' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
'; - return; - } - - $system_themes =& $template->system_themes; - - // Obtain the list of themes (both available and already installed) and the styles available for each - $dh = @opendir(ENANO_ROOT . '/themes'); - if ( !$dh ) - die('Couldn\'t open themes directory'); - $themes = array(); - while ( $dr = @readdir($dh) ) - { - if ( $dr == '.' || $dr == '..' ) - continue; - if ( !is_dir(ENANO_ROOT . "/themes/$dr") ) - continue; - if ( !file_exists(ENANO_ROOT . "/themes/$dr/theme.cfg") || !is_dir(ENANO_ROOT . "/themes/$dr/css") ) - continue; - $cdh = @opendir(ENANO_ROOT . "/themes/$dr/css"); - if ( !$cdh ) - continue; - - require(ENANO_ROOT . "/themes/$dr/theme.cfg"); - global $theme; - - $themes[$dr] = array( - 'css' => array(), - 'theme_name' => $theme['theme_name'] - ); - while ( $cdr = @readdir($cdh) ) - { - if ( $cdr == '.' || $cdr == '..' ) - continue; - if ( preg_match('/\.css$/i', $cdr) ) - $themes[$dr]['css'][] = substr($cdr, 0, -4); - } - } - - // Decide which themes are not installed - $installable = array_flip(array_keys($themes)); - // FIXME: sanitize directory names or check with preg_match() - $where_clause = 'theme_id = \'' . implode('\' OR theme_id = \'', array_flip($installable)) . '\''; - $q = $db->sql_query('SELECT theme_id, theme_name, enabled FROM ' . table_prefix . "themes WHERE $where_clause;"); - if ( !$q ) - $db->_die(); - - while ( $row = $db->fetchrow() ) - { - $tid =& $row['theme_id']; - unset($installable[$tid]); - $themes[$tid]['theme_name'] = $row['theme_name']; - $themes[$tid]['enabled'] = ( $row['enabled'] == 1 ); - } - - foreach ( $system_themes as $st ) - { - unset($installable[$st]); - } - - $installable = array_flip($installable); - - // AJAX code - if ( $paths->getParam(0) === 'action.json' && !$force_no_json ) - { - return ajaxServlet_Admin_ThemeManager($themes); - } - - // List installed themes - ?> - - ' . $lang->get('acptm_heading_edit_themes') . ''; - echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
'; + return; + } + + $system_themes =& $template->system_themes; + + // Obtain the list of themes (both available and already installed) and the styles available for each + $dh = @opendir(ENANO_ROOT . '/themes'); + if ( !$dh ) + die('Couldn\'t open themes directory'); + $themes = array(); + while ( $dr = @readdir($dh) ) + { + if ( $dr == '.' || $dr == '..' ) + continue; + if ( !is_dir(ENANO_ROOT . "/themes/$dr") ) + continue; + if ( !file_exists(ENANO_ROOT . "/themes/$dr/theme.cfg") || !is_dir(ENANO_ROOT . "/themes/$dr/css") ) + continue; + $cdh = @opendir(ENANO_ROOT . "/themes/$dr/css"); + if ( !$cdh ) + continue; + + require(ENANO_ROOT . "/themes/$dr/theme.cfg"); + global $theme; + + $themes[$dr] = array( + 'css' => array(), + 'theme_name' => $theme['theme_name'] + ); + while ( $cdr = @readdir($cdh) ) + { + if ( $cdr == '.' || $cdr == '..' ) + continue; + if ( preg_match('/\.css$/i', $cdr) ) + $themes[$dr]['css'][] = substr($cdr, 0, -4); + } + } + + // Decide which themes are not installed + $installable = array_flip(array_keys($themes)); + // FIXME: sanitize directory names or check with preg_match() + $where_clause = 'theme_id = \'' . implode('\' OR theme_id = \'', array_flip($installable)) . '\''; + $q = $db->sql_query('SELECT theme_id, theme_name, enabled FROM ' . table_prefix . "themes WHERE $where_clause;"); + if ( !$q ) + $db->_die(); + + while ( $row = $db->fetchrow() ) + { + $tid =& $row['theme_id']; + unset($installable[$tid]); + $themes[$tid]['theme_name'] = $row['theme_name']; + $themes[$tid]['enabled'] = ( $row['enabled'] == 1 ); + } + + foreach ( $system_themes as $st ) + { + unset($installable[$st]); + } + + $installable = array_flip($installable); + + // AJAX code + if ( $paths->getParam(0) === 'action.json' && !$force_no_json ) + { + return ajaxServlet_Admin_ThemeManager($themes); + } + + // List installed themes + ?> + + ' . $lang->get('acptm_heading_edit_themes') . ''; + echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
'; - return; - } - - if ( !isset($_POST['r']) ) - return false; - - try - { - $request = enano_json_decode($_POST['r']); - } - catch ( Exception $e ) - { - die('Exception in JSON parser, probably invalid input.'); - } - - if ( !isset($request['mode']) ) - { - die('No mode specified in JSON request.'); - } - - switch ( $request['mode'] ) - { - case 'fetch_theme': - $theme_id = $db->escape($request['theme_id']); - if ( empty($theme_id) ) - die('Invalid theme_id'); - - $q = $db->sql_query("SELECT theme_id, theme_name, default_style, enabled, group_policy, group_list FROM " . table_prefix . "themes WHERE theme_id = '$theme_id';"); - if ( !$q ) - $db->die_json(); - - if ( $db->numrows() < 1 ) - die('BUG: no theme with that theme_id installed.'); - - $row = $db->fetchrow(); - $row['enabled'] = ( $row['enabled'] == 1 ); - $row['css'] = @$themes[$theme_id]['css']; - $row['default_style'] = preg_replace('/\.css$/', '', $row['default_style']); - $row['is_default'] = ( getConfig('theme_default') === $theme_id ); - $row['group_list'] = ( empty($row['group_list']) ) ? array() : enano_json_decode($row['group_list']); - - // Build a list of group names - $row['group_names'] = array(); - $q = $db->sql_query('SELECT group_id, group_name FROM ' . table_prefix . 'groups;'); - if ( !$q ) - $db->die_json(); - while ( $gr = $db->fetchrow() ) - { - $row['group_names'][ intval($gr['group_id']) ] = $gr['group_name']; - } - $db->free_result(); - - // Build a list of usernames - $row['usernames'] = array(); - foreach ( $row['group_list'] as $el ) - { - if ( !preg_match('/^u:([0-9]+)$/', $el, $match) ) - continue; - $uid =& $match[1]; - $q = $db->sql_query('SELECT username FROM ' . table_prefix . "users WHERE user_id = $uid;"); - if ( !$q ) - $db->die_json(); - if ( $db->numrows() < 1 ) - { - $db->free_result(); - continue; - } - list($username) = $db->fetchrow_num(); - $row['usernames'][$uid] = $username; - $db->free_result(); - } - - echo enano_json_encode($row); - break; - case 'uid_lookup': - $username = @$request['username']; - if ( empty($username) ) - { - die(enano_json_encode(array( - 'mode' => 'error', - 'error' => $lang->get('acptm_err_invalid_username') - ))); - } - $username = $db->escape(strtolower($username)); - $q = $db->sql_query('SELECT user_id, username FROM ' . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '$username';"); - if ( !$q ) - $db->die_json(); - - if ( $db->numrows() < 1 ) - { - die(enano_json_encode(array( - 'mode' => 'error', - 'error' => $lang->get('acptm_err_username_not_found') - ))); - } - - list($uid, $username_real) = $db->fetchrow_num(); - $db->free_result(); - - echo enano_json_encode(array( - 'uid' => $uid, - 'username' => $username_real - )); - break; - case 'save_theme': - if ( !isset($request['theme_data']) ) - { - die(enano_json_encode(array( - 'mode' => 'error', - 'error' => 'No theme data in request' - ))); - } - $theme_data =& $request['theme_data']; - // Perform integrity check on theme data - $chk_theme_exists = isset($themes[@$theme_data['theme_id']]); - $theme_data['theme_name'] = trim(@$theme_data['theme_name']); - $chk_name_good = !empty($theme_data['theme_name']); - $chk_policy_good = in_array(@$theme_data['group_policy'], array('allow_all', 'whitelist', 'blacklist')); - $chk_grouplist_good = true; - foreach ( $theme_data['group_list'] as $acl_entry ) - { - if ( !preg_match('/^(u|g):[0-9]+$/', $acl_entry) ) - { - $chk_grouplist_good = false; - break; - } - } - $chk_style_good = @in_array(@$theme_data['default_style'], @$themes[@$theme_data['theme_id']]['css']); - if ( !$chk_theme_exists || !$chk_name_good || !$chk_policy_good || !$chk_grouplist_good || !$chk_style_good ) - { - die(enano_json_encode(array( - 'mode' => 'error', - 'error' => $lang->get('acptm_err_save_validation_failed') - ))); - } - - $enable = ( $theme_data['enabled'] ) ? '1' : '0'; - $theme_default = getConfig('theme_default'); - $warn_default = ( $theme_default === $theme_data['theme_id'] || $theme_data['make_default'] ) ? - ' ' . $lang->get('acptm_warn_access_with_default') . ' ' : - ' '; - if ( $enable == 0 && ( $theme_default === $theme_data['theme_id'] || $theme_data['make_default'] ) ) - { - $enable = '1'; - $warn_default .= '' . $lang->get('acptm_warn_cant_disable_default') . ''; - } - - // We're good. Update the theme... - $q = $db->sql_query('UPDATE ' . table_prefix . 'themes SET - theme_name = \'' . $db->escape($theme_data['theme_name']) . '\', - default_style = \'' . $db->escape($theme_data['default_style']) . '\', - group_list = \'' . $db->escape(enano_json_encode($theme_data['group_list'])) . '\', - group_policy = \'' . $db->escape($theme_data['group_policy']) . '\', - enabled = ' . $enable . ' - WHERE theme_id = \'' . $db->escape($theme_data['theme_id']) . '\';'); - if ( !$q ) - $db->die_json(); - - if ( $theme_data['make_default'] ) - { - setConfig('theme_default', $theme_data['theme_id']); - } - - $cache->purge('themes'); - - echo '' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '
'; + return; + } + + if ( !isset($_POST['r']) ) + return false; + + try + { + $request = enano_json_decode($_POST['r']); + } + catch ( Exception $e ) + { + die('Exception in JSON parser, probably invalid input.'); + } + + if ( !isset($request['mode']) ) + { + die('No mode specified in JSON request.'); + } + + switch ( $request['mode'] ) + { + case 'fetch_theme': + $theme_id = $db->escape($request['theme_id']); + if ( empty($theme_id) ) + die('Invalid theme_id'); + + $q = $db->sql_query("SELECT theme_id, theme_name, default_style, enabled, group_policy, group_list FROM " . table_prefix . "themes WHERE theme_id = '$theme_id';"); + if ( !$q ) + $db->die_json(); + + if ( $db->numrows() < 1 ) + die('BUG: no theme with that theme_id installed.'); + + $row = $db->fetchrow(); + $row['enabled'] = ( $row['enabled'] == 1 ); + $row['css'] = @$themes[$theme_id]['css']; + $row['default_style'] = preg_replace('/\.css$/', '', $row['default_style']); + $row['is_default'] = ( getConfig('theme_default') === $theme_id ); + $row['group_list'] = ( empty($row['group_list']) ) ? array() : enano_json_decode($row['group_list']); + + // Build a list of group names + $row['group_names'] = array(); + $q = $db->sql_query('SELECT group_id, group_name FROM ' . table_prefix . 'groups;'); + if ( !$q ) + $db->die_json(); + while ( $gr = $db->fetchrow() ) + { + $row['group_names'][ intval($gr['group_id']) ] = $gr['group_name']; + } + $db->free_result(); + + // Build a list of usernames + $row['usernames'] = array(); + foreach ( $row['group_list'] as $el ) + { + if ( !preg_match('/^u:([0-9]+)$/', $el, $match) ) + continue; + $uid =& $match[1]; + $q = $db->sql_query('SELECT username FROM ' . table_prefix . "users WHERE user_id = $uid;"); + if ( !$q ) + $db->die_json(); + if ( $db->numrows() < 1 ) + { + $db->free_result(); + continue; + } + list($username) = $db->fetchrow_num(); + $row['usernames'][$uid] = $username; + $db->free_result(); + } + + echo enano_json_encode($row); + break; + case 'uid_lookup': + $username = @$request['username']; + if ( empty($username) ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => $lang->get('acptm_err_invalid_username') + ))); + } + $username = $db->escape(strtolower($username)); + $q = $db->sql_query('SELECT user_id, username FROM ' . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '$username';"); + if ( !$q ) + $db->die_json(); + + if ( $db->numrows() < 1 ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => $lang->get('acptm_err_username_not_found') + ))); + } + + list($uid, $username_real) = $db->fetchrow_num(); + $db->free_result(); + + echo enano_json_encode(array( + 'uid' => $uid, + 'username' => $username_real + )); + break; + case 'save_theme': + if ( !isset($request['theme_data']) ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => 'No theme data in request' + ))); + } + $theme_data =& $request['theme_data']; + // Perform integrity check on theme data + $chk_theme_exists = isset($themes[@$theme_data['theme_id']]); + $theme_data['theme_name'] = trim(@$theme_data['theme_name']); + $chk_name_good = !empty($theme_data['theme_name']); + $chk_policy_good = in_array(@$theme_data['group_policy'], array('allow_all', 'whitelist', 'blacklist')); + $chk_grouplist_good = true; + foreach ( $theme_data['group_list'] as $acl_entry ) + { + if ( !preg_match('/^(u|g):[0-9]+$/', $acl_entry) ) + { + $chk_grouplist_good = false; + break; + } + } + $chk_style_good = @in_array(@$theme_data['default_style'], @$themes[@$theme_data['theme_id']]['css']); + if ( !$chk_theme_exists || !$chk_name_good || !$chk_policy_good || !$chk_grouplist_good || !$chk_style_good ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => $lang->get('acptm_err_save_validation_failed') + ))); + } + + $enable = ( $theme_data['enabled'] ) ? '1' : '0'; + $theme_default = getConfig('theme_default'); + $warn_default = ( $theme_default === $theme_data['theme_id'] || $theme_data['make_default'] ) ? + ' ' . $lang->get('acptm_warn_access_with_default') . ' ' : + ' '; + if ( $enable == 0 && ( $theme_default === $theme_data['theme_id'] || $theme_data['make_default'] ) ) + { + $enable = '1'; + $warn_default .= '' . $lang->get('acptm_warn_cant_disable_default') . ''; + } + + // We're good. Update the theme... + $q = $db->sql_query('UPDATE ' . table_prefix . 'themes SET + theme_name = \'' . $db->escape($theme_data['theme_name']) . '\', + default_style = \'' . $db->escape($theme_data['default_style']) . '\', + group_list = \'' . $db->escape(enano_json_encode($theme_data['group_list'])) . '\', + group_policy = \'' . $db->escape($theme_data['group_policy']) . '\', + enabled = ' . $enable . ' + WHERE theme_id = \'' . $db->escape($theme_data['theme_id']) . '\';'); + if ( !$q ) + $db->die_json(); + + if ( $theme_data['make_default'] ) + { + setConfig('theme_default', $theme_data['theme_id']); + } + + $cache->purge('themes'); + + echo '