12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
13 */ |
13 */ |
14 |
14 |
15 define('ENANO_INTERFACE_AJAX', ''); |
15 define('ENANO_INTERFACE_AJAX', ''); |
16 |
16 |
17 // fillusername should be done without the help of the rest of Enano - all we need is the DBAL |
|
18 if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' ) |
|
19 { |
|
20 // setup and load a very basic, specialized instance of the Enano API |
|
21 function microtime_float() |
|
22 { |
|
23 list($usec, $sec) = explode(" ", microtime()); |
|
24 return ((float)$usec + (float)$sec); |
|
25 } |
|
26 // Determine directory (special case for development servers) |
|
27 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) |
|
28 { |
|
29 $filename = str_replace('/repo/', '/', __FILE__); |
|
30 } |
|
31 else |
|
32 { |
|
33 $filename = __FILE__; |
|
34 } |
|
35 define('ENANO_ROOT', dirname($filename)); |
|
36 require(ENANO_ROOT.'/includes/functions.php'); |
|
37 require(ENANO_ROOT.'/includes/dbal.php'); |
|
38 require(ENANO_ROOT.'/includes/json2.php'); |
|
39 |
|
40 require(ENANO_ROOT . '/config.php'); |
|
41 unset($dbuser, $dbpasswd); |
|
42 if ( !isset($dbdriver) ) |
|
43 $dbdriver = 'mysql'; |
|
44 |
|
45 $db = new $dbdriver(); |
|
46 |
|
47 $db->connect(); |
|
48 |
|
49 // result is sent using JSON |
|
50 $return = Array( |
|
51 'mode' => 'success', |
|
52 'users_real' => Array() |
|
53 ); |
|
54 |
|
55 // should be connected to the DB now |
|
56 $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false; |
|
57 if ( !$name ) |
|
58 { |
|
59 $return = array( |
|
60 'mode' => 'error', |
|
61 'error' => 'Invalid URI' |
|
62 ); |
|
63 die( enano_json_encode($return) ); |
|
64 } |
|
65 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1'; |
|
66 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;'); |
|
67 if ( !$q ) |
|
68 { |
|
69 $db->die_json(); |
|
70 } |
|
71 $i = 0; |
|
72 while($r = $db->fetchrow()) |
|
73 { |
|
74 $return['users_real'][] = $r['username']; |
|
75 $i++; |
|
76 } |
|
77 $db->free_result(); |
|
78 |
|
79 // all done! :-) |
|
80 $db->close(); |
|
81 |
|
82 echo enano_json_encode( $return ); |
|
83 |
|
84 exit; |
|
85 } |
|
86 |
|
87 require('includes/common.php'); |
17 require('includes/common.php'); |
88 |
18 |
89 global $db, $session, $paths, $template, $plugins; // Common objects |
19 global $db, $session, $paths, $template, $plugins; // Common objects |
90 if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.'); |
20 if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.'); |
91 |
21 |
92 $_ob = ''; |
22 $_ob = ''; |
93 |
23 |
94 switch($_GET['_mode']) { |
24 switch($_GET['_mode']) { |
95 case "checkusername": |
25 case "checkusername": |
|
26 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
96 echo PageUtils::checkusername($_GET['name']); |
27 echo PageUtils::checkusername($_GET['name']); |
97 break; |
28 break; |
98 case "getsource": |
29 case "getsource": |
99 header('Content-type: text/plain'); |
30 header('Content-type: text/plain'); |
100 $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; |
31 $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; |
228 |
159 |
229 $page->send(); |
160 $page->send(); |
230 break; |
161 break; |
231 case "savepage": |
162 case "savepage": |
232 /* **** OBSOLETE **** */ |
163 /* **** OBSOLETE **** */ |
233 $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : ''; |
164 |
234 $minor = isset($_POST['minor']); |
|
235 $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor); |
|
236 if ( $e == 'good' ) |
|
237 { |
|
238 $page = new PageProcessor($paths->page_id, $paths->namespace); |
|
239 $page->send(); |
|
240 } |
|
241 else |
|
242 { |
|
243 echo '<p>Error saving the page: '.$e.'</p>'; |
|
244 } |
|
245 break; |
165 break; |
246 case "savepage_json": |
166 case "savepage_json": |
247 header('Content-type: application/json'); |
167 header('Content-type: application/json'); |
248 if ( !isset($_POST['r']) ) |
168 if ( !isset($_POST['r']) ) |
249 die('Invalid request'); |
169 die('Invalid request'); |
432 |
352 |
433 $result = $page->protect_page(intval($_POST['level']), $_POST['reason']); |
353 $result = $page->protect_page(intval($_POST['level']), $_POST['reason']); |
434 echo enano_json_encode($result); |
354 echo enano_json_encode($result); |
435 break; |
355 break; |
436 case "histlist": |
356 case "histlist": |
|
357 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
437 echo PageUtils::histlist($paths->page_id, $paths->namespace); |
358 echo PageUtils::histlist($paths->page_id, $paths->namespace); |
438 break; |
359 break; |
439 case "rollback": |
360 case "rollback": |
440 $id = intval(@$_GET['id']); |
361 $id = intval(@$_GET['id']); |
441 $page = new PageProcessor($paths->page_id, $paths->namespace); |
362 $page = new PageProcessor($paths->page_id, $paths->namespace); |
443 |
364 |
444 $result = $page->rollback_log_entry($id); |
365 $result = $page->rollback_log_entry($id); |
445 echo enano_json_encode($result); |
366 echo enano_json_encode($result); |
446 break; |
367 break; |
447 case "comments": |
368 case "comments": |
|
369 require_once(ENANO_ROOT.'/includes/comment.php'); |
448 $comments = new Comments($paths->page_id, $paths->namespace); |
370 $comments = new Comments($paths->page_id, $paths->namespace); |
449 if ( isset($_POST['data']) ) |
371 if ( isset($_POST['data']) ) |
450 { |
372 { |
451 $comments->process_json($_POST['data']); |
373 $comments->process_json($_POST['data']); |
452 } |
374 } |
461 |
383 |
462 $result = $page->rename_page($_POST['newtitle']); |
384 $result = $page->rename_page($_POST['newtitle']); |
463 echo enano_json_encode($result); |
385 echo enano_json_encode($result); |
464 break; |
386 break; |
465 case "flushlogs": |
387 case "flushlogs": |
|
388 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
466 echo PageUtils::flushlogs($paths->page_id, $paths->namespace); |
389 echo PageUtils::flushlogs($paths->page_id, $paths->namespace); |
467 break; |
390 break; |
468 case "deletepage": |
391 case "deletepage": |
|
392 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
469 $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
393 $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
470 if ( empty($reason) ) |
394 if ( empty($reason) ) |
471 die($lang->get('page_err_need_reason')); |
395 die($lang->get('page_err_need_reason')); |
472 echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); |
396 echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); |
473 break; |
397 break; |
474 case "delvote": |
398 case "delvote": |
|
399 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
475 echo PageUtils::delvote($paths->page_id, $paths->namespace); |
400 echo PageUtils::delvote($paths->page_id, $paths->namespace); |
476 break; |
401 break; |
477 case "resetdelvotes": |
402 case "resetdelvotes": |
|
403 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
478 echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace); |
404 echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace); |
479 break; |
405 break; |
480 case "getstyles": |
406 case "getstyles": |
|
407 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
481 echo PageUtils::getstyles($_GET['id']); |
408 echo PageUtils::getstyles($_GET['id']); |
482 break; |
409 break; |
483 case "catedit": |
410 case "catedit": |
|
411 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
484 echo PageUtils::catedit($paths->page_id, $paths->namespace); |
412 echo PageUtils::catedit($paths->page_id, $paths->namespace); |
485 break; |
413 break; |
486 case "catsave": |
414 case "catsave": |
|
415 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
487 echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); |
416 echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); |
488 break; |
417 break; |
489 case "setwikimode": |
418 case "setwikimode": |
|
419 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
490 echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']); |
420 echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']); |
491 break; |
421 break; |
492 case "setpass": |
422 case "setpass": |
|
423 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
493 echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']); |
424 echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']); |
494 break; |
425 break; |
495 case "fillusername": |
426 case "fillusername": |
496 break; |
427 break; |
497 case "fillpagename": |
428 case "fillpagename": |
535 } else { |
466 } else { |
536 die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\''); |
467 die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\''); |
537 } |
468 } |
538 break; |
469 break; |
539 case "preview": |
470 case "preview": |
|
471 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
540 echo PageUtils::genPreview($_POST['text']); |
472 echo PageUtils::genPreview($_POST['text']); |
541 break; |
473 break; |
542 case "pagediff": |
474 case "pagediff": |
|
475 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
543 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
476 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
544 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
477 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
545 if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; } |
478 if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; } |
546 if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || |
479 if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || |
547 !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; } |
480 !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; } |
556 $rdns = gethostbyaddr($ip); |
489 $rdns = gethostbyaddr($ip); |
557 if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.'; |
490 if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.'; |
558 else echo $rdns; |
491 else echo $rdns; |
559 break; |
492 break; |
560 case 'acljson': |
493 case 'acljson': |
|
494 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
561 $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; |
495 $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; |
562 echo PageUtils::acl_json($parms); |
496 echo PageUtils::acl_json($parms); |
563 break; |
497 break; |
564 case "change_theme": |
498 case "change_theme": |
565 if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) ) |
499 if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) ) |