includes/pageprocess.php
author Dan
Mon, 03 Aug 2009 02:58:43 -0400
changeset 1071 f374801eb775
parent 1068 4bcefa85649c
child 1081 745200a9cc2a
permissions -rw-r--r--
Sessions: fixed logout() destroying normal session (instead of elevated) if $level = USER_LEVEL_CHPREF. Possible very minor security concern: elevated sessions were not fully destroyed, so if a normal session is opened from the same IP, the elevated one may be reusable for 15 minutes.

<?php

/*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
 * Version 1.1.6 (Caoineag beta 1)
 * pageprocess.php - intelligent retrieval of pages
 * Copyright (C) 2006-2008 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 */

/**
 * Class to handle fetching page text (possibly from a cache) and formatting it.
 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.
 * @package Enano
 * @subpackage UI
 * @copyright 2007 Dan Fuhry
 * @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
 */

class PageProcessor
{
  
  /**
   * Page ID and namespace of the page handled by this instance
   * @var string
   */
  
  var $page_id;
  var $namespace;
  
  /**
   * The instance of the namespace processor for the namespace we're doing.
   * @var object
   */
  
  var $ns;
  
  /**
   * The title of the page sent to the template parser
   * @var string
   */
  
  var $title = '';
  
  /**
   * The information about the page(s) we were redirected from
   * @var array
   */
  
  var $redirect_stack = array();
  
  /**
   * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
   * @var int
   */
  
  var $revision_id = 0;
  
  /**
   * The time this revision was saved, as a UNIX timestamp
   * @var int
   */
  
  var $revision_time = 0;
  
  /**
   * Unsanitized page ID.
   * @var string
   */
  
  var $page_id_unclean;
  
  /**
   * Tracks if the page we're loading exists in the database or not.
   * @var bool
   */
  
  var $page_exists = false;
  
  /**
   * Permissions!
   * @var object
   */
  
  var $perms = null;
  
  /**
   * The SHA1 hash of the user-inputted password for the page
   * @var string
   */
   
  var $password = '';
  
  /**
   * Switch to track if redirects are allowed. Defaults to true.
   * @var bool
   */
  
  var $allow_redir = true;
  
  /**
   * Holds any error message from redirection code. Defaults to false (no error).
   * @var mixed
   */
   
  var $redir_error = false;
  
  /**
   * If this is set to true, this will call the header and footer funcs on $template when render() is called.
   * @var bool
   */
  
  var $send_headers = false;
  
  /**
   * Cache the fetched text so we don't fetch it from the DB twice.
   * @var string
   */
  
  var $text_cache = '';
  
  /**
   * Debugging information to track errors. You can set enable to false to disable sending debug information.
   * @var array
   */
  
  var $debug = array(
      'enable' => false,
      'works'  => false
    );
  
  /**
   * The list of errors raised in the class.
   * @var array
   */
  
  var $_errors = array();
  
  /**
   * Constructor.
   * @param string The page ID (urlname) of the page
   * @param string The namespace of the page
   * @param int Optional. The revision ID to send.
   */
  
  function __construct( $page_id, $namespace, $revision_id = 0 )
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    
    profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
    
    // See if we can get some debug info
    if ( function_exists('debug_backtrace') && $this->debug['enable'] )
    {
      $this->debug['works'] = true;
      $this->debug['backtrace'] = enano_debug_print_backtrace(true);
    }
    
    // First things first - check page existence and permissions
    
    if ( !isset($paths->nslist[$namespace]) )
    {
      $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
    }
    
    if ( !is_int($revision_id) )
      $revision_id = 0;
    
    $this->_setup( $page_id, $namespace, $revision_id );
  }
  
  /**
   * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
   * @param bool If true, the stat counter is called. Defaults to false.
   */
  
  function send( $do_stats = false )
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang, $output;
    
    profiler_log('PageProcessor: send() called');
    
    if ( !$this->perms->get_permissions('read') )
    {
      // Permission denied to read page. Is this one of our core pages that must always be allowed?
      // NOTE: Not even the administration panel will work if ACLs deny access to it.
      if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )
      {
        // Do nothing; allow execution to continue
      }
      else
      {
        // Page isn't whitelisted, behave as normal
        $this->err_access_denied();
        return false;
      }
    }
    if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )
    {
      $this->err_access_denied();
      return false;
    }
    
    // Is there a custom function registered for handling this namespace?
    // DEPRECATED (even though it only saw its way into one alpha release.)
    if ( $proc = $paths->get_namespace_processor($this->namespace) )
    {
      // yes, just call that
      // this is protected aggressively by the PathManager against overriding critical namespaces
      return call_user_func($proc, $this);
    }
    
    $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
    $strict_no_headers = false;
    $admin_fail = false;
    if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
    {
      $this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
      $funcname = "page_{$this->namespace}_{$this->page_id}";
      if ( function_exists($funcname) )
      {
        $this->page_exists = true;
      }
    }
    if ( isPage($pathskey) )
    {
      $cdata = $this->ns->get_cdata();
      
      if ( $cdata['special'] == 1 )
      {
        $this->send_headers = false;
        $strict_no_headers = true;
        $GLOBALS['output'] = new Output_Naked();
      }
      if ( isset($cdata['password']) )
      {
        if ( $cdata['password'] != '' && $cdata['password'] != sha1('') )
        {
          $password =& $cdata['password'];
          if ( $this->password != $password )
          {
            $this->err_wrong_password();
            return false;
          }
        }
      }
      if ( isset($cdata['require_admin']) && $cdata['require_admin'] )
      {
        if ( $session->auth_level < USER_LEVEL_ADMIN )
        {
          $admin_fail = true;
        }
      }
    }
    else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
    {
      if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
      {
        if ( $session->auth_level < USER_LEVEL_ADMIN )
        {
          $admin_fail = true;
        }
      }
    }
    if ( $admin_fail )
    {
      header('Content-type: text/javascript');
      echo enano_json_encode(array(
          'mode' => 'error',
          'error' => 'need_auth_to_admin'
        ));
      return true;
    }
    if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
    {
      require_once(ENANO_ROOT.'/includes/stats.php');
      doStats($this->page_id, $this->namespace);
    }
    
    // We are all done. Ship off the page.
    
    if ( !$this->allow_redir )
    {
      if ( method_exists($this->ns, 'get_redirect') )
      {
        if ( $result = $this->ns->get_redirect() )
          display_redirect_notice($result['page_id'], $result['namespace']);
      }
    }
    else
    {
      $this->process_redirects();
      
      if ( count($this->redirect_stack) > 0 )
      {
        $stack = array_reverse($this->redirect_stack);
        foreach ( $stack as $stackel )
        {
          $url = makeUrlNS($stackel['old_namespace'], $stackel['old_page_id'], 'redirect=no', true);
          $page_data = $this->ns->get_cdata();
          $title = $stackel['old_title'];
          $a = '<a href="' . $url . '">' . htmlspecialchars($title) . '</a>';
          $output->add_after_header('<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>');
        }
        $template->set_page($this);
      }
      
      if ( $this->redir_error )
      {
        $output->add_after_header('<div class="usermessage"><b>' . $this->redir_error . '</b></div>');
        $result = $this->ns->get_redirect();
        display_redirect_notice($result['page_id'], $result['namespace']);
      }
    }
    
    $this->ns->send();
  }
  
  /**
   * Sends the page through by fetching it from the database.
   */
   
  function send_from_db($strict_no_headers = false)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    
    $this->ns->send_from_db();
  }
  
  /**
   * Fetches the wikitext or HTML source for the page.
   * @return string
   */
  
  function fetch_source()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    
    if ( !$this->perms->get_permissions('view_source') )
    {
      return false;
    }
    if ( !$this->page_exists )
    {
      return '';
    }
    $cdata = $this->ns->get_cdata();
    if ( isset($cdata['password']) )
    {
      if ( $cdata['password'] != sha1('') && $cdata['password'] !== $this->password && !empty($cdata['password']) )
      {
        return false;
      }
    }
    return $this->fetch_text();
  }
  
  /**
   * Updates (saves/changes/edits) the content of the page.
   * @param string The new text for the page
   * @param string A summary of edits made to the page.
   * @param bool If true, the edit is marked as a minor revision
   * @param string Page format - wikitext or xhtml. REQUIRED, and new in 1.1.6.
   * @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()
   */
  
  function update_page($text, $edit_summary = false, $minor_edit = false, $page_format)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    
    // Create the page if it doesn't exist
    if ( !$this->page_exists )
    {
      if ( !$this->create_page() )
      {
        return false;
      }
    }
      
    //
    // Validation
    //
    
    $page_id = $db->escape($this->page_id);
    $namespace = $db->escape($this->namespace);
    
    $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
    if ( !$q )
      $db->_die('PageProcess updating page content');
    if ( $db->numrows() < 1 )
    {
      $this->raise_error($lang->get('editor_err_no_rows'));
      return false;
    }
    
    // Do we have permission to edit the page?
    if ( !$this->perms->get_permissions('edit_page') )
    {
      $this->raise_error($lang->get('editor_err_no_permission'));
      return false;
    }
    
    list($protection) = $db->fetchrow_num();
    $db->free_result();
    
    if ( $protection == 1 )
    {
      // The page is protected - do we have permission to edit protected pages?
      if ( !$this->perms->get_permissions('even_when_protected') )
      {
        $this->raise_error($lang->get('editor_err_page_protected'));
        return false;
      }
    }
    else if ( $protection == 2 )
    {
      // The page is semi-protected.
      if (
           ( !$session->user_logged_in || // Is the user logged in?
             ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
           && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
      {
        $this->raise_error($lang->get('editor_err_page_protected'));
        return false;
      }
    }
    
    // Spam check
    if ( !spamalyze($text) )
    {
      $this->raise_error($lang->get('editor_err_spamcheck_failed'));
      return false;
    }
    
    // Page format check
    if ( !in_array($page_format, array('xhtml', 'wikitext')) )
    {
      $this->raise_error("format \"$page_format\" not one of [xhtml, wikitext]");
      return false;
    }
    
    //
    // Protection validated; update page content
    //
    
    $text_undb = RenderMan::preprocess_text($text, false, false);
    $text = $db->escape($text_undb);
    $author = $db->escape($session->username);
    $time = time();
    $edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
    $minor_edit = ( $minor_edit ) ? '1' : '0';
    $date_string = enano_date('d M Y h:i a');
    
    // Insert log entry
    $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit, page_format )\n"
         . "  VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit, '$page_format' );";
    if ( !$db->sql_query($sql) )
    {
      $this->raise_error($db->get_error());
      return false;
    }
    
    // Update the master text entry
    $sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
    if ( !$db->sql_query($sql) )
    {
      $this->raise_error($db->get_error());
      return false;
    }
    
    // If there's an identical draft copy, delete it
    $sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";
    if ( !$db->sql_query($sql) )
    {
      $this->raise_error($db->get_error());
      return false;
    }
    
    // Set page_format
    // Using @ due to warning thrown when saving new page
    $cdata = $this->ns->get_cdata();
    if ( @$cdata['page_format'] !== $page_format )
    {
      // Note: no SQL injection to worry about here. Everything that goes into this is sanitized already, barring some rogue plugin.
      // (and if there's a rogue plugin running, we have bigger things to worry about anyway.)
      if ( !$db->sql_query('UPDATE ' . table_prefix . "pages SET page_format = '$page_format' WHERE urlname = '$this->page_id' AND namespace = '$this->namespace';") )
      {
        $this->raise_error($db->get_error());
        return false;
      }
      $paths->update_metadata_cache();
    }
    
    // Rebuild the search index
    $paths->rebuild_page_index($this->page_id, $this->namespace);
    
    $this->text_cache = $text_undb;
    
    return true;
    
  }
  
  /**
   * Creates the page if it doesn't already exist.
   * @param string Optional page title.
   * @param bool Visibility (allow indexing) flag
   * @return bool True on success, false on failure.
   */
  
  function create_page($title = false, $visible = true)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    
    // Do we have permission to create the page?
    if ( !$this->perms->get_permissions('create_page') )
    {
      $this->raise_error($lang->get('pagetools_create_err_no_permission'));
      return false;
    }
    
    // Does it already exist?
    if ( $this->page_exists )
    {
      $this->raise_error($lang->get('pagetools_create_err_already_exists'));
      return false;
    }
    
    // It's not in there. Perform validation.
    
    // We can't create special, admin, or external pages.
    if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'API' )
    {
      $this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
      return false;
    }
    
    // Guess the proper title
    $name = ( !empty($title) ) ? $title : str_replace('_', ' ', dirtify_page_id($this->page_id));
    
    // Check for the restricted Project: prefix
    if ( substr($this->page_id, 0, 8) == 'Project:' )
    {
      $this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
      return false;
    }
    
    // Validation successful - insert the page
    
    $metadata = array(
        'urlname' => $this->page_id,
        'namespace' => $this->namespace,
        'name' => $name,
        'special' => 0,
        'visible' => $visible ? 1 : 0,
        'comments_on' => 1,
        'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
        'delvotes' => 0,
        'delvote_ips' => serialize(array()),
        'wiki_mode' => 2
      );
    
    $paths->add_page($metadata);
    
    $page_id = $db->escape($this->page_id);
    $namespace = $db->escape($this->namespace);
    $name = $db->escape($name);
    $protect = ( $this->namespace == 'System' ) ? '1' : '0';
    $blank_array = $db->escape(serialize(array()));
    
    // Query 1: Metadata entry
    $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, visible, protected, delvotes, delvote_ips, wiki_mode)\n"
                      . "  VALUES ( '$name', '$page_id', '$namespace', {$metadata['visible']}, $protect, 0, '$blank_array', 2 );");
    if ( !$q )
      $db->_die('PageProcessor page creation - metadata stage');
    
    // Query 2: Text insertion
    $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
                        . "VALUES ( '$page_id', '$namespace', '' );");
    if ( !$q )
      $db->_die('PageProcessor page creation - text stage');
    
    // Query 3: Log entry
    $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
                   . "  VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
                   . "          '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
    if ( !$q )
      $db->_die('PageProcessor page creation - logging stage');
    
    // Update the cache
    $paths->update_metadata_cache();
    
    // Make sure that when/if we save the page later in this instance it doesn't get re-created
    $this->page_exists = true;
    
    // Page created. We're good!
    return true;
  }
  
  /**
   * Rolls back a non-edit action in the logs
   * @param int Log entry (log_id) to roll back
   * @return array Standard Enano error/success protocol
   */
  
  function rollback_log_entry($log_id)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $cache;
    
    // Verify permissions
    if ( !$this->perms->get_permissions('history_rollback') )
    {
      return array(
        'success' => false,
        'error' => 'access_denied'
        );
    }
    
    // Check input
    $log_id = intval($log_id);
    if ( empty($log_id) )
    {
      return array(
        'success' => false,
        'error' => 'invalid_parameter'
        );
    }
    
    // Fetch the log entry
    $q = $db->sql_query('SELECT * FROM ' . table_prefix . "logs WHERE log_type = 'page' AND page_id='{$this->page_id}' AND namespace='{$this->namespace}' AND log_id = $log_id;");
    if ( !$q )
      $db->_die();
    
    // Is this even a valid log entry for this context?
    if ( $db->numrows() < 1 )
    {
      return array(
        'success' => false,
        'error' => 'entry_not_found'
        );
    }
    
    // All good, fetch and free the result
    $log_entry = $db->fetchrow();
    $db->free_result();
    
    $dateline = enano_date('d M Y h:i a', $log_entry['time_id']);
    
    // Let's see, what do we have here...
    switch ( $log_entry['action'] )
    {
      case 'rename':
        // Page was renamed, let the rename method handle this
        return array_merge($this->rename_page($log_entry['edit_summary']), array('dateline' => $dateline, 'action' => $log_entry['action']));
        break;
      case 'prot':
      case 'unprot':
      case 'semiprot':
        return array_merge($this->protect_page(intval($log_entry['page_text']), '__REVERSION__'), array('dateline' => $dateline, 'action' => $log_entry['action']));
        break;
      case 'delete':
        
        // Raising a previously dead page has implications...
        
        // FIXME: l10n
        // rollback_extra is required because usually only moderators can undo page deletion AND restore the content.
        // potential flaw here - once recreated, can past revisions be restored by users without rollback_extra? should
        // probably modify editor routine to deny revert access if the timestamp < timestamp of last deletion if any.
        if ( !$this->perms->get_permissions('history_rollback_extra') )
          return 'Administrative privileges are required for page undeletion.';
        
        // Rolling back the deletion of a page that was since created?
        $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
        if ( isPage($pathskey) )
          return array(
              'success' => false,
              // This is a clean Christian in-joke.
              'error' => 'seeking_living_among_dead'
            );
        
        // Generate a crappy page name
        $name = $db->escape( str_replace('_', ' ', dirtify_page_id($this->page_id)) );
        
        // Stage 1 - re-insert page
        $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $this->page_id . '\',\'' . $this->namespace . '\' )');
        if ( !$e )
          $db->die_json();
        
        // Select the latest published revision
        $q = $db->sql_query('SELECT page_text FROM ' . table_prefix . "logs WHERE\n"
                          . "      log_type  = 'page'\n"
                          . "  AND action    = 'edit'\n"
                          . "  AND page_id   = '$this->page_id'\n"
                          . "  AND namespace = '$this->namespace'\n"
                          . "  AND is_draft != 1\n"
                          . "ORDER BY time_id DESC LIMIT 1;");
        if ( !$q )
          $db->die_json();
        list($page_text) = $db->fetchrow_num();
        $db->free_result($q);
        
        // Apply the latest revision as the current page text
        $page_text = $db->escape($page_text);
        $e = $db->sql_query('INSERT INTO ' . table_prefix."page_text(page_id, namespace, page_text) VALUES\n"
                          . "  ( '$this->page_id', '$this->namespace', '$page_text' );");
        if ( !$e )
          $db->die_json();
        
        $cache->purge('page_meta');
        
        return array(
            'success' => true,
            'dateline' => $dateline,
            'action' => $log_entry['action']
          );
        
        break;
      case 'reupload':
        
        // given a log id and some revision info, restore the old file.
        // get the timestamp of the file before this one
        $q = $db->sql_query('SELECT time_id, file_key, file_extension, filename, size, mimetype FROM ' . table_prefix . "files WHERE time_id < {$log_entry['time_id']} ORDER BY time_id DESC LIMIT 1;");
        if ( !$q )
          $db->_die();
        
        $row = $db->fetchrow();
        $db->free_result();
        
        // If the file hasn't been renamed to the new format (omitting timestamp), do that now.
        $fname = ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}";
        if ( @file_exists($fname) )
        {
          // it's stored in the old format - rename
          $fname_new = ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}";
          if ( !@rename($fname, $fname_new) )
          {
            return array(
              'success' => false,
              'error' => 'rb_file_rename_failed',
              'action' => $log_entry['action']
              );
          }
        }
        
        // Insert a new file entry
        $time = time();
        $filename = $db->escape($row['filename']);
        $mimetype = $db->escape($row['mimetype']);
        $ext = $db->escape($row['file_extension']);
        $key = $db->escape($row['file_key']);
        
        $q = $db->sql_query('INSERT INTO ' . table_prefix . "files ( time_id, page_id, filename, size, mimetype, file_extension, file_key ) VALUES\n"
              . "  ( $time, '$this->page_id', '$filename', {$row['size']}, '$mimetype', '$ext', '$key' );");
        if ( !$q )
          $db->die_json();
        
        // add reupload log entry
        $username = $db->escape($session->username);
        $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, page_id, namespace, author, edit_summary ) VALUES\n"
                          . "  ( 'page', 'reupload', $time, '$this->page_id', '$this->namespace', '$username', '__ROLLBACK__' )");
        if ( !$q )
          $db->die_json();
        
        return array(
            'success' => true,
            'dateline' => $dateline,
            'action' => $log_entry['action']
          );
        
        break;
      case 'votereset':
        if ( !$this->perms->get_permissions('history_rollback_extra') )
          return 'Denied!';
        
        // pull existing vote data
        $q = $db->sql_query('SELECT delvotes, delvote_ips FROM ' . table_prefix . "pages WHERE urlname = '$this->page_id' AND namespace = '$this->namespace';");
        if ( !$q )
          $db->_die();
        
        if ( $db->numrows() < 1 )
          return array(
              'success' => false,
              'error' => 'page_not_exist',
              'action' => $log_entry['action']
            );
          
        list($curr_delvotes, $curr_delvote_ips) = $db->fetchrow_num();
        $db->free_result();
        
        // merge with existing votes
        $old_delvote_ips = unserialize($log_entry['page_text']);
        $new_delvote_ips = unserialize($curr_delvote_ips);
        $new_delvote_ips['u'] = array_unique(array_merge($new_delvote_ips['u'], $old_delvote_ips['u']));
        $new_delvote_ips['ip'] = array_unique(array_merge($new_delvote_ips['ip'], $old_delvote_ips['ip']));
        $new_delvotes = count($new_delvote_ips['ip']);
        $new_delvote_ips = $db->escape(serialize($new_delvote_ips));
        
        // update pages table
        $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET delvotes = $new_delvotes, delvote_ips = '$new_delvote_ips' WHERE urlname = '$this->page_id' AND namespace = '$this->namespace';");
        
        $cache->purge('page_meta');
        
        return array(
            'success' => true,
            'dateline' => $dateline,
            'action' => $log_entry['action']
          );
        break;
      default:
        
        return array(
            'success' => false,
            'error' => 'rb_action_not_supported',
            'action' => $log_entry['action']
          );
        
        break;
    }
  }
  
  /**
   * Renames the page
   * @param string New name
   * @return array Standard Enano error/success protocol
   */
  
  function rename_page($new_name)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    
    // Check permissions
    if ( !$this->perms->get_permissions('rename') )
    {
      return array(
        'success' => false,
        'error' => 'access_denied'
        );
    }
    
    // If this is the same as the current name, return success
    $page_name = get_page_title_ns($this->page_id, $this->namespace);
    if ( $page_name === $new_name )
    {
      return array(
        'success' => true
        );
    }
    
    // Make sure the name is valid
    $new_name = trim($new_name);
    if ( empty($new_name) )
    {
      return array(
        'success' => false,
        'error' => 'invalid_parameter'
        );
    }
    
    // Log the action
    $username = $db->escape($session->username);
    $page_name = $db->escape($page_name);
    $time = time();
    
    $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, date_string ) VALUES\n"
                      . "  ( 'page', 'rename', '{$this->page_id}', '{$this->namespace}', '$username', '$page_name', '$time', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );");
    if ( !$q )
      $db->_die();
    
    // Not much to do but to rename it now
    $new_name = $db->escape($new_name);
    $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET name = '$new_name' WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
    if ( !$q )
      $db->_die();
    
    // Update the cache
    $paths->update_metadata_cache();
    
    return array(
      'success' => true
      );
  }
  
  /**
   * Sets the protection level of the page
   * @param int Protection level, one of PROTECT_{FULL,SEMI,NONE}
   * @param string Reason for protection - required
   */
  
  function protect_page($protection_level, $reason)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $cache;
    
    // Validate permissions
    if ( !$this->perms->get_permissions('protect') )
    {
      return array(
        'success' => false,
        'error' => 'access_denied'
        );
    }
    
    // Validate re-auth
    if ( !$session->sid_super )
    {
      return array(
        'success' => false,
        'error' => 'access_denied_need_reauth'
        );
    }
    
    // Validate input
    $reason = trim($reason);
    if ( !in_array($protection_level, array(PROTECT_NONE, PROTECT_FULL, PROTECT_SEMI)) || empty($reason) )
    {
      return array(
        'success' => false,
        'error' => 'invalid_parameter'
        );
    }
    
    // Retrieve page metadata
    $metadata = $this->ns->get_cdata();
    
    // Log the action
    $username = $db->escape($session->username);
    $time = time();
    $existing_protection = intval($metadata['protected']);
    $reason = $db->escape($reason);
    
    if ( $existing_protection == $protection_level )
    {
      return array(
        'success' => false,
        'error' => 'protection_already_there'
        );
    }
    
    $action = '[ insanity ]';
    switch($protection_level)
    {
      case PROTECT_FULL: $action = 'prot'; break;
      case PROTECT_NONE: $action = 'unprot'; break;
      case PROTECT_SEMI: $action = 'semiprot'; break;
    }
    
    $sql = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, page_text, date_string ) VALUES\n"
         . "  ( 'page', '$action', '{$this->page_id}', '{$this->namespace}', '$username', '$reason', '$time', '$existing_protection', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );";
    if ( !$db->sql_query($sql) )
    {
      $db->die_json();
    }
    
    // Perform the actual protection
    $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET protected = $protection_level WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
    if ( !$q )
      $db->die_json();
    
    $cache->purge('page_meta');
    
    return array(
      'success' => true
      );
  }
  
  /**
   * Sets internal variables.
   * @access private
   */
  
  function _setup($page_id, $namespace, $revision_id)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    
    $page_id_cleaned = sanitize_page_id($page_id);
    
    $this->revision_id = $revision_id;
    $this->page_id_unclean = dirtify_page_id($page_id);
    
    // resolve namespace
    $this->ns = namespace_factory($page_id, $namespace, $this->revision_id);
    $this->page_id =& $this->ns->page_id;
    $this->namespace =& $this->ns->namespace;
    
    $this->perms = $session->fetch_page_acl( $page_id, $namespace );
    
    $this->page_exists = $this->ns->exists();
    $this->title = get_page_title_ns($this->page_id, $this->namespace);
    
    profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
  }
  
  /**
   * Processes any redirects.
   * @access private
   */
  
  function process_redirects()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $output, $lang;
    
    $this->redirect_stack = array();
    
    if ( !method_exists($this->ns, 'get_redirect') )
      return true;
    
    if ( !$this->allow_redir )
      return true;
    
    $redirect_count = 0;
    
    while ( $result = $this->ns->get_redirect() )
    {
      if ( $result['namespace'] == 'Special' || $result['namespace'] == 'Admin' )
      {
        // Can't redirect to special/admin page
        $this->redir_error = $lang->get('page_err_redirect_to_special');
        break;
      }
      if ( $redirect_count == 3 )
      {
        // max of 3 internal redirects exceeded
        $this->redir_error = $lang->get('page_err_redirects_exceeded');
        break;
      }
      
      $loop = false;
      foreach ( $this->redirect_stack as $stackel )
      {
        if ( $result['page_id'] == $stackel['old_page_id'] && $result['namespace'] == $stackel['old_namespace'] )
        {
          $loop = true;
          break;
        }
      }
      
      if ( $loop )
      {
        // redirect loop
        $this->redir_error = $lang->get('page_err_redirect_infinite_loop');
        break;
      }
      $new_ns = namespace_factory($result['page_id'], $result['namespace']);
      if ( !$new_ns->exists() )
      {
        // new page doesn't exist
        $this->redir_error = $lang->get('page_err_redirect_to_nonexistent');
        break;
      }
      
      // build stack entry
      $stackel = array(
          'page_id' => $result['page_id'],
          'namespace' => $result['namespace'],
          'old_page_id' => $this->page_id,
          'old_namespace' => $this->namespace,
          'old_title' => $this->ns->title
        );
      
      // replace everything (perform the actual redirect)
      $this->ns = $new_ns;
      
      $this->page_id =& $this->ns->page_id;
      $this->namespace =& $this->ns->namespace;
      
      $this->redirect_stack[] = $stackel;
      
      $redirect_count++;
    }
  }
    
  /**
   * Sends the page header, dependent on, of course, whether we're supposed to.
   */
  
  function header()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    if ( $this->send_headers )
      $template->header();
  }
  
  /**
   * Sends the page footer, dependent on, of course, whether we're supposed to.
   */
  
  function footer()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    if ( $this->send_headers )
      $template->footer();
  }
  
  /**
   * Fetches the raw, unfiltered page text.
   * @access public
   */
  
  function fetch_text()
  {
    return $this->ns->fetch_text();
  }
  
  /**
   * Tells us if the page exists.
   * @return bool
   */
  
  function exists()
  {
    return $this->ns->exists();
  }
  
  /**
   * Send the error message to the user that the access to this page is denied.
   * @access private
   */
  
  function err_access_denied()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    global $email;
    
    // Log it for crying out loud
    $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
    
    $ob = '';
    //$template->tpl_strings['PAGE_NAME'] = 'Access denied';
    $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
      
    if ( $this->send_headers )
    {
      $ob .= $template->getHeader();
    }
    
    if ( count($this->redirect_stack) > 0 )
    {
      $stack = array_reverse($this->redirect_stack);
      foreach ( $stack as $oldtarget )
      {
        $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
        $old_page = namespace_factory($oldtarget[0], $oldtarget[1]);
        $page_data = $old_page->get_cdata();
        $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
        $a = '<a href="' . $url . '">' . $title . '</a>';
        
        $url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
        $page_data = $this->ns->get_cdata();
        $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
        $b = '<a href="' . $url . '">' . $title . '</a>';
        
        $ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
      }
    }
    
    $email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
    
    $ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
    $ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
    
    if ( $this->send_headers )
    {
      $ob .= $template->getFooter();
    }
    echo $ob;
  }
  
  /**
   * Inform the user of an incorrect or absent password
   * @access private
   */
   
  function err_wrong_password()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    
    $title = $lang->get('page_msg_passrequired_title');
    $message = ( empty($this->password) ) ?
                 '<p>' . $lang->get('page_msg_passrequired') . '</p>' :
                 '<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
    $message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
                   <p>
                     <label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label>&nbsp;&nbsp;<input type="submit" value="' . $lang->get('page_btn_password_submit') . '" />
                   </p>
                 </form>';
    if ( $this->send_headers )
    {
      $template->tpl_strings['PAGE_NAME'] = $title;
      $template->header();
      echo "$message";
      $template->footer();
    }
    else
    {
      echo "<h2>$title</h2>
            $message";
    }
  }
  
  /**
   * Send the error message to the user complaining that there weren't any rows.
   * @access private
   */
  
  function err_no_rows()
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    
    $title = 'No text rows';
    $message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
    if ( $this->send_headers )
    {
      $template->tpl_strings['PAGE_NAME'] = $title;
      $template->header();
      echo "<p>$message</p>";
      $template->footer();
    }
    else
    {
      echo "<h2>$title</h2>
            <p>$message</p>";
    }
  }
  
  /**
   * Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
   * @param string Error message
   * @param bool If true, send DBAL's debugging information as well
   */
   
  function send_error($message, $sql = false)
  {
    global $db, $session, $paths, $template, $plugins; // Common objects
    global $lang;
    
    $content = "<p>$message</p>";
    $template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
    
    if ( $this->debug['works'] )
    {
      $content .= $this->debug['backtrace'];
    }
    
    header('HTTP/1.1 500 Internal Server Error');
    
    $template->header();
    echo $content;
    $template->footer();
    
    $db->close();
    
    exit;
    
  }
  
  /**
   * Raises an error.
   * @param string Error string
   */
   
  function raise_error($string)
  {
    if ( !is_string($string) )
      return false;
    $this->_errors[] = $string;
  }
  
  /**
   * Retrieves the latest error from the error stack and returns it ('pops' the error stack)
   * @return string
   */
  
  function pop_error()
  {
    if ( count($this->_errors) < 1 )
      return false;
    return array_pop($this->_errors);
  }
  
} // class PageProcessor

?>