@@ -461,7 +473,14 @@ if(file_exists($_POST['imagemagick_path'])) setConfig('imagemagick_path', $_POST['imagemagick_path']); else echo 'Warning: the file "'.$_POST['imagemagick_path'].'" was not found, and the ImageMagick file path was not updated.'; $max_upload = floor((float)$_POST['max_file_size'] * (int)$_POST['fs_units']); - setConfig('max_file_size', $max_upload.''); + if ( $max_upload > 1048576 && defined('ENANO_DEMO_MODE') ) + { + echo '

Wouldn\'t want the server DoS\'ed now. Stick to under a megabyte for the demo, please.

'; + } + else + { + setConfig('max_file_size', $max_upload.''); + } } echo ''; ?> @@ -513,6 +532,11 @@ setConfig('plugin_'.$_GET['plugin'], '1'); break; case "disable": + if ( defined('ENANO_DEMO_MODE') && strstr($_GET['plugin'], 'Demo') ) + { + echo('

Error disabling plugin

The demo lockdown plugin cannot be disabled in demo mode.

'); + break; + } if ( $_GET['plugin'] != 'SpecialAdmin.php' ) { setConfig('plugin_'.$_GET['plugin'], '0'); @@ -613,7 +637,7 @@ } global $mime_types, $mimetype_exps, $mimetype_extlist; - if(isset($_POST['save'])) + if(isset($_POST['save']) && !defined('ENANO_DEMO_MODE')) { $bits = ''; $keys = array_keys($mime_types); @@ -626,6 +650,10 @@ setConfig('allowed_mime_types', $bits); echo '

Your changes have been saved.

'; } + else if ( isset($_POST['save']) && defined('ENANO_DEMO_MODE') ) + { + echo '

Hmm, enabling executables, are we? Tsk tsk. I\'d love to know what\'s in that EXE file you want to upload. OK, maybe you didn\'t enable EXEs. But nevertheless, changing allowed filetypes is disabled in the demo.

'; + } $allowed = fetch_allowed_extensions(); ?>

Allowed file types

@@ -727,11 +755,19 @@ return; } - if(isset($_POST['go'])) { + if(isset($_POST['go'])) + { // We need the user ID before we can do anything $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\''); - if(!$q) die('Error selecting user ID: '.mysql_error()); - if($db->numrows() < 1) { echo('User does not exist, please enter another username.'); return; } + if ( !$q ) + { + die('Error selecting user ID: '.mysql_error()); + } + if ( $db->numrows() < 1 ) + { + echo('User does not exist, please enter another username.'); + return; + } $r = $db->fetchrow(); $db->free_result(); if(isset($_POST['save'])) @@ -741,7 +777,15 @@ $new_level = $_POST['level']; $old_level = intval($r['user_level']); - $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']); + if ( defined('ENANO_DEMO_MODE') ) + { + echo '

You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.

'; + $re = Array('permission denied'); + } + else + { + $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']); + } if($re == 'success') { @@ -789,14 +833,21 @@ } elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf'])) { - $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';'); - if($q) + if ( defined('ENANO_DEMO_MODE') ) { - echo '

The user account "'.$r['username'].'" was deleted.

'; + echo '

You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.

'; } else { - echo '

The user account "'.$r['username'].'" could not be deleted due to a database error.

'.$db->get_error().'

'; + $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';'); + if($q) + { + echo '

The user account "'.$r['username'].'" was deleted.

'; + } + else + { + echo '

The user account "'.$r['username'].'" could not be deleted due to a database error.

'.$db->get_error().'

'; + } } } else @@ -817,25 +868,34 @@ '); } - } elseif(isset($_POST['clearsessions'])) { - // Get the current session information so the user doesn't get logged out - $aes = new AESCrypt(); - $sk = md5($session->sid_super); - $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); - if(!$qb) die('Error selecting session key info block B: '.$db->get_error()); - if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process'); - $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); - if(!$qa) die('Error selecting session key info block A: '.$db->get_error()); - if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process'); - $ra = mysql_fetch_object($qa); - $rb = mysql_fetch_object($qb); - $db->free_result($qa); - $db->free_result($qb); - $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); - $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )'); - echo(' -

The session key table has been cleared. Your database should be a little bit smaller now.

- '); + } + else if(isset($_POST['clearsessions'])) + { + if ( defined('ENANO_DEMO_MODE') ) + { + echo '

Sorry Charlie, no can do. You might mess up other people logged into the demo site.

'; + } + else + { + // Get the current session information so the user doesn't get logged out + $aes = new AESCrypt(); + $sk = md5($session->sid_super); + $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); + if(!$qb) die('Error selecting session key info block B: '.$db->get_error()); + if($db->numrows($qb) < 1) die('Error: cannot read admin session info block B, aborting table clear process'); + $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); + if(!$qa) die('Error selecting session key info block A: '.$db->get_error()); + if($db->numrows($qa) < 1) die('Error: cannot read user session info block A, aborting table clear process'); + $ra = mysql_fetch_object($qa); + $rb = mysql_fetch_object($qb); + $db->free_result($qa); + $db->free_result($qb); + $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); + $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )'); + echo(' +

The session key table has been cleared. Your database should be a little bit smaller now.

+ '); + } } echo('

User Management

@@ -1767,7 +1827,7 @@ $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . ''); if(!$e) $db->_die('The ban list entry was not deleted.'); } - if(isset($_POST['create'])) + if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE')) { $q = 'INSERT INTO '.table_prefix.'banlist(ban_type,ban_value,reason,is_regex) VALUES( ' . $db->escape($_POST['type']) . ', \'' . $db->escape($_POST['value']) . '\', \''.$db->escape($_POST['reason']).'\''; if(isset($_POST['regex'])) $q .= ', 1'; @@ -1776,6 +1836,10 @@ $e = $db->sql_query($q); if(!$e) $db->_die('The banlist could not be updated.'); } + else if ( isset($_POST['create']) && defined('ENANO_DEMO_MODE') ) + { + echo '

This function is disabled in the demo. Just because you don\'t like ' . htmlspecialchars($_POST['value']) . ' doesn\'t mean we don\'t like ' . htmlspecialchars($_POST['value']) . '.

'; + } $q = $db->sql_query('SELECT ban_id,ban_type,ban_value,is_regex FROM '.table_prefix.'banlist ORDER BY ban_type;'); if(!$q) $db->_die('The banlist data could not be selected.'); echo ''; @@ -1813,7 +1877,7 @@ } global $enano_config; - if ( isset($_POST['do_send']) ) + if ( isset($_POST['do_send']) && !defined('ENANO_DEMO_MODE') ) { $use_smtp = getConfig('smtp_enabled') == '1'; @@ -1952,6 +2016,10 @@ } } + else if ( isset($_POST['do_send']) && defined('ENANO_DEMO_MODE') ) + { + echo '

This function is disabled in the demo. You think demo@enanocms.org likes getting "test" mass e-mails?

'; + } echo ''; ?>

@@ -2024,6 +2092,11 @@ return; } + if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') ) + { + redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 ); + } + global $system_table_list; if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes') { @@ -2358,6 +2431,20 @@ $content = $_POST['plugin_id']; break; } + + if ( defined('ENANO_DEMO_MODE') ) + { + // Sanitize the HTML + $content = sanitize_html($content, true); + } + + if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) + { + echo '

Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.

'; + $_POST['php_content'] = '?><Nulled>'; + $content = $_POST['php_content']; + } + // Get the value of item_order $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';'); @@ -2457,6 +2544,9 @@

+ +

Creating PHP blocks in demo mode is disabled for security reasons.

WARNING: If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here. ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type. @@ -2478,6 +2568,7 @@

@@ -2586,6 +2677,24 @@ die($r['block_content']); break; case 'save': + if ( defined('ENANO_DEMO_MODE') ) + { + $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); + if(!$q) + { + echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; + exit; + } + $row = $db->fetchrow(); + if ( $row['block_type'] == BLOCK_PHP ) + { + $_POST['content'] = '?><Nulled>'; + } + else + { + $_POST['content'] = sanitize_html($_POST['content'], true); + } + } $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';'); if(!$q) {

Enano is running in demo mode.

Error disabling plugin

Allowed file types

User Management