<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.6 (Caoineag beta 1)

 * Copyright (C) 2006-2008 Dan Fuhry

 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

class PageUtils {

  /**

   * Tell if a username is used or not.

   * @param $name the name to check for

   * @return string

   */

  public static function checkusername($name)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $name = str_replace('_', ' ', $name);

    $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');

    if ( !$q )

    {

      die($db->get_error());

    }

    if ( $db->numrows() < 1)

    {

      $db->free_result(); return('good');

    }

    else

    {

      $db->free_result(); return('bad');

    }

  }

  /**

   * Get the wiki formatting source for a page

   * @param $page the full page id (Namespace:Pagename)

   * @return string

   * @todo (DONE) Make it require a password (just for security purposes)

   */

  public static function getsource($page, $password = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if ( !isPage($page) )

    {

      return '';

    }

    list($page_id, $namespace) = RenderMan::strToPageID($page);

    $ns = namespace_factory($page_id, $namespace);

    $cdata = $ns->get_cdata();

    if ( strlen($cdata['password']) == 40 )

    {

      if(!$password || ( $password != $cdata['password']))

      {

        return 'invalid_password';

      }

    }

    if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges

      return 'access_denied';

    $pid = RenderMan::strToPageID($page);

    if($pid[1] == 'Special' || $pid[1] == 'Admin')

    {

      die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');

    }

    $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');

    if ( !$e )

    {

      $db->_die('The page text could not be selected.');

    }

    if( $db->numrows() < 1 )

    {

      return ''; //$db->_die('There were no rows in the text table that matched the page text query.');

    }

    $r = $db->fetchrow();

    $db->free_result();

    $message = $r['page_text'];

    return htmlspecialchars($message);

  }

  /**

   * DEPRECATED. Previously returned the full rendered contents of a page.

   * @param $page the full page id (Namespace:Pagename)

   * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise

   * @return string

   */

  public static function getpage($page, $send_headers = false, $hist_id = false)

  {

    die('PageUtils->getpage is deprecated.');

  }

  /**

   * Writes page data to the database, after verifying permissions and running the XSS filter

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @param $message the text to save

   * @return string

   */

  public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $page = new PageProcessor($page_id, $namespace);

    $cdata = $page->ns->get_cdata();

    return $page->update_page($message, $summary, $minor, $cdata['page_format']);

  }

  /**

   * Creates a page, both in memory and in the database.

   * @param string $page_id

   * @param string $namespace

   * @return bool true on success, false on failure

   */

  public static function createPage($page_id, $namespace, $name = false, $visible = 1)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if(in_array($namespace, Array('Special', 'Admin')))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';

      return 'You can\'t create a special page in the database';

    }

    if(!isset($paths->nslist[$namespace]))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';

      return 'Couldn\'t look up the namespace';

    }

    $pname = $paths->nslist[$namespace] . $page_id;

    if(isPage($pname))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';

      return 'Page already exists';

    }

    if(!$session->get_permissions('create_page'))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';

      return 'Not authorized to create pages';

    }

    if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';

      return 'Not authorized to create system messages';

    }

    if ( substr($page_id, 0, 8) == 'Project:' )

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';

      return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';

    }

    /*

    // Dunno why this was here. Enano can handle more flexible names than this...

    $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';

    if(!preg_match($regex, $name))

    {

      //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';

      return 'Name contains invalid characters';

    }

    */

    $page_id = dirtify_page_id($page_id);

    if ( !$name )

      $name = str_replace('_', ' ', $page_id);

    $page_id = sanitize_page_id( $page_id );

    $prot = ( $namespace == 'System' ) ? 1 : 0;

    $ips = array(

      'ip' => array(),

      'u' => array()

      );

    $page_data = Array(

      'name'=>$name,

      'urlname'=>$page_id,

      'namespace'=>$namespace,

      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,

    );

    // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');

    $paths->add_page($page_data);

    $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');

    $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');

    $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');

    if($qa && $qb && $qc)

      return 'good';

    else

    {

      return $db->get_error();

    }

  }

  /**

   * Sets the protection level on a page.

   * @param $page_id string the page ID

   * @param $namespace string the namespace

   * @param $level int level of protection - 0 is off, 1 is full, 2 is semi

   * @param $reason string why the page is being (un)protected

   * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )

   */

  public static function protect($page_id, $namespace, $level, $reason)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $page = new PageProcessor($page_id, $namespace);

    return $page->protect_page($level, $reason);

  }

  /**

   * Generates an HTML table with history information in it.

   * @param string the page ID

   * @param string the namespace

   * @param string page password

   * @return string

   */

  public static function histlist($page_id, $namespace, $password = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    if(!$session->get_permissions('history_view'))

      return 'Access denied';

    ob_start();

    $pname = $paths->get_pathskey($page_id, $namespace);

    $ns = namespace_factory($page_id, $namespace);

    $cdata = $ns->get_cdata();

    if ( !isPage($pname) )

    {

      return 'DNE';

    }

    if ( isPage($pname['password']) )

    {

      $password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') );

      if ( $password_exists && $password !== $cdata['password'] )

      {

        return '<p>' . $lang->get('history_err_wrong_password') . '</p>';

      }

    }

    $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false;

    $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false;

    $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;';

    if ( !($q = $db->sql_query($q)) )

      $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');

    echo $lang->get('history_page_subtitle') . '

          <h3>' . $lang->get('history_heading_edits') . '</h3>';

    $numrows = $db->numrows();

    if ( $numrows < 1 )

    {

      echo $lang->get('history_no_entries');

    }

    else

    {

      echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">

            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />

            ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '

            ' . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '') . '

            <input type="hidden" name="do" value="diff" />

            <br /><span>&nbsp;</span>

            <div class="tblholder">

            <table border="0" width="100%" cellspacing="1" cellpadding="4">

            <tr>

              <th colspan="2">' . $lang->get('history_col_diff') . '</th>

              <th>' . $lang->get('history_col_datetime') . '</th>

              <th>' . $lang->get('history_col_user') . '</th>

              <th>' . $lang->get('history_col_summary') . '</th>

              <th>' . $lang->get('history_col_minor') . '</th>

              <th colspan="3">' . $lang->get('history_col_actions') . '</th>

            </tr>'."\n"."\n";

      $cls = 'row2';

      $ticker = 0;

      while ( $r = $db->fetchrow($q) )

      {

        $ticker++;

        if($cls == 'row2') $cls = 'row1';

        else $cls = 'row2';

        echo '<tr>'."\n";

        // Diff selection

        if($ticker == 1)

        {

          $s1 = '';

          $s2 = 'checked="checked" ';

        }

        elseif($ticker == 2)

        {

          $s1 = 'checked="checked" ';

          $s2 = '';

        }

        else

        {

          $s1 = '';

          $s2 = '';

        }

        if($ticker > 1)        echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';

        if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';

        // Date and time

        echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";

        // User

        if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )

        {

          $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';

        }

        else

        {

          $rc = '';

        }

        echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';

        if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )

        {

          echo 'class="wikilink-nonexistent"';

        }

        echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";

        // Edit summary

        if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )

        {

          $r['edit_summary'] = $lang->get('history_summary_clearlogs');

        }

        echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";

        // Minor edit

        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";

        // Actions!

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&amp;revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";

        echo '</tr>'."\n"."\n";

      }

      echo '</table>

            </div>

            <br />

            <input type="hidden" name="do" value="diff" />

            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />

            </form>

            <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';

    }

    $db->free_result();

    echo '<h3>' . $lang->get('history_heading_other') . '</h3>';

    $q = 'SELECT log_id,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';

    if ( !$db->sql_query($q) )

    {

      $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');

    }

    if ( $db->numrows() < 1 )

    {

      echo $lang->get('history_no_entries');

    }

    else

    {

      echo '<div class="tblholder">

              <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>

                <th>' . $lang->get('history_col_datetime') . '</th>

                <th>' . $lang->get('history_col_user') . '</th>

                <th>' . $lang->get('history_col_minor') . '</th>

                <th>' . $lang->get('history_col_action_taken') . '</th>

                <th>' . $lang->get('history_col_extra') . '</th>

                <th colspan="2"></th>

              </tr>';

      $cls = 'row2';

      while($r = $db->fetchrow()) {

        if($cls == 'row2') $cls = 'row1';

        else $cls = 'row2';

        echo '<tr>';

        // Date and time

        echo '<td class="' . $cls . '">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">';

        // User

        echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';

        if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';

        echo '>' . $r['author'] . '</a></td class="' . $cls . '">';

        // Minor edit

        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';

        // Action taken

        echo '<td class="' . $cls . '">';

        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.

        if    ($r['action']=='prot')     echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">'     . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='unprot')   echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">'   . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='rename')   echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);

        elseif($r['action']=='create')   echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';

        elseif($r['action']=='delete')   echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];

        elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__ROLLBACK__' ? $lang->get('history_extra_upload_reversion') : htmlspecialchars($r['edit_summary']) );

        elseif($r['action']=='votereset')echo $lang->get('history_log_votereset') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_numvotes') . ' ' . $r['edit_summary'];

        echo '</td>';

        // Actions!

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';

        echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['log_id']) . '" onclick="ajaxRollback(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';

        echo '</tr>';

      }

      echo '</table></div>';

    }

    $db->free_result();

    $ret = ob_get_contents();

    ob_end_clean();

    return $ret;

  }

  /**

   * Rolls back a logged action

   * @param $id the time ID, a.k.a. the primary key in the logs table

   * @return string

   */

  public static function rollback($id)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    global $lang;

    // placeholder

    return 'PageUtils->rollback() is deprecated - use PageProcessor instead.';

  }

  /**

   * Posts a comment.

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @param $name the name of the person posting, defaults to current username/IP

   * @param $subject the subject line of the comment

   * @param $text the comment text

   * @return string javascript code

   */

  public static function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $_ob = '';

    if(!$session->get_permissions('post_comments'))

      return 'Access denied';

    if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');

    if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)

    {

      if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');

      $result = $session->get_captcha($captcha_id);

      if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');

    }

    $text = RenderMan::preprocess_text($text);

    $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);

    $subj = RenderMan::preprocess_text($subject);

    if(getConfig('approve_comments', '0')=='1') $appr = '0'; else $appr = '1';

    $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';

    $e = $db->sql_query($q);

    if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');

    else $_ob .= '<div class="info-box">Your comment has been posted.</div>';

    return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);

  }

  /**

   * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @param $action administrative action to perform, default is false

   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.

   * @param $_ob text to prepend to output, used by PageUtils::addcomment