includes/pageutils.php
changeset 182 bf0fdec102e9
parent 157 ebf00a7d21db
child 183 eec079676fe7
child 198 d5dff8148dfe
equal deleted inserted replaced
181:9237767a23ae 182:bf0fdec102e9
    13  */
    13  */
    14  
    14  
    15 class PageUtils {
    15 class PageUtils {
    16   
    16   
    17   /**
    17   /**
    18    * List possible username completions
    18    * Tell if a username is used or not.
    19    * @param $name the name to check for
    19    * @param $name the name to check for
    20    * @return array
    20    * @return string
    21    */
    21    */
    22   
    22   
    23   function checkusername($name)
    23   function checkusername($name)
    24   {
    24   {
    25     global $db, $session, $paths, $template, $plugins; // Common objects
    25     global $db, $session, $paths, $template, $plugins; // Common objects
    26     $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE username=\''.$db->escape(rawurldecode($name)).'\'');
    26     $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
    27     if(!$q) die(mysql_error());
    27     if ( !$q )
    28     if($db->numrows() < 1) { $db->free_result(); return('good'); }
    28     {
    29     else { $db->free_result(); return('bad'); }
    29       die(mysql_error());
       
    30     }
       
    31     if ( $db->numrows() < 1)
       
    32     {
       
    33       $db->free_result(); return('good');
       
    34     }
       
    35     else
       
    36     {
       
    37       $db->free_result(); return('bad');
       
    38     }
    30   }
    39   }
    31   
    40   
    32   /**
    41   /**
    33    * Get the wiki formatting source for a page
    42    * Get the wiki formatting source for a page
    34    * @param $page the full page id (Namespace:Pagename)
    43    * @param $page the full page id (Namespace:Pagename)
    55     if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
    64     if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
    56       return 'access_denied';
    65       return 'access_denied';
    57     $pid = RenderMan::strToPageID($page);
    66     $pid = RenderMan::strToPageID($page);
    58     if($pid[1] == 'Special' || $pid[1] == 'Admin')
    67     if($pid[1] == 'Special' || $pid[1] == 'Admin')
    59     {
    68     {
    60       die('This type of page ('.$paths->nslist[$pid[1]].') cannot be edited because the page source code is not stored in the database.');
    69       die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
    61     }
    70     }
    62     
    71     
    63     $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$pid[0].'\' AND namespace=\''.$pid[1].'\'');
    72     $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
    64     if ( !$e )
    73     if ( !$e )
    65     {
    74     {
    66       $db->_die('The page text could not be selected.');
    75       $db->_die('The page text could not be selected.');
    67     }
    76     }
    68     if( $db->numrows() < 1 )
    77     if( $db->numrows() < 1 )
   121         $r = ob_get_contents();
   130         $r = ob_get_contents();
   122         ob_end_clean();
   131         ob_end_clean();
   123         return $r;
   132         return $r;
   124       }
   133       }
   125       
   134       
   126       $fname = 'page_'.$pid[1].'_'.$paths->pages[$page]['urlname_nons'];
   135       $fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
   127       @call_user_func($fname);
   136       @call_user_func($fname);
   128       
   137       
   129     }
   138     }
   130     else if ( $pid[1] == 'Admin' )
   139     else if ( $pid[1] == 'Admin' )
   131     {
   140     {
   145         $r = ob_get_contents();
   154         $r = ob_get_contents();
   146         ob_end_clean();
   155         ob_end_clean();
   147         return $r;
   156         return $r;
   148       }
   157       }
   149       
   158       
   150       $fname = 'page_'.$pid[1].'_'.$pid[0];
   159       $fname = 'page_' . $pid[1] . '_' . $pid[0];
   151       if ( !function_exists($fname) )
   160       if ( !function_exists($fname) )
   152       {
   161       {
   153         $title = 'Page backend not found';
   162         $title = 'Page backend not found';
   154         $message = "The administration page you are looking for was properly registered using the page API, but the backend function
   163         $message = "The administration page you are looking for was properly registered using the page API, but the backend function
   155                     (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
   164                     (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
   188         header('HTTP/1.1 404 Not Found');
   197         header('HTTP/1.1 404 Not Found');
   189         echo '<h3>There is no page with this title yet.</h3>
   198         echo '<h3>There is no page with this title yet.</h3>
   190                <p>You have requested a page that doesn\'t exist yet.';
   199                <p>You have requested a page that doesn\'t exist yet.';
   191         if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
   200         if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
   192         else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
   201         else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
   193         if($session->get_permissions('history_rollback')) {
   202         if ( $session->get_permissions('history_rollback') )
   194           $e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;');
   203         {
   195           if(!$e) $db->_die('The deletion log could not be selected.');
   204           $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
   196           if($db->numrows() > 0) {
   205           if ( !$e )
       
   206           {
       
   207             $db->_die('The deletion log could not be selected.');
       
   208           }
       
   209           if ($db->numrows() > 0 )
       
   210           {
   197             $r = $db->fetchrow();
   211             $r = $db->fetchrow();
   198             echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&amp;id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
   212             echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
   199           }
   213           }
   200           $db->free_result();
   214           $db->free_result();
   201         }
   215         }
   202         echo '<p>
   216         echo '<p>
   203                 HTTP Error: 404 Not Found
   217                 HTTP Error: 404 Not Found
   231       {
   245       {
   232         ob_end_clean();
   246         ob_end_clean();
   233         return $text;
   247         return $text;
   234       }
   248       }
   235       
   249       
   236       if($hist_id) {
   250       if ( $hist_id )
   237         $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$paths->pages[$page]['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' AND log_type=\'page\' AND action=\'edit\' AND time_id='.$db->escape($hist_id).'');
   251       {
       
   252         $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
   238         if($db->numrows() < 1)
   253         if($db->numrows() < 1)
   239         {
   254         {
   240           $db->_die('There were no rows in the text table that matched the page text query.');
   255           $db->_die('There were no rows in the text table that matched the page text query.');
   241         }
   256         }
   242         $r = $db->fetchrow();
   257         $r = $db->fetchrow();
   243         $db->free_result();
   258         $db->free_result();
   244         $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.$r['date_string'].'.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a>  |  <a href="'.makeUrl($page, 'do=rollback&amp;id='.$hist_id).'" onclick="ajaxRollback(\''.$hist_id.'\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
   259         $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a>  |  <a href="'.makeUrl($page, 'do=rollback&amp;id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
   245         
   260         
   246         if( !$paths->pages[$page]['special'] )
   261         if( !$paths->pages[$page]['special'] )
   247         {
   262         {
   248           if($send_headers)
   263           if($send_headers)
   249           {
   264           {
   250             $template->header(); 
   265             $template->header(); 
   251           }
   266           }
   252           display_page_headers();
   267           display_page_headers();
   253         }
   268         }
   254         
   269         
   255         eval('?>'.$message);
   270         eval('?>' . $message);
   256         
   271         
   257         if( !$paths->pages[$page]['special'] )
   272         if( !$paths->pages[$page]['special'] )
   258         {
   273         {
   259           display_page_footers();
   274           display_page_footers();
   260           if($send_headers)
   275           if($send_headers)
   284           display_page_headers();
   299           display_page_headers();
   285         }
   300         }
   286 
   301 
   287         // This is it, this is what all of Enano has been working up to...
   302         // This is it, this is what all of Enano has been working up to...
   288         
   303         
   289         eval('?>'.$message);
   304         eval('?>' . $message);
   290         
   305         
   291         if( !$paths->pages[$page]['special'] )
   306         if( !$paths->pages[$page]['special'] )
   292         {
   307         {
   293           display_page_footers();
   308           display_page_footers();
   294           if($send_headers)
   309           if($send_headers)
   320     if(!$session->get_permissions('edit_page'))
   335     if(!$session->get_permissions('edit_page'))
   321       return 'Access to edit pages is denied.';
   336       return 'Access to edit pages is denied.';
   322     
   337     
   323     if(!isset($paths->pages[$pname]))
   338     if(!isset($paths->pages[$pname]))
   324     {
   339     {
   325       if(!PageUtils::createPage($page_id, $namespace))
   340       $create = PageUtils::createPage($page_id, $namespace);
   326         return 'The page did not exist, and I was not able to create it. Permissions problem?';
   341       if ( $create != 'good' )
       
   342         return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
   327       $paths->page_exists = true;
   343       $paths->page_exists = true;
   328     }
   344     }
   329     
   345     
   330     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   346     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   331     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   347     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   335     $message = RenderMan::preprocess_text($message, false, false);
   351     $message = RenderMan::preprocess_text($message, false, false);
   336     
   352     
   337     $msg = $db->escape($message);
   353     $msg = $db->escape($message);
   338     
   354     
   339     $minor = $minor ? 'true' : 'false';
   355     $minor = $minor ? 'true' : 'false';
   340     $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
   356     $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
   341     if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
   357     if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
   342     
   358     
   343     $q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';';
   359     $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
   344     $e = $db->sql_query($q);
   360     $e = $db->sql_query($q);
   345     if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
   361     if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
   346       
   362       
   347     $paths->rebuild_page_index($page_id, $namespace);
   363     $paths->rebuild_page_index($page_id, $namespace);
   348       
   364       
   360   {
   376   {
   361     global $db, $session, $paths, $template, $plugins; // Common objects
   377     global $db, $session, $paths, $template, $plugins; // Common objects
   362     if(in_array($namespace, Array('Special', 'Admin')))
   378     if(in_array($namespace, Array('Special', 'Admin')))
   363     {
   379     {
   364       // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
   380       // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
   365       return false; // Can't create a special page
   381       return 'You can\'t create a special page in the database';
   366     }
   382     }
   367     
   383     
   368     if(!isset($paths->nslist[$namespace]))
   384     if(!isset($paths->nslist[$namespace]))
   369     {
   385     {
   370       // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
   386       // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
   371       return false; // Couldn't look up namespace
   387       return 'Couldn\'t look up the namespace';
   372     }
   388     }
   373     
   389     
   374     $pname = $paths->nslist[$namespace] . $page_id;
   390     $pname = $paths->nslist[$namespace] . $page_id;
   375     if(isset($paths->pages[$pname]))
   391     if(isset($paths->pages[$pname]))
   376     {
   392     {
   377       // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
   393       // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
   378       return false; // Page already exists
   394       return 'Page already exists';
   379     }
   395     }
   380     
   396     
   381     if(!$session->get_permissions('create_page'))
   397     if(!$session->get_permissions('create_page'))
   382     {
   398     {
   383       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
   399       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
   384       return false; // Access denied
   400       return 'Not authorized to create pages';
   385     }
   401     }
   386     
   402     
   387     if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
   403     if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
   388     {
   404     {
   389       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
   405       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
   390       return false; // Not authorized to create system messages
   406       return 'Not authorized to create system messages';
       
   407     }
       
   408     
       
   409     if ( substr($page_id, 0, 8) == 'Project:' )
       
   410     {
       
   411       // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
       
   412       return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
   391     }
   413     }
   392     
   414     
   393     $page_id = dirtify_page_id($page_id);
   415     $page_id = dirtify_page_id($page_id);
   394     
   416     
   395     if ( !$name )
   417     if ( !$name )
   396       $name = str_replace('_', ' ', $page_id);
   418       $name = str_replace('_', ' ', $page_id);
   397     $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
   419     $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
   398     if(!preg_match($regex, $page))
   420     if(!preg_match($regex, $page))
   399     {
   421     {
   400       //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
   422       //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
   401       return false; // Name contains invalid characters
   423       return 'Name contains invalid characters';
   402     }
   424     }
   403     
   425     
   404     $page_id = sanitize_page_id( $page_id );
   426     $page_id = sanitize_page_id( $page_id );
   405     
   427     
   406     $prot = ( $namespace == 'System' ) ? 1 : 0;
   428     $prot = ( $namespace == 'System' ) ? 1 : 0;
   419     
   441     
   420     // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
   442     // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
   421     
   443     
   422     $paths->add_page($page_data);
   444     $paths->add_page($page_data);
   423     
   445     
   424     $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');');
   446     $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
   425     $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
   447     $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
   426     $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
   448     $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
   427     
   449     
   428     if($qa && $qb && $qc)
   450     if($qa && $qb && $qc)
   429       return true;
   451       return 'good';
   430     else
   452     else
   431     {
   453     {
   432       echo $db->get_error();
   454       return $db->get_error();
   433       return false;
       
   434     }
   455     }
   435   }
   456   }
   436   
   457   
   437   /**
   458   /**
   438    * Sets the protection level on a page.
   459    * Sets the protection level on a page.
   448     
   469     
   449     $pname = $paths->nslist[$namespace] . $page_id;
   470     $pname = $paths->nslist[$namespace] . $page_id;
   450     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   471     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   451     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   472     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   452     
   473     
   453     if(!$session->get_permissions('protect')) return('Insufficient access rights');
   474     if ( !$session->get_permissions('protect') )
   454     if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.');
   475     {
   455     if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.');
   476       return('Insufficient access rights');
   456     
   477     }
   457     if($reason!='NO_REASON') {
   478     if ( !$wiki )
   458       switch($level)
   479     {
   459       {
   480       return('Page protection only has an effect when Wiki Mode is enabled.');
   460         case 0:
   481     }
   461           $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
   482     if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
   462           break;
   483     {
   463         case 1:
   484       return('Invalid $level parameter.');
   464           $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
   485     }
   465           break;
   486     
   466         case 2:
   487     switch($level)
   467           $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
   488     {
   468           break;
   489       case 0:
   469         default:
   490         $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
   470           return 'PageUtils::protect(): Invalid value for $level';
   491         break;
   471           break;
   492       case 1:
   472       }
   493         $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
   473       if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
   494         break;
   474     }
   495       case 2:
   475     
   496         $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
   476     $q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
   497         break;
   477     if(!$q) $db->_die('The pages table was not updated.');
   498       default:
       
   499         return 'PageUtils::protect(): Invalid value for $level';
       
   500         break;
       
   501     }
       
   502     if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
       
   503     
       
   504     $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
       
   505     if ( !$q )
       
   506     {
       
   507       $db->_die('The pages table was not updated.');
       
   508     }
   478     
   509     
   479     return('good');
   510     return('good');
   480   }
   511   }
   481   
   512   
   482   /**
   513   /**
   497     
   528     
   498     $pname = $paths->nslist[$namespace] . $page_id;
   529     $pname = $paths->nslist[$namespace] . $page_id;
   499     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   530     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   500     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   531     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   501     
   532     
   502     $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' ORDER BY time_id DESC;';
   533     $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
   503     if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
   534     if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
   504     echo 'History of edits and actions<h3>Edits:</h3>';
   535     echo 'History of edits and actions<h3>Edits:</h3>';
   505     $numrows = $db->numrows();
   536     $numrows = $db->numrows();
   506     if($numrows < 1) echo 'No history entries in this category.';
   537     if($numrows < 1) echo 'No history entries in this category.';
   507     else
   538     else
   508     {
   539     {
   549         else
   580         else
   550         {
   581         {
   551           $s1 = '';
   582           $s1 = '';
   552           $s2 = '';
   583           $s2 = '';
   553         }
   584         }
   554         if($ticker > 1)        echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
   585         if($ticker > 1)        echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
   555         if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
   586         if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
   556         
   587         
   557         // Date and time
   588         // Date and time
   558         echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n";
   589         echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
   559         
   590         
   560         // User
   591         // User
   561         if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"';
   592         if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
   562         else $rc = '';
   593         {
   563         echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" ';
   594           $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
   564         if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
   595         }
   565         echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n";
   596         else
       
   597         {
       
   598           $rc = '';
       
   599         }
       
   600         echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" ';
       
   601         if ( !isPage($paths->nslist['User'] . $r['author']) )
       
   602         {
       
   603           echo 'class="wikilink-nonexistent"';
       
   604         }
       
   605         echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
   566         
   606         
   567         // Edit summary
   607         // Edit summary
   568         echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n";
   608         echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
   569         
   609         
   570         // Minor edit
   610         // Minor edit
   571         echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
   611         echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
   572         
   612         
   573         // Actions!
   613         // Actions!
   574         echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n";
   614         echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n";
   575         echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n";
   615         echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n";
   576         echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n";
   616         echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n";
   577         
   617         
   578         echo '</tr>'."\n"."\n";
   618         echo '</tr>'."\n"."\n";
   579         
   619         
   580       }
   620       }
   581       echo '</table>
   621       echo '</table>
   586             </form>
   626             </form>
   587             <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
   627             <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
   588     }
   628     }
   589     $db->free_result();
   629     $db->free_result();
   590     echo '<h3>Other changes:</h3>';
   630     echo '<h3>Other changes:</h3>';
   591     $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\' ORDER BY time_id DESC;';
   631     $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
   592     if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
   632     if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
   593     if($db->numrows() < 1) echo 'No history entries in this category.';
   633     if($db->numrows() < 1) echo 'No history entries in this category.';
   594     else {
   634     else {
   595       
   635       
   596       echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
   636       echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
   597       $cls = 'row2';
   637       $cls = 'row2';
   601         else $cls = 'row2';
   641         else $cls = 'row2';
   602         
   642         
   603         echo '<tr>';
   643         echo '<tr>';
   604         
   644         
   605         // Date and time
   645         // Date and time
   606         echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">';
   646         echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
   607         
   647         
   608         // User
   648         // User
   609         echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" ';
   649         echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" ';
   610         if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
   650         if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
   611         echo '>'.$r['author'].'</a></td class="'.$cls.'">';
   651         echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
   612         
   652         
   613         
   653         
   614         // Minor edit
   654         // Minor edit
   615         echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
   655         echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
   616         
   656         
   617         // Action taken
   657         // Action taken
   618         echo '<td class="'.$cls.'">';
   658         echo '<td class="' . $cls . '">';
   619         // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
   659         // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
   620         if    ($r['action']=='prot')     echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
   660         if    ($r['action']=='prot')     echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
   621         elseif($r['action']=='unprot')   echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
   661         elseif($r['action']=='unprot')   echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
   622         elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
   662         elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
   623         elseif($r['action']=='rename')   echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
   663         elseif($r['action']=='rename')   echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']);
   624         elseif($r['action']=='create')   echo 'Created page</td><td class="'.$cls.'">';
   664         elseif($r['action']=='create')   echo 'Created page</td><td class="' . $cls . '">';
   625         elseif($r['action']=='delete')   echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
   665         elseif($r['action']=='delete')   echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
   626         elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
   666         elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']);
   627         echo '</td>';
   667         echo '</td>';
   628         
   668         
   629         // Actions!
   669         // Actions!
   630         echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>';
   670         echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>';
   631         echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>';
   671         echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>';
   632         
   672         
   633         //echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): ';
   673         //echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): ';
   634         
   674         
   635         if($r['minor_edit']) echo '<b> - minor edit</b>';
   675         if($r['minor_edit']) echo '<b> - minor edit</b>';
   636         echo '<br />';
   676         echo '<br />';
   637         
   677         
   638         echo '</tr>';
   678         echo '</tr>';
   660     }
   700     }
   661     if ( !preg_match('#^([0-9]+)$#', (string)$id) )
   701     if ( !preg_match('#^([0-9]+)$#', (string)$id) )
   662     {
   702     {
   663       return('The value "id" on the query string must be an integer.');
   703       return('The value "id" on the query string must be an integer.');
   664     }
   704     }
   665     $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
   705     $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
   666     if ( !$e )
   706     if ( !$e )
   667     {
   707     {
   668       $db->_die('The rollback data could not be selected.');
   708       $db->_die('The rollback data could not be selected.');
   669     }
   709     }
   670     $rb = $db->fetchrow();
   710     $rb = $db->fetchrow();
   716         {
   756         {
   717           case "edit":
   757           case "edit":
   718             if ( !$perms->get_permissions('edit_page') )
   758             if ( !$perms->get_permissions('edit_page') )
   719               return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
   759               return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
   720             $t = $db->escape($rb['page_text']);
   760             $t = $db->escape($rb['page_text']);
   721             $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   761             $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
   722             if ( !$e )
   762             if ( !$e )
   723             {
   763             {
   724               return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   764               return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   725             }
   765             }
   726             else
   766             else
   727             {
   767             {
   728               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.';
   768               return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
   729             }
   769             }
   730             break;
   770             break;
   731           case "rename":
   771           case "rename":
   732             if ( !$perms->get_permissions('rename') )
   772             if ( !$perms->get_permissions('rename') )
   733               return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
   773               return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
   734             $t = $db->escape($rb['edit_summary']);
   774             $t = $db->escape($rb['edit_summary']);
   735             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   775             $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
   736             if ( !$e )
   776             if ( !$e )
   737             {
   777             {
   738               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   778               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   739             }
   779             }
   740             else
   780             else
   741             {
   781             {
   742               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.';
   782               return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
   743             }
   783             }
   744             break;
   784             break;
   745           case "prot":
   785           case "prot":
   746             if ( !$perms->get_permissions('protect') )
   786             if ( !$perms->get_permissions('protect') )
   747               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   787               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   748             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   788             $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
   749             if ( !$e )
   789             if ( !$e )
   750               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   790               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   751             else
   791             else
   752               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
   792               return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
   753             break;
   793             break;
   754           case "semiprot":
   794           case "semiprot":
   755             if ( !$perms->get_permissions('protect') )
   795             if ( !$perms->get_permissions('protect') )
   756               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   796               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   757             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   797             $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
   758             if ( !$e )
   798             if ( !$e )
   759               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   799               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   760             else
   800             else
   761               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
   801               return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
   762             break;
   802             break;
   763           case "unprot":
   803           case "unprot":
   764             if ( !$perms->get_permissions('protect') )
   804             if ( !$perms->get_permissions('protect') )
   765               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   805               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   766             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   806             $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
   767             if ( !$e )
   807             if ( !$e )
   768               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   808               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
   769             else
   809             else
   770               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.';
   810               return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
   771             break;
   811             break;
   772           case "delete":
   812           case "delete":
   773             if ( !$perms->get_permissions('history_rollback_extra') )
   813             if ( !$perms->get_permissions('history_rollback_extra') )
   774               return 'Administrative privileges are required for page undeletion.';
   814               return 'Administrative privileges are required for page undeletion.';
   775             if ( isset($paths->pages[$paths->cpage['urlname']]) )
   815             if ( isset($paths->pages[$paths->cpage['urlname']]) )
   776               return 'You cannot raise a dead page that is alive.';
   816               return 'You cannot raise a dead page that is alive.';
   777             $name = str_replace('_', ' ', $rb['page_id']);
   817             $name = str_replace('_', ' ', $rb['page_id']);
   778             $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   818             $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   779             $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   819             $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   780             $r = $db->fetchrow();
   820             $r = $db->fetchrow();
   781             $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   821             $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   782             return 'The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.';
   822             return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
   783             break;
   823             break;
   784           case "reupload":
   824           case "reupload":
   785             if ( !$session->get_permissions('history_rollbacks_extra') )
   825             if ( !$session->get_permissions('history_rollbacks_extra') )
   786             {
   826             {
   787               return 'Administrative privileges are required for file rollbacks.';
   827               return 'Administrative privileges are required for file rollbacks.';
   788             }
   828             }
   789             $newtime = time();
   829             $newtime = time();
   790             $newdate = date('d M Y h:i a');
   830             $newdate = date('d M Y h:i a');
   791             if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id))
   831             if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
   792               return 'Error during query: '.mysql_error();
   832               return 'Error during query: '.mysql_error();
   793             if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id))
   833             if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
   794               return 'Error during query: '.mysql_error();
   834               return 'Error during query: '.mysql_error();
   795             return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
   835             return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
   796             break;
   836             break;
   797           default:
   837           default:
   798             return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
   838             return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
   799             break;
   839             break;
   800         }
   840         }
   801         break;
   841         break;
   802       case "security":
   842       case "security":
   803       case "login":
   843       case "login":
   804         return('A '.$rb['log_type'].'-related log entry cannot be rolled back.');
   844         return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
   805         break;
   845         break;
   806       default:
   846       default:
   807         return('Unknown log entry type: "'.$rb['log_type'].'"');
   847         return('Unknown log entry type: "' . $rb['log_type'] . '"');
   808     }
   848     }
   809   }
   849   }
   810   
   850   
   811   /**
   851   /**
   812    * Posts a comment.
   852    * Posts a comment.
   833     }
   873     }
   834     $text = RenderMan::preprocess_text($text);
   874     $text = RenderMan::preprocess_text($text);
   835     $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
   875     $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
   836     $subj = RenderMan::preprocess_text($subject);
   876     $subj = RenderMan::preprocess_text($subject);
   837     if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
   877     if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
   838     $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')';
   878     $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
   839     $e = $db->sql_query($q);
   879     $e = $db->sql_query($q);
   840     if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))');
   880     if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
   841     else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
   881     else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
   842     return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
   882     return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
   843   }
   883   }
   844   
   884   
   845   /**
   885   /**
   865     {
   905     {
   866       switch($action) {
   906       switch($action) {
   867       case "delete":
   907       case "delete":
   868         if(isset($flags['id']))
   908         if(isset($flags['id']))
   869         {
   909         {
   870           $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
   910           $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
   871         } else {
   911         } else {
   872           $n = $db->escape($flags['name']);
   912           $n = $db->escape($flags['name']);
   873           $s = $db->escape($flags['subj']);
   913           $s = $db->escape($flags['subj']);
   874           $t = $db->escape($flags['text']);
   914           $t = $db->escape($flags['text']);
   875           $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
   915           $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
   876         }
   916         }
   877         $e=$db->sql_query($q);
   917         $e=$db->sql_query($q);
   878         if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
   918         if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
   879         break;
   919         break;
   880       case "approve":
   920       case "approve":
   881         if(isset($flags['id']))
   921         if(isset($flags['id']))
   882         {
   922         {
   883           $where = 'comment_id='.intval($flags['id']);
   923           $where = 'comment_id='.intval($flags['id']);
   884         } else {
   924         } else {
   885           $n = $db->escape($flags['name']);
   925           $n = $db->escape($flags['name']);
   886           $s = $db->escape($flags['subj']);
   926           $s = $db->escape($flags['subj']);
   887           $t = $db->escape($flags['text']);
   927           $t = $db->escape($flags['text']);
   888           $where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\'';
   928           $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
   889         }
   929         }
   890         $q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;';
   930         $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
   891         $e = $db->sql_query($q);
   931         $e = $db->sql_query($q);
   892         if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
   932         if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
   893         $r = $db->fetchrow();
   933         $r = $db->fetchrow();
   894         $db->free_result();
   934         $db->free_result();
   895         $a = ( $r['approved'] ) ? '0' : '1';
   935         $a = ( $r['approved'] ) ? '0' : '1';
   896         $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';';
   936         $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
   897         $e=$db->sql_query($q);
   937         $e=$db->sql_query($q);
   898         if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
   938         if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
   899         if($a=='1') $v = 'Unapprove';
   939         if($a=='1') $v = 'Unapprove';
   900         else $v = 'Approve';
   940         else $v = 'Approve';
   901         echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";';
   941         echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
   902         break;
   942         break;
   903       }
   943       }
   904     }
   944     }
   905     
   945     
   906     if(!defined('ENANO_TEMPLATE_LOADED'))
   946     if(!defined('ENANO_TEMPLATE_LOADED'))
   908       $template->load_theme($session->theme, $session->style);
   948       $template->load_theme($session->theme, $session->style);
   909     }
   949     }
   910     
   950     
   911     $tpl = $template->makeParser('comment.tpl');
   951     $tpl = $template->makeParser('comment.tpl');
   912     
   952     
   913     $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;');
   953     $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
   914     if(!$e) $db->_die('The comment text data could not be selected.');
   954     if(!$e) $db->_die('The comment text data could not be selected.');
   915     $num_unapp = $db->numrows();
   955     $num_unapp = $db->numrows();
   916     $db->free_result();
   956     $db->free_result();
   917     $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;');
   957     $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
   918     if(!$e) $db->_die('The comment text data could not be selected.');
   958     if(!$e) $db->_die('The comment text data could not be selected.');
   919     $num_app = $db->numrows();
   959     $num_app = $db->numrows();
   920     $db->free_result();
   960     $db->free_result();
   921     $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
   961     $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
   922                   FROM '.table_prefix.'comments AS c
   962                   FROM ' . table_prefix.'comments AS c
   923                   LEFT JOIN '.table_prefix.'users AS u
   963                   LEFT JOIN ' . table_prefix.'users AS u
   924                     ON c.user_id=u.user_id
   964                     ON c.user_id=u.user_id
   925                   WHERE page_id=\''.$page_id.'\'
   965                   WHERE page_id=\'' . $page_id . '\'
   926                   AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;');
   966                   AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
   927     if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
   967     if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
   928     $_ob .= '<h3>Article Comments</h3>';
   968     $_ob .= '<h3>Article Comments</h3>';
   929     $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
   969     $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
   930     if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments';
   970     if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments';
   931     if($n < 1)
   971     if($n < 1)
   932     {
   972     {
   933       $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
   973       $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
   934       if($namespace != 'Article') $_ob .= ' page';
   974       if($namespace != 'Article') $_ob .= ' page';
   935       $_ob .= '.</p>';
   975       $_ob .= '.</p>';
   936     } else $_ob .= '<p>There '.$s.' on this article.';
   976     } else $_ob .= '<p>There ' . $s . ' on this article.';
   937     if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>';
   977     if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>';
   938     elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
   978     elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
   939     $_ob .= '</p>';
   979     $_ob .= '</p>';
   940     $list = 'list = { ';
   980     $list = 'list = { ';
   941     // _die(htmlspecialchars($ttext));
   981     // _die(htmlspecialchars($ttext));
   942     $i = -1;
   982     $i = -1;
   943     while($row = $db->fetchrow($lq))
   983     while($row = $db->fetchrow($lq))
   944     {
   984     {
   945       $i++;
   985       $i++;
   946       $strings = Array();
   986       $strings = Array();
   947       $bool = Array();
   987       $bool = Array();
   948       if($session->get_permissions('mod_comments') || $row['approved']) {
   988       if ( $session->get_permissions('mod_comments') || $row['approved'] )
       
   989       {
   949         $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
   990         $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
   950         
   991         
   951         // Comment ID (used in the Javascript apps)
   992         // Comment ID (used in the Javascript apps)
   952         $strings['ID'] = (string)$i;
   993         $strings['ID'] = (string)$i;
   953         
   994         
   989         $strings['DATA'] = RenderMan::render($row['comment_data']);
  1030         $strings['DATA'] = RenderMan::render($row['comment_data']);
   990         
  1031         
   991         if($session->get_permissions('edit_comments'))
  1032         if($session->get_permissions('edit_comments'))
   992         {
  1033         {
   993           // Edit link
  1034           // Edit link
   994           $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=editcomment&amp;id='.$row['comment_id']).'" id="editbtn_'.$i.'">edit</a>';
  1035           $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=editcomment&amp;id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">edit</a>';
   995         
  1036         
   996           // Delete link
  1037           // Delete link
   997           $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=deletecomment&amp;id='.$row['comment_id']).'">delete</a>';
  1038           $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=deletecomment&amp;id=' . $row['comment_id']) . '">delete</a>';
   998         }
  1039         }
   999         else
  1040         else
  1000         {
  1041         {
  1001           // Edit link
  1042           // Edit link
  1002           $strings['EDIT_LINK'] = '';
  1043           $strings['EDIT_LINK'] = '';
  1004           // Delete link
  1045           // Delete link
  1005           $strings['DELETE_LINK'] = '';
  1046           $strings['DELETE_LINK'] = '';
  1006         }
  1047         }
  1007         
  1048         
  1008         // Send PM link
  1049         // Send PM link
  1009         $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : '';
  1050         $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : '';
  1010         
  1051         
  1011         // Add Buddy link
  1052         // Add Buddy link
  1012         $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : '';
  1053         $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : '';
  1013         
  1054         
  1014         // Mod links
  1055         // Mod links
  1015         $applink = '';
  1056         $applink = '';
  1016         $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=approve&amp;id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">';
  1057         $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=approve&amp;id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
  1017         if($row['approved']) $applink .= 'Unapprove';
  1058         if($row['approved']) $applink .= 'Unapprove';
  1018         else $applink .= 'Approve';
  1059         else $applink .= 'Approve';
  1019         $applink .= '</a>';
  1060         $applink .= '</a>';
  1020         $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
  1061         $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
  1021         $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=delete&amp;id='.$row['comment_id']).'">Delete</a>';
  1062         $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=delete&amp;id=' . $row['comment_id']) . '">Delete</a>';
  1022         
  1063         
  1023         // Signature
  1064         // Signature
  1024         $strings['SIGNATURE'] = '';
  1065         $strings['SIGNATURE'] = '';
  1025         if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
  1066         if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
  1026         
  1067         
  1043       else
  1084       else
  1044       {
  1085       {
  1045         $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
  1086         $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
  1046         if(getConfig('approve_comments')=='1') $_ob .= '  Before your comment will be visible to the public, a moderator will have to approve it.';
  1087         if(getConfig('approve_comments')=='1') $_ob .= '  Before your comment will be visible to the public, a moderator will have to approve it.';
  1047         if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
  1088         if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
  1048         $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
  1089         $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
  1049         $_ob .= '  <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
  1090         $_ob .= '  <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
  1050         <div id="mdgCommentForm">
  1091         <div id="mdgCommentForm">
  1051         <h3>Comment form</h3>
  1092         <h3>Comment form</h3>
  1052         <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=postcomment').'" method="post" style="margin-left: 1em">
  1093         <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=postcomment').'" method="post" style="margin-left: 1em">
  1053         <table border="0">
  1094         <table border="0">
  1054         <tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr>
  1095         <tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr>
  1055         <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
  1096         <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
  1056         if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
  1097         if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
  1057         {
  1098         {
  1058           $session->kill_captcha();
  1099           $session->kill_captcha();
  1059           $captcha = $session->make_captcha();
  1100           $captcha = $session->make_captcha();
  1060           $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
  1101           $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
  1061         }
  1102         }
  1062         $_ob .= '
  1103         $_ob .= '
  1063         <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
  1104         <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
  1064         <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
  1105         <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
  1065         </table>
  1106         </table>
  1066         </form>
  1107         </form>
  1067         </div>';
  1108         </div>';
  1068       }
  1109       }
  1069     } else {
  1110     } else {
  1070       $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>';
  1111       $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
  1071     }
  1112     }
  1072     $list .= '};';
  1113     $list .= '};';
  1073     echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
  1114     echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
  1074     ' . $list;
  1115     ' . $list;
  1075     echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
  1116     echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
  1136     $old_subject = $db->escape($old_subject);
  1177     $old_subject = $db->escape($old_subject);
  1137     // Safety check - username/login
  1178     // Safety check - username/login
  1138     if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
  1179     if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
  1139     {
  1180     {
  1140       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1181       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1141       $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
  1182       $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
  1142       $s = $db->sql_query($q);
  1183       $s = $db->sql_query($q);
  1143       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1184       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1144       $r = $db->fetchrow($s);
  1185       $r = $db->fetchrow($s);
  1145       $db->free_result();
  1186       $db->free_result();
  1146       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1187       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1147     }
  1188     }
  1148     $s = RenderMan::preprocess_text($subject);
  1189     $s = RenderMan::preprocess_text($subject);
  1149     $t = RenderMan::preprocess_text($text);
  1190     $t = RenderMan::preprocess_text($text);
  1150     $sql  = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
  1191     $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1151     $result = $db->sql_query($sql);
  1192     $result = $db->sql_query($sql);
  1152     if($result)
  1193     if($result)
  1153     {
  1194     {
  1154       return 'result="GOOD";
  1195       return 'result="GOOD";
  1155                       list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
  1196                       list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
  1156                       list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.';
  1197                       list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
  1157       s = unescape(\''.rawurlencode($s).'\');
  1198       s = unescape(\''.rawurlencode($s).'\');
  1158       t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
  1199       t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
  1159     }
  1200     }
  1160     else
  1201     else
  1161     {
  1202     {
  1162       return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
  1203       return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
  1163       Performed SQL:
  1204       Performed SQL:
  1164       '.$sql.'
  1205       ' . $sql . '
  1165     
  1206     
  1166       Error returned by MySQL: '.mysql_error()).'");';
  1207       Error returned by MySQL: '.mysql_error()).'");';
  1167     }
  1208     }
  1168   }
  1209   }
  1169   
  1210   
  1185       return 'Access denied';
  1226       return 'Access denied';
  1186     // Safety check - username/login
  1227     // Safety check - username/login
  1187     if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
  1228     if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
  1188     {
  1229     {
  1189       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1230       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1190       $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
  1231       $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
  1191       $s = $db->sql_query($q);
  1232       $s = $db->sql_query($q);
  1192       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1233       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1193       $r = $db->fetchrow($s);
  1234       $r = $db->fetchrow($s);
  1194       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1235       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1195       $db->free_result();
  1236       $db->free_result();
  1196     }
  1237     }
  1197     $s = RenderMan::preprocess_text($subject);
  1238     $s = RenderMan::preprocess_text($subject);
  1198     $t = RenderMan::preprocess_text($text);
  1239     $t = RenderMan::preprocess_text($text);
  1199     $sql  = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
  1240     $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1200     $result = $db->sql_query($sql);
  1241     $result = $db->sql_query($sql);
  1201     if($result)
  1242     if($result)
  1202     return 'good';
  1243     return 'good';
  1203     else return 'Enano encountered a problem whilst saving the comment.
  1244     else return 'Enano encountered a problem whilst saving the comment.
  1204     Performed SQL:
  1245     Performed SQL:
  1205     '.$sql.'
  1246     ' . $sql . '
  1206     
  1247     
  1207     Error returned by MySQL: '.mysql_error();
  1248     Error returned by MySQL: '.mysql_error();
  1208   }
  1249   }
  1209   
  1250   
  1210   /**
  1251   /**
  1232     
  1273     
  1233     // Safety check - username/login
  1274     // Safety check - username/login
  1234     if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
  1275     if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
  1235     {
  1276     {
  1236       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1277       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1237       $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
  1278       $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
  1238       $s = $db->sql_query($q);
  1279       $s = $db->sql_query($q);
  1239       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1280       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1240       $r = $db->fetchrow($s);
  1281       $r = $db->fetchrow($s);
  1241       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1282       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1242       $db->free_result();
  1283       $db->free_result();
  1243     }
  1284     }
  1244     $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
  1285     $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
  1245     $e=$db->sql_query($q);
  1286     $e=$db->sql_query($q);
  1246     if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
  1287     if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
  1247     return('good');
  1288     return('good');
  1248   }
  1289   }
  1249   
  1290   
  1250   /**
  1291   /**
  1251    * Deletes a comment in a cleaner fashion.
  1292    * Deletes a comment in a cleaner fashion.
  1266     
  1307     
  1267     // Safety check - username/login
  1308     // Safety check - username/login
  1268     if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
  1309     if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
  1269     {
  1310     {
  1270       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1311       if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
  1271       $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
  1312       $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
  1272       $s = $db->sql_query($q);
  1313       $s = $db->sql_query($q);
  1273       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1314       if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
  1274       $r = $db->fetchrow($s);
  1315       $r = $db->fetchrow($s);
  1275       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1316       if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
  1276       $db->free_result();
  1317       $db->free_result();
  1277     }
  1318     }
  1278     $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;';
  1319     $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
  1279     $e=$db->sql_query($q);
  1320     $e=$db->sql_query($q);
  1280     if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
  1321     if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
  1281     return('good');
  1322     return('good');
  1282   }
  1323   }
  1283   
  1324   
  1284   /**
  1325   /**
  1285    * Renames a page.
  1326    * Renames a page.
  1302     {
  1343     {
  1303       die('Name is too short');
  1344       die('Name is too short');
  1304     }
  1345     }
  1305     if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
  1346     if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
  1306     {
  1347     {
  1307       $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')');
  1348       $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
  1308       if ( !$e )
  1349       if ( !$e )
  1309       {
  1350       {
  1310         $db->_die('The page title could not be updated.');
  1351         $db->_die('The page title could not be updated.');
  1311       }
  1352       }
  1312       $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
  1353       $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
  1313       if ( !$e )
  1354       if ( !$e )
  1314       {
  1355       {
  1315         $db->_die('The page title could not be updated.');
  1356         $db->_die('The page title could not be updated.');
  1316       }
  1357       }
  1317       else
  1358       else
  1318       {
  1359       {
  1319         return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
  1360         return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
  1320       }
  1361       }
  1321     }
  1362     }
  1322     else
  1363     else
  1323     {
  1364     {
  1324       return('Access is denied.');
  1365       return('Access is denied.');
  1334    
  1375    
  1335   function flushlogs($page_id, $namespace)
  1376   function flushlogs($page_id, $namespace)
  1336   {
  1377   {
  1337     global $db, $session, $paths, $template, $plugins; // Common objects
  1378     global $db, $session, $paths, $template, $plugins; // Common objects
  1338     if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
  1379     if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
  1339     $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
  1380     $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
  1340     if(!$e) $db->_die('The log entries could not be deleted.');
  1381     if(!$e) $db->_die('The log entries could not be deleted.');
  1341     
  1382     
  1342     // If the page exists, make a backup of it in case it gets spammed/vandalized
  1383     // If the page exists, make a backup of it in case it gets spammed/vandalized
  1343     // If not, the admin's probably deleting a trash page
  1384     // If not, the admin's probably deleting a trash page
  1344     if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
  1385     if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
  1345     {
  1386     {
  1346       $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1387       $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
  1347       if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
  1388       if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
  1348       $row = $db->fetchrow();
  1389       $row = $db->fetchrow();
  1349       $db->free_result();
  1390       $db->free_result();
  1350       $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
  1391       $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
  1351       if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
  1392       if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
  1352     }
  1393     }
  1353     return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
  1394     return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
  1354   }
  1395   }
  1355   
  1396   
  1369     if ( empty($x) )
  1410     if ( empty($x) )
  1370     {
  1411     {
  1371       return 'Invalid reason for deletion passed';
  1412       return 'Invalid reason for deletion passed';
  1372     }
  1413     }
  1373     if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
  1414     if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
  1374     $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
  1415     $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
  1375     if(!$e) $db->_die('The page log entry could not be inserted.');
  1416     if(!$e) $db->_die('The page log entry could not be inserted.');
  1376     $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
  1417     $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1377     if(!$e) $db->_die('The page categorization entries could not be deleted.');
  1418     if(!$e) $db->_die('The page categorization entries could not be deleted.');
  1378     $e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
  1419     $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1379     if(!$e) $db->_die('The page comments could not be deleted.');
  1420     if(!$e) $db->_die('The page comments could not be deleted.');
  1380     $e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
  1421     $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1381     if(!$e) $db->_die('The page text entry could not be deleted.');
  1422     if(!$e) $db->_die('The page text entry could not be deleted.');
  1382     $e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
  1423     $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1383     if(!$e) $db->_die('The page entry could not be deleted.');
  1424     if(!$e) $db->_die('The page entry could not be deleted.');
  1384     $e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\'');
  1425     $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
  1385     if(!$e) $db->_die('The file entry could not be deleted.');
  1426     if(!$e) $db->_die('The file entry could not be deleted.');
  1386     return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
  1427     return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
  1387   }
  1428   }
  1388   
  1429   
  1389   /**
  1430   /**
  1444     $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
  1485     $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
  1445     $ips = $db->escape( serialize($ips) );
  1486     $ips = $db->escape( serialize($ips) );
  1446     
  1487     
  1447     $cv++;
  1488     $cv++;
  1448     
  1489     
  1449     $q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
  1490     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1450     $w = $db->sql_query($q);
  1491     $w = $db->sql_query($q);
  1451     
  1492     
  1452     return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
  1493     return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
  1453   }
  1494   }
  1454   
  1495   
  1461   
  1502   
  1462   function resetdelvotes($page_id, $namespace)
  1503   function resetdelvotes($page_id, $namespace)
  1463   {
  1504   {
  1464     global $db, $session, $paths, $template, $plugins; // Common objects
  1505     global $db, $session, $paths, $template, $plugins; // Common objects
  1465     if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
  1506     if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
  1466     $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
  1507     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1467     $e = $db->sql_query($q);
  1508     $e = $db->sql_query($q);
  1468     if(!$e) $db->_die('The number of delete votes was not reset.');
  1509     if(!$e) $db->_die('The number of delete votes was not reset.');
  1469     else return('The number of votes for having this page deleted has been reset to zero.');
  1510     else return('The number of votes for having this page deleted has been reset to zero.');
  1470   }
  1511   }
  1471   
  1512   
  1477    
  1518    
  1478   function getstyles()
  1519   function getstyles()
  1479   {
  1520   {
  1480     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
  1521     $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
  1481     
  1522     
  1482     $dir = './themes/'.$_GET['id'].'/css/';
  1523     if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
       
  1524       return $json->encode(false);
       
  1525     
       
  1526     $dir = './themes/' . $_GET['id'] . '/css/';
  1483     $list = Array();
  1527     $list = Array();
  1484     // Open a known directory, and proceed to read its contents
  1528     // Open a known directory, and proceed to read its contents
  1485     if (is_dir($dir)) {
  1529     if (is_dir($dir)) {
  1486       if ($dh = opendir($dir)) {
  1530       if ($dh = opendir($dir)) {
  1487         while (($file = readdir($dh)) !== false) {
  1531         while (($file = readdir($dh)) !== false) {
  1488           if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { // _printable.css should be included with every theme
  1532           if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
  1489                                                                                     // it should be a copy of the original style, but
  1533           {                                                                         // it should be a copy of the original style, but
  1490                                                                                     // mostly black and white
  1534                                                                                     // mostly black and white
  1491                                                                                     // Note to self: document this
  1535                                                                                     // Note to self: document this
  1492             $list[] = substr($file, 0, strlen($file)-4);
  1536             $list[] = substr($file, 0, strlen($file)-4);
  1493           }
  1537           }
  1494         }
  1538         }
  1524   function catedit_raw($page_id, $namespace)
  1568   function catedit_raw($page_id, $namespace)
  1525   {
  1569   {
  1526     global $db, $session, $paths, $template, $plugins; // Common objects
  1570     global $db, $session, $paths, $template, $plugins; // Common objects
  1527     ob_start();
  1571     ob_start();
  1528     $_ob = '';
  1572     $_ob = '';
  1529     $e = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
  1573     $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
  1530     if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
  1574     if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
  1531     $cat_current = Array();
  1575     $cat_current = Array();
  1532     while($r = $db->fetchrow())
  1576     while($r = $db->fetchrow())
  1533     {
  1577     {
  1534       $cat_current[] = $r;
  1578       $cat_current[] = $r;
  1576       if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
  1620       if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
  1577          ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
  1621          ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
  1578          $is_prot = true;
  1622          $is_prot = true;
  1579       $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
  1623       $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
  1580       $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
  1624       $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
  1581       echo 'catlist['.$i.'] = \''.$cat_info[$i]['urlname_nons'].'\';';
  1625       echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
  1582       $_ob .= '<span class="catCheck"><input '.$prot.' name="'.$cat_info[$i]['urlname_nons'].'" id="mdgCat_'.$cat_info[$i]['urlname_nons'].'" type="checkbox"';
  1626       $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
  1583       if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
  1627       if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
  1584       $_ob .= '/>  <label for="mdgCat_'.$cat_info[$i]['urlname_nons'].'">'.$cat_info[$i]['name'].$prottext.'</label></span><br />';
  1628       $_ob .= '/>  <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
  1585     }
  1629     }
  1586     
  1630     
  1587     $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
  1631     $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
  1588       
  1632       
  1589     $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
  1633     $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
  1634          ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
  1678          ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
  1635          $auth = false;
  1679          $auth = false;
  1636       if(!$auth)
  1680       if(!$auth)
  1637       {
  1681       {
  1638         // Find out if the page is currently in the category
  1682         // Find out if the page is currently in the category
  1639         $q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1683         $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
  1640         if(!$q)
  1684         if(!$q)
  1641           return 'MySQL error: '.$db->get_error();
  1685           return 'MySQL error: ' . $db->get_error();
  1642         if($db->numrows() > 0)
  1686         if($db->numrows() > 0)
  1643         {
  1687         {
  1644           $auth = true;
  1688           $auth = true;
  1645           $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
  1689           $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
  1646         }
  1690         }
  1647         $db->free_result();
  1691         $db->free_result();
  1648       }
  1692       }
  1649       if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')';
  1693       if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
  1650     }
  1694     }
  1651     if(sizeof($rowlist) > 0)
  1695     if(sizeof($rowlist) > 0)
  1652     {
  1696     {
  1653       $val = implode(',', $rowlist);
  1697       $val = implode(',', $rowlist);
  1654       $q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
  1698       $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
  1655       $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1699       $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
  1656       if(!$e) $db->_die('The old category data could not be deleted.');
  1700       if(!$e) $db->_die('The old category data could not be deleted.');
  1657       $e = $db->sql_query($q);
  1701       $e = $db->sql_query($q);
  1658       if(!$e) $db->_die('The new category data could not be inserted.');
  1702       if(!$e) $db->_die('The new category data could not be inserted.');
  1659       return('GOOD');
  1703       return('GOOD');
  1660     }
  1704     }
  1661     else
  1705     else
  1662     {
  1706     {
  1663       $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1707       $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
  1664       if(!$e) $db->_die('The old category data could not be deleted.');
  1708       if(!$e) $db->_die('The old category data could not be deleted.');
  1665       return('GOOD');
  1709       return('GOOD');
  1666     }
  1710     }
  1667   }
  1711   }
  1668   
  1712   
  1676   
  1720   
  1677   function setwikimode($page_id, $namespace, $level)
  1721   function setwikimode($page_id, $namespace, $level)
  1678   {
  1722   {
  1679     global $db, $session, $paths, $template, $plugins; // Common objects
  1723     global $db, $session, $paths, $template, $plugins; // Common objects
  1680     if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
  1724     if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
  1681     if(!isset($level) || (isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level))) return('Invalid mode string');
  1725     if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
  1682     $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode='.$level.' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1726     {
  1683     if(!$q) return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
  1727       return('Invalid mode string');
       
  1728     }
       
  1729     $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
       
  1730     if ( !$q )
       
  1731     {
       
  1732       return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
       
  1733     }
  1684     return('GOOD');
  1734     return('GOOD');
  1685   }
  1735   }
  1686   
  1736   
  1687   /**
  1737   /**
  1688    * Sets the access password for a page.
  1738    * Sets the access password for a page.
  1702       $a = $session->get_permissions('password_set');
  1752       $a = $session->get_permissions('password_set');
  1703     if(!$a)
  1753     if(!$a)
  1704       return 'Access is denied';
  1754       return 'Access is denied';
  1705     if(!isset($pass)) return('Password was not set on URL');
  1755     if(!isset($pass)) return('Password was not set on URL');
  1706     $p = $pass;
  1756     $p = $pass;
  1707     if(!preg_match('#([0-9a-f]){40,40}#', $p)) $p = sha1($p);
  1757     if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
  1708     if($p=='da39a3ee5e6b4b0d3255bfef95601890afd80709') $p = '';
  1758     {
  1709     $e = $db->sql_query('UPDATE '.table_prefix.'pages SET password=\''.$p.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
  1759       $p = sha1($p);
  1710     if(!$e) die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
  1760     }
  1711     if($p=='') return('The password for this page has been disabled.');
  1761     if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
       
  1762       // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
       
  1763       $p = '';
       
  1764     $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
       
  1765     if ( !$e )
       
  1766     {
       
  1767       die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
       
  1768     }
       
  1769     // Is the new password blank?
       
  1770     if ( $p == '' )
       
  1771     {
       
  1772       return('The password for this page has been disabled.');
       
  1773     }
  1712     else return('The password for this page has been set.');
  1774     else return('The password for this page has been set.');
  1713   }
  1775   }
  1714   
  1776   
  1715   /**
  1777   /**
  1716    * Generates some preview HTML
  1778    * Generates some preview HTML
  1738    * @return string
  1800    * @return string
  1739    */
  1801    */
  1740    
  1802    
  1741   function scrollBox($text, $height = 250)
  1803   function scrollBox($text, $height = 250)
  1742   {
  1804   {
  1743     return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">'.$text.'</div>';
  1805     return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
  1744   }
  1806   }
  1745   
  1807   
  1746   /**
  1808   /**
  1747    * Generates a diff summary between two page revisions.
  1809    * Generates a diff summary between two page revisions.
  1748    * @param $page_id the page ID
  1810    * @param $page_id the page ID
  1759       return 'Access denied';
  1821       return 'Access denied';
  1760     if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
  1822     if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
  1761        !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
  1823        !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
  1762     // OK we made it through security
  1824     // OK we made it through security
  1763     // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
  1825     // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
  1764     if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
  1826     if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
  1765     if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
  1827     if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
  1766     $row1 = $db->fetchrow($q1);
  1828     $row1 = $db->fetchrow($q1);
  1767     $db->free_result($q1);
  1829     $db->free_result($q1);
  1768     $row2 = $db->fetchrow($q2);
  1830     $row2 = $db->fetchrow($q2);
  1769     $db->free_result($q2);
  1831     $db->free_result($q2);
  1770     if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
  1832     if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
  1802     }
  1864     }
  1803     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
  1865     $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
  1804     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
  1866     $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
  1805     $page_id =& $parms['page_id'];
  1867     $page_id =& $parms['page_id'];
  1806     $namespace =& $parms['namespace'];
  1868     $namespace =& $parms['namespace'];
  1807     $page_where_clause      = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\''.$db->escape($page_id).'\' AND a.namespace=\''.$db->escape($namespace).'\'';
  1869     $page_where_clause      = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
  1808     $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\'';
  1870     $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
  1809     //die(print_r($page_id,true));
  1871     //die(print_r($page_id,true));
  1810     $template->load_theme();
  1872     $template->load_theme();
  1811     // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
  1873     // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
  1812     $perms_obj =& $session;
  1874     $perms_obj =& $session;
  1813     $return = Array();
  1875     $return = Array();
  1825     {
  1887     {
  1826       switch($parms['mode'])
  1888       switch($parms['mode'])
  1827       {
  1889       {
  1828         case 'listgroups':
  1890         case 'listgroups':
  1829           $return['groups'] = Array();
  1891           $return['groups'] = Array();
  1830           $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
  1892           $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
  1831           while($row = $db->fetchrow())
  1893           while($row = $db->fetchrow())
  1832           {
  1894           {
  1833             $return['groups'][] = Array(
  1895             $return['groups'][] = Array(
  1834               'id' => $row['group_id'],
  1896               'id' => $row['group_id'],
  1835               'name' => $row['group_name'],
  1897               'name' => $row['group_name'],
  1836               );
  1898               );
  1837           }
  1899           }
  1838           $db->free_result();
  1900           $db->free_result();
  1839           $return['page_groups'] = Array();
  1901           $return['page_groups'] = Array();
  1840           $q = $db->sql_query('SELECT pg_id,pg_name FROM '.table_prefix.'page_groups ORDER BY pg_name ASC;');
  1902           $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
  1841           if ( !$q )
  1903           if ( !$q )
  1842             return Array(
  1904             return Array(
  1843               'mode' => 'error',
  1905               'mode' => 'error',
  1844               'error' => $db->get_error()
  1906               'error' => $db->get_error()
  1845               );
  1907               );
  1859           $return['target_type'] = $parms['target_type'];
  1921           $return['target_type'] = $parms['target_type'];
  1860           $return['target_id'] = $parms['target_id'];
  1922           $return['target_id'] = $parms['target_id'];
  1861           switch($parms['target_type'])
  1923           switch($parms['target_type'])
  1862           {
  1924           {
  1863             case ACL_TYPE_USER:
  1925             case ACL_TYPE_USER:
  1864               $q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u
  1926               $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
  1865                   LEFT JOIN '.table_prefix.'acl AS a
  1927                   LEFT JOIN ' . table_prefix.'acl AS a
  1866                     ON a.target_id=u.user_id
  1928                     ON a.target_id=u.user_id
  1867                   WHERE a.target_type='.ACL_TYPE_USER.'
  1929                   WHERE a.target_type='.ACL_TYPE_USER.'
  1868                     AND u.username=\''.$db->escape($parms['target_id']).'\'
  1930                     AND u.username=\'' . $db->escape($parms['target_id']) . '\'
  1869                     '.$page_where_clause.';');
  1931                     ' . $page_where_clause . ';');
  1870               if(!$q)
  1932               if(!$q)
  1871                 return(Array('mode'=>'error','error'=>mysql_error()));
  1933                 return(Array('mode'=>'error','error'=>mysql_error()));
  1872               if($db->numrows() < 1)
  1934               if($db->numrows() < 1)
  1873               {
  1935               {
  1874                 $return['type'] = 'new';
  1936                 $return['type'] = 'new';
  1875                 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';');
  1937                 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
  1876                 if(!$q)
  1938                 if(!$q)
  1877                   return(Array('mode'=>'error','error'=>mysql_error()));
  1939                   return(Array('mode'=>'error','error'=>mysql_error()));
  1878                 if($db->numrows() < 1)
  1940                 if($db->numrows() < 1)
  1879                   return Array('mode'=>'error','error'=>'The username you entered was not found.');
  1941                   return Array('mode'=>'error','error'=>'The username you entered was not found.');
  1880                 $row = $db->fetchrow();
  1942                 $row = $db->fetchrow();
  1906                   }
  1968                   }
  1907                 }
  1969                 }
  1908               }
  1970               }
  1909               break;
  1971               break;
  1910             case ACL_TYPE_GROUP:
  1972             case ACL_TYPE_GROUP:
  1911               $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g
  1973               $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
  1912                   LEFT JOIN '.table_prefix.'acl AS a
  1974                   LEFT JOIN ' . table_prefix.'acl AS a
  1913                     ON a.target_id=g.group_id
  1975                     ON a.target_id=g.group_id
  1914                   WHERE a.target_type='.ACL_TYPE_GROUP.'
  1976                   WHERE a.target_type='.ACL_TYPE_GROUP.'
  1915                     AND g.group_id=\''.intval($parms['target_id']).'\'
  1977                     AND g.group_id=\''.intval($parms['target_id']).'\'
  1916                     '.$page_where_clause.';');
  1978                     ' . $page_where_clause . ';');
  1917               if(!$q)
  1979               if(!$q)
  1918                 return(Array('mode'=>'error','error'=>mysql_error()));
  1980                 return(Array('mode'=>'error','error'=>mysql_error()));
  1919               if($db->numrows() < 1)
  1981               if($db->numrows() < 1)
  1920               {
  1982               {
  1921                 $return['type'] = 'new';
  1983                 $return['type'] = 'new';
  1922                 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
  1984                 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
  1923                 if(!$q)
  1985                 if(!$q)
  1924                   return(Array('mode'=>'error','error'=>mysql_error()));
  1986                   return(Array('mode'=>'error','error'=>mysql_error()));
  1925                 if($db->numrows() < 1)
  1987                 if($db->numrows() < 1)
  1926                   return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
  1988                   return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
  1927                 $row = $db->fetchrow();
  1989                 $row = $db->fetchrow();
  1965         case 'save_edit':
  2027         case 'save_edit':
  1966           if ( defined('ENANO_DEMO_MODE') )
  2028           if ( defined('ENANO_DEMO_MODE') )
  1967           {
  2029           {
  1968             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  2030             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  1969           }
  2031           }
  1970           $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2032           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  1971             '.$page_where_clause_lite.';');
  2033             ' . $page_where_clause_lite . ';');
  1972           if(!$q)
  2034           if(!$q)
  1973             return Array('mode'=>'error','error'=>mysql_error());
  2035             return Array('mode'=>'error','error'=>mysql_error());
  1974           $rules = $session->perm_to_string($parms['perms']);
  2036           $rules = $session->perm_to_string($parms['perms']);
  1975           if ( sizeof ( $rules ) < 1 )
  2037           if ( sizeof ( $rules ) < 1 )
  1976           {
  2038           {
  1977             return array(
  2039             return array(
  1978                 'mode' => 'error', 
  2040                 'mode' => 'error', 
  1979                 'error' => 'Supplied rule list has a length of zero'
  2041                 'error' => 'Supplied rule list has a length of zero'
  1980               );
  2042               );
  1981           }
  2043           }
  1982           $q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
  2044           $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
  1983                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' :
  2045                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
  1984                                           'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules )
  2046                                           'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
  1985                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )';
  2047                                              VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
  1986           if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
  2048           if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
  1987           return Array(
  2049           return Array(
  1988               'mode' => 'success',
  2050               'mode' => 'success',
  1989               'target_type' => $parms['target_type'],
  2051               'target_type' => $parms['target_type'],
  1990               'target_id' => $parms['target_id'],
  2052               'target_id' => $parms['target_id'],
  1996         case 'delete':
  2058         case 'delete':
  1997           if ( defined('ENANO_DEMO_MODE') )
  2059           if ( defined('ENANO_DEMO_MODE') )
  1998           {
  2060           {
  1999             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  2061             return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
  2000           }
  2062           }
  2001           $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2063           $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
  2002             '.$page_where_clause_lite.';');
  2064             ' . $page_where_clause_lite . ';');
  2003           if(!$q)
  2065           if(!$q)
  2004             return Array('mode'=>'error','error'=>mysql_error());
  2066             return Array('mode'=>'error','error'=>mysql_error());
  2005           return Array(
  2067           return Array(
  2006               'mode' => 'delete',
  2068               'mode' => 'delete',
  2007               'target_type' => $parms['target_type'],
  2069               'target_type' => $parms['target_type'],
  2141         {
  2203         {
  2142           echo '<h3>Create new rule</h3>';
  2204           echo '<h3>Create new rule</h3>';
  2143         }
  2205         }
  2144         $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
  2206         $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
  2145         $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
  2207         $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
  2146         echo 'This panel allows you to edit what the '.$type.' "'.$response['target_name'].'" can do on <b>'.$scope.'</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
  2208         echo 'This panel allows you to edit what the ' . $type . ' "' . $response['target_name'] . '" can do on <b>' . $scope . '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
  2147         echo $formstart;
  2209         echo $formstart;
  2148         $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
  2210         $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
  2149         echo $parser->run();
  2211         echo $parser->run();
  2150         $parser = $template->makeParserText( $response['template']['acl_field_item'] );
  2212         $parser = $template->makeParserText( $response['template']['acl_field_item'] );
  2151         $cls = 'row2';
  2213         $cls = 'row2';