# HG changeset patch
# User Dan
# Date 1188161295 14400
# Node ID d807dcd7aed74577e99bf46124174c427cdd557b
# Parent  bb4e677a4da96cb665767ef045b6784f4e6b529c
[comments] fixed edit button (source wasn't getting filled)
[editor] fixed issue with PHP execution and preview (PHP code is executed now, ACL-permitting)
[admin] added checkbox to toggle account activation status in user manager (thanks Manoj)

diff -r bb4e677a4da9 -r d807dcd7aed7 includes/clientside/static/comments.js
--- a/includes/clientside/static/comments.js	Sat Aug 25 12:53:03 2007 -0400
+++ b/includes/clientside/static/comments.js	Sun Aug 26 16:48:15 2007 -0400
@@ -147,10 +147,10 @@
     
   document.getElementById('ajaxEditContainer').innerHTML = html;
   
-  //for ( i = 0; i < data.comments.length; i++ )
-  //{
-  //  document.getElementById('comment_source_'+i).value = data.comments[i].comment_source;
-  //}
+  for ( i = 0; i < data.comments.length; i++ )
+  {
+    document.getElementById('comment_source_'+i).value = data.comments[i].comment_source;
+  }
   
 }
 
@@ -230,7 +230,7 @@
 function editComment(id, link)
 {
   var ctr = document.getElementById('subject_'+id);
-  var subj = trim(ctr.firstChild.nodeValue); // If there's a span in there that says 'unapproved', this eliminates it
+  var subj = ( ctr.firstChild ) ? trim(ctr.firstChild.nodeValue) : ''; // If there's a span in there that says 'unapproved', this eliminates it
   ctr.innerHTML = '';
   var ipt = document.createElement('input');
   ipt.id = 'subject_edit_'+id;
@@ -273,9 +273,12 @@
 
 function deleteComment(id)
 {
-  //var c = confirm('Do you really want to delete this comment?');
-  //if(!c);
-  //  return false;
+  if ( !shift )
+  {
+    var c = confirm('Do you really want to delete this comment?');
+    if(!c)
+      return false;
+  }
   var div = document.getElementById('comment_holder_'+id);
   var real_id = div.getElementsByTagName('input')[0]['value'];
   var req = {
@@ -301,6 +304,16 @@
     var captcha_code = '';
     var captcha_id   = '';
   }
+  if ( subj == '' )
+  {
+    new messagebox(MB_OK|MB_ICONSTOP, 'Input validation failed', 'Please enter a subject for your comment.');
+    return false;
+  }
+  if ( text == '' )
+  {
+    new messagebox(MB_OK|MB_ICONSTOP, 'Input validation failed', 'Please enter some text for the body of your comment .');
+    return false;
+  }
   var req = {
     'mode' : 'submit',
     'name' : name,
diff -r bb4e677a4da9 -r d807dcd7aed7 includes/pageutils.php
--- a/includes/pageutils.php	Sat Aug 25 12:53:03 2007 -0400
+++ b/includes/pageutils.php	Sun Aug 26 16:48:15 2007 -0400
@@ -1591,7 +1591,15 @@
    
   function genPreview($text)
   {
-    return '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">'.RenderMan::render(RenderMan::preprocess_text($text, false, false)).'</div>';
+    $ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+    $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+    ob_start();
+    eval('?>' . $text);
+    $text = ob_get_contents();
+    ob_end_clean();
+    $ret .= $text;
+    $ret .= '</div>';
+    return $ret;
   }
   
   /**
diff -r bb4e677a4da9 -r d807dcd7aed7 includes/template.php
--- a/includes/template.php	Sat Aug 25 12:53:03 2007 -0400
+++ b/includes/template.php	Sun Aug 26 16:48:15 2007 -0400
@@ -446,7 +446,7 @@
         $ctmp = ' style="text-decoration: underline;"';
       }
       $menubtn->assign_vars(array(
-          'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'.$ctmp,
+          'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp,
           'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true),
           'TEXT' => 'on'
         ));
@@ -459,7 +459,7 @@
         $ctmp=' style="text-decoration: underline;"';
       }
       $menubtn->assign_vars(array(
-          'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'.$ctmp,
+          'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp,
           'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true),
           'TEXT' => 'off'
         ));
@@ -472,7 +472,7 @@
         $ctmp=' style="text-decoration: underline;"';
       }
       $menubtn->assign_vars(array(
-          'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'.$ctmp,
+          'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp,
           'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true),
           'TEXT' => 'global'
         ));
diff -r bb4e677a4da9 -r d807dcd7aed7 plugins/SpecialAdmin.php
--- a/plugins/SpecialAdmin.php	Sat Aug 25 12:53:03 2007 -0400
+++ b/plugins/SpecialAdmin.php	Sun Aug 26 16:48:15 2007 -0400
@@ -793,7 +793,7 @@
   if(isset($_POST['go']))
   {
     // We need the user ID before we can do anything
-    $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
+    $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
     if ( !$q )
     {
       die('Error selecting user ID: '.mysql_error());
@@ -848,13 +848,30 @@
           }
         }
         
+        // update account activation
+        if ( isset($_POST['account_active']) )
+        {
+          // activate account
+          $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');
+          if ( !$q )
+            $db->_die();
+        }
+        else
+        {
+          // deactivate account and throw away the old key
+          $actkey = sha1 ( microtime() . mt_rand() );
+          $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');
+          if ( !$q )
+            $db->_die();
+        }
+        
         echo('<div class="info-box">Your changes have been saved.</div>');
       }
       else
       {
         echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
       }
-      $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
+      $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
       if ( !$q )
       {
         die('Error selecting user ID: '.mysql_error());
@@ -898,6 +915,7 @@
           <tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
           ' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
           <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
+          <tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>
           <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
           <tr><td align="center" colspan="2">
           <input type="submit" name="save" value="Save Changes" /></td></tr>