<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.0.6 (Roane)

 * pageprocess.php - intelligent retrieval of pages

 * Copyright (C) 2006-2007 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

/**

 * Class to handle fetching page text (possibly from a cache) and formatting it.

 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.

 * @package Enano

 * @subpackage UI

 * @copyright 2007 Dan Fuhry

 * @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>

 */

class PageProcessor

{

  /**

   * Page ID and namespace of the page handled by this instance

   * @var string

   */

  var $page_id;

  var $namespace;

  /**

   * The title of the page sent to the template parser

   * @var string

   */

  var $title = '';

  /**

   * The information about the page(s) we were redirected from

   * @var array

   */

  var $redirect_stack = array();

  /**

   * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.

   * @var int

   */

  var $revision_id = 0;

  /**

   * Unsanitized page ID.

   * @var string

   */

  var $page_id_unclean;

  /**

   * Tracks if the page we're loading exists in the database or not.

   * @var bool

   */

  var $page_exists = false;

  /**

   * Permissions!

   * @var object

   */

  var $perms = null;

  /**

   * The SHA1 hash of the user-inputted password for the page

   * @var string

   */

  var $password = '';

  /**

   * Switch to track if redirects are allowed. Defaults to true.

   * @var bool

   */

  var $allow_redir = true;

  /**

   * If this is set to true, this will call the header and footer funcs on $template when render() is called.

   * @var bool

   */

  var $send_headers = false;

  /**

   * Cache the fetched text so we don't fetch it from the DB twice.

   * @var string

   */

  var $text_cache = '';

  /**

   * Debugging information to track errors. You can set enable to false to disable sending debug information.

   * @var array

   */

  var $debug = array(

      'enable' => false,

      'works'  => false

    );

  /**

   * The list of errors raised in the class.

   * @var array

   */

  var $_errors = array();

  /**

   * Constructor.

   * @param string The page ID (urlname) of the page

   * @param string The namespace of the page

   * @param int Optional. The revision ID to send.

   */

  function __construct( $page_id, $namespace, $revision_id = 0 )

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    // See if we can get some debug info

    if ( function_exists('debug_backtrace') && $this->debug['enable'] )

    {

      $this->debug['works'] = true;

      $this->debug['backtrace'] = enano_debug_print_backtrace(true);

    }

    // First things first - check page existence and permissions

    if ( !isset($paths->nslist[$namespace]) )

    {

      $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');

    }

    if ( !is_int($revision_id) )

      $revision_id = 0;

    $this->_setup( $page_id, $namespace, $revision_id );

  }

  /**

   * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.

   * @param bool If true, the stat counter is called. Defaults to false.

   */

  function send( $do_stats = false )

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if ( !$this->perms->get_permissions('read') )

    {

      $this->err_access_denied();

      return false;

    }

    if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )

    {

      $this->err_access_denied();

      return false;

    }

    $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;

    $strict_no_headers = false;

    if ( isset($paths->pages[$pathskey]) )

    {

      if ( $paths->pages[$pathskey]['special'] == 1 )

      {

        $this->send_headers = false;

        $strict_no_headers = true;

      }

      if ( isset($paths->pages[$pathskey]['password']) )

      {

        if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )

        {

          $password =& $paths->pages[$pathskey]['password'];

          if ( $this->password != $password )

          {

            $this->err_wrong_password();

            return false;

          }

        }

      }

    }

    if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )

    {

      doStats($this->page_id, $this->namespace);

    }

    if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )

    {

      if ( !$this->page_exists )

      {

        redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );

      }

      $func_name = "page_{$this->namespace}_{$this->page_id}";

      if ( function_exists($func_name) )

      {

        return @call_user_func($func_name);

      }

      else

      {

        $title = 'Page backend not found';

        $message = "The administration page you are looking for was properly registered using the page API, but the backend function

                    (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";

        if ( $this->send_headers )

        {

          $template->tpl_strings['PAGE_NAME'] = $title;

          $template->header();

          echo "<p>$message</p>";

          $template->footer();

        }

        else

        {

          echo "<h2>$title</h2>

                <p>$message</p>";

        }

        return false;

      }

    }

    else if ( $this->namespace == 'User' && strpos($this->page_id, '/') === false )

    {

      $this->_handle_userpage();

    }

    else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )

    {

      $this->header();

      $text = $this->fetch_text();

      $text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);

      $text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);

      $text = RenderMan::render( $text );

      echo $text;

      $this->footer();

    }

    else if ( $this->namespace == 'Anonymous' )

    {

      $uri = scriptPath . '/' . $this->page_id;

      if ( !$this->send_headers )

      {

        $sep = ( strstr($uri, '?') ) ? '&' : '?';

        $uri .= "{$sep}noheaders";

      }

      redirect( $uri, '', '', 0 );

    }

    else if ( !$this->page_exists )

    {

      // Perhaps this is hooked?

      ob_start();

      $code = $plugins->setHook('page_not_found');

      foreach ( $code as $cmd )

      {

        eval($cmd);

      }

      $ob = ob_get_contents();

      if ( empty($ob) )

      {

        $this->err_page_not_existent();

      }

      else

      {

        // Something sent content, so we'll assume the page exist...ed at least according to the plugin

        if ( $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )

        {

          doStats($this->page_id, $this->namespace);

        }

      }

    }

    else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )

    {

      // Send as regular page

      // die($this->page_id);

      $text = $this->fetch_text();

      if ( $text == 'err_no_text_rows' )

      {

        $this->err_no_rows();

        return false;

      }

      else

      {

        $redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';

        if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )

        {

          // Redirect page!

          $page_to = sanitize_page_id($match[1]);

          $page_id_data = RenderMan::strToPageID($page_to);

          if ( count($this->redirect_stack) >= 3 )

          {

            $this->render( (!$strict_no_headers), '<div class="usermessage"><b>The maximum number of internal redirects has been exceeded.</b></div>' );

          }

          else

          {

            $result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);

            if ( $result !== true )

            {

              // There was some error during the redirect process - usually an infinite redirect

              $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );

            }

          }

        }

        else

        {

          $this->render( (!$strict_no_headers) );

        }

      }

    }

  }

  /**

   * Fetches the wikitext or HTML source for the page.

   * @return string

   */

  function fetch_source()

  {

    if ( !$this->perms->get_permissions('view_source') )

    {

      return false;

    }

    if ( !$this->page_exists )

    {

      return '';

    }

    return $this->fetch_text();

  }

  /**

   * Updates the content of the page.

   * @param string The new text for the page

   * @param string A summary of edits made to the page.

   * @return bool True on success, false on failure

   */

  function update_page($text, $edit_summary = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    // Create the page if it doesn't exist

    if ( !$this->page_exists )

    {

      if ( !$this->create_page() )

      {

        return false;

      }

    }

    //

    // Validation

    //

    $page_id = $db->escape($this->page_id);

    $namespace = $db->escape($this->namespace);

    $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");

    if ( !$q )

      $db->_die('PageProcess updating page content');

    if ( $db->numrows() < 1 )

    {

      $this->raise_error('Page doesn\'t exist in the database');

      return false;

    }

    // Do we have permission to edit the page?

    if ( !$this->perms->get_permissions('edit_page') )

    {

      $this->raise_error('You do not have permission to edit this page.');

      return false;

    }

    list($protection) = $db->fetchrow_num();

    $db->free_result();

    if ( $protection == 1 )

    {

      // The page is protected - do we have permission to edit protected pages?

      if ( !$this->perms->get_permissions('even_when_protected') )

      {

        $this->raise_error('This page is protected, and you do not have permission to edit protected pages.');

        return false;

      }

    }

    else if ( $protection == 2 )

    {

      // The page is semi-protected.

      if (

           ( !$session->user_logged_in || // Is the user logged in?

             ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?

           && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?

      {

        $this->raise_error('This page is protected, and you do not have permission to edit protected pages.');

        return false;

      }

    }

    // Protection validated

  }

  /**

   * Creates the page if it doesn't already exist.

   * @return bool True on success, false on failure.

   */

  function create_page()

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    // Do we have permission to create the page?

    if ( !$this->perms->get_permissions('create_page') )

    {

      $this->raise_error('You do not have permission to create this page.');

      return false;

    }

    // Does it already exist?

    if ( $this->page_exists )

    {

      $this->raise_error('The page already exists.');

      return false;

    }

    // It's not in there. Perform validation.

    // We can't create special, admin, or external pages.

    if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'Anonymous' )

    {

      $this->raise_error('You cannot create Special or Admin pages - they can\'t be stored in the database.');

      return false;

    }

    // Guess the proper title

    $name = dirtify_page_id($this->page_id);

    // Check for the restricted Project: prefix

    if ( substr($this->page_id, 0, 8) == 'Project:' )

    {

      $this->raise_error('The prefix "Project:" is reserved for internal links and can\'t be used on a page name.');

      return false;

    }

    // Validation successful - insert the page

    $metadata = array(

        'urlname' => $this->page_id,

        'namespace' => $this->namespace,

        'name' => $name,

        'special' => 0,

        'visible' => 1,

        'comments_on' => 1,

        'protected' => ( $this->namespace == 'System' ? 1 : 0 ),

        'delvotes' => 0,

        'delvote_ips' => serialize(array()),

        'wiki_mode' => 2

      );

    $paths->add_page($metadata);

    $page_id = $db->escape($this->page_id);

    $namespace = $db->escape($this->namespace);

    $name = $db->escape($name);

    $protect = ( $this->namespace == 'System' ) ? '1' : '0';

    $blank_array = $db->escape(serialize(array()));

    // Query 1: Metadata entry

    $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, protected, delvotes, delvote_ips, wiki_mode)\n"

                        . "VALUES ( '$name', '$page_id', '$namespace', $protect, 0, '$blank_array', 2 );");

    if ( !$q )

      $db->_die('PageProcessor page creation - metadata stage');

    // Query 2: Text insertion

    $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"

                        . "VALUES ( '$page_id', '$namespace', '' );");

    if ( !$q )

      $db->_die('PageProcessor page creation - text stage');

    // Page created. We're good!

    return true;

  }

  /**

   * Sets internal variables.

   * @access private

   */

  function _setup($page_id, $namespace, $revision_id)

  {