plugins/SpecialAdmin.php
changeset 229 97ae8e9d5e29
parent 228 b0a4d179be85
child 266 917dcc6c4ceb
equal deleted inserted replaced
147:d8156d18ac58 229:97ae8e9d5e29
     2 /*
     2 /*
     3 Plugin Name: Runt - the Enano administration panel
     3 Plugin Name: Runt - the Enano administration panel
     4 Plugin URI: http://enanocms.org/
     4 Plugin URI: http://enanocms.org/
     5 Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
     5 Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
     6 Author: Dan Fuhry
     6 Author: Dan Fuhry
     7 Version: 1.0.1
     7 Version: 1.0.2
     8 Author URI: http://enanocms.org/
     8 Author URI: http://enanocms.org/
     9 */
     9 */
    10 
    10 
    11 /*
    11 /*
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    13  * Version 1.0.2 (Coblynau)
    13  * Version 1.1.1
    14  * Copyright (C) 2006-2007 Dan Fuhry
    14  * Copyright (C) 2006-2007 Dan Fuhry
    15  *
    15  *
    16  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    16  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    17  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    17  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    18  *
    18  *
    46 
    46 
    47 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
    47 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
    48 
    48 
    49 function page_Admin_Home() {
    49 function page_Admin_Home() {
    50   global $db, $session, $paths, $template, $plugins; // Common objects
    50   global $db, $session, $paths, $template, $plugins; // Common objects
       
    51   global $lang;
    51   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
    52   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
    52   {
    53   {
    53     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
    54     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
    55     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
    56     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
    54     return;
    57     return;
    55   }
    58   }
    56   
    59   
    57   // Basic information
    60   // Basic information
    58   echo RenderMan::render(
    61   echo RenderMan::render(
   113   
   116   
   114 }
   117 }
   115 
   118 
   116 function page_Admin_GeneralConfig() {
   119 function page_Admin_GeneralConfig() {
   117   global $db, $session, $paths, $template, $plugins; // Common objects
   120   global $db, $session, $paths, $template, $plugins; // Common objects
       
   121   global $lang;
   118   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   122   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   119   {
   123   {
   120     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   124     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   125     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   126     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   121     return;
   127     return;
   122   }
   128   }
   123   
   129   
   124   if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
   130   if(isset($_POST['submit']) && !defined('ENANO_DEMO_MODE') )
   125   {
   131   {
   200     if ( $strength >= -10 && $strength <= 30 )
   206     if ( $strength >= -10 && $strength <= 30 )
   201     {
   207     {
   202       $strength = strval($strength);
   208       $strength = strval($strength);
   203       setConfig('pw_strength_minimum', $strength);
   209       setConfig('pw_strength_minimum', $strength);
   204     }
   210     }
       
   211     
       
   212     // Account lockout policy
       
   213     if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )
       
   214       setConfig('lockout_threshold', $_POST['lockout_threshold']);
       
   215     
       
   216     if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )
       
   217       setConfig('lockout_duration', $_POST['lockout_duration']);
       
   218     
       
   219     if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )
       
   220       setConfig('lockout_policy', $_POST['lockout_policy']);
   205     
   221     
   206     echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
   222     echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
   207     
   223     
   208   }
   224   }
   209   else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
   225   else if ( isset($_POST['submit']) && defined('ENANO_DEMO_MODE') )
   342       
   358       
   343       <tr>
   359       <tr>
   344         <td class="row1">Account activation:</td><td class="row1">
   360         <td class="row1">Account activation:</td><td class="row1">
   345           <?php
   361           <?php
   346           echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
   362           echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
   347           echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
   363           echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
   348           echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
   364           echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
   349           echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
   365           echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
   350           ?>
   366           ?>
   351         </td>
   367         </td>
   352       </tr>
   368       </tr>
       
   369       
       
   370     <!-- Account lockout -->
       
   371     
       
   372       <tr><th colspan="2">Account lockouts</th></tr>
       
   373       
       
   374       <tr><td class="row3" colspan="2">Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times.</td></tr>
       
   375       
       
   376       <tr>
       
   377         <td class="row2">Lockout threshold:<br />
       
   378           <small>How many times can a user enter wrong credentials before a lockout goes into effect?</small>
       
   379         </td>
       
   380         <td class="row2">
       
   381           <input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />
       
   382         </td>
       
   383       </tr>
       
   384       
       
   385       <tr>
       
   386         <td class="row1">Lockout duration:<br />
       
   387           <small>This is how long an account lockout should last, in minutes.</small>
       
   388         </td>
       
   389         <td class="row1">
       
   390           <input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />
       
   391         </td>
       
   392       </tr>
       
   393       
       
   394       <tr>
       
   395         <td class="row2">Lockout policy:<br />
       
   396           <small>What should be done when a lockout goes into effect?</small>
       
   397         </td>
       
   398         <td class="row2">
       
   399           <label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> Don't do anything</label><br />
       
   400           <label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> Require visual confirmation</label><br />
       
   401           <label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> Prevent all login attempts</label>
       
   402         </td>
       
   403       </tr>
       
   404       
       
   405     <!-- Password strength -->
   353       
   406       
   354       <tr><th colspan="2">Password strength</th></tr>
   407       <tr><th colspan="2">Password strength</th></tr>
   355       
   408       
   356       <tr>
   409       <tr>
   357         <td class="row2">
   410         <td class="row2">
   462 }
   515 }
   463 
   516 
   464 function page_Admin_UploadConfig()
   517 function page_Admin_UploadConfig()
   465 {
   518 {
   466   global $db, $session, $paths, $template, $plugins; // Common objects
   519   global $db, $session, $paths, $template, $plugins; // Common objects
       
   520   global $lang;
   467   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   521   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   468   {
   522   {
   469     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   523     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   524     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   525     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   470     return;
   526     return;
   471   }
   527   }
   472   
   528   
   473   if(isset($_POST['save']))
   529   if(isset($_POST['save']))
   474   {
   530   {
   579   echo '</form>';
   635   echo '</form>';
   580 }
   636 }
   581 
   637 
   582 function page_Admin_PluginManager() {
   638 function page_Admin_PluginManager() {
   583   global $db, $session, $paths, $template, $plugins; // Common objects
   639   global $db, $session, $paths, $template, $plugins; // Common objects
       
   640   global $lang;
   584   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   641   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   585   {
   642   {
   586     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   643     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   644     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   645     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   587     return;
   646     return;
   588   }
   647   }
   589   
   648   
   590   if(isset($_GET['action']))
   649   if(isset($_GET['action']))
   591   {
   650   {
   720 }
   779 }
   721 
   780 
   722 function page_Admin_UploadAllowedMimeTypes()
   781 function page_Admin_UploadAllowedMimeTypes()
   723 {
   782 {
   724   global $db, $session, $paths, $template, $plugins; // Common objects
   783   global $db, $session, $paths, $template, $plugins; // Common objects
       
   784   global $lang;
   725   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   785   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   726   {
   786   {
   727     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   787     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   788     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   789     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   728     return;
   790     return;
   729   }
   791   }
   730   
   792   
   731   global $mime_types, $mimetype_exps, $mimetype_extlist;
   793   global $mime_types, $mimetype_exps, $mimetype_extlist;
   732   if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
   794   if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE'))
   783 }
   845 }
   784 
   846 
   785 function page_Admin_Sidebar()
   847 function page_Admin_Sidebar()
   786 {
   848 {
   787   global $db, $session, $paths, $template, $plugins; // Common objects
   849   global $db, $session, $paths, $template, $plugins; // Common objects
       
   850   global $lang;
   788   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   851   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   789   {
   852   {
   790     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   853     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   854     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   855     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   791     return;
   856     return;
   792   }
   857   }
   793   
   858   
   794   ?>
   859   ?>
   795   <h2>Editing and managing the Enano sidebar</h2>
   860   <h2>Editing and managing the Enano sidebar</h2>
   840 }
   905 }
   841 
   906 
   842 /*
   907 /*
   843 function page_Admin_UserManager() {
   908 function page_Admin_UserManager() {
   844   global $db, $session, $paths, $template, $plugins; // Common objects
   909   global $db, $session, $paths, $template, $plugins; // Common objects
       
   910   global $lang;
   845   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   911   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   846   {
   912   {
   847     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
   913     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
   914     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
   915     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
   848     return;
   916     return;
   849   }
   917   }
   850   
   918   
   851   if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
   919   if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
   852   {
   920   {
  1110 */
  1178 */
  1111 
  1179 
  1112 function page_Admin_GroupManager()
  1180 function page_Admin_GroupManager()
  1113 {
  1181 {
  1114   global $db, $session, $paths, $template, $plugins; // Common objects
  1182   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1183   global $lang;
  1115   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1184   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1116   {
  1185   {
  1117     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  1186     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1187     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1188     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1118     return;
  1189     return;
  1119   }
  1190   }
  1120   
  1191   
  1121   if(isset($_POST['do_create_stage1']))
  1192   if(isset($_POST['do_create_stage1']))
  1122   {
  1193   {
  1469 }
  1540 }
  1470 
  1541 
  1471 function page_Admin_COPPA()
  1542 function page_Admin_COPPA()
  1472 {
  1543 {
  1473   global $db, $session, $paths, $template, $plugins; // Common objects
  1544   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1545   global $lang;
  1474   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1546   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1475   {
  1547   {
  1476     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  1548     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1549     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1550     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1477     return;
  1551     return;
  1478   }
  1552   }
  1479   
  1553   
  1480   echo '<h2>Background information</h2>';
  1554   echo '<h2>Background information</h2>';
  1481   echo '<p>
  1555   echo '<p>
  1542 }
  1616 }
  1543 
  1617 
  1544 function page_Admin_PageManager()
  1618 function page_Admin_PageManager()
  1545 {
  1619 {
  1546   global $db, $session, $paths, $template, $plugins; // Common objects
  1620   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1621   global $lang;
  1547   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1622   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1548   {
  1623   {
  1549     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  1624     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1625     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1626     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1550     return;
  1627     return;
  1551   }
  1628   }
  1552   
  1629   
  1553   
  1630   
  1554   echo '<h2>Page management</h2>';
  1631   echo '<h2>Page management</h2>';
  1738 }
  1815 }
  1739 
  1816 
  1740 function page_Admin_PageEditor()
  1817 function page_Admin_PageEditor()
  1741 {
  1818 {
  1742   global $db, $session, $paths, $template, $plugins; // Common objects
  1819   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1820   global $lang;
  1743   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1821   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1744   {
  1822   {
  1745     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  1823     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1824     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1825     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1746     return;
  1826     return;
  1747   }
  1827   }
  1748   
  1828   
  1749   
  1829   
  1750   echo '<h2>Edit page content</h2>';
  1830   echo '<h2>Edit page content</h2>';
  1838 
  1918 
  1839 function page_Admin_ThemeManager() 
  1919 function page_Admin_ThemeManager() 
  1840 {
  1920 {
  1841   
  1921   
  1842   global $db, $session, $paths, $template, $plugins; // Common objects
  1922   global $db, $session, $paths, $template, $plugins; // Common objects
       
  1923   global $lang;
  1843   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1924   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  1844   {
  1925   {
  1845     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  1926     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  1927     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  1928     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  1846     return;
  1929     return;
  1847   }
  1930   }
  1848   
  1931   
  1849   
  1932   
  1850   // Get the list of styles in the themes/ dir
  1933   // Get the list of styles in the themes/ dir
  2101 }
  2184 }
  2102 
  2185 
  2103 function page_Admin_BanControl()
  2186 function page_Admin_BanControl()
  2104 {
  2187 {
  2105   global $db, $session, $paths, $template, $plugins; // Common objects
  2188   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2189   global $lang;
  2106   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2190   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2107   {
  2191   {
  2108     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  2192     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  2193     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  2194     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  2109     return;
  2195     return;
  2110   }
  2196   }
  2111   
  2197   
  2112   if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
  2198   if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
  2113   {
  2199   {
  2114     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
  2200     $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . '');
  2115     if(!$e) $db->_die('The ban list entry was not deleted.');
  2201     if(!$e) $db->_die('The ban list entry was not deleted.');
  2116   }
  2202   }
  2117   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
  2203   if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
  2118   {
  2204   {
  2119     $type = intval($_POST['type']);
  2205     $type = intval($_POST['type']);
  2213 }
  2299 }
  2214 
  2300 
  2215 function page_Admin_MassEmail()
  2301 function page_Admin_MassEmail()
  2216 {
  2302 {
  2217   global $db, $session, $paths, $template, $plugins; // Common objects
  2303   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2304   global $lang;
  2218   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2305   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2219   {
  2306   {
  2220     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  2307     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  2308     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  2309     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  2221     return;
  2310     return;
  2222   }
  2311   }
  2223   
  2312   
  2224   global $enano_config;
  2313   global $enano_config;
  2225   if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
  2314   if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') )
  2429 }
  2518 }
  2430 
  2519 
  2431 function page_Admin_DBBackup()
  2520 function page_Admin_DBBackup()
  2432 {
  2521 {
  2433   global $db, $session, $paths, $template, $plugins; // Common objects
  2522   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2523   global $lang;
  2434   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2524   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2435   {
  2525   {
  2436     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  2526     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  2527     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  2528     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  2437     return;
  2529     return;
  2438   }
  2530   }
  2439   
  2531   
  2440   if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
  2532   if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
  2441   {
  2533   {
  2533 }
  2625 }
  2534 
  2626 
  2535 function page_Admin_AdminLogout()
  2627 function page_Admin_AdminLogout()
  2536 {
  2628 {
  2537   global $db, $session, $paths, $template, $plugins; // Common objects
  2629   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2630   global $lang;
  2538   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2631   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
  2539   {
  2632   {
  2540     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
  2633     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
       
  2634     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
       
  2635     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
  2541     return;
  2636     return;
  2542   }
  2637   }
  2543   
  2638   
  2544   $session->logout(USER_LEVEL_ADMIN);
  2639   $session->logout(USER_LEVEL_ADMIN);
  2545   echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
  2640   echo '<h3>You have now been logged out of the administration panel.</h3><p>You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="'.makeUrl(getConfig('main_page')).'">Main Page</a>.</p>';
  2546 }
  2641 }
  2547 
  2642 
  2548 function page_Special_Administration()
  2643 function page_Special_Administration()
  2549 {
  2644 {
  2550   global $db, $session, $paths, $template, $plugins; // Common objects
  2645   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2646   global $lang;
  2551   
  2647   
  2552   if($session->auth_level < USER_LEVEL_ADMIN) {
  2648   if($session->auth_level < USER_LEVEL_ADMIN) {
  2553     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
  2649     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
  2554     exit;
  2650     exit;
  2555   }
  2651   }
  2571         document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
  2667         document.getElementById('ajaxPageContainer').innerHTML = '<div class="error-box">Because of the lack of AJAX support, support for Internet Explorer versions less than 6.0 has been disabled in Runt. You can download and use Mozilla Firefox (or Seamonkey under Windows 95); both have an up-to-date standards-compliant rendering engine that has been tested thoroughly with Enano.</div>';
  2572         return false;
  2668         return false;
  2573       }
  2669       }
  2574       if ( t == namespace_list.Admin + 'AdminLogout' )
  2670       if ( t == namespace_list.Admin + 'AdminLogout' )
  2575       {
  2671       {
  2576         var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
  2672         var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title_elev'), $lang.get('user_logout_confirm_body_elev'));
  2577         mb.onclick['Yes'] = function() {
  2673         mb.onclick['Yes'] = function() {
  2578           var tigraentry = document.getElementById('i_div0_0').parentNode;
  2674           var tigraentry = document.getElementById('i_div0_0').parentNode;
  2579           var tigraobj = $(tigraentry);
  2675           var tigraobj = $(tigraentry);
  2580           var div = document.createElement('div');
  2676           var div = document.createElement('div');
  2581           div.style.backgroundColor = '#FFFFFF';
  2677           div.style.backgroundColor = '#FFFFFF';
  2683               eval($fname.'();');
  2779               eval($fname.'();');
  2684             }
  2780             }
  2685           } 
  2781           } 
  2686           else 
  2782           else 
  2687           {
  2783           {
  2688             echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
  2784             echo '<script type="text/javascript">document.write(\'<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>\');</script><noscript><div class="error-box">It looks like Javascript isn\'t enabled in your browser. Please enable Javascript or use a different browser to continue.</div></noscript>';
  2689           }
  2785           }
  2690           ?>
  2786           ?>
  2691           </div>
  2787           </div>
  2692           <script type="text/javascript">
  2788           <script type="text/javascript">
  2693             if ( KILL_SWITCH )
  2789             if ( KILL_SWITCH )
  2708 }
  2804 }
  2709 
  2805 
  2710 function page_Special_EditSidebar()
  2806 function page_Special_EditSidebar()
  2711 {
  2807 {
  2712   global $db, $session, $paths, $template, $plugins; // Common objects
  2808   global $db, $session, $paths, $template, $plugins; // Common objects
       
  2809   global $lang;
  2713   
  2810   
  2714   if($session->auth_level < USER_LEVEL_ADMIN) 
  2811   if($session->auth_level < USER_LEVEL_ADMIN) 
  2715   {
  2812   {
  2716     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
  2813     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
  2717     exit;
  2814     exit;
  2832       
  2929       
  2833     }
  2930     }
  2834     
  2931     
  2835     if(isset($_GET['action']) && isset($_GET['id']))
  2932     if(isset($_GET['action']) && isset($_GET['id']))
  2836     {
  2933     {
  2837       if(preg_match('#^([0-9]*)$#', $_GET['id']))
  2934       if(!preg_match('#^([0-9]*)$#', $_GET['id']))
  2838       {
  2935       {
  2839       } else {
       
  2840         echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
  2936         echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
  2841       }
  2937       }
  2842       switch($_GET['action'])
  2938       switch($_GET['action'])
  2843       {
  2939       {
  2844         case 'new':
  2940         case 'new':
  2978           if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
  3074           if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
  2979           {
  3075           {
  2980             echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
  3076             echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
  2981             break;
  3077             break;
  2982           }
  3078           }
  2983           $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3079           $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
  2984           if(!$query)
  3080           if(!$query)
  2985           {
  3081           {
  2986             echo $db->get_error();
  3082             echo $db->get_error();
  2987             $template->footer();
  3083             $template->footer();
  2988             exit;
  3084             exit;
  2989           }
  3085           }
  2990           echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
  3086           echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
  2991           break;
  3087           break;
  2992         case 'delete':
  3088         case 'delete':
  2993           $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
  3089           $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
  2994           if(!$query)
  3090           if(!$query)
  2995           {
  3091           {
  2996             echo $db->get_error();
  3092             echo $db->get_error();
  2997             $template->footer();
  3093             $template->footer();
  2998             exit;
  3094             exit;
  3003             die('GOOD');
  3099             die('GOOD');
  3004           }
  3100           }
  3005           echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
  3101           echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
  3006           break;
  3102           break;
  3007         case 'disenable';
  3103         case 'disenable';
  3008           $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3104           $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
  3009           if(!$q)
  3105           if(!$q)
  3010           {
  3106           {
  3011             echo $db->get_error();
  3107             echo $db->get_error();
  3012             $template->footer();
  3108             $template->footer();
  3013             exit;
  3109             exit;
  3014           }
  3110           }
  3015           $r = $db->fetchrow();
  3111           $r = $db->fetchrow();
  3016           $db->free_result();
  3112           $db->free_result();
  3017           $e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
  3113           $e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
  3018           $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3114           $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
  3019           if(!$q)
  3115           if(!$q)
  3020           {
  3116           {
  3021             echo $db->get_error();
  3117             echo $db->get_error();
  3022             $template->footer();
  3118             $template->footer();
  3023             exit;
  3119             exit;
  3026           {
  3122           {
  3027             ob_end_clean();
  3123             ob_end_clean();
  3028             die('GOOD');
  3124             die('GOOD');
  3029           }
  3125           }
  3030           break;
  3126           break;
       
  3127         case 'rename';
       
  3128           $newname = $db->escape($_POST['newname']);
       
  3129           $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
       
  3130           if(!$q)
       
  3131           {
       
  3132             echo $db->get_error();
       
  3133             $template->footer();
       
  3134             exit;
       
  3135           }
       
  3136           if(isset($_GET['ajax']))
       
  3137           {
       
  3138             ob_end_clean();
       
  3139             die('GOOD');
       
  3140           }
       
  3141           break;
  3031         case 'getsource':
  3142         case 'getsource':
  3032           $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3143           $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
  3033           if(!$q)
  3144           if(!$q)
  3034           {
  3145           {
  3035             echo $db->get_error();
  3146             echo $db->get_error();
  3036             $template->footer();
  3147             $template->footer();
  3037             exit;
  3148             exit;
  3043           die($r['block_content']);
  3154           die($r['block_content']);
  3044           break;
  3155           break;
  3045         case 'save':
  3156         case 'save':
  3046           if ( defined('ENANO_DEMO_MODE') )
  3157           if ( defined('ENANO_DEMO_MODE') )
  3047           {
  3158           {
  3048             $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3159             $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
  3049             if(!$q)
  3160             if(!$q)
  3050             {
  3161             {
  3051               echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3162               echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3052               exit;
  3163               exit;
  3053             }
  3164             }
  3059             else
  3170             else
  3060             {
  3171             {
  3061               $_POST['content'] = sanitize_html($_POST['content'], true);
  3172               $_POST['content'] = sanitize_html($_POST['content'], true);
  3062             }
  3173             }
  3063           }
  3174           }
  3064           $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3175           $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
  3065           if(!$q)
  3176           if(!$q)
  3066           {
  3177           {
  3067             echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3178             echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3068             exit;
  3179             exit;
  3069           }
  3180           }
  3070           $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
  3181           $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
  3071           if(!$q)
  3182           if(!$q)
  3072           {
  3183           {
  3073             echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3184             echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
  3074             exit;
  3185             exit;
  3075           }
  3186           }
  3157           break;
  3268           break;
  3158         case BLOCK_TEMPLATEFORMAT:
  3269         case BLOCK_TEMPLATEFORMAT:
  3159           $parser = $template->makeParserText($vars['sidebar_section']);
  3270           $parser = $template->makeParserText($vars['sidebar_section']);
  3160           $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
  3271           $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
  3161           $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
  3272           $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
       
  3273           // fix for the "Administration" link that somehow didn't get rendered properly
       
  3274           $c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
  3162           break;
  3275           break;
  3163         case BLOCK_HTML:
  3276         case BLOCK_HTML:
  3164           $parser = $template->makeParserText($vars['sidebar_section_raw']);
  3277           $parser = $template->makeParserText($vars['sidebar_section_raw']);
  3165           $c = $row['block_content'];
  3278           $c = $row['block_content'];
  3166           $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
  3279           $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
  3176         case BLOCK_PLUGIN:
  3289         case BLOCK_PLUGIN:
  3177           $parser = $template->makeParserText($vars['sidebar_section_raw']);
  3290           $parser = $template->makeParserText($vars['sidebar_section_raw']);
  3178           $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
  3291           $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
  3179           break;
  3292           break;
  3180       }
  3293       }
  3181       $t = $template->tplWikiFormat($row['block_name']);
  3294       $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']);
       
  3295       if ( empty($block_name) )
       
  3296         $block_name = '&lt;Unnamed&gt;';
       
  3297       $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
  3182       if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
  3298       if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
  3183       else           $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
  3299       else           $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
  3184       $side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
  3300       $side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
  3185       $tb = '<a title="Enable or disable this block"    href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].''       , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;"   ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
  3301       $tb = '<a title="Enable or disable this block"    href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].''       , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;"   ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
  3186              <a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].''            , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
  3302              <a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].''            , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>