ajax.php
changeset 0 902822492a68
child 15 ad5986a53197
equal deleted inserted replaced
-1:000000000000 0:902822492a68
       
     1 <?php
       
     2 /*
       
     3  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
     4  * Version 1.0 (Banshee)
       
     5  * Copyright (C) 2006-2007 Dan Fuhry
       
     6  *
       
     7  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
     8  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
     9  *
       
    10  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    11  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    12  */
       
    13  
       
    14   require('includes/common.php');
       
    15   
       
    16   global $db, $session, $paths, $template, $plugins; // Common objects
       
    17   if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
       
    18   
       
    19   $_ob = '';
       
    20   
       
    21   switch($_GET['_mode']) {
       
    22     case "checkusername":
       
    23       echo PageUtils::checkusername($_GET['name']);
       
    24       break;
       
    25     case "getsource":
       
    26       $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
       
    27       echo PageUtils::getsource($paths->page, $p);
       
    28       break;
       
    29     case "getpage":
       
    30       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
       
    31       $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace );
       
    32       $page->send();
       
    33       break;
       
    34     case "savepage":
       
    35       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
       
    36       $minor = isset($_POST['minor']);
       
    37       $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
       
    38       if($e=='good')
       
    39       {
       
    40         $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
       
    41         $page->send();
       
    42       }
       
    43       else
       
    44       {
       
    45         echo 'Error saving the page: '.$e;
       
    46       }
       
    47       break;
       
    48     case "protect":
       
    49       echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
       
    50       break;
       
    51     case "histlist":
       
    52       echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
       
    53       break;
       
    54     case "rollback":
       
    55       echo PageUtils::rollback( (int)$_GET['id'] );
       
    56       break;
       
    57       
       
    58       /*
       
    59        * This is old code and should not be used. It's badly broken and a perfect example of bad database organization.
       
    60        
       
    61     case "addcomment":
       
    62       $cc = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
       
    63       $ci = ( isset($_POST['captcha_id']  ) ) ? $_POST['captcha_id']   : false;
       
    64       if(!isset($_POST['text']) ||
       
    65          !isset($_POST['subj']) ||
       
    66          !isset($_POST['name'])) die('alert(\'Error in POST DATA string, aborting\');');
       
    67       if($_POST['text']=='' ||
       
    68          $_POST['name']=='' ||
       
    69          $_POST['subj']=='') die('alert(\'One or more POST DATA fields was empty, aborting post submission\')');
       
    70      echo PageUtils::addcomment($paths->cpage['urlname_nons'], $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $cc, $ci);
       
    71      break;
       
    72     case "comments":
       
    73       echo PageUtils::comments($paths->cpage['urlname_nons'], $paths->namespace, ( isset($_GET['action']) ? $_GET['action'] : false ), Array(
       
    74           'name' => ( isset($_POST['name']) ) ? $_POST['name'] : '',
       
    75           'subj' => ( isset($_POST['subj']) ) ? $_POST['subj'] : '',
       
    76           'text' => ( isset($_POST['text']) ) ? $_POST['text'] : ''
       
    77         ));
       
    78       break;
       
    79     case "savecomment":
       
    80       echo PageUtils::savecomment($paths->cpage['urlname_nons'], $paths->namespace, $_POST['s'], $_POST['t'], $_POST['os'], $_POST['ot'], $_POST['id']);
       
    81       break;
       
    82     case "deletecomment":
       
    83       echo PageUtils::deletecomment($paths->cpage['urlname_nons'], $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $_GET['id']);
       
    84       break;
       
    85       */
       
    86       
       
    87     case "comments":
       
    88       $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
       
    89       if ( isset($_POST['data']) )
       
    90       {
       
    91         $comments->process_json($_POST['data']);
       
    92       }
       
    93       else
       
    94       {
       
    95         die('{ "mode" : "error", "error" : "No input" }');
       
    96       }
       
    97       break;
       
    98     case "rename":
       
    99       echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
       
   100       break;
       
   101     case "flushlogs":
       
   102       echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
       
   103       break;
       
   104     case "deletepage":
       
   105       echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace);
       
   106       break;
       
   107     case "delvote":
       
   108       echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
       
   109       break;
       
   110     case "resetdelvotes":
       
   111       echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
       
   112       break;
       
   113     case "getstyles":
       
   114       echo PageUtils::getstyles($_GET['id']);
       
   115       break;
       
   116     case "catedit":
       
   117       echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
       
   118       break;
       
   119     case "catsave":
       
   120       echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
       
   121       break;
       
   122     case "setwikimode":
       
   123       echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
       
   124       break;
       
   125     case "setpass":
       
   126       echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
       
   127       break;
       
   128     case "wikihelp":
       
   129       $html = file_get_contents('http://www.enanocms.org/ajax.php?title=Help:Wiki_formatting&_mode=getpage&nofooters');
       
   130       $html = str_replace('src="/Special', 'src="http://www.enanocms.org/Special', $html);
       
   131       echo '<div class="contentDiv"><h2>Wiki formatting guide</h2>'.$html.'</div>';
       
   132       break;
       
   133     case "fillusername":
       
   134       $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
       
   135       if(!$name) die('userlist = new Array(); errorstring=\'Invalid URI\'');
       
   136       $q = $db->sql_query('SELECT username,user_id FROM '.table_prefix.'users WHERE username LIKE \'%'.$name.'%\';');
       
   137       if(!$q) die('userlist = new Array(); errorstring=\'MySQL error selecting username data: '.addslashes(mysql_error()).'\'');
       
   138       if($db->numrows() < 1) die('userlist = new Array(); errorstring=\'No usernames found.\'');
       
   139       echo 'var errorstring = false; userlist = new Array();';
       
   140       $i=0;
       
   141       while($r = $db->fetchrow())
       
   142       {
       
   143         echo "userlist[$i] = '".addslashes($r['username'])."'; ";
       
   144         $i++;
       
   145       }
       
   146       $db->free_result();
       
   147       break;
       
   148     case "fillpagename":
       
   149       $name = (isset($_GET['name'])) ? $_GET['name'] : false;
       
   150       if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
       
   151       $nd = RenderMan::strToPageID($name);
       
   152       $c = 0;
       
   153       $u = Array();
       
   154       $n = Array();
       
   155       for($i=0;$i<sizeof($paths->pages)/2;$i++)
       
   156       {
       
   157         if( ( 
       
   158             preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
       
   159             preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
       
   160             preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
       
   161             preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
       
   162             preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
       
   163             preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
       
   164             ) &&
       
   165            ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
       
   166             && $paths->pages[$i]['visible']
       
   167            )
       
   168         {
       
   169           $c++;
       
   170           $u[] = $paths->pages[$i]['name'];
       
   171           $n[] = $paths->pages[$i]['urlname'];
       
   172         }
       
   173       }
       
   174       if($c > 0)
       
   175       {
       
   176         echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
       
   177         for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
       
   178         {
       
   179           echo "userlist[$i] = '".addslashes($n[$i])."';\n";
       
   180           echo "namelist[$i] = '".addslashes($u[$i])."';\n";
       
   181         }
       
   182       } else {
       
   183         die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
       
   184       }
       
   185       break;
       
   186     case "preview":
       
   187       echo PageUtils::genPreview($_POST['text']);
       
   188       break;
       
   189     case "pagediff":
       
   190       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
       
   191       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
       
   192       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
       
   193       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
       
   194          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
       
   195       echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
       
   196       break;
       
   197     case "jsres":
       
   198       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
       
   199       break;
       
   200     case "rdns":
       
   201       if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
       
   202       $ip = $_GET['ip'];
       
   203       $rdns = gethostbyaddr($ip);
       
   204       if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the IP address does not exist anymore.';
       
   205       else echo $rdns;
       
   206       break;
       
   207     case 'acljson':
       
   208       $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
       
   209       echo PageUtils::acl_json($parms);
       
   210       break;
       
   211     default:
       
   212       die('Hacking attempt');
       
   213       break;
       
   214   }
       
   215   
       
   216 ?>