<?php

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.0.2 (Coblynau)

 * Copyright (C) 2006-2007 Dan Fuhry

 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

class PageUtils {

  /**

   * @param $name the name to check for

   */

  function checkusername($name)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

  }

  /**

   * Get the wiki formatting source for a page

   * @param $page the full page id (Namespace:Pagename)

   * @return string

   * @todo (DONE) Make it require a password (just for security purposes)

   */

  function getsource($page, $password = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if(!isset($paths->pages[$page]))

    {

      return '';

    }

    if(strlen($paths->pages[$page]['password']) == 40)

    {

      if(!$password || ( $password != $paths->pages[$page]['password']))

      {

        return 'invalid_password';

      }

    }

    if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges

      return 'access_denied';

    $pid = RenderMan::strToPageID($page);

    if($pid[1] == 'Special' || $pid[1] == 'Admin')

    {

    }

    if ( !$e )

    {

      $db->_die('The page text could not be selected.');

    }

    if( $db->numrows() < 1 )

    {

      return ''; //$db->_die('There were no rows in the text table that matched the page text query.');

    }

    $r = $db->fetchrow();

    $db->free_result();

    $message = $r['page_text'];

    return htmlspecialchars($message);

  }

  /**

   * Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages

   * @param $page the full page id (Namespace:Pagename)

   * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise

   * @return string

   */

  function getpage($page, $send_headers = false, $hist_id = false)

  {

    die('PageUtils->getpage is deprecated.');

    global $db, $session, $paths, $template, $plugins; // Common objects

    ob_start();

    $pid = RenderMan::strToPageID($page);

    //die('<pre>'.print_r($pid, true).'</pre>');

    if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)

    {

      password_prompt($page);

    }

    if(isset($paths->pages[$page]))

    {

      doStats($pid[0], $pid[1]);

    }

    if($paths->custom_page || $pid[1] == 'Special')

    {

      // If we don't have access to the page, get out and quick!

      if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')

      {

        $template->tpl_strings['PAGE_NAME'] = 'Access denied';

        if ( $send_headers )

        {

          $template->header();

        }

        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';

        if ( $send_headers )

        {

          $template->footer();

        }

        $r = ob_get_contents();

        ob_end_clean();

        return $r;

      }

      @call_user_func($fname);

    }

    else if ( $pid[1] == 'Admin' )

    {

      // If we don't have access to the page, get out and quick!

      if(!$session->get_permissions('read'))

      {

        $template->tpl_strings['PAGE_NAME'] = 'Access denied';

        if ( $send_headers )

        {

          $template->header();

        }

        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';

        if ( $send_headers )

        {

          $template->footer();

        }

        $r = ob_get_contents();

        ob_end_clean();

        return $r;

      }

      if ( !function_exists($fname) )

      {

        $title = 'Page backend not found';

        $message = "The administration page you are looking for was properly registered using the page API, but the backend function

                    (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";

        if ( $send_headers )

        {

          die_friendly($title, "<p>$message</p>");

        }

        else

        {

          echo "<h2>$title</h2>\n<p>$message</p>";

        }

      }

      @call_user_func($fname);

    }

    else if ( !isset( $paths->pages[$page] ) )

    {

      ob_start();

      $code = $plugins->setHook('page_not_found');

      foreach ( $code as $cmd )

      {

        eval($cmd);

      }

      $text = ob_get_contents();

      if ( $text != '' )

      {

        ob_end_clean();

        return $text;

      }

      $template->header();

      if($m = $paths->sysmsg('Page_not_found'))

      {

        eval('?>'.RenderMan::render($m));

      }

      else

      {

        header('HTTP/1.1 404 Not Found');

        echo '<h3>There is no page with this title yet.</h3>

               <p>You have requested a page that doesn\'t exist yet.';

        if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';

        else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';

            $r = $db->fetchrow();

          }

          $db->free_result();

        }

        echo '<p>

                HTTP Error: 404 Not Found

              </p>';

      }

      $template->footer();

    }

    else

    {

      // If we don't have access to the page, get out and quick!

      if(!$session->get_permissions('read'))

      {

        $template->tpl_strings['PAGE_NAME'] = 'Access denied';

        if($send_headers) $template->header();

        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';

        if($send_headers) $template->footer();

        $r = ob_get_contents();

        ob_end_clean();

        return $r;

      }

      ob_start();

      $code = $plugins->setHook('page_custom_handler');

      foreach ( $code as $cmd )

      {

        eval($cmd);

      }

      $text = ob_get_contents();

      if ( $text != '' )

      {

        ob_end_clean();

        return $text;

      }

        if($db->numrows() < 1)

        {

          $db->_die('There were no rows in the text table that matched the page text query.');

        }

        $r = $db->fetchrow();

        $db->free_result();

        if( !$paths->pages[$page]['special'] )

        {

          if($send_headers)

          {

            $template->header(); 

          }

          display_page_headers();

        }

        if( !$paths->pages[$page]['special'] )

        {

          display_page_footers();

          if($send_headers)

          {

            $template->footer();

          }

        }

      } else {

        if(!$paths->pages[$page]['special'])

        {

          $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);

        }

        else

        {

          $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);

        }

        // This line is used to debug wikiformatted code

        // die('<pre>'.htmlspecialchars($message).'</pre>');

        if( !$paths->pages[$page]['special'] )

        {

          if($send_headers)

          {

            $template->header(); 

          }

          display_page_headers();

        }

        // This is it, this is what all of Enano has been working up to...

        if( !$paths->pages[$page]['special'] )

        {

          display_page_footers();

          if($send_headers)

          {

            $template->footer();

          }

        }

      }

    }

    $ret = ob_get_contents();

    ob_end_clean();

    return $ret;

  }

  /**

   * Writes page data to the database, after verifying permissions and running the XSS filter

   * @param $page_id the page ID

   * @param $namespace the namespace

   * @param $message the text to save

   * @return string

   */

  function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $uid = sha1(microtime());

    $pname = $paths->nslist[$namespace] . $page_id;

    if(!$session->get_permissions('edit_page'))

      return 'Access to edit pages is denied.';

    if(!isset($paths->pages[$pname]))

    {

      $paths->page_exists = true;

    }

    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;

    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;

    if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');

    // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings

    $message = RenderMan::preprocess_text($message, false, false);

    $msg = $db->escape($message);

    $minor = $minor ? 'true' : 'false';

    if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');

    $e = $db->sql_query($q);

    if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');

    $paths->rebuild_page_index($page_id, $namespace);

    return 'good';

  }

  /**

   * Creates a page, both in memory and in the database.

   * @param string $page_id

   * @param string $namespace

   * @return bool true on success, false on failure

   */

  function createPage($page_id, $namespace, $name = false, $visible = 1)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    if(in_array($namespace, Array('Special', 'Admin')))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';

    }

    if(!isset($paths->nslist[$namespace]))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';

    }

    $pname = $paths->nslist[$namespace] . $page_id;

    if(isset($paths->pages[$pname]))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';

    }

    if(!$session->get_permissions('create_page'))

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';

    }

    if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')

    {

      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';

    }

    $page_id = dirtify_page_id($page_id);

    if ( !$name )

      $name = str_replace('_', ' ', $page_id);

    $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';

    if(!preg_match($regex, $page))

    {

      //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';

    }

    $page_id = sanitize_page_id( $page_id );

    $prot = ( $namespace == 'System' ) ? 1 : 0;

    $ips = array(

      'ip' => array(),

      'u' => array()

      );

    $page_data = Array(

      'name'=>$name,

      'urlname'=>$page_id,

      'namespace'=>$namespace,

      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,

    );

    // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');

    $paths->add_page($page_data);

    if($qa && $qb && $qc)

    else

    {

    }

  }

  /**

   * Sets the protection level on a page.

   * @param $page_id string the page ID

   * @param $namespace string the namespace

   * @param $level int level of protection - 0 is off, 1 is full, 2 is semi

   * @param $reason string why the page is being (un)protected

   * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )

   */

  function protect($page_id, $namespace, $level, $reason)

  {

    global $db, $session, $paths, $template, $plugins; // Common objects

    $pname = $paths->nslist[$namespace] . $page_id;

    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;

    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;

    }

    return('good');

  }

  /**

   * Generates an HTML table with history information in it.

   * @param $page_id the page ID

   * @param $namespace the namespace