' . "\n";
- echo '
' . "\n";
- echo '' . "\n";
-
- return;
- }
- }
- else if ( isset($_POST['action']['del_confirm']) )
- {
- $delete_id = intval($_POST['delete_id']);
- if ( empty($delete_id) )
- {
- echo 'Hack attempt';
- return;
- }
- // Obtain group name
- $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
- if ( !$q )
- $db->_die();
- if ( $db->numrows() < 1 )
- {
- echo 'Page group dun exist.';
- return;
- }
- $row = $db->fetchrow();
- $db->free_result();
- $pg_name = $row['pg_name'];
- unset($row);
- // Delete the group
- $q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
- if ( !$q )
- $db->_die();
- $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';');
- if ( !$q )
- $db->_die();
-
- $del_msg = $lang->get('acppg_msg_delete_success', array('pg_name' => htmlspecialchars($pg_name)));
- echo "
$del_msg
";
- }
- else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) )
- {
- if ( isset($_POST['action']['edit_save']) )
- {
- }
-
- if ( isset($_POST['action']['edit']['add_page']) && isset($_GET['src']) && $_GET['src'] == 'ajax' )
- {
- $return = array('successful' => false);
-
- //
- // Add the specified page to the group
- //
-
- // Get ID of the group
- $edit_id = intval($_POST['pg_id']);
- if ( !$edit_id )
- {
- $return = array('mode' => 'error', 'text' => 'Hack attempt');
- echo enano_json_encode($return);
- return;
- }
-
- // Run some validation - check that page exists and that it's not already in the group
- $page = $_POST['new_page'];
- if ( empty($page) )
- {
- $return = array('mode' => 'error', 'text' => $lang->get('acppg_err_ajaxadd_need_title'));
- echo enano_json_encode($return);
- return;
- }
-
- /*
- // We're gonna allow adding nonexistent pages for now
- if ( !isPage($page) )
- {
- $return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.');
- echo enano_json_encode($return);
- return;
- }
- */
-
- list($page_id, $namespace) = RenderMan::strToPageID($page);
- $page_id = sanitize_page_id($page_id);
-
- if ( !isset($paths->namespace[$namespace]) )
- {
- $return = array('mode' => 'error', 'text' => 'Invalid namespace return from RenderMan::strToPageID()');
- echo enano_json_encode($return);
- return;
- }
-
- $q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';');
- if ( !$q )
- {
- $return = array('mode' => 'error', 'text' => $db->get_error());
- echo enano_json_encode($return);
- return;
- }
- if ( $db->numrows() > 0 )
- {
- $return = array('mode' => 'error', 'text' => $lang->get('acppg_err_ajaxadd_already_in'));
- echo enano_json_encode($return);
- return;
- }
-
- $q = $db->sql_query('INSERT INTO '.table_prefix.'page_group_members(pg_id, page_id, namespace) VALUES(' . $edit_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
- if ( !$q )
- {
- $return = array('mode' => 'error', 'text' => $db->get_error());
- echo enano_json_encode($return);
- return;
- }
-
- $title = "($namespace) " . get_page_title($paths->nslist[$namespace] . $page_id);
-
- $return = array('mode' => 'info', 'text' => $lang->get('acppg_ajaxadd_success'), 'successful' => true, 'title' => $title, 'member_id' => $db->insert_id());
-
- echo enano_json_encode($return);
- return;
- }
-
- if ( isset($_POST['action']['edit_save']) && isset($_POST['pg_name']) )
- {
- $edit_id = $_POST['action']['edit'];
- $edit_id = intval($edit_id);
- if ( !empty($edit_id) )
- {
- // Update group name
- $new_name = $_POST['pg_name'];
- if ( empty($new_name) )
- {
- echo '
' . $lang->get('acppg_err_save_need_name') . '
';
- }
- else
- {
- $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- $row = $db->fetchrow();
- $db->free_result();
- if ( $new_name != $row['pg_name'] )
- {
- $new_name = $db->escape(trim($new_name));
- $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_name=\'' . $new_name . '\' WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- else
- echo '
' . $lang->get('acppg_msg_save_name_updated') . '
';
- }
- if ( $_POST['pg_type'] == PAGE_GRP_TAGGED )
- {
- $target = $_POST['pg_target'];
- $target = sanitize_tag($target);
- if ( empty($target) )
- {
- echo '
' . $lang->get('acppg_err_save_need_tag') . '
';
- }
- else
- {
- $target = $db->escape($target);
- $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- else
- echo '
' . $lang->get('acppg_msg_save_tag_updated') . '
';
- }
- }
- else if ( $_POST['pg_type'] == PAGE_GRP_REGEX )
- {
- $target = $_POST['pg_target'];
- if ( empty($target) )
- {
- echo '
' . $lang->get('acppg_err_save_need_regex') . '
';
- }
- else
- {
- $target = $db->escape($target);
- $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- else
- echo '
' . $lang->get('acppg_msg_save_regex_updated') . '
';
- }
- }
- else if ( $_POST['pg_type'] == PAGE_GRP_CATLINK )
- {
- $target = $_POST['pg_target'];
- if ( empty($target) )
- {
- echo '
' . $lang->get('acppg_err_save_bad_category') . '
';
- }
- else
- {
- $target = $db->escape($target);
- $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
- else
- echo '
' . $lang->get('acppg_msg_save_cat_updated') . '
';
- }
- }
- }
- }
- }
- else if ( isset($_POST['action']['edit_save']) )
- {
- $edit_id = $_POST['action']['edit'];
- $edit_id = intval($edit_id);
- }
- else
- {
- $edit_id = array_keys($_POST['action']['edit']);
- $edit_id = intval($edit_id[0]);
- }
-
- if ( empty($edit_id) )
- {
- echo 'Hack attempt';
- return;
- }
-
- if ( isset($_POST['action']['edit_save']['do_rm']) && !isset($_POST['pg_name']) )
- {
- $vals = array_keys($_POST['action']['edit_save']['rm']);
- $good = array();
- foreach ( $vals as $id )
- {
- if ( strval(intval($id)) == $id )
- $good[] = $id;
- }
- $subquery = ( count($good) > 0 ) ? 'pg_member_id=' . implode(' OR pg_member_id=', $good) : "'foo'='bar'";
- if ( $subquery == "'foo'='bar'" )
- {
- echo '
' . $lang->get('acppg_err_save_no_pages') . '
';
- }
- else
- {
- $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;";
- if ( !$db->sql_query($sql) )
- {
- $db->_die();
- }
- echo '
' . $lang->get('acppg_msg_save_pages_deleted') . '
';
- }
- }
-
- // Fetch information about page group
- $q = $db->sql_query('SELECT pg_name, pg_type, pg_target FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';');
- if ( !$q )
- $db->_die();
-
- if ( $db->numrows() < 1 )
- {
- echo 'Bad request - can\'t load page group from database.';
- return;
- }
-
- $row = $db->fetchrow();
- $db->free_result();
-
- echo '
';
- echo '
';
-
- if ( $ajax_page_add )
- {
- // This needs to be outside of the form.
- echo '
';
- }
-
- return;
- }
- else if ( isset($_POST['action']['noop']) )
- {
- // Do nothing - skip to main form (noop is usually invoked by a cancel button in a form above)
- }
- else
- {
- echo '
Invalid format of $_POST[action].
';
- }
- }
- // No action defined - show default menu
-
- echo '
' . $lang->get('acppg_heading_main') . '
';
- echo '
' . $lang->get('acppg_hint_intro') . '
';
-
- $q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;');
- if ( !$q )
- $db->_die();
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+ if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
+ {
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '
' . $lang->get('adm_err_not_auth_title') . '
';
+ echo '
' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
';
+ return;
+ }
+
+ if ( isset($_POST['action']) )
+ {
+ if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) )
+ {
+ switch ( isset($_POST['action']['create_stage2']) )
+ {
+ case true:
+ if ( empty($_POST['pg_name']) || empty($_POST['group_type']) )
+ {
+ echo '
' . $lang->get('acppg_err_need_name') . '
';
+ return;
+ }
+ if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) )
+ {
+ echo '
' . $lang->get('acppg_err_need_tag') . '
';
+ return;
+ }
+ if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) )
+ {
+ echo '
' . $lang->get('acppg_err_need_cat') . '
';
+ return;
+ }
+ if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) )
+ {
+ echo '
' . $lang->get('acppg_err_need_page') . '
';
+ return;
+ }
+ if ( $_POST['group_type'] == PAGE_GRP_REGEX && empty($_POST['regex']) )
+ {
+ echo '
' . $lang->get('acppg_err_need_regex') . '
';
+ return;
+ }
+ if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL && $_POST['group_type'] != PAGE_GRP_REGEX )
+ {
+ echo '
Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.
';
+ return;
+ }
+ // All checks passed, create the group
+ switch($_POST['group_type'])
+ {
+ case PAGE_GRP_TAGGED:
+ $name = $db->escape($_POST['pg_name']);
+ $tag = $db->escape($_POST['member_tag']);
+ $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+ break;
+ case PAGE_GRP_CATLINK:
+ $name = $db->escape($_POST['pg_name']);
+ $cat = $db->escape($_POST['member_cat']);
+ $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+ break;
+ case PAGE_GRP_NORMAL:
+ $name = $db->escape($_POST['pg_name']);
+ $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+
+ $ins_id = $db->insert_id();
+
+ // Page list
+ $keys = array_keys($_POST);
+ $arr_pages = array();
+ foreach ( $keys as $val )
+ {
+ if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) && isPage($_POST[$val]) )
+ {
+ $arr_pages[] = $_POST[$val];
+ }
+ }
+ $arr_sql = array();
+ foreach ( $arr_pages as $page )
+ {
+ list($id, $ns) = RenderMan::strToPageID($page);
+ $id = sanitize_page_id($id);
+ $arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')';
+ }
+ $sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+ break;
+ case PAGE_GRP_REGEX:
+ $name = $db->escape($_POST['pg_name']);
+ $regex = $db->escape($_POST['regex']);
+ $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_REGEX . ', \'' . $name . '\', \'' . $regex . '\');';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+ break;
+ }
+ echo '
' . $lang->get('acppg_msg_create_success', array('group_name' => htmlspecialchars($_POST['pg_name']))) . '
';
+ break;
+ }
+ // A little Javascript magic
+ ?>
+
+ sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';');
+ if ( !$q )
+ $db->_die();
+
+ if ( $db->numrows() < 1 )
+ {
+ $catlist = $lang->get('acppg_err_no_cats');
+ }
+ else
+ {
+ $catlist = '
';
+ }
+
+ echo '';
+
+ echo '
';
+
+ echo '';
+ return;
+ }
+ else if ( isset($_POST['action']['del']) )
+ {
+ // Confirmation to delete a group (this is really only a stub)
+
+ $delete_id = array_keys($_POST['action']['del']);
+ $delete_id = intval($delete_id[0]);
+
+ if ( !empty($delete_id) )
+ {
+ echo '