ajax.php
author Dan
Mon, 11 Feb 2008 13:55:14 -0500
changeset 409 267be9e394c2
parent 408 7ecbe721217c
child 413 6607cd646d6d
permissions -rw-r--r--
Removed unused schema files
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     1
<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     3
/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
204
473cc747022a You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in.
Dan
parents: 187 194
diff changeset
     5
 * Version 1.1.1
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     6
 * Copyright (C) 2006-2007 Dan Fuhry
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     7
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     8
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     9
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    10
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    11
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    12
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    13
 */
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    14
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    15
  define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    16
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    17
  // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    18
  if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    19
  {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    20
    // setup and load a very basic, specialized instance of the Enano API
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    21
    function microtime_float()
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    22
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    23
      list($usec, $sec) = explode(" ", microtime());
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    24
      return ((float)$usec + (float)$sec);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    25
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    26
    // Determine directory (special case for development servers)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    27
    if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    28
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    29
      $filename = str_replace('/repo/', '/', __FILE__);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    30
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    31
    else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    32
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    33
      $filename = __FILE__;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    34
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    35
    define('ENANO_ROOT', dirname($filename));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    36
    require(ENANO_ROOT.'/includes/functions.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    37
    require(ENANO_ROOT.'/includes/dbal.php');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    38
    require(ENANO_ROOT.'/includes/json2.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    39
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    40
    require(ENANO_ROOT . '/config.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    41
    unset($dbuser, $dbpasswd);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    42
    if ( !isset($dbdriver) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    43
      $dbdriver = 'mysql';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    44
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    45
    $db = new $dbdriver();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    46
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    47
    $db->connect();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    48
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    49
    // result is sent using JSON
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    50
    $return = Array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    51
        'mode' => 'success',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    52
        'users_real' => Array()
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    53
      );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    54
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    55
    // should be connected to the DB now
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    56
    $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    57
    if ( !$name )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    58
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    59
      $return = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    60
        'mode' => 'error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    61
        'error' => 'Invalid URI'
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    62
      );
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
    63
      die( enano_json_encode($return) );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    64
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    65
    $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    66
    $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    67
    if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    68
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    69
      $db->die_json();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    70
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    71
    $i = 0;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    72
    while($r = $db->fetchrow())
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    73
    {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    74
      $return['users_real'][] = $r['username'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    75
      $i++;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    76
    }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    77
    $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    78
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    79
    // all done! :-)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    80
    $db->close();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    81
    
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
    82
    echo enano_json_encode( $return );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    83
    
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    84
    exit;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    85
  }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    86
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    87
  require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    88
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    89
  global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    90
  if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    91
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    92
  $_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    93
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    94
  switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    95
    case "checkusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    96
      echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    97
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    98
    case "getsource":
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    99
      header('Content-type: application/json');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   100
      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   101
      $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   102
      $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   103
      $page->password = $password;
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   104
      if ( $src = $page->fetch_source() )
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   105
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   106
        $allowed = true;
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   107
      }
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
   108
      else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
   109
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   110
        $allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   111
        $src = '';
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
   112
      }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   113
      else
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   114
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   115
        $allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   116
        $src = '';
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   117
      }
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   118
      
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   119
      $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );
387
92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
parents: 378
diff changeset
   120
      $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   121
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   122
      $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   123
          'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   124
          'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   125
          'auth_view_source' => $allowed,
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   126
          'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   127
          'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   128
          'require_captcha' => false,
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   129
          'allow_wysiwyg' => $auth_wysiwyg,
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   130
          'revid' => $revid
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   131
        );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   132
      
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   133
      if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   134
      {
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   135
        // Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   136
        $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   137
  LEFT JOIN ' . table_prefix . 'logs AS l2
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   138
    ON ( l2.time_id = ' . $revid . '
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   139
         AND l2.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   140
         AND l2.action    = \'edit\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   141
         AND l2.page_id   = \'ACL_Tests\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   142
         AND l2.namespace = \'Article\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   143
        )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   144
  WHERE l1.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   145
    AND l1.action    = \'edit\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   146
    AND l1.page_id   = \'ACL_Tests\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   147
    AND l1.namespace = \'Article\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   148
    AND l1.time_id >= ' . $revid . '
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   149
  ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   150
        if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   151
          $db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   152
        
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   153
        $rev_count = $db->numrows() - 1;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   154
        $row = $db->fetchrow();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   155
        $return['undo_info'] = array(
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   156
          'old_author'     => $row['oldrev_author'],
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   157
          'current_author' => $row['currentrev_author'],
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   158
          'undo_count'     => $rev_count
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   159
        );
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   160
      }
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   161
      
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   162
      if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   163
      {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   164
        $return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   165
        $return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   166
      }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   167
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   168
      echo enano_json_encode($return);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   169
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   170
    case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   171
      // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   172
      $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   173
      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   174
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   175
      $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   176
      $page->password = $pagepass;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   177
            
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   178
      $page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   179
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   180
    case "savepage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   181
      $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   182
      $minor = isset($_POST['minor']);
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   183
      $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   184
      if($e=='good')
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   185
      {
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   186
        $page = new PageProcessor($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   187
        $page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   188
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   189
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   190
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   191
        echo '<p>Error saving the page: '.$e.'</p>';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   192
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   193
      break;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   194
    case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   195
      header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   196
      if ( !isset($_POST['r']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   197
        die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   198
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   199
      $request = enano_json_decode($_POST['r']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   200
      if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   201
        die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   202
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   203
      $time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   204
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   205
      // Verify that no edits have been made since the editor was requested
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   206
      $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' ORDER BY time_id DESC LIMIT 1;");
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   207
      if ( !$q )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   208
        $db->die_json();
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   209
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   210
      $row = $db->fetchrow();
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   211
      $db->free_result();
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   212
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   213
      if ( $row['time_id'] > $time )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   214
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   215
        $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   216
          'mode' => 'obsolete',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   217
          'author' => $row['author'],
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 336
diff changeset
   218
          'date_string' => enano_date('d M Y h:i a', $row['time_id']),
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   219
          'time' => $row['time_id'] // time() ???
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   220
          );
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   221
        echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   222
        break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   223
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   224
      
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   225
      // Verify captcha, if needed
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   226
      if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   227
      {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   228
        if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   229
        {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   230
          die('Invalid request, need captcha metadata');
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   231
        }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   232
        $code_correct = strtolower($session->get_captcha($request['captcha_id']));
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   233
        $code_input = strtolower($request['captcha_code']);
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   234
        if ( $code_correct !== $code_input )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   235
        {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   236
          $return = array(
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   237
            'mode' => 'errors',
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   238
            'errors' => array($lang->get('editor_err_captcha_wrong')),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   239
            'new_captcha' => $session->make_captcha()
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   240
          );
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   241
          echo enano_json_encode($return);
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   242
          break;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   243
        }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   244
      }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   245
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   246
      // Verification complete. Start the PageProcessor and let it do the dirty work for us.
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   247
      $page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   248
      if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   249
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   250
        $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   251
            'mode' => 'success'
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   252
          );
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   253
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   254
      else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   255
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   256
        $errors = array();
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   257
        while ( $err = $page->pop_error() )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   258
        {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   259
          $errors[] = $err;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   260
        }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   261
        $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   262
          'mode' => 'errors',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   263
          'errors' => array_values($errors)
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   264
          );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   265
        if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   266
        {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   267
          $return['new_captcha'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   268
        }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   269
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   270
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   271
      echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   272
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   273
      break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   274
    case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   275
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   276
      // Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   277
      header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   278
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   279
      if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   280
        die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   281
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   282
      $page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   283
      if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   284
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   285
        die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   286
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   287
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   288
      $diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   289
      if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   290
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   291
        $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   292
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   293
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   294
      echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   295
      echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   296
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   297
      break;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   298
    case "protect":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   299
      echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   300
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   301
    case "histlist":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   302
      echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   303
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   304
    case "rollback":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   305
      echo PageUtils::rollback( (int)$_GET['id'] );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   306
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   307
    case "comments":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   308
      $comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   309
      if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   310
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   311
        $comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   312
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   313
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   314
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   315
        die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   316
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   317
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   318
    case "rename":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   319
      echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   320
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   321
    case "flushlogs":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   322
      echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   323
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   324
    case "deletepage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   325
      $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   326
      if ( empty($reason) )
378
c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
parents: 345
diff changeset
   327
        die($lang->get('page_err_need_reason'));
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   328
      echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   329
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   330
    case "delvote":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   331
      echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   332
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   333
    case "resetdelvotes":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   334
      echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   335
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   336
    case "getstyles":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   337
      echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   338
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   339
    case "catedit":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   340
      echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   341
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   342
    case "catsave":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   343
      echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   344
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   345
    case "setwikimode":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   346
      echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   347
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   348
    case "setpass":
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   349
      echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   350
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   351
    case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   352
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   353
    case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   354
      $name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   355
      if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   356
      $nd = RenderMan::strToPageID($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   357
      $c = 0;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   358
      $u = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   359
      $n = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   360
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   361
      $name = sanitize_page_id($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   362
      $name = str_replace('_', ' ', $name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   363
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   364
      for($i=0;$i<sizeof($paths->pages)/2;$i++)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   365
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   366
        if( ( 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   367
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   368
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   369
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   370
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   371
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   372
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   373
            ) &&
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   374
           ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   375
            && $paths->pages[$i]['visible']
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   376
           )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   377
        {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   378
          $c++;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   379
          $u[] = $paths->pages[$i]['name'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   380
          $n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   381
        }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   382
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   383
      if($c > 0)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   384
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   385
        echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   386
        for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   387
        {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   388
          echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   389
          echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   390
        }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   391
      } else {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   392
        die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   393
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   394
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   395
    case "preview":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   396
      echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   397
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   398
    case "pagediff":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   399
      $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   400
      $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   401
      if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   402
      if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   403
         !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   404
      echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   405
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   406
    case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   407
      die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   408
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   409
    case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   410
      if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   411
      $ip = $_GET['ip'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   412
      $rdns = gethostbyaddr($ip);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   413
      if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   414
      else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   415
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   416
    case 'acljson':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   417
      $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   418
      echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   419
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   420
    case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   421
      if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   422
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   423
        die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   424
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   425
      if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   426
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   427
        die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   428
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   429
      if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   430
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   431
        die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   432
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   433
      if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   434
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   435
        die('You must be logged in to change your theme');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   436
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   437
      // Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   438
      $theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   439
      $style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   440
      $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   441
      if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   442
        die( $db->get_error() );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   443
      die('GOOD');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   444
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   445
    case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   446
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   447
      $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   448
      $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   449
        LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   450
          ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   451
        WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   452
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   453
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   454
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   455
      while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   456
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   457
        $can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   458
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   459
        $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   460
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   461
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   462
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   463
        if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   464
          // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   465
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   466
          
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   467
        if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   468
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   469
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   470
        if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   471
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   472
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   473
        $ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   474
          'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   475
          'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   476
          'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   477
          'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   478
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   479
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   480
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   481
      echo enano_json_encode($ret);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   482
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   483
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   484
    case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   485
      $resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   486
          'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   487
          'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   488
          'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   489
          'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   490
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   491
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   492
      // first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   493
      if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   494
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   495
        $resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   496
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   497
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   498
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   499
      // sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   500
      $tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   501
      $tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   502
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   503
      if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   504
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   505
        $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   506
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   507
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   508
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   509
      // check if tag is already on page
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   510
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   511
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   512
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   513
      if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   514
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   515
        $resp['error'] = 'This page already has this tag.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   516
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   517
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   518
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   519
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   520
      // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   521
      $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   522
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   523
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   524
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   525
      if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   526
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   527
        $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   528
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   529
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   530
      $resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   531
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   532
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   533
      // we're good
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   534
      $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   535
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   536
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   537
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   538
      $resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   539
      $resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   540
      $resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   541
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   542
      echo enano_json_encode($resp);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   543
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   544
    case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   545
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   546
      $tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   547
      if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   548
        die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   549
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   550
      $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   551
  LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   552
    ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   553
  WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   554
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   555
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   556
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   557
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   558
      if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   559
        die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   560
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   561
      $row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   562
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   563
      
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   564
      if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   565
        $perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   566
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   567
        $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   568
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   569
      $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   570
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   571
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   572
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   573
      if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   574
        // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   575
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   576
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   577
      if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   578
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   579
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   580
      if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   581
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   582
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   583
      // We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   584
      $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   585
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   586
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   587
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   588
      echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   589
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   590
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   591
    case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   592
      echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   593
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   594
    default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   595
      die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   596
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   597
  }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   598
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   599
?>