ − 1674
$cpage = $page_info;
+ − 1675
$cpage['urlname_nons'] = $cpage['urlname'];
+ − 1676
$cpage['urlname'] = $paths->nslist[$cpage['namespace']].$cpage['urlname'];
+ − 1677
$_POST['old_page_id'] = $page_info['urlname'];
+ − 1678
$_POST['old_namespace'] = $page_info['namespace'];
+ − 1679
echo '<div class="info-box">Your changes have been saved.</div>';
+ − 1680
break;
0
+ − 1681
}
+ − 1682
} elseif(isset($_POST['delete'])) {
+ − 1683
$q = Array(
+ − 1684
'DELETE FROM '.table_prefix.'categories WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1685
'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1686
'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1687
'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';',
+ − 1688
);
+ − 1689
foreach($q as $cq)
+ − 1690
{
+ − 1691
$e = $db->sql_query($cq);
+ − 1692
if(!$e) $db->_die('Some of the additional tables containing page information could not be updated.');
+ − 1693
}
+ − 1694
+ − 1695
if(!$db->sql_query(
+ − 1696
'DELETE FROM '.table_prefix.'pages WHERE urlname="'.$db->escape($_POST['old_page_id']).'" AND namespace="'.$db->escape($_POST['old_namespace']).'";'
+ − 1697
)) $db->_die('The page could not be deleted.');
+ − 1698
echo '<div class="info-box">This page has been deleted.</p><p><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'PageManager\');">Return to Page manager</a><br /><a href="javascript:ajaxPage(\''.$paths->nslist['Admin'].'Home\');">Admin home</a></div>';
+ − 1699
return;
+ − 1700
}
130
+ − 1701
$url = makeUrlNS('Special', 'Administration', 'module='.$paths->cpage['module'], true);
+ − 1702
echo '<form action="'.$url.'" method="post">';
0
+ − 1703
?>
89
+ − 1704
<h3>Modify page: <?php echo htmlspecialchars($_POST['name']); ?></h3>
0
+ − 1705
<table border="0">
+ − 1706
<tr><td>Namespace:</td><td><select name="namespace"><?php $nm = array_keys($paths->nslist); foreach($nm as $ns) { if($ns != 'Special' && $ns != 'Admin') { echo '<option '; if($_POST['namespace']==$ns) echo 'selected="selected" '; echo 'value="'.$ns.'">'; if($paths->nslist[$ns] == '') echo '[No prefix]'; else echo $paths->nslist[$ns]; echo '</option>'; } } ?></select></td></tr>
89
+ − 1707
<tr><td>Page title:</td><td><input type="text" name="name" value="<?php echo htmlspecialchars($cpage['name']); ?>" /></td></tr>
22
+ − 1708
<tr><td>Page URL string:<br /><small>No spaces, and don't enter the namespace prefix (e.g. User:).<br />Changing this value is usually not a good idea, especially for templates and project pages.</small></td><td><input type="text" name="page_id" value="<?php echo htmlspecialchars(dirtify_page_id($cpage['urlname_nons'])); ?>" /></td></tr>
0
+ − 1709
<tr><td></td><td><input <?php if($cpage['comments_on']) echo 'checked="checked"'; ?> name="comments_on" type="checkbox" id="cmt" /> <label for="cmt">Enable comments for this page</label></td></tr>
+ − 1710
<tr><td></td><td><input <?php if($cpage['special']) echo 'checked="checked"'; ?> name="special" type="checkbox" id="spc" /> <label for="spc">Bypass the template engine for this page</label><br /><small>This option enables you to use your own HTML headers and other code. It is recommended that only advanced users enable this feature. As with other Enano pages, you may use PHP code in your pages, meaning you can use Enano's API on the page.</small></td></tr>
+ − 1711
<tr><td></td><td><input <?php if($cpage['visible']) echo 'checked="checked"'; ?> name="visible" type="checkbox" id="vis" /> <label for="vis">Allow this page to be shown in page lists</label><br /><small>Unchecking this checkbox prevents the page for being indexed for searching. The index is rebuilt each time a page is saved, and you can force an index rebuild by going to the page <?php echo $paths->nslist['Special']; ?>SearchRebuild.</small></td></tr>
+ − 1712
<tr><td></td><td><input <?php if($cpage['protected']) echo 'checked="checked"'; ?> name="protected" type="checkbox" id="prt" /> <label for="prt">Prevent non-administrators from editing this page</label><br /><small>This option only has an effect when Wiki Mode is enabled.</small></td></tr>
+ − 1713
<tr><td></td><td><input type="submit" name="delete" value="Delete page" style="color: red" onclick="return confirm('Do you REALLY want to delete this page?')" /></td></tr>
+ − 1714
<tr><td colspan="2" style="text-align: center;"><hr /></td></tr>
+ − 1715
<tr><td colspan="2" style="text-align: right;">
+ − 1716
<input type="hidden" name="old_page_id" value="<?php echo $_POST['old_page_id']; ?>" />
+ − 1717
<input type="hidden" name="old_namespace" value="<?php echo $_POST['old_namespace']; ?>" />
+ − 1718
<input type="Submit" name="submit" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="cancel" value="Cancel changes" /></td></tr>
+ − 1719
</table>
+ − 1720
<?php
+ − 1721
echo '</form>';
+ − 1722
} else {
+ − 1723
echo '<h3>Please select a page</h3>';
+ − 1724
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1725
?>
+ − 1726
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1727
<p>Select page title from a list: <select name="page_force_url">
+ − 1728
<?php
+ − 1729
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1730
{
89
+ − 1731
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.htmlspecialchars($paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name']).'</option>'."\n";
0
+ − 1732
}
+ − 1733
?>
+ − 1734
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1735
<?php
+ − 1736
echo '</form>';
+ − 1737
+ − 1738
}
+ − 1739
}
+ − 1740
+ − 1741
function page_Admin_PageEditor()
+ − 1742
{
+ − 1743
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1744
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1745
{
+ − 1746
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1747
return;
+ − 1748
}
+ − 1749
+ − 1750
+ − 1751
echo '<h2>Edit page content</h2>';
+ − 1752
+ − 1753
if(isset($_POST['search']) || isset($_POST['select'])) {
+ − 1754
// The object of the game: using only the text a user entered, guess the page ID and namespace. *sigh* I HATE writing search algorithms...
+ − 1755
if(isset($_POST['search'])) $pid = $_POST['page_url'];
+ − 1756
elseif(isset($_POST['select'])) $pid = $_POST['page_force_url'];
+ − 1757
else { echo 'Internal error selecting page search terms'; return false; }
+ − 1758
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 1759
$k = array_keys($paths->nslist);
+ − 1760
for($i=0;$i<sizeof($paths->nslist);$i++)
+ − 1761
{
+ − 1762
$ln = strlen($paths->nslist[$k[$i]]);
+ − 1763
if(substr($pid, 0, $ln) == $paths->nslist[$k[$i]])
+ − 1764
{
+ − 1765
$ns = $k[$i];
+ − 1766
$page_id = substr($pid, $ln, strlen($pid));
+ − 1767
}
+ − 1768
}
+ − 1769
// The namespace is in $ns and the page name or ID (we don't know which yet) is in $page_id
+ − 1770
// Now, iterate through $paths->pages searching for a page with this name or ID
+ − 1771
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1772
{
+ − 1773
if(!isset($final_pid))
+ − 1774
{
+ − 1775
if ($paths->pages[$i]['urlname_nons'] == str_replace(' ', '_', $page_id)) $final_pid = str_replace(' ', '_', $page_id);
+ − 1776
elseif($paths->pages[$i]['name'] == $page_id) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1777
elseif(strtolower($paths->pages[$i]['urlname_nons']) == strtolower(str_replace(' ', '_', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1778
elseif(strtolower($paths->pages[$i]['name']) == strtolower(str_replace('_', ' ', $page_id))) $final_pid = $paths->pages[$i]['urlname_nons'];
+ − 1779
if(isset($final_pid)) { $_POST['name'] = $paths->pages[$i]['name']; $_POST['urlname'] = $paths->pages[$i]['urlname_nons']; }
+ − 1780
}
+ − 1781
}
+ − 1782
if(!isset($final_pid)) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1783
$_POST['namespace'] = $ns;
+ − 1784
$_POST['page_id'] = $final_pid;
+ − 1785
if(!isset($paths->pages[$paths->nslist[$_POST['namespace']].$_POST['urlname']])) { echo 'The page you searched for cannot be found. <a href="#" onclick="ajaxPage(\''.$paths->nslist['Admin'].'PageManager\'); return false;">Back</a>'; return false; }
+ − 1786
}
+ − 1787
+ − 1788
if(isset($_POST['page_id']) && !isset($_POST['cancel']))
+ − 1789
{
+ − 1790
echo '<form name="main" action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 1791
if(!isset($_POST['content']) || isset($_POST['revert'])) $content = RenderMan::getPage($_POST['page_id'], $_POST['namespace'], 0, false, false, false, false);
+ − 1792
else $content = $_POST['content'];
+ − 1793
if(isset($_POST['save']))
+ − 1794
{
+ − 1795
$data = $content;
+ − 1796
$id = md5( microtime() . mt_rand() );
+ − 1797
+ − 1798
$minor = isset($_POST['minor']) ? 'true' : 'false';
316
+ − 1799
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$db->escape($data).'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
0
+ − 1800
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 1801
+ − 1802
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
+ − 1803
$e = $db->sql_query($query);
+ − 1804
if(!$e) echo '<div class="warning-box">The page data could not be saved. MySQL said: '.mysql_error().'<br /><br />Query:<br /><pre>'.$query.'</pre></div>';
+ − 1805
else echo '<div class="info-box">Your page has been saved. <a href="'.makeUrlNS($_POST['namespace'], $_POST['page_id']).'">View page...</a></div>';
+ − 1806
} elseif(isset($_POST['preview'])) {
+ − 1807
echo '<h3>Preview</h3><p><b>Reminder:</b> This is only a preview; your changes to this page have not yet been saved.</p><div style="margin: 1em; padding: 10px; border: 1px dashed #606060; background-color: #F8F8F8; max-height: 200px; overflow: auto;">'.RenderMan::render($content).'</div>';
+ − 1808
}
+ − 1809
?>
+ − 1810
<p>
+ − 1811
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
316
+ − 1812
Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo htmlspecialchars($_POST['summary']); ?>" size="40" /><br />
0
+ − 1813
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
+ − 1814
</p>
+ − 1815
<p>
316
+ − 1816
<input type="hidden" name="page_id" value="<?php echo htmlspecialchars($_POST['page_id']); ?>" />
+ − 1817
<input type="hidden" name="namespace" value="<?php echo htmlspecialchars($_POST['namespace']); ?>" />
0
+ − 1818
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
+ − 1819
</p>
+ − 1820
<?php
+ − 1821
echo '</form>';
+ − 1822
} else {
+ − 1823
echo '<h3>Please select a page</h3>';
+ − 1824
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
+ − 1825
?>
+ − 1826
<p>Search for page title (remember prefixes like User: and File:) <?php echo $template->pagename_field('page_url'); ?> <input type="submit" style="font-weight: bold;" name="search" value="Search" /></p>
+ − 1827
<p>Select page title from a list: <select name="page_force_url">
+ − 1828
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1829
for ( $i = 0; $i < sizeof($paths->pages) / 2; $i++ )
0
+ − 1830
{
+ − 1831
if($paths->pages[$i]['namespace'] != 'Admin' && $paths->pages[$i]['namespace'] != 'Special') echo '<option value="'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['urlname_nons'].'">'.$paths->nslist[$paths->pages[$i]['namespace']].$paths->pages[$i]['name'].'</option>'."\n";
+ − 1832
}
+ − 1833
?>
+ − 1834
</select> <input type="submit" name="select" value="Select" /></p>
+ − 1835
<?php
+ − 1836
echo '</form>';
+ − 1837
}
+ − 1838
}
+ − 1839
+ − 1840
function page_Admin_ThemeManager()
+ − 1841
{
+ − 1842
+ − 1843
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1844
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 1845
{
+ − 1846
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 1847
return;
+ − 1848
}
+ − 1849
+ − 1850
+ − 1851
// Get the list of styles in the themes/ dir
+ − 1852
$h = opendir('./themes');
+ − 1853
$l = Array();
+ − 1854
if(!$h) die('Error opening directory "./themes" for reading.');
+ − 1855
while(false !== ($n = readdir($h))) {
+ − 1856
if($n != '.' && $n != '..' && is_dir('./themes/'.$n))
+ − 1857
$l[] = $n;
+ − 1858
}
+ − 1859
closedir($h);
+ − 1860
echo('
+ − 1861
<h3>Theme Management</h3>
+ − 1862
<p>Install, uninstall, and manage Enano themes.</p>
+ − 1863
');
+ − 1864
if(isset($_POST['disenable'])) {
+ − 1865
$q = 'SELECT enabled FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1866
$s = $db->sql_query($q);
+ − 1867
if(!$s) die('Error selecting enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1868
$r = $db->fetchrow_num($s);
+ − 1869
$db->free_result();
+ − 1870
if($r[0] == 1) $e = 0;
+ − 1871
else $e = 1;
+ − 1872
$s=true;
+ − 1873
if($e==0)
+ − 1874
{
+ − 1875
$c = $db->sql_query('SELECT * FROM '.table_prefix.'themes WHERE enabled=1');
+ − 1876
if(!$c) $db->_die('The backup check for having at least on theme enabled failed.');
+ − 1877
if($db->numrows() <= 1) { echo '<div class="warning-box">You cannot disable the last remaining theme.</div>'; $s=false; }
+ − 1878
}
+ − 1879
$db->free_result();
+ − 1880
if($s) {
+ − 1881
$q = 'UPDATE '.table_prefix.'themes SET enabled='.$e.' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1882
$a = $db->sql_query($q);
+ − 1883
if(!$a) die('Error updating enabled/disabled state value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1884
else echo('<div class="info-box">The theme "'.$_POST['theme_id'].'" has been '. ( ( $e == '1' ) ? 'enabled' : 'disabled' ).'.</div>');
+ − 1885
}
+ − 1886
}
+ − 1887
elseif(isset($_POST['edit'])) {
+ − 1888
+ − 1889
$dir = './themes/'.$_POST['theme_id'].'/css/';
+ − 1890
$list = Array();
+ − 1891
// Open a known directory, and proceed to read its contents
+ − 1892
if (is_dir($dir)) {
+ − 1893
if ($dh = opendir($dir)) {
+ − 1894
while (($file = readdir($dh)) !== false) {
+ − 1895
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') {
+ − 1896
$list[$file] = capitalize_first_letter(substr($file, 0, strlen($file)-4));
+ − 1897
}
+ − 1898
}
+ − 1899
closedir($dh);
+ − 1900
}
+ − 1901
}
+ − 1902
$lk = array_keys($list);
+ − 1903
+ − 1904
$q = 'SELECT theme_name,default_style FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1905
$s = $db->sql_query($q);
+ − 1906
if(!$s) die('Error selecting name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1907
$r = $db->fetchrow_num($s);
+ − 1908
$db->free_result();
+ − 1909
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">');
+ − 1910
echo('<div class="question-box">
+ − 1911
Theme name displayed to users: <input type="text" name="name" value="'.$r[0].'" /><br /><br />
+ − 1912
Default stylesheet: <select name="defaultcss">');
+ − 1913
foreach ($lk as $l)
+ − 1914
{
+ − 1915
if($r[1] == $l) $v = ' selected="selected"';
+ − 1916
else $v = '';
+ − 1917
echo "<option value='{$l}'$v>{$list[$l]}</option>";
+ − 1918
}
+ − 1919
echo('</select><br /><br />
+ − 1920
<input type="submit" name="editsave" value="OK" /><input type="hidden" name="theme_id" value="'.$_POST['theme_id'].'" />
+ − 1921
</div>');
+ − 1922
echo('</form>');
+ − 1923
}
+ − 1924
elseif(isset($_POST['editsave'])) {
+ − 1925
$q = 'UPDATE '.table_prefix.'themes SET theme_name=\'' . $db->escape($_POST['name']) . '\',default_style=\''.$db->escape($_POST['defaultcss']).'\' WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1926
$s = $db->sql_query($q);
+ − 1927
if(!$s) die('Error updating name value: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1928
else echo('<div class="info-box">Theme data updated.</div>');
+ − 1929
}
+ − 1930
elseif(isset($_POST['up'])) {
+ − 1931
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1932
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1933
$s = $db->sql_query($q);
+ − 1934
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1935
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1936
$sn = $db->sql_query($q);
+ − 1937
if(!$sn) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1938
$r = $db->fetchrow_num($sn);
+ − 1939
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == 1 /* ...and check if this theme is already at the top */ ) { echo('<div class="warning-box">This theme is already at the top of the list, or there is only one theme installed.</div>'); } else {
+ − 1940
// Get the order IDs of the selected theme and the theme before it
+ − 1941
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\'' . $db->escape($_POST['theme_id']) . '\'';
+ − 1942
$s = $db->sql_query($q);
+ − 1943
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1944
$r = $db->fetchrow_num($s);
+ − 1945
$r = $r[0];
+ − 1946
$rb = $r - 1;
+ − 1947
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1948
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1949
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1950
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1951
echo('<div class="info-box">Theme moved up.</div>');
+ − 1952
}
+ − 1953
$db->free_result($s);
+ − 1954
$db->free_result($sn);
+ − 1955
}
+ − 1956
elseif(isset($_POST['down'])) {
+ − 1957
// If there is only one theme or if the selected theme is already at the top, do nothing
+ − 1958
$q = 'SELECT theme_order FROM '.table_prefix.'themes ORDER BY theme_order;';
+ − 1959
$s = $db->sql_query($q);
+ − 1960
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1961
$r = $db->fetchrow_num($s);
+ − 1962
if( /* check for only one theme... */ $db->numrows($s) < 2 || $r[0] == $db->numrows($s) /* ...and check if this theme is already at the bottom */ ) { echo('<div class="warning-box">This theme is already at the bottom of the list, or there is only one theme installed.</div>'); } else {
+ − 1963
// Get the order IDs of the selected theme and the theme before it
+ − 1964
$q = 'SELECT theme_order FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\'';
+ − 1965
$s = $db->sql_query($q);
+ − 1966
if(!$s) die('Error selecting order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1967
$r = $db->fetchrow_num($s);
+ − 1968
$r = $r[0];
+ − 1969
$rb = $r + 1;
+ − 1970
// Thank God for jEdit's rectangular selection and the ablity to edit multiple lines at the same time ;)
+ − 1971
$q = 'UPDATE '.table_prefix.'themes SET theme_order=0 WHERE theme_order='.$rb.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1972
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$rb.' WHERE theme_order='.$r.''; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1973
$q = 'UPDATE '.table_prefix.'themes SET theme_order='.$r.' WHERE theme_order=0'; /* Check for errors... <sigh> */ $s = $db->sql_query($q); if(!$s) die('Error updating order information: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1974
echo('<div class="info-box">Theme moved down.</div>');
+ − 1975
}
+ − 1976
}
+ − 1977
else if(isset($_POST['uninstall']))
+ − 1978
{
+ − 1979
$q = 'SELECT * FROM '.table_prefix.'themes;';
+ − 1980
$s = $db->sql_query($q);
+ − 1981
if ( !$s )
+ − 1982
{
+ − 1983
die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 1984
}
+ − 1985
$n = $db->numrows($s);
+ − 1986
$db->free_result();
+ − 1987
+ − 1988
if ( $_POST['theme_id'] == 'oxygen' )
+ − 1989
{
+ − 1990
echo '<div class="error-box">The Oxygen theme is used by Enano for installation, upgrades, and error messages, and cannot be uninstalled.</div>';
+ − 1991
}
+ − 1992
else
+ − 1993
{
+ − 1994
if($n < 2)
+ − 1995
{
+ − 1996
echo '<div class="error-box">The theme could not be uninstalled because it is the only theme left.</div>';
+ − 1997
}
+ − 1998
else
+ − 1999
{
+ − 2000
$q = 'DELETE FROM '.table_prefix.'themes WHERE theme_id=\''.$db->escape($_POST['theme_id']).'\' LIMIT 1;';
+ − 2001
$s = $db->sql_query($q);
+ − 2002
if ( !$s )
+ − 2003
{
+ − 2004
die('Error deleting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 2005
}
+ − 2006
else
+ − 2007
{
+ − 2008
echo('<div class="info-box">Theme uninstalled.</div>');
+ − 2009
}
+ − 2010
}
+ − 2011
}
+ − 2012
}
+ − 2013
elseif(isset($_POST['install'])) {
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2014
$q = 'SELECT theme_id FROM '.table_prefix.'themes;';
0
+ − 2015
$s = $db->sql_query($q);
+ − 2016
if(!$s) die('Error getting theme count: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
+ − 2017
$n = $db->numrows($s);
+ − 2018
$n++;
+ − 2019
$theme_id = $_POST['theme_id'];
+ − 2020
$theme = Array();
+ − 2021
include('./themes/'.$theme_id.'/theme.cfg');
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2022
if ( !isset($theme['theme_id']) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2023
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2024
echo '<div class="error-box">Could not load theme.cfg (theme metadata file)</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2025
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2026
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2027
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2028
$default_style = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2029
if ( $dh = opendir('./themes/' . $theme_id . '/css') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2030
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2031
while ( $file = readdir($dh) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2032
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2033
if ( $file != '_printable.css' && preg_match('/\.css$/i', $file) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2034
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2035
$default_style = $file;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2036
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2037
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2038
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2039
closedir($dh);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2040
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2041
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2042
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2043
die('The /css subdirectory could not be located in the theme\'s directory');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2044
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2045
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2046
if ( $default_style )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2047
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2048
$q = 'INSERT INTO '.table_prefix.'themes(theme_id,theme_name,theme_order,enabled,default_style) VALUES(\''.$db->escape($theme['theme_id']).'\', \''.$db->escape($theme['theme_name']).'\', '.$n.', 1, \'' . $db->escape($default_style) . '\')';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2049
$s = $db->sql_query($q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2050
if(!$s) die('Error inserting theme data: '.mysql_error().'<br /><u>SQL:</u><br />'.$q);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2051
else echo('<div class="info-box">Theme "'.$theme['theme_name'].'" installed.</div>');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2052
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2053
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2054
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2055
echo '<div class="error-box">Could not determine the default style for the theme.</div>';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2056
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 2057
}
0
+ − 2058
}
+ − 2059
echo('
+ − 2060
<h3>Currently installed themes</h3>
+ − 2061
<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
+ − 2062
<p>
+ − 2063
<select name="theme_id">
+ − 2064
');
+ − 2065
$q = 'SELECT theme_id,theme_name,enabled FROM '.table_prefix.'themes ORDER BY theme_order';
+ − 2066
$s = $db->sql_query($q);
+ − 2067
if(!$s) die('Error selecting theme data: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 2068
while ( $r = $db->fetchrow_num($s) ) {
+ − 2069
if($r[2] < 1) $r[1] .= ' (disabled)';
+ − 2070
echo('<option value="'.$r[0].'">'.$r[1].'</option>');
+ − 2071
}
+ − 2072
$db->free_result();
+ − 2073
echo('
+ − 2074
</select> <input type="submit" name="disenable" value="Enable/Disable" /> <input type="submit" name="edit" value="Change settings" /> <input type="submit" name="up" value="Move up" /> <input type="submit" name="down" value="Move down" /> <input type="submit" name="uninstall" value="Uninstall" style="color: #DD3300; font-weight: bold;" />
+ − 2075
</p>
+ − 2076
</form>
+ − 2077
<h3>Install a new theme</h3>
+ − 2078
');
+ − 2079
$theme = Array();
+ − 2080
$obb = '';
+ − 2081
for($i=0;$i<sizeof($l);$i++) {
+ − 2082
if(is_file('./themes/'.$l[$i].'/theme.cfg') && file_exists('./themes/'.$l[$i].'/theme.cfg')) {
+ − 2083
include('./themes/'.$l[$i].'/theme.cfg');
+ − 2084
$q = 'SELECT * FROM '.table_prefix.'themes WHERE theme_id=\''.$theme['theme_id'].'\'';
+ − 2085
$s = $db->sql_query($q);
+ − 2086
if(!$s) die('Error selecting list of currently installed themes: '.mysql_error().'<br /><u>Attempted SQL:</u><br />'.$q);
+ − 2087
if($db->numrows($s) < 1) {
+ − 2088
$obb .= '<option value="'.$theme['theme_id'].'">'.$theme['theme_name'].'</option>';
+ − 2089
}
+ − 2090
$db->free_result();
+ − 2091
}
+ − 2092
}
+ − 2093
if($obb != '') {
+ − 2094
echo('<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post"><p>');
+ − 2095
echo('<select name="theme_id">');
+ − 2096
echo($obb);
+ − 2097
echo('</select>');
+ − 2098
echo('
+ − 2099
<input type="submit" name="install" value="Install this theme" />
+ − 2100
</p></form>');
+ − 2101
} else echo('<p>All themes are currently installed.</p>');
+ − 2102
}
+ − 2103
+ − 2104
function page_Admin_BanControl()
+ − 2105
{
+ − 2106
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2107
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2108
{
+ − 2109
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2110
return;
+ − 2111
}
+ − 2112
+ − 2113
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
+ − 2114
{
+ − 2115
$e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ − 2116
if(!$e) $db->_die('The ban list entry was not deleted.');
+ − 2117
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2118
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
0
+ − 2119
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2120
$type = intval($_POST['type']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2121
$value = trim($_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2122
if ( !in_array($type, array(BAN_IP, BAN_USER, BAN_EMAIL)) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2123
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2124
echo '<div class="error-box">Hacking attempt.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2125
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2126
else if ( empty($value) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2127
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2128
echo '<div class="error-box">Please enter something to ban.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2129
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2130
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2131
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2132
$entries = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2133
$input = explode(',', $_POST['value']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2134
$error = false;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2135
foreach ( $input as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2136
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2137
$entry = trim($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2138
if ( empty($entry) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2139
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2140
echo '<div class="error-box">Malformed entry.</div>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2141
$error = true;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2142
break;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2143
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2144
if ( $type == BAN_IP )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2145
{
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2146
if ( !isset($_POST['regex']) )
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2147
{
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2148
// as of 1.0.2 parsing is done at runtime
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2149
$entries[] = $entry;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2150
}
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2151
else
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2152
{
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2153
$entries[] = $entry;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2154
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2155
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2156
else
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2157
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2158
$entries[] = $entry;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2159
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2160
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2161
if ( !$error )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2162
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2163
$regex = ( isset($_POST['regex']) ) ? '1' : '0';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2164
$to_insert = array();
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2165
$reason = $db->escape($_POST['reason']);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2166
foreach ( $entries as $entry )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2167
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2168
$entry = $db->escape($entry);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2169
$to_insert[] = "($type, '$entry', '$reason', $regex)";
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2170
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2171
$q = 'INSERT INTO '.table_prefix."banlist(ban_type, ban_value, reason, is_regex)\n VALUES" . implode(",\n ", $to_insert) . ';';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2172
@set_time_limit(0);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2173
$e = $db->sql_query($q);
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2174
if(!$e) $db->_die('The banlist could not be updated.');
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2175
}
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2176
}
0
+ − 2177
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2178
else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2179
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2180
echo '<div class="error-box">This function is disabled in the demo. Just because <i>you</i> don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean <i>we</i> don\'t like ' . htmlspecialchars($_POST['value']) . '.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2181
}
0
+ − 2182
$q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;');
+ − 2183
if(!$q) $db->_die('The banlist data could not be selected.');
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2184
echo '<div class="tblholder" style="max-height: 800px; clip: rect(0px,auto,auto,0px); overflow: auto;">
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2185
<table border="0" cellspacing="1" cellpadding="4">';
0
+ − 2186
echo '<tr><th>Type</th><th>Value</th><th>Regular Expression</th><th></th></tr>';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2187
if($db->numrows() < 1) echo '<td class="row1" colspan="4">No ban rules yet.</td>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2188
$cls = 'row2';
0
+ − 2189
while($r = $db->fetchrow())
+ − 2190
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2191
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
0
+ − 2192
if($r['ban_type']==BAN_IP) $t = 'IP address';
+ − 2193
elseif($r['ban_type']==BAN_USER) $t = 'Username';
+ − 2194
elseif($r['ban_type']==BAN_EMAIL) $t = 'E-mail address';
+ − 2195
if($r['is_regex']) $g = 'Yes'; else $g = 'No';
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2196
echo '<tr><td class="'.$cls.'">'.$t.'</td><td class="'.$cls.'">'.$r['ban_value'].'</td><td class="'.$cls.'">'.$g.'</td><td class="'.$cls.'"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'BanControl&action=delete&id='.$r['ban_id']).'">Delete</a></td></tr>';
0
+ − 2197
}
+ − 2198
$db->free_result();
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2199
echo '</table></div>';
0
+ − 2200
echo '<h3>Create new ban rule</h3>';
+ − 2201
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2202
?>
+ − 2203
Type: <select name="type"><option value="<?php echo BAN_IP; ?>">IP address</option><option value="<?php echo BAN_USER; ?>">Username</option><option value="<?php echo BAN_EMAIL; ?>">E-mail address</option></select><br />
+ − 2204
Rule: <input type="text" name="value" size="30" /><br />
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 2205
<small>You can ban multiple IP addresses, users, or e-mail addresses by separating entries with a single comma (User1,User2). Do not put a space after the comma. For IP addresses, you may specify ranges like 172|192.168.4-30|90-167.1-90, which will turn into 172 and 192 . 168 . 4-30 and 90-167 . 1 - 90, which matches 18,899 IP addresses.</small><br />
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 2206
Reason to show to the banned user: <textarea name="reason" rows="7" cols="40"></textarea><br />
0
+ − 2207
<input type="checkbox" name="regex" id="regex" /> <label for="regex">This rule is a regular expression</label> (advanced users only)<br />
+ − 2208
<input type="submit" style="font-weight: bold;" name="create" value="Create new ban rule" />
+ − 2209
<?php
+ − 2210
echo '</form>';
+ − 2211
}
+ − 2212
+ − 2213
function page_Admin_MassEmail()
+ − 2214
{
+ − 2215
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2216
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2217
{
+ − 2218
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2219
return;
+ − 2220
}
+ − 2221
+ − 2222
global $enano_config;
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2223
if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
0
+ − 2224
{
+ − 2225
$use_smtp = getConfig('smtp_enabled') == '1';
+ − 2226
+ − 2227
//
+ − 2228
// Let's do some checking to make sure that mass mail functions
+ − 2229
// are working in win32 versions of php. (copied from phpBB)
+ − 2230
//
+ − 2231
if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$use_smtp)
+ − 2232
{
+ − 2233
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
+ − 2234
+ − 2235
// We are running on windows, force delivery to use our smtp functions
+ − 2236
// since php's are broken by default
+ − 2237
$use_smtp = true;
+ − 2238
$enano_config['smtp_server'] = @$ini_val('SMTP');
+ − 2239
}
+ − 2240
+ − 2241
$mail = new emailer( !empty($use_smtp) );
+ − 2242
+ − 2243
// Validate subject/message body
+ − 2244
$subject = stripslashes(trim($_POST['subject']));
+ − 2245
$message = stripslashes(trim($_POST['message']));
+ − 2246
+ − 2247
if ( empty($subject) )
+ − 2248
$errors[] = 'Please enter a subject.';
+ − 2249
if ( empty($message) )
+ − 2250
$errors[] = 'Please enter a message.';
+ − 2251
+ − 2252
// Get list of members
+ − 2253
if ( !empty($_POST['userlist']) )
+ − 2254
{
+ − 2255
$userlist = str_replace(', ', ',', $_POST['userlist']);
+ − 2256
$userlist = explode(',', $userlist);
+ − 2257
foreach ( $userlist as $k => $u )
+ − 2258
{
+ − 2259
if ( $u == $session->username )
+ − 2260
{
+ − 2261
// Message is automatically sent to the sender
+ − 2262
unset($userlist[$k]);
+ − 2263
}
+ − 2264
else
+ − 2265
{
+ − 2266
$userlist[$k] = $db->escape($u);
+ − 2267
}
+ − 2268
}
+ − 2269
$userlist = 'WHERE username=\'' . implode('\' OR username=\'', $userlist) . '\'';
+ − 2270
+ − 2271
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users ' . $userlist . ';');
+ − 2272
if ( !$q )
+ − 2273
$db->_die();
+ − 2274
+ − 2275
if ( $row = $db->fetchrow() )
+ − 2276
{
+ − 2277
do {
+ − 2278
$mail->cc($row['email']);
+ − 2279
} while ( $row = $db->fetchrow() );
+ − 2280
}
+ − 2281
+ − 2282
$db->free_result();
+ − 2283
+ − 2284
}
+ − 2285
else
+ − 2286
{
+ − 2287
// Sending to a usergroup
+ − 2288
+ − 2289
$group_id = intval($_POST['group_id']);
+ − 2290
if ( $group_id < 1 )
+ − 2291
{
+ − 2292
$errors[] = 'Invalid group ID';
+ − 2293
}
+ − 2294
else
+ − 2295
{
+ − 2296
$q = $db->sql_query('SELECT u.email FROM '.table_prefix.'group_members AS g
+ − 2297
LEFT JOIN '.table_prefix.'users AS u
+ − 2298
ON (u.user_id=g.user_id)
+ − 2299
WHERE g.group_id=' . $group_id . ';');
+ − 2300
if ( !$q )
+ − 2301
$db->_die();
+ − 2302
+ − 2303
if ( $row = $db->fetchrow() )
+ − 2304
{
+ − 2305
do {
+ − 2306
$mail->cc($row['email']);
+ − 2307
} while ( $row = $db->fetchrow() );
+ − 2308
}
+ − 2309
+ − 2310
$db->free_result();
+ − 2311
}
+ − 2312
}
+ − 2313
+ − 2314
if ( sizeof($errors) < 1 )
+ − 2315
{
+ − 2316
+ − 2317
$mail->from(getConfig('contact_email'));
+ − 2318
$mail->replyto(getConfig('contact_email'));
+ − 2319
$mail->set_subject($subject);
+ − 2320
$mail->email_address(getConfig('contact_email'));
+ − 2321
+ − 2322
// Copied/modified from phpBB
+ − 2323
$email_headers = 'X-AntiAbuse: Website server name - ' . $_SERVER['SERVER_NAME'] . "\n";
+ − 2324
$email_headers .= 'X-AntiAbuse: User_id - ' . $session->user_id . "\n";
+ − 2325
$email_headers .= 'X-AntiAbuse: Username - ' . $session->username . "\n";
+ − 2326
$email_headers .= 'X-AntiAbuse: User IP - ' . $_SERVER['REMOTE_ADDR'] . "\n";
+ − 2327
+ − 2328
$mail->extra_headers($email_headers);
+ − 2329
+ − 2330
$tpl = 'The following message was mass-mailed by {SENDER}, one of the administrators from {SITE_NAME}. If this message contains spam or any comments which you find abusive or offensive, please contact the administration team at:
+ − 2331
+ − 2332
{CONTACT_EMAIL}
+ − 2333
+ − 2334
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ − 2335
{MESSAGE}
+ − 2336
';
+ − 2337
+ − 2338
$mail->use_template($tpl);
+ − 2339
+ − 2340
$mail->assign_vars(array(
+ − 2341
'SENDER' => $session->username,
+ − 2342
'SITE_NAME' => getConfig('site_name'),
+ − 2343
'CONTACT_EMAIL' => getConfig('contact_email'),
+ − 2344
'MESSAGE' => $message
+ − 2345
));
+ − 2346
+ − 2347
//echo '<pre>'.print_r($mail,true).'</pre>';
+ − 2348
+ − 2349
// All done
+ − 2350
$mail->send();
+ − 2351
$mail->reset();
+ − 2352
+ − 2353
echo '<div class="info-box">Your message has been sent.</div>';
+ − 2354
+ − 2355
}
+ − 2356
else
+ − 2357
{
+ − 2358
echo '<div class="warning-box">Could not send message for the following reason(s):<ul><li>' . implode('</li><li>', $errors) . '</li></ul></div>';
+ − 2359
}
+ − 2360
+ − 2361
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2362
else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2363
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2364
echo '<div class="error-box">This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2365
}
0
+ − 2366
echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">';
+ − 2367
?>
+ − 2368
<div class="tblholder">
+ − 2369
<table border="0" cellspacing="1" cellpadding="4">
+ − 2370
<tr>
+ − 2371
<th colspan="2">Send mass e-mail</th>
+ − 2372
</tr>
+ − 2373
<tr>
+ − 2374
<td class="row2" rowspan="2" style="width: 30%; min-width: 200px;">
+ − 2375
Send message to:<br />
+ − 2376
<small>
+ − 2377
By default, this message will be sent to the group selected here. You may instead send the message to a specific
+ − 2378
list of users by entering them in the second row, with usernames separated by a single comma (no space).
+ − 2379
</small>
+ − 2380
</td>
+ − 2381
<td class="row1">
+ − 2382
<select name="group_id">
+ − 2383
<?php
+ − 2384
$q = $db->sql_query('SELECT group_name,group_id FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 2385
if ( !$q )
+ − 2386
$db->_die();
+ − 2387
while ( $row = $db->fetchrow() )
+ − 2388
{
+ − 2389
echo '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
+ − 2390
}
+ − 2391
?>
+ − 2392
</select>
+ − 2393
</td>
+ − 2394
</tr>
+ − 2395
<tr>
+ − 2396
<td class="row1">
+ − 2397
Usernames: <input type="text" name="userlist" size="50" />
+ − 2398
</td>
+ − 2399
</tr>
+ − 2400
<tr>
+ − 2401
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2402
Subject:
+ − 2403
</td>
+ − 2404
<td class="row1">
+ − 2405
<input name="subject" type="text" size="50" />
+ − 2406
</td>
+ − 2407
</tr>
+ − 2408
<tr>
+ − 2409
<td class="row2" style="width: 30%; min-width: 200px;">
+ − 2410
Message:
+ − 2411
</td>
+ − 2412
<td class="row1">
+ − 2413
<textarea name="message" rows="30" cols="60" style="width: 100%;"></textarea>
+ − 2414
</td>
+ − 2415
</tr>
+ − 2416
<tr>
+ − 2417
<th class="subhead" colspan="2" style="text-align: left;" valign="middle">
+ − 2418
<div style="float: right;"><input type="submit" name="do_send" value="Send message" /></div>
+ − 2419
<small style="font-weight: normal;">Please be warned: it may take a LONG time to send this message. <b>Please do not stop the script until the process is finished.</b></small>
+ − 2420
</th>
+ − 2421
</tr>
+ − 2422
+ − 2423
</table>
+ − 2424
</div>
+ − 2425
<?php
+ − 2426
echo '</form>';
+ − 2427
}
+ − 2428
+ − 2429
function page_Admin_DBBackup()
+ − 2430
{
+ − 2431
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2432
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2433
{
+ − 2434
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2435
return;
+ − 2436
}
+ − 2437
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2438
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2439
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2440
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2441
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2442
0
+ − 2443
global $system_table_list;
+ − 2444
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes')
+ − 2445
{
+ − 2446
+ − 2447
if(defined('SQL_BACKUP_CRYPT'))
+ − 2448
// Try to increase our time limit
+ − 2449
@set_time_limit(300); // five minutes
+ − 2450
// Do the actual export
+ − 2451
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2452
$filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext;
0
+ − 2453
ob_start();
+ − 2454
header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 2455
header('Content-type: application/transact-sql');
+ − 2456
// Spew some headers
+ − 2457
$headdate = date('F d, Y \a\t h:i a');
+ − 2458
echo <<<HEADER
+ − 2459
-- Enano CMS SQL backup
+ − 2460
-- Generated on {$headdate} by {$session->username}
+ − 2461
+ − 2462
HEADER;
+ − 2463
// build the table list
+ − 2464
$base = ( isset($_POST['do_system_tables']) ) ? $system_table_list : Array();
+ − 2465
$add = ( isset($_POST['additional_tables'])) ? $_POST['additional_tables'] : Array();
+ − 2466
$tables = array_merge($base, $add);
+ − 2467
+ − 2468
// Log it!
+ − 2469
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')');
+ − 2470
if ( !$e )
+ − 2471
$db->_die();
+ − 2472
+ − 2473
foreach($tables as $i => $t)
+ − 2474
{
+ − 2475
if(!preg_match('#^([a-z0-9_]+)$#i', $t))
+ − 2476
die('Hacking attempt');
+ − 2477
// if($t == table_prefix.'files' && isset($_POST['do_data']))
+ − 2478
// unset($tables[$i]);
+ − 2479
}
+ − 2480
foreach($tables as $t)
+ − 2481
{
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2482
// THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0.
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2483
// Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables.
0
+ − 2484
// If encryption is enabled the log data will be excluded too.
+ − 2485
echo export_table(
+ − 2486
$t,
+ − 2487
isset($_POST['do_struct']),
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2488
( isset($_POST['do_data']) ),
0
+ − 2489
false
+ − 2490
) . "\n";
+ − 2491
}
+ − 2492
$data = ob_get_contents();
+ − 2493
ob_end_clean();
+ − 2494
if(defined('SQL_BACKUP_CRYPT'))
+ − 2495
{
+ − 2496
// Free some memory, we don't need this stuff any more
+ − 2497
$db->close();
+ − 2498
unset($paths, $db, $template, $plugins);
+ − 2499
$tea = new TEACrypt();
+ − 2500
$data = $tea->encrypt($data, $session->private_key);
+ − 2501
}
+ − 2502
header('Content-length: '.strlen($data));
+ − 2503
echo $data;
+ − 2504
exit;
+ − 2505
}
+ − 2506
else
+ − 2507
{
+ − 2508
// Show the UI
+ − 2509
echo '<form action="'.makeUrlNS('Admin', 'DBBackup', 'submitting=yes', true).'" method="post" enctype="multipart/form-data">';
+ − 2510
?>
+ − 2511
<p>This page allows you to back up your Enano database should something go miserably wrong.</p>
+ − 2512
<p><label><input type="checkbox" name="do_system_tables" checked="checked" /> Export tables that are part of the Enano core</label><p>
+ − 2513
<p>Additional tables to export:</p>
+ − 2514
<p><select name="additional_tables[]" multiple="multiple">
+ − 2515
<?php
+ − 2516
$q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ − 2517
while($row = $db->fetchrow_num())
+ − 2518
{
+ − 2519
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';
+ − 2520
}
+ − 2521
?>
+ − 2522
</select>
+ − 2523
</p>
+ − 2524
<p><label><input type="checkbox" name="do_struct" checked="checked" /> Include table structure</label><br />
+ − 2525
<label><input type="checkbox" name="do_data" checked="checked" /> Include table data</label>
+ − 2526
</p>
+ − 2527
<p><input type="submit" value="Create backup" /></p>
+ − 2528
<?php
+ − 2529
echo '</form>';
+ − 2530
}
+ − 2531
}
+ − 2532
+ − 2533
function page_Admin_AdminLogout()
+ − 2534
{
+ − 2535
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2536
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 2537
{
+ − 2538
echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ − 2539
return;
+ − 2540
}
+ − 2541
+ − 2542
$session->logout(USER_LEVEL_ADMIN);
+ − 2543
echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
+ − 2544
}
+ − 2545
+ − 2546
function page_Special_Administration()
+ − 2547
{
+ − 2548
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2549
+ − 2550
if($session->auth_level < USER_LEVEL_ADMIN) {
+ − 2551
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ − 2552
exit;
+ − 2553
}
+ − 2554
else
+ − 2555
{
+ − 2556
$template->load_theme('admin', 'default');
+ − 2557
$template->init_vars();
+ − 2558
if( !isset( $_GET['noheaders'] ) )
+ − 2559
{
+ − 2560
$template->header();
+ − 2561
}
+ − 2562
echo 'Administer your Enano website.';
+ − 2563
?>
+ − 2564
<script type="text/javascript">
+ − 2565
function ajaxPage(t)
+ − 2566
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2567
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2568
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2569
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2570
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2571
}
0
+ − 2572
if ( t == namespace_list.Admin + 'AdminLogout' )
+ − 2573
{
+ − 2574
var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ − 2575
mb.onclick['Yes'] = function() {
+ − 2576
var tigraentry = document.getElementById('i_div0_0').parentNode;
+ − 2577
var tigraobj = $(tigraentry);
+ − 2578
var div = document.createElement('div');
+ − 2579
div.style.backgroundColor = '#FFFFFF';
+ − 2580
domObjChangeOpac(70, div);
+ − 2581
div.style.position = 'absolute';
+ − 2582
var top = tigraobj.Top();
+ − 2583
var left = tigraobj.Left();
+ − 2584
var width = tigraobj.Width();
+ − 2585
var height = tigraobj.Height();
+ − 2586
div.style.top = top + 'px';
+ − 2587
div.style.left = left + 'px';
+ − 2588
div.style.width = width + 'px';
+ − 2589
div.style.height = height + 'px';
+ − 2590
var body = document.getElementsByTagName('body')[0];
+ − 2591
enlighten(true);
+ − 2592
body.appendChild(div);
+ − 2593
ajaxPageBin(namespace_list.Admin + 'AdminLogout');
+ − 2594
}
+ − 2595
return;
+ − 2596
}
+ − 2597
ajaxPageBin(t);
+ − 2598
}
+ − 2599
function ajaxPageBin(t)
+ − 2600
{
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2601
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2602
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2603
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2604
return false;
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2605
}
0
+ − 2606
document.getElementById('ajaxPageContainer').innerHTML = '<div class="wait-box">Loading page...</div>';
+ − 2607
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title='+t+'&_mode=getpage&noheaders&auth=<?php echo $session->sid_super; ?>', function() {
+ − 2608
if(ajax.readyState == 4) {
+ − 2609
document.getElementById('ajaxPageContainer').innerHTML = ajax.responseText;
+ − 2610
fadeInfoBoxes();
+ − 2611
}
+ − 2612
});
+ − 2613
}
+ − 2614
function _enanoAdminOnload() { ajaxPage('<?php echo $paths->nslist['Admin']; ?>Home'); }
+ − 2615
var TREE_TPL = {
+ − 2616
'target' : '_self', // name of the frame links will be opened in
+ − 2617
// other possible values are: _blank, _parent, _search, _self and _top
+ − 2618
+ − 2619
'icon_e' : '<?php echo scriptPath; ?>/images/icons/empty.gif', // empty image
+ − 2620
'icon_l' : '<?php echo scriptPath; ?>/images/icons/line.gif', // vertical line
+ − 2621
'icon_32' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon normal
+ − 2622
'icon_36' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root leaf icon selected
+ − 2623
'icon_48' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon normal
+ − 2624
'icon_52' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2625
'icon_56' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon opened
+ − 2626
'icon_60' : '<?php echo scriptPath; ?>/images/icons/base.gif', // root icon selected
+ − 2627
'icon_16' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon normal
+ − 2628
'icon_20' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected
+ − 2629
'icon_24' : '<?php echo scriptPath; ?>/images/icons/folder.gif', // node icon opened
+ − 2630
'icon_28' : '<?php echo scriptPath; ?>/images/icons/folderopen.gif', // node icon selected opened
+ − 2631
'icon_0' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon normal
+ − 2632
'icon_4' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2633
'icon_8' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon opened
+ − 2634
'icon_12' : '<?php echo scriptPath; ?>/images/icons/page.gif', // leaf icon selected
+ − 2635
'icon_2' : '<?php echo scriptPath; ?>/images/icons/joinbottom.gif', // junction for leaf
+ − 2636
'icon_3' : '<?php echo scriptPath; ?>/images/icons/join.gif', // junction for last leaf
+ − 2637
'icon_18' : '<?php echo scriptPath; ?>/images/icons/plusbottom.gif', // junction for closed node
+ − 2638
'icon_19' : '<?php echo scriptPath; ?>/images/icons/plus.gif', // junction for last closed node
+ − 2639
'icon_26' : '<?php echo scriptPath; ?>/images/icons/minusbottom.gif',// junction for opened node
+ − 2640
'icon_27' : '<?php echo scriptPath; ?>/images/icons/minus.gif' // junction for last opended node
+ − 2641
};
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 2642
addOnloadHook(keepalive_onload);
0
+ − 2643
<?php
+ − 2644
echo $paths->parseAdminTree(); // Make a Javascript array that defines the tree
+ − 2645
if(!isset($_GET['module'])) { echo 'addOnloadHook(_enanoAdminOnload);'; } ?>
+ − 2646
</script>
+ − 2647
<table border="0" width="100%">
+ − 2648
<tr>
+ − 2649
<td class="holder" valign="top">
+ − 2650
<div class="pad" style="padding-right: 20px;">
+ − 2651
<script type="text/javascript">
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2652
if ( !KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2653
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2654
new tree(TREE_ITEMS, TREE_TPL);
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2655
}
0
+ − 2656
</script>
+ − 2657
</div>
+ − 2658
</td>
+ − 2659
<td width="100%" valign="top">
+ − 2660
<div class="pad" id="ajaxPageContainer">
+ − 2661
<?php
+ − 2662
if(isset($_GET['module']))
+ − 2663
{
+ − 2664
// Look for a namespace prefix in the urlname, and assign a different namespace, if necessary
+ − 2665
$k = array_keys($paths->nslist);
+ − 2666
for ( $i = 0; $i < sizeof($paths->nslist); $i++ )
+ − 2667
{
+ − 2668
$ln = strlen( $paths->nslist[ $k[ $i ] ] );
+ − 2669
if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] )
+ − 2670
{
+ − 2671
$ns = $k[$i];
+ − 2672
$nm = substr($_GET['module'], $ln, strlen($_GET['module']));
+ − 2673
}
+ − 2674
}
+ − 2675
$fname = 'page_'.$ns.'_'.$nm;
+ − 2676
$s = strpos($fname, '?noheaders');
+ − 2677
if($s) $fname = substr($fname, 0, $s);
+ − 2678
$paths->cpage['module'] = $_GET['module'];
+ − 2679
if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' )
+ − 2680
{
+ − 2681
eval($fname.'();');
+ − 2682
}
+ − 2683
}
+ − 2684
else
+ − 2685
{
+ − 2686
echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ − 2687
}
+ − 2688
?>
+ − 2689
</div>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2690
<script type="text/javascript">
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2691
if ( KILL_SWITCH )
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2692
{
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2693
document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2694
}
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2695
</script>
0
+ − 2696
</td>
+ − 2697
</tr>
+ − 2698
</table>
+ − 2699
+ − 2700
<?php
+ − 2701
}
+ − 2702
if(!isset($_GET['noheaders']))
+ − 2703
{
+ − 2704
$template->footer();
+ − 2705
}
+ − 2706
}
+ − 2707
+ − 2708
function page_Special_EditSidebar()
+ − 2709
{
+ − 2710
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2711
+ − 2712
if($session->auth_level < USER_LEVEL_ADMIN)
+ − 2713
{
+ − 2714
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
+ − 2715
exit;
+ − 2716
}
+ − 2717
else
+ − 2718
{
+ − 2719
+ − 2720
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx.js"></script>');
+ − 2721
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/dbx-key.js"></script>');
+ − 2722
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
+ − 2723
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
+ − 2724
+ − 2725
// Knock the sidebars dead to keep javascript in plugins from interfering
+ − 2726
$template->tpl_strings['SIDEBAR_LEFT'] = '';
+ − 2727
$template->tpl_strings['SIDEBAR_RIGHT'] = '';
+ − 2728
+ − 2729
$template->load_theme('oxygen', 'bleu');
+ − 2730
$template->init_vars();
+ − 2731
+ − 2732
$template->header();
+ − 2733
+ − 2734
if(isset($_POST['save']))
+ − 2735
{
+ − 2736
// Write the new block order to the database
+ − 2737
// The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe...
+ − 2738
// Anyone know a better way to do this?
+ − 2739
$q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 2740
if ( !$q )
+ − 2741
{
+ − 2742
$db->_die('The sidebar order data could not be selected.');
+ − 2743
}
+ − 2744
$orders = Array();
+ − 2745
while($row = $db->fetchrow())
+ − 2746
{
+ − 2747
$orders[] = Array(
+ − 2748
count($orders),
+ − 2749
$row['item_id'],
+ − 2750
$row['sidebar_id'],
+ − 2751
);
+ − 2752
}
+ − 2753
$db->free_result();
+ − 2754
+ − 2755
// We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries.
+ − 2756
$ol = explode(',', $_POST['order_left']);
+ − 2757
$odr = explode(',', $_POST['order_right']);
+ − 2758
$om = array_merge($ol, $odr);
+ − 2759
unset($ol, $odr);
+ − 2760
$queries = Array();
+ − 2761
foreach($orders as $k => $v)
+ − 2762
{
+ − 2763
$queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ − 2764
}
+ − 2765
foreach($queries as $sql)
+ − 2766
{
+ − 2767
$q = $db->sql_query($sql);
+ − 2768
if(!$q)
+ − 2769
{
+ − 2770
$t = $db->get_error();
+ − 2771
echo $t;
+ − 2772
$template->footer();
+ − 2773
exit;
+ − 2774
}
+ − 2775
}
+ − 2776
echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ − 2777
}
+ − 2778
elseif(isset($_POST['create']))
+ − 2779
{
+ − 2780
switch((int)$_POST['type'])
+ − 2781
{
+ − 2782
case BLOCK_WIKIFORMAT:
+ − 2783
$content = $_POST['wikiformat_content'];
+ − 2784
break;
+ − 2785
case BLOCK_TEMPLATEFORMAT:
+ − 2786
$content = $_POST['templateformat_content'];
+ − 2787
break;
+ − 2788
case BLOCK_HTML:
+ − 2789
$content = $_POST['html_content'];
+ − 2790
break;
+ − 2791
case BLOCK_PHP:
+ − 2792
$content = $_POST['php_content'];
+ − 2793
break;
+ − 2794
case BLOCK_PLUGIN:
+ − 2795
$content = $_POST['plugin_id'];
+ − 2796
break;
+ − 2797
}
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2798
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2799
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2800
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2801
// Sanitize the HTML
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2802
$content = sanitize_html($content, true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2803
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2804
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2805
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2806
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2807
echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2808
$_POST['php_content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2809
$content = $_POST['php_content'];
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2810
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2811
0
+ − 2812
// Get the value of item_order
+ − 2813
+ − 2814
$q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ − 2815
if(!$q) $db->_die('The order number could not be selected');
+ − 2816
$io = $db->numrows();
+ − 2817
+ − 2818
$db->free_result();
+ − 2819
+ − 2820
$q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );';
+ − 2821
$result = $db->sql_query($q);
+ − 2822
if(!$result)
+ − 2823
{
+ − 2824
echo $db->get_error();
+ − 2825
$template->footer();
+ − 2826
exit;
+ − 2827
}
+ − 2828
+ − 2829
echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ − 2830
+ − 2831
}
+ − 2832
+ − 2833
if(isset($_GET['action']) && isset($_GET['id']))
+ − 2834
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 2835
if(!preg_match('#^([0-9]*)$#', $_GET['id']))
0
+ − 2836
{
+ − 2837
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
+ − 2838
}
+ − 2839
switch($_GET['action'])
+ − 2840
{
+ − 2841
case 'new':
+ − 2842
?>
+ − 2843
<script type="text/javascript">
+ − 2844
function setType(input)
+ − 2845
{
+ − 2846
val = input.value;
+ − 2847
if(!val)
+ − 2848
{
+ − 2849
return false;
+ − 2850
}
+ − 2851
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2852
for(var i in divs)
+ − 2853
{
+ − 2854
if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block';
+ − 2855
else divs[i].style.display = 'none';
+ − 2856
}
+ − 2857
}
+ − 2858
</script>
+ − 2859
+ − 2860
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
+ − 2861
+ − 2862
<p>
+ − 2863
What type of block should this be?
+ − 2864
</p>
+ − 2865
<p>
+ − 2866
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
+ − 2867
<option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
+ − 2868
<option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
+ − 2869
<option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
+ − 2870
<option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
+ − 2871
<option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ − 2872
</select>
+ − 2873
</p>
+ − 2874
+ − 2875
<p>
+ − 2876
+ − 2877
Block title: <input name="title" type="text" size="40" /><br />
+ − 2878
Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ − 2879
+ − 2880
</p>
+ − 2881
+ − 2882
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
+ − 2883
<p>
+ − 2884
Wikitext:
+ − 2885
</p>
+ − 2886
<p>
+ − 2887
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
+ − 2888
</p>
+ − 2889
</div>
+ − 2890
+ − 2891
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
+ − 2892
<p>
+ − 2893
Template code:
+ − 2894
</p>
+ − 2895
<p>
+ − 2896
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
+ − 2897
</p>
+ − 2898
</div>
+ − 2899
+ − 2900
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
+ − 2901
<p>
+ − 2902
HTML to place inside the sidebar:
+ − 2903
</p>
+ − 2904
<p>
+ − 2905
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
+ − 2906
</p>
+ − 2907
</div>
+ − 2908
+ − 2909
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2910
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2911
<p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2912
<?php } else { ?>
0
+ − 2913
<p>
+ − 2914
<b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ − 2915
ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ − 2916
</p>
+ − 2917
<p>
+ − 2918
<span style="color: red;">
+ − 2919
It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ − 2920
</span> You have been warned.
+ − 2921
</p>
+ − 2922
<p>
+ − 2923
Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ − 2924
</p>
+ − 2925
<p>
+ − 2926
The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
+ − 2927
</p>
+ − 2928
<p>
+ − 2929
PHP code:
+ − 2930
</p>
+ − 2931
<p>
+ − 2932
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
+ − 2933
</p>
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2934
<?php } ?>
0
+ − 2935
</div>
+ − 2936
+ − 2937
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
+ − 2938
<p>
+ − 2939
Plugin:
+ − 2940
</p>
+ − 2941
<p>
+ − 2942
<select name="plugin_id">
+ − 2943
<?php
+ − 2944
foreach($template->plugin_blocks as $k => $c)
+ − 2945
{
+ − 2946
echo '<option value="'.$k.'">'.$k.'</option>';
+ − 2947
}
+ − 2948
?>
+ − 2949
</select>
+ − 2950
</p>
+ − 2951
</div>
+ − 2952
+ − 2953
<p>
+ − 2954
+ − 2955
<input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
+ − 2956
<input type="submit" name="cancel" value="Cancel" />
+ − 2957
+ − 2958
</p>
+ − 2959
+ − 2960
</form>
+ − 2961
+ − 2962
<script type="text/javascript">
+ − 2963
var divs = getElementsByClassName(document, 'div', 'sbadd_block');
+ − 2964
for(var i in divs)
+ − 2965
{
+ − 2966
if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500);
+ − 2967
}
+ − 2968
</script>
+ − 2969
+ − 2970
<?php
+ − 2971
$template->footer();
+ − 2972
return;
+ − 2973
break;
+ − 2974
case 'move':
+ − 2975
if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
+ − 2976
{
+ − 2977
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
+ − 2978
break;
+ − 2979
}
190
+ − 2980
$query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 2981
if(!$query)
+ − 2982
{
+ − 2983
echo $db->get_error();
+ − 2984
$template->footer();
+ − 2985
exit;
+ − 2986
}
+ − 2987
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ − 2988
break;
+ − 2989
case 'delete':
190
+ − 2990
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
0
+ − 2991
if(!$query)
+ − 2992
{
+ − 2993
echo $db->get_error();
+ − 2994
$template->footer();
+ − 2995
exit;
+ − 2996
}
+ − 2997
if(isset($_GET['ajax']))
+ − 2998
{
+ − 2999
ob_end_clean();
+ − 3000
die('GOOD');
+ − 3001
}
+ − 3002
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ − 3003
break;
+ − 3004
case 'disenable';
190
+ − 3005
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3006
if(!$q)
+ − 3007
{
+ − 3008
echo $db->get_error();
+ − 3009
$template->footer();
+ − 3010
exit;
+ − 3011
}
+ − 3012
$r = $db->fetchrow();
+ − 3013
$db->free_result();
+ − 3014
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
190
+ − 3015
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
+ − 3016
if(!$q)
+ − 3017
{
+ − 3018
echo $db->get_error();
+ − 3019
$template->footer();
+ − 3020
exit;
+ − 3021
}
+ − 3022
if(isset($_GET['ajax']))
+ − 3023
{
+ − 3024
ob_end_clean();
+ − 3025
die('GOOD');
+ − 3026
}
+ − 3027
break;
+ − 3028
case 'rename';
+ − 3029
$newname = $db->escape($_POST['newname']);
+ − 3030
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3031
if(!$q)
+ − 3032
{
+ − 3033
echo $db->get_error();
+ − 3034
$template->footer();
+ − 3035
exit;
+ − 3036
}
+ − 3037
if(isset($_GET['ajax']))
+ − 3038
{
+ − 3039
ob_end_clean();
+ − 3040
die('GOOD');
+ − 3041
}
+ − 3042
break;
+ − 3043
case 'getsource':
190
+ − 3044
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3045
if(!$q)
+ − 3046
{
+ − 3047
echo $db->get_error();
+ − 3048
$template->footer();
+ − 3049
exit;
+ − 3050
}
+ − 3051
ob_end_clean();
+ − 3052
$r = $db->fetchrow();
+ − 3053
$db->free_result();
+ − 3054
if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
+ − 3055
die($r['block_content']);
+ − 3056
break;
+ − 3057
case 'save':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3058
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3059
{
190
+ − 3060
$q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3061
if(!$q)
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3062
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3063
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3064
exit;
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3065
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3066
$row = $db->fetchrow();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3067
if ( $row['block_type'] == BLOCK_PHP )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3068
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3069
$_POST['content'] = '?><Nulled>';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3070
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3071
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3072
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3073
$_POST['content'] = sanitize_html($_POST['content'], true);
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3074
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 3075
}
190
+ − 3076
$q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3077
if(!$q)
+ − 3078
{
+ − 3079
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 3080
exit;
+ − 3081
}
190
+ − 3082
$q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
0
+ − 3083
if(!$q)
+ − 3084
{
+ − 3085
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
+ − 3086
exit;
+ − 3087
}
+ − 3088
$row = $db->fetchrow();
+ − 3089
$db->free_result();
+ − 3090
switch($row['block_type'])
+ − 3091
{
+ − 3092
case BLOCK_WIKIFORMAT:
+ − 3093
default:
+ − 3094
$c = RenderMan::render($row['block_content']);
+ − 3095
break;
+ − 3096
case BLOCK_TEMPLATEFORMAT:
+ − 3097
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 3098
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3099
break;
+ − 3100
case BLOCK_HTML:
+ − 3101
$c = $row['block_content'];
+ − 3102
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3103
break;
+ − 3104
case BLOCK_PHP:
+ − 3105
ob_start();
+ − 3106
eval($row['block_content']);
+ − 3107
$c = ob_get_contents();
+ − 3108
ob_end_clean();
+ − 3109
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3110
break;
+ − 3111
case BLOCK_PLUGIN:
+ − 3112
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 3113
break;
+ − 3114
}
+ − 3115
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
+ − 3116
break;
+ − 3117
}
+ − 3118
}
+ − 3119
+ − 3120
$q = $db->sql_query('SELECT item_id,sidebar_id,item_enabled,block_name,block_type,block_content FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;');
+ − 3121
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 3122
+ − 3123
$vars = $template->extract_vars('sidebar-editor.tpl');
+ − 3124
+ − 3125
$parser = $template->makeParserText($vars['sidebar_button']);
+ − 3126
$parser->assign_vars(Array(
+ − 3127
'HREF'=>'#',
+ − 3128
'FLAGS'=>'onclick="return false;"',
+ − 3129
'TEXT'=>'Change theme'
+ − 3130
));
+ − 3131
$template->tpl_strings['THEME_LINK'] = $parser->run();
+ − 3132
$parser->assign_vars(Array(
+ − 3133
'TEXT'=>'Log out',
+ − 3134
));
+ − 3135
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
+ − 3136
+ − 3137
$n1 = Array();
+ − 3138
$n2 = Array();
+ − 3139
$n =& $n1;
+ − 3140
+ − 3141
echo '<table border="0"><tr><td valign="top"><div class="dbx-group" id="sbedit_left">';
+ − 3142
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 3143
+ − 3144
// Time for the loop
+ − 3145
// what this loop does is fetch the row data, then send it out to the appropriate parser for formatting,
+ − 3146
// then puts the result into $c, which is then sent to the template compiler for insertion into the TPL code.
+ − 3147
while($row = $db->fetchrow())
+ − 3148
{
+ − 3149
if(isset($current_side))
+ − 3150
{
+ − 3151
if($current_side != $row['sidebar_id'])
+ − 3152
{
+ − 3153
// Time to switch!
+ − 3154
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 3155
echo '</div></td><td valign="top"><div class="dbx-group" id="sbedit_right">';
+ − 3156
//echo '</td><td valign="top">';
+ − 3157
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_top']);
+ − 3158
$n =& $n2;
+ − 3159
}
+ − 3160
}
+ − 3161
$n[] = count($n);
+ − 3162
$current_side = $row['sidebar_id'];
+ − 3163
switch($row['block_type'])
+ − 3164
{
+ − 3165
case BLOCK_WIKIFORMAT:
+ − 3166
default:
+ − 3167
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 3168
$c = RenderMan::render($row['block_content']);
+ − 3169
break;
+ − 3170
case BLOCK_TEMPLATEFORMAT:
+ − 3171
$parser = $template->makeParserText($vars['sidebar_section']);
+ − 3172
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
+ − 3173
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
183
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 3174
// fix for the "Administration" link that somehow didn't get rendered properly
91127e62f38f
Fixed some regular expressions in HTML optimization algorithm; regex page groups can be edited now (oops)
Dan
diff
changeset
+ − 3175
$c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
0
+ − 3176
break;
+ − 3177
case BLOCK_HTML:
+ − 3178
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3179
$c = $row['block_content'];
+ − 3180
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3181
break;
+ − 3182
case BLOCK_PHP:
+ − 3183
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3184
ob_start();
+ − 3185
eval($row['block_content']);
+ − 3186
$c = ob_get_contents();
+ − 3187
ob_end_clean();
+ − 3188
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ − 3189
break;
+ − 3190
case BLOCK_PLUGIN:
+ − 3191
$parser = $template->makeParserText($vars['sidebar_section_raw']);
+ − 3192
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 3193
break;
+ − 3194
}
202
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 3195
$block_name = $template->tplWikiFormat($row['block_name']);
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 3196
if ( empty($block_name) )
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 3197
$block_name = '<Unnamed>';
88d7a7c2743c
Nothing special at all. Unnamed sidebar blocks will show the text <Unnamed> instead of just showing nothing, thus making them renamable
Dan
diff
changeset
+ − 3198
$t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
0
+ − 3199
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
+ − 3200
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ − 3201
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
+ − 3202
$tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ − 3203
<a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ − 3204
<a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ − 3205
<a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ − 3206
$as = '';
+ − 3207
$ae = ' '.$tb;
+ − 3208
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
+ − 3209
echo $parser->run();
+ − 3210
unset($parser);
+ − 3211
+ − 3212
}
+ − 3213
$db->free_result();
+ − 3214
//if(isset($vars['sidebar_top'])) echo $template->parse($vars['sidebar_bottom']);
+ − 3215
echo '</div></td></tr></table>';
+ − 3216
echo '<form action="'.makeUrl($paths->page).'" method="post">';
+ − 3217
$order = implode(',', $n1);
+ − 3218
echo "<input type='hidden' id='divOrder_Left' name='order_left' value='{$order}' />";
+ − 3219
$order = implode(',', $n2);
+ − 3220
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
+ − 3221
echo '
+ − 3222
<div style="margin: 0 auto 0 auto; text-align: center;">
+ − 3223
<input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
+ − 3224
<input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ − 3225
<br />
+ − 3226
<a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ − 3227
</div>
+ − 3228
</form>
+ − 3229
';
+ − 3230
}
+ − 3231
+ − 3232
$template->footer();
+ − 3233
}
+ − 3234
+ − 3235
?>