16 |
16 |
17 // fillusername should be done without the help of the rest of Enano - all we need is the DBAL |
17 // fillusername should be done without the help of the rest of Enano - all we need is the DBAL |
18 if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' ) |
18 if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' ) |
19 { |
19 { |
20 // setup and load a very basic, specialized instance of the Enano API |
20 // setup and load a very basic, specialized instance of the Enano API |
21 function dc_here($m) { return false; } |
|
22 function dc_dump($a, $g) { return false; } |
|
23 function dc_watch($n) { return false; } |
|
24 function dc_start_timer($u) { return false; } |
|
25 function dc_stop_timer($m) { return false; } |
|
26 function microtime_float() |
21 function microtime_float() |
27 { |
22 { |
28 list($usec, $sec) = explode(" ", microtime()); |
23 list($usec, $sec) = explode(" ", microtime()); |
29 return ((float)$usec + (float)$sec); |
24 return ((float)$usec + (float)$sec); |
30 } |
25 } |
39 } |
34 } |
40 define('ENANO_ROOT', dirname($filename)); |
35 define('ENANO_ROOT', dirname($filename)); |
41 require(ENANO_ROOT.'/includes/functions.php'); |
36 require(ENANO_ROOT.'/includes/functions.php'); |
42 require(ENANO_ROOT.'/includes/dbal.php'); |
37 require(ENANO_ROOT.'/includes/dbal.php'); |
43 require(ENANO_ROOT.'/includes/json.php'); |
38 require(ENANO_ROOT.'/includes/json.php'); |
44 $db = new mysql(); |
39 |
|
40 require(ENANO_ROOT . '/config.php'); |
|
41 unset($dbuser, $dbpasswd); |
|
42 if ( !isset($dbdriver) ) |
|
43 $dbdriver = 'mysql'; |
|
44 |
|
45 $db = new $dbdriver(); |
|
46 |
45 $db->connect(); |
47 $db->connect(); |
46 |
48 |
47 // result is sent using JSON |
49 // result is sent using JSON |
48 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
50 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
49 $return = Array( |
51 $return = Array( |
60 'error' => 'Invalid URI' |
62 'error' => 'Invalid URI' |
61 ); |
63 ); |
62 die( $json->encode($return) ); |
64 die( $json->encode($return) ); |
63 } |
65 } |
64 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; |
66 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; |
65 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); |
67 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); |
66 if ( !$q ) |
68 if ( !$q ) |
67 { |
69 { |
68 $return = array( |
70 $db->die_json(); |
69 'mode' => 'error', |
|
70 'error' => 'MySQL error selecting username data: '.addslashes(mysql_error()) |
|
71 ); |
|
72 die( $json->encode($return) ); |
|
73 } |
71 } |
74 $i = 0; |
72 $i = 0; |
75 while($r = $db->fetchrow()) |
73 while($r = $db->fetchrow()) |
76 { |
74 { |
77 $return['users_real'][] = $r['username']; |
75 $return['users_real'][] = $r['username']; |
275 break; |
273 break; |
276 case 'get_tags': |
274 case 'get_tags': |
277 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
275 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); |
278 |
276 |
279 $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); |
277 $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); |
280 $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t |
278 $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t |
281 LEFT JOIN '.table_prefix.'page_groups AS pg |
279 LEFT JOIN '.table_prefix.'page_groups AS pg |
282 ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) |
280 ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) |
283 WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); |
281 WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); |
284 if ( !$q ) |
282 if ( !$q ) |
285 $db->_die(); |
283 $db->_die(); |
286 |
284 |
287 while ( $row = $db->fetchrow() ) |
285 while ( $row = $db->fetchrow() ) |
288 { |
286 { |
289 $can_del = true; |
287 $can_del = true; |
290 |
288 |
291 $perm = ( $row['user'] != $session->user_id ) ? |
289 $perm = ( $row['user_id'] != $session->user_id ) ? |
292 'tag_delete_other' : |
290 'tag_delete_other' : |
293 'tag_delete_own'; |
291 'tag_delete_own'; |
294 |
292 |
295 if ( $row['user'] == 1 && !$session->user_logged_in ) |
293 if ( $row['user_id'] == 1 && !$session->user_logged_in ) |
296 // anonymous user trying to delete tag (hardcode blacklisted) |
294 // anonymous user trying to delete tag (hardcode blacklisted) |
297 $can_del = false; |
295 $can_del = false; |
298 |
296 |
299 if ( !$session->get_permissions($perm) ) |
297 if ( !$session->get_permissions($perm) ) |
300 $can_del = false; |
298 $can_del = false; |
362 } |
360 } |
363 $resp['in_acl'] = ( $db->numrows() > 0 ); |
361 $resp['in_acl'] = ( $db->numrows() > 0 ); |
364 $db->free_result(); |
362 $db->free_result(); |
365 |
363 |
366 // we're good |
364 // we're good |
367 $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); |
365 $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); |
368 if ( !$q ) |
366 if ( !$q ) |
369 $db->_die(); |
367 $db->_die(); |
370 |
368 |
371 $resp['success'] = true; |
369 $resp['success'] = true; |
372 $resp['tag'] = $tag; |
370 $resp['tag'] = $tag; |
378 |
376 |
379 $tag_id = intval($_POST['tag_id']); |
377 $tag_id = intval($_POST['tag_id']); |
380 if ( empty($tag_id) ) |
378 if ( empty($tag_id) ) |
381 die('Invalid tag ID'); |
379 die('Invalid tag ID'); |
382 |
380 |
383 $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t |
381 $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t |
384 LEFT JOIN '.table_prefix.'page_groups AS pg |
382 LEFT JOIN '.table_prefix.'page_groups AS pg |
385 ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) ) |
383 ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) ) |
386 WHERE t.tag_id=' . $tag_id . ';'); |
384 WHERE t.tag_id=' . $tag_id . ';'); |
387 |
385 |
388 if ( !$q ) |
386 if ( !$q ) |
397 if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace ) |
395 if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace ) |
398 $perms =& $session; |
396 $perms =& $session; |
399 else |
397 else |
400 $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']); |
398 $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']); |
401 |
399 |
402 $perm = ( $row['user'] != $session->user_id ) ? |
400 $perm = ( $row['user_id'] != $session->user_id ) ? |
403 'tag_delete_other' : |
401 'tag_delete_other' : |
404 'tag_delete_own'; |
402 'tag_delete_own'; |
405 |
403 |
406 if ( $row['user'] == 1 && !$session->user_logged_in ) |
404 if ( $row['user_id'] == 1 && !$session->user_logged_in ) |
407 // anonymous user trying to delete tag (hardcode blacklisted) |
405 // anonymous user trying to delete tag (hardcode blacklisted) |
408 die('You are not authorized to delete this tag.'); |
406 die('You are not authorized to delete this tag.'); |
409 |
407 |
410 if ( !$perms->get_permissions($perm) ) |
408 if ( !$perms->get_permissions($perm) ) |
411 die('You are not authorized to delete this tag.'); |
409 die('You are not authorized to delete this tag.'); |