ajax.php
changeset 259 112debff64bd
parent 256 f8356d9c3481
child 260 c0d855cfaf0e
child 261 5f1cd51bf1be
equal deleted inserted replaced
258:8be996c3740d 259:112debff64bd
    16  
    16  
    17   // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
    17   // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
    18   if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
    18   if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
    19   {
    19   {
    20     // setup and load a very basic, specialized instance of the Enano API
    20     // setup and load a very basic, specialized instance of the Enano API
    21     function dc_here($m)     { return false; }
       
    22     function dc_dump($a, $g) { return false; }
       
    23     function dc_watch($n)    { return false; }
       
    24     function dc_start_timer($u) { return false; }
       
    25     function dc_stop_timer($m) { return false; }
       
    26     function microtime_float()
    21     function microtime_float()
    27     {
    22     {
    28       list($usec, $sec) = explode(" ", microtime());
    23       list($usec, $sec) = explode(" ", microtime());
    29       return ((float)$usec + (float)$sec);
    24       return ((float)$usec + (float)$sec);
    30     }
    25     }
    39     }
    34     }
    40     define('ENANO_ROOT', dirname($filename));
    35     define('ENANO_ROOT', dirname($filename));
    41     require(ENANO_ROOT.'/includes/functions.php');
    36     require(ENANO_ROOT.'/includes/functions.php');
    42     require(ENANO_ROOT.'/includes/dbal.php');
    37     require(ENANO_ROOT.'/includes/dbal.php');
    43     require(ENANO_ROOT.'/includes/json.php');
    38     require(ENANO_ROOT.'/includes/json.php');
    44     $db = new mysql();
    39     
       
    40     require(ENANO_ROOT . '/config.php');
       
    41     unset($dbuser, $dbpasswd);
       
    42     if ( !isset($dbdriver) )
       
    43       $dbdriver = 'mysql';
       
    44     
       
    45     $db = new $dbdriver();
       
    46     
    45     $db->connect();
    47     $db->connect();
    46     
    48     
    47     // result is sent using JSON
    49     // result is sent using JSON
    48     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
    50     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
    49     $return = Array(
    51     $return = Array(
    60         'error' => 'Invalid URI'
    62         'error' => 'Invalid URI'
    61       );
    63       );
    62       die( $json->encode($return) );
    64       die( $json->encode($return) );
    63     }
    65     }
    64     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
    66     $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
    65     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
    67     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
    66     if ( !$q )
    68     if ( !$q )
    67     {
    69     {
    68       $return = array(
    70       $db->die_json();
    69         'mode' => 'error',
       
    70         'error' => 'MySQL error selecting username data: '.addslashes(mysql_error())
       
    71       );
       
    72       die( $json->encode($return) );
       
    73     }
    71     }
    74     $i = 0;
    72     $i = 0;
    75     while($r = $db->fetchrow())
    73     while($r = $db->fetchrow())
    76     {
    74     {
    77       $return['users_real'][] = $r['username'];
    75       $return['users_real'][] = $r['username'];
   275       break;
   273       break;
   276     case 'get_tags':
   274     case 'get_tags':
   277       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   275       $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
   278       
   276       
   279       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   277       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   280       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
   278       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
   281         LEFT JOIN '.table_prefix.'page_groups AS pg
   279         LEFT JOIN '.table_prefix.'page_groups AS pg
   282           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   280           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   283         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
   281         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
   284       if ( !$q )
   282       if ( !$q )
   285         $db->_die();
   283         $db->_die();
   286       
   284       
   287       while ( $row = $db->fetchrow() )
   285       while ( $row = $db->fetchrow() )
   288       {
   286       {
   289         $can_del = true;
   287         $can_del = true;
   290         
   288         
   291         $perm = ( $row['user'] != $session->user_id ) ?
   289         $perm = ( $row['user_id'] != $session->user_id ) ?
   292                 'tag_delete_other' :
   290                 'tag_delete_other' :
   293                 'tag_delete_own';
   291                 'tag_delete_own';
   294         
   292         
   295         if ( $row['user'] == 1 && !$session->user_logged_in )
   293         if ( $row['user_id'] == 1 && !$session->user_logged_in )
   296           // anonymous user trying to delete tag (hardcode blacklisted)
   294           // anonymous user trying to delete tag (hardcode blacklisted)
   297           $can_del = false;
   295           $can_del = false;
   298           
   296           
   299         if ( !$session->get_permissions($perm) )
   297         if ( !$session->get_permissions($perm) )
   300           $can_del = false;
   298           $can_del = false;
   362       }
   360       }
   363       $resp['in_acl'] = ( $db->numrows() > 0 );
   361       $resp['in_acl'] = ( $db->numrows() > 0 );
   364       $db->free_result();
   362       $db->free_result();
   365       
   363       
   366       // we're good
   364       // we're good
   367       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
   365       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
   368       if ( !$q )
   366       if ( !$q )
   369         $db->_die();
   367         $db->_die();
   370       
   368       
   371       $resp['success'] = true;
   369       $resp['success'] = true;
   372       $resp['tag'] = $tag;
   370       $resp['tag'] = $tag;
   378       
   376       
   379       $tag_id = intval($_POST['tag_id']);
   377       $tag_id = intval($_POST['tag_id']);
   380       if ( empty($tag_id) )
   378       if ( empty($tag_id) )
   381         die('Invalid tag ID');
   379         die('Invalid tag ID');
   382       
   380       
   383       $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
   381       $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
   384   LEFT JOIN '.table_prefix.'page_groups AS pg
   382   LEFT JOIN '.table_prefix.'page_groups AS pg
   385     ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
   383     ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
   386   WHERE t.tag_id=' . $tag_id . ';');
   384   WHERE t.tag_id=' . $tag_id . ';');
   387       
   385       
   388       if ( !$q )
   386       if ( !$q )
   397       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
   395       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
   398         $perms =& $session;
   396         $perms =& $session;
   399       else
   397       else
   400         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
   398         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
   401         
   399         
   402       $perm = ( $row['user'] != $session->user_id ) ?
   400       $perm = ( $row['user_id'] != $session->user_id ) ?
   403                 'tag_delete_other' :
   401                 'tag_delete_other' :
   404                 'tag_delete_own';
   402                 'tag_delete_own';
   405       
   403       
   406       if ( $row['user'] == 1 && !$session->user_logged_in )
   404       if ( $row['user_id'] == 1 && !$session->user_logged_in )
   407         // anonymous user trying to delete tag (hardcode blacklisted)
   405         // anonymous user trying to delete tag (hardcode blacklisted)
   408         die('You are not authorized to delete this tag.');
   406         die('You are not authorized to delete this tag.');
   409         
   407         
   410       if ( !$perms->get_permissions($perm) )
   408       if ( !$perms->get_permissions($perm) )
   411         die('You are not authorized to delete this tag.');
   409         die('You are not authorized to delete this tag.');