346
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5
* Version 1.1.6 (Caoineag beta 1)
536
+ − 6
* Copyright (C) 2006-2008 Dan Fuhry
346
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
// Page editing portal
+ − 16
+ − 17
function page_Admin_PageEditor()
+ − 18
{
+ − 19
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 20
global $lang;
+ − 21
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ − 22
{
+ − 23
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ − 24
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ − 25
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
+ − 26
return;
+ − 27
}
+ − 28
+ − 29
echo '<h3>' . $lang->get('acped_heading_main') . '</h3>';
+ − 30
$show_select = true;
+ − 31
+ − 32
if ( isset($_REQUEST['action']) || isset($_REQUEST['source']) )
+ − 33
{
+ − 34
if ( isset($_REQUEST['action']) )
+ − 35
{
+ − 36
$act =& $_REQUEST['action'];
+ − 37
$act = strtolower($act);
+ − 38
}
+ − 39
else if ( isset($_REQUEST['source']) && $_REQUEST['source'] == 'ajax' )
+ − 40
{
+ − 41
$act = 'select';
+ − 42
}
+ − 43
switch ( $act )
+ − 44
{
+ − 45
case 'save':
+ − 46
case 'select':
+ − 47
// First step is to determine the page ID and namespace
+ − 48
+ − 49
if ( isset($_REQUEST['pid_search']) )
+ − 50
{
+ − 51
list($page_id, $namespace) = RenderMan::strToPageID($_REQUEST['page_id']);
+ − 52
$name = $db->escape(dirtify_page_id($page_id));
+ − 53
$page_id = $db->escape(sanitize_page_id($page_id));
+ − 54
$namespace = $db->escape($namespace);
+ − 55
$name = strtolower($name);
+ − 56
$page_id = strtolower($page_id);
+ − 57
$sql = "SELECT * FROM " . table_prefix . "pages WHERE ( " . ENANO_SQLFUNC_LOWERCASE . "(urlname) LIKE '%$page_id%' OR " . ENANO_SQLFUNC_LOWERCASE . "(name) LIKE '%$name%' ) ORDER BY name ASC;";
+ − 58
}
+ − 59
else
+ − 60
{
+ − 61
// pid_search was not set, assume absolute page ID
+ − 62
list($page_id, $namespace) = RenderMan::strToPageID($_REQUEST['page_id']);
+ − 63
$page_id = $db->escape(sanitize_page_id($page_id));
+ − 64
$namespace = $db->escape($namespace);
+ − 65
+ − 66
$sql = "SELECT * FROM " . table_prefix . "pages WHERE urlname = '$page_id' AND namespace = '$namespace';";
+ − 67
}
+ − 68
+ − 69
if ( !($q = $db->sql_query($sql)) )
+ − 70
{
+ − 71
$db->_die('PageManager selecting dataset for page');
+ − 72
}
+ − 73
+ − 74
if ( $db->numrows() < 1 )
+ − 75
{
+ − 76
echo '<div class="error-box">
+ − 77
' . $lang->get('acped_err_page_not_found') . '
+ − 78
</div>';
+ − 79
break;
+ − 80
}
+ − 81
+ − 82
if ( $db->numrows() > 1 )
+ − 83
{
+ − 84
// Ambiguous results
+ − 85
if ( isset($_REQUEST['pid_search']) )
+ − 86
{
+ − 87
echo '<h3>' . $lang->get('acped_msg_results_ambiguous_title') . '</h3>';
+ − 88
echo '<p>' . $lang->get('acped_msg_results_ambiguous_body') . '</p>';
+ − 89
echo '<ul>';
+ − 90
while ( $row = $db->fetchrow($q) )
+ − 91
{
+ − 92
echo '<li>';
+ − 93
$pathskey = $paths->nslist[$row['namespace']] . $row['urlname'];
+ − 94
$edit_url = makeUrlNS($row['namespace'], $row['urlname']) . '#do:edit';
+ − 95
$view_url = makeUrlNS($row['namespace'], $row['urlname']);
+ − 96
$page_name = htmlspecialchars(get_page_title_ns( $row['urlname'], $row['namespace'] ));
+ − 97
$view_link = $lang->get('acped_ambig_btn_viewpage');
+ − 98
echo "<a href=\"$edit_url\">$page_name</a> (<a onclick=\"window.open(this.href); return false;\" href=\"$view_url\">$view_link</a>)";
+ − 99
echo '</li>';
+ − 100
}
+ − 101
echo '</ul>';
+ − 102
$show_select = false;
+ − 103
break;
+ − 104
}
+ − 105
else
+ − 106
{
+ − 107
echo '<p>' . $lang->get('acped_err_ambig_absolute') . '</p>';
+ − 108
break;
+ − 109
}
+ − 110
}
+ − 111
+ − 112
// From this point on we can assume that exactly one matching page was found.
+ − 113
$dataset = $db->fetchrow();
+ − 114
$page_id = $dataset['urlname'];
+ − 115
$namespace = $dataset['namespace'];
+ − 116
$url = makeUrlNS($namespace, $page_id, false, true) . '#do:edit';
+ − 117
$url = addslashes($url);
+ − 118
echo '<script type="text/javascript">
+ − 119
window.location = \'' . $url . '\';
+ − 120
</script>';
+ − 121
+ − 122
$show_select = false;
+ − 123
break;
+ − 124
}
+ − 125
}
+ − 126
+ − 127
if ( $show_select )
+ − 128
{
+ − 129
echo '<p>' . $lang->get('acped_hint') . '</p>';
+ − 130
+ − 131
// Show the search form
+ − 132
+ − 133
$form_action = makeUrlNS('Special', 'Administration', "module={$paths->nslist['Admin']}PageEditor", true);
+ − 134
echo "<form action=\"$form_action\" method=\"post\">";
+ − 135
echo $lang->get('acped_lbl_field_search') . ' ';
+ − 136
echo $template->pagename_field('page_id') . ' ';
+ − 137
echo '<input type="hidden" name="action" value="select" />';
+ − 138
echo '<input type="submit" name="pid_search" value="' . $lang->get('search_btn_search') . '" />';
+ − 139
echo "</form>";
+ − 140
+ − 141
// Grab all pages from the database and show a list of pages on the site
+ − 142
+ − 143
echo '<h3>' . $lang->get('acped_heading_select_page_from_list') . '</h3>';
+ − 144
echo '<p>' . $lang->get('acped_hint_select_page_from_list') . '</p>';
+ − 145
+ − 146
$q = $db->sql_query('SELECT COUNT(name) AS num_pages FROM ' . table_prefix . 'pages;');
+ − 147
if ( !$q )
+ − 148
$db->_die('PageManager doing initial page count');
+ − 149
list($num_pages) = $db->fetchrow_num();
+ − 150
$db->free_result();
+ − 151
+ − 152
$pg_start = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
+ − 153
+ − 154
$q = $db->sql_unbuffered_query('SELECT urlname, name, namespace, ' . $num_pages . ' AS num_pages, ' . $pg_start . ' AS offset, \'edit\' AS mode FROM ' . table_prefix . 'pages ORDER BY name ASC;');
+ − 155
if ( !$q )
+ − 156
$db->_die('PageManager doing main select query for page list');
+ − 157
+ − 158
// Paginate results
+ − 159
$html = paginate(
+ − 160
$q,
+ − 161
'{urlname}',
+ − 162
$num_pages,
+ − 163
makeUrlNS('Special', 'Administration', "module={$paths->nslist['Admin']}PageEditor&offset=%s", false),
+ − 164
$pg_start,
+ − 165
99,
+ − 166
array('urlname' => 'admin_pagemanager_format_listing'),
+ − 167
'<div class="tblholder" style="height: 300px; clip: rect(0px, auto, auto, 0px); overflow: auto;">
+ − 168
<table border="0" cellspacing="1" cellpadding="4">',
+ − 169
' </table>
+ − 170
</div>'
+ − 171
);
+ − 172
echo $html;
+ − 173
}
+ − 174
+ − 175
}
+ − 176
+ − 177
?>