--- a/.hgtags Thu Sep 27 15:55:37 2007 -0400
+++ b/.hgtags Sat Nov 03 07:43:35 2007 -0400
@@ -3,3 +3,6 @@
8df3abef66473fef1a8ecbbd60a4e94e4f466ec4 release
ca9118d9c0f2be22407860f41523f47b2862b34a rebrand
6f0bbf88c3251ca597cb76ac8b59a1ee61d6dd3d rebrand
+0b5244001799fa29e83bf06c5f14eb69350f171c rebrand
+42c6c83b8a004163c9cc2d85f3c8eada3b73adf6 rebrand
+d53cc29308f4f4b97fc6d054e9e0855f37137409 rebrand
--- a/ajax.php Thu Sep 27 15:55:37 2007 -0400
+++ b/ajax.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,410 +1,425 @@
-<?php
-
-/*
- * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
- * Copyright (C) 2006-2007 Dan Fuhry
- *
- * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
- */
-
- // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
- if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
- {
- // setup and load a very basic, specialized instance of the Enano API
- function dc_here($m) { return false; }
- function dc_dump($a, $g) { return false; }
- function dc_watch($n) { return false; }
- function dc_start_timer($u) { return false; }
- function dc_stop_timer($m) { return false; }
- // Determine directory (special case for development servers)
- if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
- {
- $filename = str_replace('/repo/', '/', __FILE__);
- }
- else
- {
- $filename = __FILE__;
- }
- define('ENANO_ROOT', dirname($filename));
- require(ENANO_ROOT.'/includes/functions.php');
- require(ENANO_ROOT.'/includes/dbal.php');
- $db = new mysql();
- $db->connect();
-
- // should be connected now
- $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
- if ( !$name )
- {
- die('userlist = new Array(); errorstring=\'Invalid URI\'');
- }
- $q = $db->sql_query('SELECT username,user_id FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\');');
- if ( !$q )
- {
- die('userlist = new Array(); errorstring=\'MySQL error selecting username data: '.addslashes(mysql_error()).'\'');
- }
- if($db->numrows() < 1)
- {
- die('userlist = new Array(); errorstring=\'No usernames found\';');
- }
- echo 'var errorstring = false; userlist = new Array();';
- $i = 0;
- while($r = $db->fetchrow())
- {
- echo "userlist[$i] = '".addslashes($r['username'])."'; ";
- $i++;
- }
- $db->free_result();
-
- // all done! :-)
- $db->close();
- exit;
- }
-
- require('includes/common.php');
-
- global $db, $session, $paths, $template, $plugins; // Common objects
- if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
-
- $_ob = '';
-
- switch($_GET['_mode']) {
- case "checkusername":
- echo PageUtils::checkusername($_GET['name']);
- break;
- case "getsource":
- $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
- echo PageUtils::getsource($paths->page, $p);
- break;
- case "getpage":
- // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
- $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
- $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
-
- $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
- $page->password = $pagepass;
-
- $page->send();
- break;
- case "savepage":
- $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
- $minor = isset($_POST['minor']);
- $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
- if($e=='good')
- {
- $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
- $page->send();
- }
- else
- {
- echo 'Error saving the page: '.$e;
- }
- break;
- case "protect":
- echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
- break;
- case "histlist":
- echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
- break;
- case "rollback":
- echo PageUtils::rollback( (int)$_GET['id'] );
- break;
- case "comments":
- $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
- if ( isset($_POST['data']) )
- {
- $comments->process_json($_POST['data']);
- }
- else
- {
- die('{ "mode" : "error", "error" : "No input" }');
- }
- break;
- case "rename":
- echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
- break;
- case "flushlogs":
- echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
- break;
- case "deletepage":
- $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
- if ( empty($reason) )
- die('Please enter a reason for deleting this page.');
- echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
- break;
- case "delvote":
- echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
- break;
- case "resetdelvotes":
- echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
- break;
- case "getstyles":
- echo PageUtils::getstyles($_GET['id']);
- break;
- case "catedit":
- echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
- break;
- case "catsave":
- echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
- break;
- case "setwikimode":
- echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
- break;
- case "setpass":
- echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
- break;
- case "fillusername":
- break;
- case "fillpagename":
- $name = (isset($_GET['name'])) ? $_GET['name'] : false;
- if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
- $nd = RenderMan::strToPageID($name);
- $c = 0;
- $u = Array();
- $n = Array();
-
- $name = sanitize_page_id($name);
- $name = str_replace('_', ' ', $name);
-
- for($i=0;$i<sizeof($paths->pages)/2;$i++)
- {
- if( (
- preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
- preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
- preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
- preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
- preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
- preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
- ) &&
- ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
- && $paths->pages[$i]['visible']
- )
- {
- $c++;
- $u[] = $paths->pages[$i]['name'];
- $n[] = $paths->pages[$i]['urlname'];
- }
- }
- if($c > 0)
- {
- echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
- for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
- {
- echo "userlist[$i] = '".addslashes($n[$i])."';\n";
- echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
- }
- } else {
- die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
- }
- break;
- case "preview":
- echo PageUtils::genPreview($_POST['text']);
- break;
- case "pagediff":
- $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
- $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
- if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
- if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
- !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
- echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
- break;
- case "jsres":
- die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
- break;
- case "rdns":
- if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
- $ip = $_GET['ip'];
- $rdns = gethostbyaddr($ip);
- if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
- else echo $rdns;
- break;
- case 'acljson':
- $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
- echo PageUtils::acl_json($parms);
- break;
- case "change_theme":
- if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
- {
- die('Invalid input');
- }
- if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
- {
- die('Invalid input');
- }
- if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
- {
- die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
- }
- if ( !$session->user_logged_in )
- {
- die('You must be logged in to change your theme');
- }
- // Just in case something slipped through...
- $theme_id = $db->escape($_POST['theme_id']);
- $style_id = $db->escape($_POST['style_id']);
- $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
- if ( !$e )
- die( $db->get_error() );
- die('GOOD');
- break;
- case 'get_tags':
- $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
-
- $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
- $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
- LEFT JOIN '.table_prefix.'page_groups AS pg
- ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
- WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
- if ( !$q )
- $db->_die();
-
- while ( $row = $db->fetchrow() )
- {
- $can_del = true;
-
- $perm = ( $row['user'] != $session->user_id ) ?
- 'tag_delete_other' :
- 'tag_delete_own';
-
- if ( $row['user'] == 1 && !$session->user_logged_in )
- // anonymous user trying to delete tag (hardcode blacklisted)
- $can_del = false;
-
- if ( !$session->get_permissions($perm) )
- $can_del = false;
-
- if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
- $can_del = false;
-
- $ret['tags'][] = array(
- 'id' => $row['tag_id'],
- 'name' => $row['tag_name'],
- 'can_del' => $can_del,
- 'acl' => ( $row['used_in_acl'] == 1 )
- );
- }
-
- echo $json->encode($ret);
-
- break;
- case 'addtag':
- $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
- $resp = array(
- 'success' => false,
- 'error' => 'No error',
- 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
- 'in_acl' => false
- );
-
- // first of course, are we allowed to tag pages?
- if ( !$session->get_permissions('tag_create') )
- {
- $resp['error'] = 'You are not permitted to tag pages.';
- die($json->encode($resp));
- }
-
- // sanitize the tag name
- $tag = sanitize_tag($_POST['tag']);
- $tag = $db->escape($tag);
-
- if ( strlen($tag) < 2 )
- {
- $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
- die($json->encode($resp));
- }
-
- // check if tag is already on page
- $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
- if ( !$q )
- $db->_die();
- if ( $db->numrows() > 0 )
- {
- $resp['error'] = 'This page already has this tag.';
- die($json->encode($resp));
- }
- $db->free_result();
-
- // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
- $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
- $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
- if ( !$q )
- $db->_die();
- if ( $db->numrows() > 0 && !$can_edit_acl )
- {
- $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
- die($json->encode($resp));
- }
- $resp['in_acl'] = ( $db->numrows() > 0 );
- $db->free_result();
-
- // we're good
- $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
- if ( !$q )
- $db->_die();
-
- $resp['success'] = true;
- $resp['tag'] = $tag;
- $resp['tag_id'] = $db->insert_id();
-
- echo $json->encode($resp);
- break;
- case 'deltag':
-
- $tag_id = intval($_POST['tag_id']);
- if ( empty($tag_id) )
- die('Invalid tag ID');
-
- $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
- LEFT JOIN '.table_prefix.'page_groups AS pg
- ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
- WHERE t.tag_id=' . $tag_id . ';');
-
- if ( !$q )
- $db->_die();
-
- if ( $db->numrows() < 1 )
- die('Could not find a tag with that ID');
-
- $row = $db->fetchrow();
- $db->free_result();
-
- if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
- $perms =& $session;
- else
- $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
-
- $perm = ( $row['user'] != $session->user_id ) ?
- 'tag_delete_other' :
- 'tag_delete_own';
-
- if ( $row['user'] == 1 && !$session->user_logged_in )
- // anonymous user trying to delete tag (hardcode blacklisted)
- die('You are not authorized to delete this tag.');
-
- if ( !$perms->get_permissions($perm) )
- die('You are not authorized to delete this tag.');
-
- if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
- die('You are not authorized to delete this tag.');
-
- // We're good
- $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
- if ( !$q )
- $db->_die();
-
- echo 'success';
-
- break;
- case 'ping':
- echo 'pong';
- break;
- default:
- die('Hacking attempt');
- break;
- }
-
+<?php
+
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.1.1
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+ // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
+ if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
+ {
+ // setup and load a very basic, specialized instance of the Enano API
+ function dc_here($m) { return false; }
+ function dc_dump($a, $g) { return false; }
+ function dc_watch($n) { return false; }
+ function dc_start_timer($u) { return false; }
+ function dc_stop_timer($m) { return false; }
+ // Determine directory (special case for development servers)
+ if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
+ {
+ $filename = str_replace('/repo/', '/', __FILE__);
+ }
+ else
+ {
+ $filename = __FILE__;
+ }
+ define('ENANO_ROOT', dirname($filename));
+ require(ENANO_ROOT.'/includes/functions.php');
+ require(ENANO_ROOT.'/includes/dbal.php');
+ require(ENANO_ROOT.'/includes/json.php');
+ $db = new mysql();
+ $db->connect();
+
+ // result is sent using JSON
+ $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ $return = Array(
+ 'mode' => 'success',
+ 'users_real' => Array()
+ );
+
+ // should be connected to the DB now
+ $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
+ if ( !$name )
+ {
+ $return = array(
+ 'mode' => 'error',
+ 'error' => 'Invalid URI'
+ );
+ die( $json->encode($return) );
+ }
+ $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
+ $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
+ if ( !$q )
+ {
+ $return = array(
+ 'mode' => 'error',
+ 'error' => 'MySQL error selecting username data: '.addslashes(mysql_error())
+ );
+ die( $json->encode($return) );
+ }
+ $i = 0;
+ while($r = $db->fetchrow())
+ {
+ $return['users_real'][] = $r['username'];
+ $i++;
+ }
+ $db->free_result();
+
+ // all done! :-)
+ $db->close();
+
+ echo $json->encode( $return );
+
+ exit;
+ }
+
+ require('includes/common.php');
+
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
+
+ $_ob = '';
+
+ switch($_GET['_mode']) {
+ case "checkusername":
+ echo PageUtils::checkusername($_GET['name']);
+ break;
+ case "getsource":
+ $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
+ echo PageUtils::getsource($paths->page, $p);
+ break;
+ case "getpage":
+ // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
+ $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
+ $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
+
+ $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
+ $page->password = $pagepass;
+
+ $page->send();
+ break;
+ case "savepage":
+ $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
+ $minor = isset($_POST['minor']);
+ $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
+ if($e=='good')
+ {
+ $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
+ $page->send();
+ }
+ else
+ {
+ echo '<p>Error saving the page: '.$e.'</p>';
+ }
+ break;
+ case "protect":
+ echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
+ break;
+ case "histlist":
+ echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case "rollback":
+ echo PageUtils::rollback( (int)$_GET['id'] );
+ break;
+ case "comments":
+ $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
+ if ( isset($_POST['data']) )
+ {
+ $comments->process_json($_POST['data']);
+ }
+ else
+ {
+ die('{ "mode" : "error", "error" : "No input" }');
+ }
+ break;
+ case "rename":
+ echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
+ break;
+ case "flushlogs":
+ echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case "deletepage":
+ $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
+ if ( empty($reason) )
+ die('Please enter a reason for deleting this page.');
+ echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
+ break;
+ case "delvote":
+ echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case "resetdelvotes":
+ echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case "getstyles":
+ echo PageUtils::getstyles($_GET['id']);
+ break;
+ case "catedit":
+ echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case "catsave":
+ echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
+ break;
+ case "setwikimode":
+ echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
+ break;
+ case "setpass":
+ echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
+ break;
+ case "fillusername":
+ break;
+ case "fillpagename":
+ $name = (isset($_GET['name'])) ? $_GET['name'] : false;
+ if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
+ $nd = RenderMan::strToPageID($name);
+ $c = 0;
+ $u = Array();
+ $n = Array();
+
+ $name = sanitize_page_id($name);
+ $name = str_replace('_', ' ', $name);
+
+ for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ {
+ if( (
+ preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
+ preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
+ preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
+ preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
+ ) &&
+ ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
+ && $paths->pages[$i]['visible']
+ )
+ {
+ $c++;
+ $u[] = $paths->pages[$i]['name'];
+ $n[] = $paths->pages[$i]['urlname'];
+ }
+ }
+ if($c > 0)
+ {
+ echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
+ for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
+ {
+ echo "userlist[$i] = '".addslashes($n[$i])."';\n";
+ echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
+ }
+ } else {
+ die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
+ }
+ break;
+ case "preview":
+ echo PageUtils::genPreview($_POST['text']);
+ break;
+ case "pagediff":
+ $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
+ if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
+ !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
+ echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
+ break;
+ case "jsres":
+ die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
+ break;
+ case "rdns":
+ if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
+ $ip = $_GET['ip'];
+ $rdns = gethostbyaddr($ip);
+ if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
+ else echo $rdns;
+ break;
+ case 'acljson':
+ $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
+ echo PageUtils::acl_json($parms);
+ break;
+ case "change_theme":
+ if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
+ {
+ die('Invalid input');
+ }
+ if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
+ {
+ die('Invalid input');
+ }
+ if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
+ {
+ die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
+ }
+ if ( !$session->user_logged_in )
+ {
+ die('You must be logged in to change your theme');
+ }
+ // Just in case something slipped through...
+ $theme_id = $db->escape($_POST['theme_id']);
+ $style_id = $db->escape($_POST['style_id']);
+ $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
+ if ( !$e )
+ die( $db->get_error() );
+ die('GOOD');
+ break;
+ case 'get_tags':
+ $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+
+ $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
+ $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
+ LEFT JOIN '.table_prefix.'page_groups AS pg
+ ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
+ WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
+ if ( !$q )
+ $db->_die();
+
+ while ( $row = $db->fetchrow() )
+ {
+ $can_del = true;
+
+ $perm = ( $row['user'] != $session->user_id ) ?
+ 'tag_delete_other' :
+ 'tag_delete_own';
+
+ if ( $row['user'] == 1 && !$session->user_logged_in )
+ // anonymous user trying to delete tag (hardcode blacklisted)
+ $can_del = false;
+
+ if ( !$session->get_permissions($perm) )
+ $can_del = false;
+
+ if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
+ $can_del = false;
+
+ $ret['tags'][] = array(
+ 'id' => $row['tag_id'],
+ 'name' => $row['tag_name'],
+ 'can_del' => $can_del,
+ 'acl' => ( $row['used_in_acl'] == 1 )
+ );
+ }
+
+ echo $json->encode($ret);
+
+ break;
+ case 'addtag':
+ $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ $resp = array(
+ 'success' => false,
+ 'error' => 'No error',
+ 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
+ 'in_acl' => false
+ );
+
+ // first of course, are we allowed to tag pages?
+ if ( !$session->get_permissions('tag_create') )
+ {
+ $resp['error'] = 'You are not permitted to tag pages.';
+ die($json->encode($resp));
+ }
+
+ // sanitize the tag name
+ $tag = sanitize_tag($_POST['tag']);
+ $tag = $db->escape($tag);
+
+ if ( strlen($tag) < 2 )
+ {
+ $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
+ die($json->encode($resp));
+ }
+
+ // check if tag is already on page
+ $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
+ if ( !$q )
+ $db->_die();
+ if ( $db->numrows() > 0 )
+ {
+ $resp['error'] = 'This page already has this tag.';
+ die($json->encode($resp));
+ }
+ $db->free_result();
+
+ // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
+ $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
+ $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
+ if ( !$q )
+ $db->_die();
+ if ( $db->numrows() > 0 && !$can_edit_acl )
+ {
+ $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
+ die($json->encode($resp));
+ }
+ $resp['in_acl'] = ( $db->numrows() > 0 );
+ $db->free_result();
+
+ // we're good
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
+ if ( !$q )
+ $db->_die();
+
+ $resp['success'] = true;
+ $resp['tag'] = $tag;
+ $resp['tag_id'] = $db->insert_id();
+
+ echo $json->encode($resp);
+ break;
+ case 'deltag':
+
+ $tag_id = intval($_POST['tag_id']);
+ if ( empty($tag_id) )
+ die('Invalid tag ID');
+
+ $q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
+ LEFT JOIN '.table_prefix.'page_groups AS pg
+ ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
+ WHERE t.tag_id=' . $tag_id . ';');
+
+ if ( !$q )
+ $db->_die();
+
+ if ( $db->numrows() < 1 )
+ die('Could not find a tag with that ID');
+
+ $row = $db->fetchrow();
+ $db->free_result();
+
+ if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
+ $perms =& $session;
+ else
+ $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
+
+ $perm = ( $row['user'] != $session->user_id ) ?
+ 'tag_delete_other' :
+ 'tag_delete_own';
+
+ if ( $row['user'] == 1 && !$session->user_logged_in )
+ // anonymous user trying to delete tag (hardcode blacklisted)
+ die('You are not authorized to delete this tag.');
+
+ if ( !$perms->get_permissions($perm) )
+ die('You are not authorized to delete this tag.');
+
+ if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
+ die('You are not authorized to delete this tag.');
+
+ // We're good
+ $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
+ if ( !$q )
+ $db->_die();
+
+ echo 'success';
+
+ break;
+ case 'ping':
+ echo 'pong';
+ break;
+ default:
+ die('Hacking attempt');
+ break;
+ }
+
?>
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cron.php Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,54 @@
+<?php
+
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.0.2 (Coblynau)
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+//
+// cron.php - Maintenance tasks that should be run periodically
+//
+
+// The cron script is triggered by way of an image. This is a 1x1px transparent GIF.
+define('ENANO_GIF_SPACER', base64_decode('R0lGODlhAQABAIAAAP///////yH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAh+QQBCgABACwAAAAAAQABAAACAkwBADs='));
+
+// Don't need a page to load, all we should need is the Enano API
+$_GET['title'] = 'Enano:Cron';
+require('includes/common.php');
+
+global $db, $session, $paths, $template, $plugins; // Common objects
+
+// Hope now that plugins are loaded :-)
+$last_run = ( $x = getConfig('cron_last_run') ) ? $x : 0;
+$time = strval(time());
+setConfig('cron_last_run', $time);
+
+global $cron_tasks;
+
+foreach ( $cron_tasks as $interval => $tasks )
+{
+ $last_run_threshold = time() - ( $interval * 3600 );
+ if ( $last_run_threshold >= $last_run )
+ {
+ foreach ( $tasks as $task )
+ {
+ @call_user_func($task);
+ }
+ }
+}
+
+header('Pragma: no-cache');
+header('Cache-control: no-cache');
+header('Expires: Thu, 1 Jan 1970 00:00:01 GMT');
+header('Content-type: image/gif');
+
+echo ENANO_GIF_SPACER;
+
+?>
--- a/includes/captcha.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/captcha.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,7 +1,8 @@
<?php
+
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* captcha.php - visual confirmation system used during registration
*
--- a/includes/clientside/jsres.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/jsres.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* jsres.php - the Enano client-side runtime, a.k.a. AJAX on steroids
*
@@ -40,7 +40,7 @@
{
echo "/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* [Aggressively compressed] Javascript client code
* Copyright (C) 2006-2007 Dan Fuhry
* Enano is Free Software, licensed under the GNU General Public License; see http://enanocms.org/ for details.
--- a/includes/clientside/sbedit.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/sbedit.js Sat Nov 03 07:43:35 2007 -0400
@@ -123,3 +123,71 @@
});
}
+function ajaxRenameSidebarStage1(parent, id)
+{
+ var oldname = parent.firstChild.nodeValue;
+ parent.removeChild(parent.firstChild);
+ parent.ondblclick = function() {};
+ parent._idcache = id;
+ var input = document.createElement('input');
+ input.type = 'text';
+ input.sbedit_id = id;
+ input.oldvalue = oldname;
+ input.onkeyup = function(e)
+ {
+ if ( typeof(e) != 'object' )
+ return false;
+ if ( !e.keyCode )
+ return false;
+ if ( e.keyCode == 13 )
+ {
+ ajaxRenameSidebarStage2(this);
+ }
+ if ( e.keyCode == 27 )
+ {
+ ajaxRenameSidebarCancel(this);
+ }
+ };
+ input.onblur = function()
+ {
+ ajaxRenameSidebarCancel(this);
+ };
+ input.value = oldname;
+ input.style.fontSize = '7pt';
+ parent.appendChild(input);
+ input.focus();
+}
+
+function ajaxRenameSidebarStage2(input)
+{
+ var newname = input.value;
+ var id = input.sbedit_id;
+ var parent = input.parentNode;
+ parent.removeChild(input);
+ parent.appendChild(document.createTextNode(( newname == '' ? '<Unnamed>' : newname )));
+ parent.ondblclick = function() { ajaxRenameSidebarStage1(this, this._idcache); return false; };
+ var img = document.createElement('img');
+ img.src = scriptPath + '/images/loading.gif';
+ parent.appendChild(img);
+ newname = ajaxEscape(newname);
+ ajaxPost(makeUrlNS('Special', 'EditSidebar', 'ajax&noheaders&action=rename&id='+id), 'newname=' +newname, function()
+ {
+ if ( ajax.readyState == 4 )
+ {
+ parent.removeChild(img);
+ if ( ajax.responseText != 'GOOD' )
+ new messagebox(MB_OK|MB_ICONSTOP, 'Error renaming block', ajax.responseText);
+ }
+ });
+}
+
+function ajaxRenameSidebarCancel(input)
+{
+ var newname = input.oldvalue;
+ var id = input.sbedit_id;
+ var parent = input.parentNode;
+ parent.removeChild(input);
+ parent.appendChild(document.createTextNode(newname));
+ parent.ondblclick = function() { ajaxRenameSidebarStage1(this, this._idcache); return false; };
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/includes/clientside/static/SpryEffects.js Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,29 @@
+// Spry.Effect.js - version 0.38 - Spry Pre-Release 1.6
+//
+// Copyright (c) 2007. Adobe Systems Incorporated.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+// * Neither the name of Adobe Systems Incorporated nor the names of its
+// contributors may be used to endorse or promote products derived from this
+// software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+// POSSIBILITY OF SUCH DAMAGE.
+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('h b;j(!b)b={};b.15=1;b.1J=2;j(!b.c)b.c={};b.c.4Z={43:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+(19/r)*1e},4q:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+((-1g.5W((19/r)*1g.5V)/2)+0.5)*1e},6a:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+1g.4C(19/r,2)*1e},7G:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+1g.50(19/r)*1e},3I:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+1g.50((-1g.5W((19/r)*1g.5V)/2)+0.5)*1e},5Z:p(19,1c,1e,r){j(19>r)q 1e+1c;h 1F=19/r;q 1c+1g.50(1-1g.4C((1F-1),2))*1e},7J:p(19,1c,1e,r){j(19>r)q 1e+1c;q 1c+(0.5+1g.7E(17*19/r)/2)*1e},7D:p(19,1c,1e,r){j(19>r)q 1e+1c;h 1F=19/r;q 1c+(5*1g.4C(1F,3)-6.4*1g.4C(1F,2)+2*1F)*1e}};18(h 51 3K b.c.4Z){b[51]=b.c.4Z[51]}b.c.3V=p(){8.2R=[]};b.c.3V.w.4W=p(k,d){h a={};a.k=b.c.1x(k);a.d=d;18(h i=0;i<8.2R.M;i++)j(8.5U(8.2R[i],a))q 8.2R[i].J;q D};b.c.3V.w.6e=p(J,k,d){j(!8.4W(k,d)){h 2C=8.2R.M;8.2R[2C]={};h 4F=8.2R[2C];4F.J=J;4F.k=b.c.1x(k);4F.d=d}};b.c.3V.w.5U=p(3U,32){j(3U.k!=32.k)q D;h 52=b.c.m.6b(3U.d,32.d);j(52){j(1n 32.d.3A==\'p\')3U.d.3A=32.d.3A;j(1n 32.d.3o==\'p\')3U.d.3o=32.d.3o}q 52};h 4R=B b.c.3V;j(!b.c.m)b.c.m={};b.c.m.1D=p(61){7V(\'b.c 7W: \'+61)};b.c.m.21=p(J){b.c.m.1D(\'7S \'+J+\' 7R 7N\\\'t 7M 7w 7P a 5o p 7Q. \'+"\\n"+\'7Y 7r b 7c 7f 7e.\');q D};b.c.m.1G=p(){8.x=0;8.y=0;8.N="1Q"};b.c.m.2d=p(){8.A=0;8.C=0;8.N="1Q"};b.c.m.3m=p(5R){h 1H=5R.7h(16);j(1H.M==1)1H="0"+1H;q 1H};b.c.m.2e=p(64){q Y(64,16)};b.c.m.3j=p(5Q,5J,5I){h 3m=b.c.m.3m;h 5L=3m(5Q);h 5O=3m(5J);h 5N=3m(5I);4i=5L.7a(5O,5N).6i();4i=\'#\'+4i;q 4i};b.c.m.5k=p(2K){j(2K.7j(/^#[0-7s-f]{3}$/i)){h 3x=2K.6l(\'\');h 2K=\'#\';18(h i=1;i<3x.M;i++){2K+=3x[i]+\'\'+3x[i]}}q 2K};b.c.m.5f=p(4k){j(4k.25(\'-\')==-1){q 4k}h 44=4k.6l(\'-\');h 53=O;h 4y=\'\';18(h i=0;i<44.M;i++){j(44[i].M>0){j(53){4y=44[i];53=D}H{h s=44[i];4y+=s.7q(0).6i()+s.2s(1)}}}q 4y};b.c.m.1N=p(1i){h 1H=D;j(1n 1i==\'58\'&&1i.M>0&&1i.33("%")>0)1H=O;q 1H};b.c.m.1k=p(1i){h 1H=0;38{1H=4a(1i.2s(0,1i.33("%")))}37(e){b.c.m.1D(\'b.c.m.1k: \'+e)}q 1H};b.c.m.2A=p(1i){h 1H=0;j(1n 1i==\'5T\')q 1i;h 4j=1i.33("1Q");j(4j==-1)4j=1i.M;38{1H=Y(1i.2s(0,4j),10)}37(e){}q 1H};b.c.m.6r=p(2X){j(2X){h 3e=2X.7l;71(3e){j(3e.5b==1)q 3e;3e=3e.7k}}q z};b.c.m.6A=p(3L,4Y){j(!3L||3L.5b!=1||!4Y)q;j(3L.7m()){h 2g=3L.7Z(\'7n\');h 6h=2g.M;18(h i=0;i<6h;i++){h 4X=2g[i];h 4T=b.c.4b(4X);4Y.7O([4X,4T.A,4T.C])}}};b.c.m.6b=p(35,3p){j(35==z&&3p==z)q O;j(35!=z&&3p!=z){h 4S=0;h 4U=0;18(h 8x 3K 35)4S++;18(h 8y 3K 3p)4U++;j(4S!=4U)q D;18(h 1y 3K 35){h 4V=1n 35[1y];h 6f=1n 3p[1y];j(4V!=6f||(4V!=\'3D\'&&35[1y]!=3p[1y]))q D}q O}q D};b.c.m.23=p(54,k,d){j(!d)h d={};d.1t=54;h 40=4R.4W(k,d);j(!40){40=B b.c[54](k,d);4R.6e(40,k,d)}40.2J();q O};j(!b.m)b.m={};b.m.2y=p(){8.2m=[];8.3Y=0};b.m.2y.w.2N=p(36){j(!36)q;h 2C=8.2m.M;18(h i=0;i<2C;i++)j(8.2m[i]==36)q;8.2m[2C]=36};b.m.2y.w.8n=p(36){j(!36)q;18(h i=0;i<8.2m.M;i++){j(8.2m[i]==36){8.2m.88(i,1);3P}}};b.m.2y.w.2t=p(3X,55){j(!3X)q;j(!8.3Y){h 2C=8.2m.M;18(h i=0;i<2C;i++){h 3y=8.2m[i];j(3y){j(1n 3y=="p")3y(3X,8,55);H j(3y[3X])3y[3X](8,55)}}}};b.m.2y.w.69=p(){j(--8.3Y<0){8.3Y=0;b.c.m.1D("82 69() 1s!\\n")}};b.m.2y.w.84=p(){++8.3Y};b.c.1x=p(2Q){h k=2Q;j(1n 2Q=="58")k=3f.70(2Q);j(k==z)b.c.m.1D(\'8c "\'+2Q+\'" 8j 4p.\');q k};b.c.1a=p(k,1y){h 1i;h 5e=b.c.m.5f(1y);38{j(k.11)1i=k.11[5e];j(!1i){j(3f.4J&&3f.4J.2x){h 5d=3f.4J.2x(k,z);1i=5d?5d.8m(1y):z}H j(k.57){1i=k.57[5e]}}}37(e){b.c.m.1D(\'b.c.1a: \'+e)}q 1i==\'8d\'?z:1i};b.c.1h=p(k,1y,1i){38{k.11[b.c.m.5f(1y)]=1i}37(e){b.c.m.1D(\'b.c.1h: \'+e)}};b.c.2Z=p(k,1y,3i){h 1z=3i?3i:k;h 3k=b.c.1a(1z,\'1R\');h 4E=b.c.1a(1z,\'2l\');j(3k==\'1Z\'){b.c.1h(1z,\'2l\',\'3d\');b.c.1h(1z,\'1R\',\'3T\');j(47.56)1z.5M()}h 6q=b.c.1a(k,1y);j(3k==\'1Z\'){b.c.1h(1z,\'1R\',\'1Z\');b.c.1h(1z,\'2l\',4E)}q 6q};b.c.2L=p(k){h 1F=b.c.1a(k,\'1L\');j(!1F||1F==\'5o\'){k.11.1L=\'6g\';j(47.56){k.11.1b=0;k.11.1f=0}}};b.c.5i=p(k){h 3E=b.c.1a(k,\'1R\');j(3E&&3E.3C()==\'1Z\')q O;h 3B=b.c.1a(k,\'2l\');j(3B&&3B.3C()==\'3d\')q O;q D};b.c.2o=p(k){h 3E=b.c.1a(k,\'1R\');j(3E&&3E.3C()==\'1Z\')b.c.1h(k,\'1R\',\'3T\');h 3B=b.c.1a(k,\'2l\');j(3B&&3B.3C()==\'3d\')b.c.1h(k,\'2l\',\'8h\')};b.c.3l=p(k){h 3z=b.c.1a(k,\'3z\');j(!3z||(3z.3C()!=\'3d\'&&3z.3C()!=\'81\')){h 5c=0;h 5g=/2M 7.0/.1j(27.26)&&/5n 5D/.1j(27.26);j(5g)5c=b.c.2n(k).C;b.c.1h(k,\'3z\',\'3d\');j(5g)b.c.1h(k,\'C\',5c+\'1Q\')}};b.c.65=p(k){h 6j=k.6t.M;18(h i=6j-1;i>=0;i--){h 2X=k.6t[i];j(2X.5b==3&&!/\\S/.1j(2X.8I))38{k.8z(2X)}37(e){b.c.m.1D(\'b.c.65: \'+e)}}};b.c.2x=p(k){q/2M/.1j(27.26)?k.57:3f.4J.2x(k,z)};b.c.4b=p(k){h 1T=B b.c.m.2d;h 1d=z;j(k.11.A&&/1Q/i.1j(k.11.A))1T.A=Y(k.11.A,10);H{1d=b.c.2x(k);h 1W=1d&&1d.A&&/1Q/i.1j(1d.A);j(1W)1T.A=Y(1d.A,10);j(!1W||1T.A==0)1T.A=k.8p}j(k.11.C&&/1Q/i.1j(k.11.C))1T.C=Y(k.11.C,10);H{j(!1d)1d=b.c.2x(k);h 1W=1d&&1d.C&&/1Q/i.1j(1d.C);j(1W)1T.C=Y(1d.C,10);j(!1W||1T.C==0)1T.C=k.8t}q 1T};b.c.2n=p(k,3i){h 1z=3i?3i:k;h 3k=b.c.1a(1z,\'1R\');h 4E=b.c.1a(1z,\'2l\');j(3k==\'1Z\'){b.c.1h(1z,\'2l\',\'3d\');b.c.1h(1z,\'1R\',\'3T\');j(47.56)1z.5M()}h 1T=b.c.4b(k);j(3k==\'1Z\'){b.c.1h(1z,\'1R\',\'1Z\');b.c.1h(1z,\'2l\',4E)}q 1T};b.c.5w=p(k){h o=b.c.1a(k,"1E");j(1n o==\'3D\'||o==z)o=1.0;q o};b.c.4G=p(2Q){q b.c.1a(2Q,"4e-2K")};b.c.3W=p(e,1y){h i=Y(b.c.1a(e,1y),10);j(5F(i))q 0;q i};b.c.48=p(k){h 1L=B b.c.m.1G;h 1d=z;j(k.11.1f&&/1Q/i.1j(k.11.1f))1L.x=Y(k.11.1f,10);H{1d=b.c.2x(k);h 1W=1d&&1d.1f&&/1Q/i.1j(1d.1f);j(1W)1L.x=Y(1d.1f,10);j(!1W||1L.x==0)1L.x=k.8g}j(k.11.1b&&/1Q/i.1j(k.11.1b))1L.y=Y(k.11.1b,10);H{j(!1d)1d=b.c.2x(k);h 1W=1d&&1d.1b&&/1Q/i.1j(1d.1b);j(1W)1L.y=Y(1d.1b,10);j(!1W||1L.y==0)1L.y=k.8a}q 1L};b.c.87=b.c.48;b.c.X=p(d){b.m.2y.1s(8);8.1t=\'X\';8.k=z;8.2D=0;8.8E=\'1Z\';8.1u=D;8.49=z;8.2f=0;j(!d)h d={};j(d.F)8.E=D;H 8.E=b.15;h 1q=8;j(d.3A!=z)8.2N({3Q:p(){38{1q.d.3A(1q.k,1q)}37(e){b.c.m.1D(\'b.c.X.w.2J: 3A 5Y: \'+e)}}});j(d.3o!=z)8.2N({3J:p(){38{1q.d.3o(1q.k,1q)}37(e){b.c.m.1D(\'b.c.X.w.29: 3o 5Y: \'+e)}}});8.d={r:1O,F:D,u:b.43,3c:16};8.5X(d);j(d.u)8.59(d.u);j(d.v)8.5a(d.v)};b.c.X.w=B b.m.2y();b.c.X.w.1v=b.m.X;b.c.X.w.1Y=O;b.c.X.w.5X=p(d){j(!d)q;18(h 1y 3K d)8.d[1y]=d[1y]};b.c.X.w.59=p(u){j(1n u==\'5T\'||u=="1"||u=="2")7d(Y(u,10)){5S 1:u=b.43;3P;5S 2:u=b.4q;3P;7g:b.c.m.1D(\'4Q u\')}H j(1n u==\'58\'){j(1n 47[u]==\'p\')u=47[u];H j(1n b[u]==\'p\')u=b[u];H b.c.m.1D(\'4Q u\')}8.d.u=u;j(1n 8.G!=\'3D\'){h l=8.G.M;18(h i=0;i<l;i++)8.G[i].J.59(u)}};b.c.X.w.6o=p(r){8.d.r=r;j(1n 8.G!=\'3D\'){h l=8.G.M;18(h i=0;i<l;i++){8.G[i].J.6o(r)}}};b.c.X.w.5a=p(v){8.d.3c=Y(1O/v,10);8.d.v=v;j(1n 8.G!=\'3D\'){h l=8.G.M;18(h i=0;i<l;i++){8.G[i].J.5a(v)}}};b.c.X.w.2J=p(4K){j(!8.k)q;j(3Z.M==0)4K=D;j(8.1u)8.4z();8.2W();h 4H=B 78();8.2D=4H.76();j(8.k.6Z)8.k=3f.70(8.k.6Z);j(8.2f!=0&&8.d.F){j(8.2f<1&&1n 8.d.u==\'p\'){h 4o=0;h 5h=8.d.r;h 2J=0;h 29=1;h 72=0;8.2f=1g.77(8.2f*1O)/1O;h 4p=D;h 3F=0;71(!4p){j(72++>8.d.r)3P;h 3S=4o+((5h-4o)/2);3F=1g.77(8.d.u(3S,1,-1,8.d.r)*1O)/1O;j(3F==8.2f){8.2D-=3S;4p=O}j(3F<8.2f){5h=3S;29=3F}H{4o=3S;2J=3F}}}8.2f=0}8.2t(\'3Q\',8);j(4K==D){h 1q=8;8.49=5x(p(){1q.4D()},8.d.3c)}8.1u=O};b.c.X.w.4A=p(){j(8.49){8e(8.49);8.49=z}8.2D=0};b.c.X.w.29=p(){8.4A();8.2t(\'3J\',8);8.1u=D};b.c.X.w.4z=p(){h 14=8.2I();j(8.2D>0&&14<8.d.r)8.2f=8.d.u(14,0,1,8.d.r);8.4A();8.2t(\'5G\',8);8.1u=D};b.c.X.w.4D=p(){h 1u=O;8.2t(\'4L\',8);h 75=8.2I();j(1n 8.d.u!=\'p\'){b.c.m.1D(\'4Q u\');q}8.3r();j(75>8.d.r){1u=D;8.29()}q 1u};b.c.X.w.2I=p(){j(8.2D>0){h 4H=B 78();q(4H.76()-8.2D)}q 0};b.c.X.w.K=p(){j(!8.E){8.E=b.15;q}j(8.d.F==O){j(8.E==b.15){8.E=b.1J;8.2t(\'5H\',8)}H j(8.E==b.1J){8.E=b.15}}};b.c.X.w.2W=p(){j(8.d&&8.d.F)8.K()};b.c.X.w.3r=p(){};b.c.X.w.4L=p(6X){j(6X!=8)8.2t(\'4L\',8)};b.c.1A=p(k,Z,13,d){8.4P=D;j(3Z.M==3){d=13;13=Z;Z=b.c.48(k);8.4P=O}b.c.X.1s(8,d);8.1t=\'1A\';8.k=b.c.1x(k);j(!8.k)q;j(Z.N!=13.N)b.c.m.1D(\'b.c.1A: 6H N (\'+Z.N+\', \'+13.N+\')\');8.N=Z.N;8.3H=4a(Z.x);8.46=4a(13.x);8.3s=4a(Z.y);8.42=4a(13.y)};b.c.1A.w=B b.c.X();b.c.1A.w.1v=b.c.1A;b.c.1A.w.3r=p(){h 1f=0;h 1b=0;h P=1g.P;h 14=8.2I();j(8.E==b.15){1f=P(8.d.u(14,8.3H,8.46-8.3H,8.d.r));1b=P(8.d.u(14,8.3s,8.42-8.3s,8.d.r))}H j(8.E==b.1J){1f=P(8.d.u(14,8.46,8.3H-8.46,8.d.r));1b=P(8.d.u(14,8.42,8.3s-8.42,8.d.r))}8.k.11.1f=1f+8.N;8.k.11.1b=1b+8.N};b.c.1A.w.2W=p(){j(8.d&&8.d.F)8.K();j(8.4P==O){h Z=b.c.48(8.k);8.3H=Z.x;8.3s=Z.y;8.8v=8.3H-8.46;8.8B=8.3s-8.42}};b.c.1P=p(k,T,12,d){8.5B=D;j(3Z.M==3){d=12;12=T;T=b.c.2n(k);8.5B=O}b.c.X.1s(8,d);8.1t=\'1P\';8.k=b.c.1x(k);j(!8.k)q;k=8.k;j(T.N!=12.N){b.c.m.1D(\'b.c.1P: 6H N (\'+T.N+\', \'+12.N+\')\');q D}8.N=T.N;h 1m=b.c.2n(k);8.2b=1m.A;8.2r=1m.C;8.1K=T.A;8.1M=T.C;8.28=12.A;8.2c=12.C;8.2g=B 63();j(8.d.1S){b.c.2L(8.k);h 1l=b.c.3W;8.6I=1l(k,\'4s-1b-A\');8.6J=1l(k,\'4s-4O-A\');8.6T=1l(k,\'4s-1f-A\');8.6S=1l(k,\'4s-4N-A\');8.6U=1l(k,\'4m-1b\');8.6V=1l(k,\'4m-4O\');8.6W=1l(k,\'4m-1f\');8.6R=1l(k,\'4m-4N\');8.6Q=1l(k,\'3n-1b\');8.6L=1l(k,\'3n-4O\');8.6K=1l(k,\'3n-4N\');8.6M=1l(k,\'3n-1f\');8.8i=1l(k,\'1f\');8.8b=1l(k,\'1b\')}j(8.d.2G)b.c.m.6A(k,8.2g);8.4M=1.0;h 2z=b.c.1a(8.k,\'80-5r\');j(2z&&/74\\s*$/.1j(2z))8.4M=85(2z);h 4c=b.c.m.1N;j(4c(8.1K)){h 6v=b.c.m.1k(8.1K);8.1K=1m.A*(6v/W)}j(4c(8.1M)){h 6u=b.c.m.1k(8.1M);8.1M=1m.C*(6u/W)}j(4c(8.28)){h 6w=b.c.m.1k(8.28);8.28=1m.A*(6w/W)}j(4c(8.2c)){h 6x=b.c.m.1k(8.2c);8.2c=1m.C*(6x/W)}8.2o=b.c.5i(8.k)};b.c.1P.w=B b.c.X();b.c.1P.w.1v=b.c.1P;b.c.1P.w.3r=p(){h A=0;h C=0;h 2z=0;h E=0;h P=1g.P;h 14=8.2I();j(8.E==b.15){A=P(8.d.u(14,8.1K,8.28-8.1K,8.d.r));C=P(8.d.u(14,8.1M,8.2c-8.1M,8.d.r));E=1}H j(8.E==b.1J){A=P(8.d.u(14,8.28,8.1K-8.28,8.d.r));C=P(8.d.u(14,8.2c,8.1M-8.2c,8.d.r));E=-1}h 2a=A/8.2b;2z=8.4M*2a;h 1w=8.k.11;j(A<0)A=0;j(C<0)C=0;1w.A=A+8.N;1w.C=C+8.N;j(1n 8.d.1S!=\'3D\'&&8.d.1S==O){h 1l=b.c.3W;h 79=1l(8.k,\'1b\');h 6C=1l(8.k,\'1f\');h 73=1l(8.k,\'3n-1b\');h 6D=1l(8.k,\'3n-1f\');h 39=2a;h 34=C/8.2r;h 6P=P(8.6I*34);h 6O=P(8.6J*34);h 6N=P(8.6T*39);h 6y=P(8.6S*39);h 6z=P(8.6U*34);h 6Y=P(8.6V*34);h 6B=P(8.6W*39);h 6G=P(8.6R*39);h 5t=P(8.6Q*34);h 6F=P(8.6L*34);h 6E=P(8.6K*39);h 5l=P(8.6M*39);1w.7X=6P+8.N;1w.7H=6O+8.N;1w.8C=6N+8.N;1w.7i=6y+8.N;1w.8s=6z+8.N;1w.8F=6Y+8.N;1w.8o=6B+8.N;1w.8f=6G+8.N;1w.8k=5t+8.N;1w.89=6F+8.N;1w.8D=5l+8.N;1w.8A=6E+8.N;1w.1f=P(6C+6D-5l)+8.N;1w.1b=P(79+73-5t)+8.N}j(8.d.2G){18(h i=0;i<8.2g.M;i++){8.2g[i][0].11.A=2a*8.2g[i][1]+8.N;8.2g[i][0].11.C=2a*8.2g[i][2]+8.N}8.k.11.2z=2z+\'74\'}j(8.2o){b.c.2o(8.k);8.2o=D}};b.c.1P.w.2W=p(){j(8.d&&8.d.F)8.K();j(8.5B==O){h T=b.c.4b(k);8.1K=T.A;8.1M=T.C;8.86=8.1K-8.28;8.8H=8.1M-8.2c}};b.c.24=p(k,2h,2v,d){8.5v=D;j(3Z.M==3){d=2v;2v=2h;2h=b.c.5w(k);8.5v=O}b.c.X.1s(8,d);8.1t=\'24\';8.k=b.c.1x(k);j(!8.k)q;j(/2M/.1j(27.26)&&(!8.k.8w))b.c.1h(8.k,\'83\',\'1\');8.2h=2h;8.2v=2v;8.2o=b.c.5i(8.k)};b.c.24.w=B b.c.X();b.c.24.w.1v=b.c.24;b.c.24.w.3r=p(){h 1E=0;h 14=8.2I();j(8.E==b.15)1E=8.d.u(14,8.2h,8.2v-8.2h,8.d.r);H j(8.E==b.1J)1E=8.d.u(14,8.2v,8.2h-8.2v,8.d.r);j(1E<0)1E=0;j(/2M/.1j(27.26)){h 4d=b.c.1a(8.k,\'4w\');j(4d){4d=4d.5E(/4r\\(1E=[0-9]{1,3}\\)/g,\'\')}8.k.11.4w=4d+"4r(1E="+1g.P(1E*W)+")"}H 8.k.11.1E=1E;j(8.2o){b.c.2o(8.k);8.2o=D}};b.c.24.w.2W=p(){j(8.d&&8.d.F)8.K();j(8.5v==O){8.2h=b.c.5w(k);8.8G=8.2h-8.2v}};b.c.2E=p(k,1U,2w,d){8.5u=D;j(3Z.M==3){d=2w;2w=1U;1U=b.c.4G(k);8.5u=O}b.c.X.1s(8,d);8.1t=\'2E\';8.k=b.c.1x(k);j(!8.k)q;8.1U=1U;8.2w=2w;8.3g=b.c.m.2e(1U.2u(1,2));8.3w=b.c.m.2e(1U.2u(3,2));8.3h=b.c.m.2e(1U.2u(5,2));8.3R=b.c.m.2e(2w.2u(1,2));8.3M=b.c.m.2e(2w.2u(3,2));8.3N=b.c.m.2e(2w.2u(5,2))};b.c.2E.w=B b.c.X();b.c.2E.w.1v=b.c.2E;b.c.2E.w.3r=p(){h 4h=0;h 4g=0;h 4f=0;h P=1g.P;h 14=8.2I();j(8.E==b.15){4h=P(8.d.u(14,8.3g,8.3R-8.3g,8.d.r));4g=P(8.d.u(14,8.3w,8.3M-8.3w,8.d.r));4f=P(8.d.u(14,8.3h,8.3N-8.3h,8.d.r))}H j(8.E==b.1J){4h=P(8.d.u(14,8.3R,8.3g-8.3R,8.d.r));4g=P(8.d.u(14,8.3M,8.3w-8.3M,8.d.r));4f=P(8.d.u(14,8.3N,8.3h-8.3N,8.d.r))}8.k.11.7F=b.c.m.3j(4h,4g,4f)};b.c.2E.w.2W=p(){j(8.d&&8.d.F)8.K();j(8.5u==O){8.1U=b.c.4G(k);8.3g=b.c.m.2e(1U.2u(1,2));8.3w=b.c.m.2e(1U.2u(3,2));8.3h=b.c.m.2e(1U.2u(5,2));8.7b=8.3g-8.3R;8.7v=8.3w-8.3M;8.7u=8.3h-8.3N}};b.c.U=p(d){b.c.X.1s(8,d);8.1t=\'U\';8.G=B 63();8.1C=-1;h 62=p(J,45){8.J=J;8.45=45;8.1u=D};8.5s=62};b.c.U.w=B b.c.X();b.c.U.w.1v=b.c.U;b.c.U.w.5x=p(3c){h l=8.G.M;8.d.3c=3c;18(h i=0;i<l;i++){8.G[i].J.5x(3c)}};b.c.U.w.4D=p(){h 1u=O;h 3q=D;h 5y=D;h 5A=D;j((8.1C==-1&&8.E==b.15)||(8.1C==8.G.M&&8.E==b.1J))8.5z();h 2J=8.E==b.15?0:8.G.M-1;h 29=8.E==b.15?8.G.M:-1;h 3O=8.E==b.15?1:-1;18(h i=2J;i!=29;i+=3O){j(8.G[i].1u==O){5y=8.G[i].J.4D();j(5y==D&&i==8.1C){8.G[i].1u=D;5A=O}}}j(5A==O)3q=8.5z();j(3q==O){8.29();1u=D;18(h i=0;i<8.G.M;i++)8.G[i].1u=D;8.1C=8.E==b.15?8.G.M:-1}q 1u};b.c.U.w.5z=p(){h 3q=D;h 3O=8.E==b.15?1:-1;h 29=8.E==b.15?8.G.M:-1;8.1C+=3O;j((8.1C>(8.G.M-1)&&8.E==b.15)||(8.1C<0&&8.E==b.1J))3q=O;H 18(h i=8.1C;i!=29;i+=3O){j((i>8.1C&&8.E==b.15||i<8.1C&&8.E==b.1J)&&8.G[i].45=="5K")3P;8.G[i].J.2J(O);8.G[i].1u=O;8.1C=i}q 3q};b.c.U.w.5m=p(){j(!8.E){8.E=b.15;q}j(8.d.F==O){j(8.E==b.15){8.E=b.1J;8.2t(\'5H\',8);8.1C=8.G.M}H j(8.E==b.1J){8.E=b.15;8.1C=-1}}H{j(8.E==b.15)8.1C=-1;H j(8.E==b.1J)8.1C=8.G.M}};b.c.U.w.K=p(){8.5m();18(h i=0;i<8.G.M;i++){j(8.G[i].J.d&&(8.G[i].J.d.F!=z))j(8.G[i].J.d.F==O)8.G[i].J.K()}};b.c.U.w.4z=p(){18(h i=0;i<8.G.M;i++)j(8.G[i].J.1u)8.G[i].J.4z();h 14=8.2I();j(8.2D>0&&14<8.d.r)8.2f=8.d.u(14,0,1,8.d.r);8.4A();8.2t(\'5G\',8);8.1u=D};b.c.U.w.1V=p(J){J.2N(8);8.G[8.G.M]=B 8.5s(J,"5K");j(8.G.M==1){8.k=J.k}};b.c.U.w.2k=p(J){j(8.G.M==0||8.G[8.G.M-1].45!=\'5P\')J.2N(8);8.G[8.G.M]=B 8.5s(J,"5P");j(8.G.M==1){8.k=J.k}};b.c.U.w.2W=p(){8.5m()};b.c.30=p(k,d){j(!8.1Y)q b.c.m.21(\'30\');b.c.U.1s(8,d);8.1t=\'30\';h k=b.c.1x(k);8.k=k;j(!8.k)q;h R=1O;h 1r=0.0;h 1p=W.0;h K=D;h u=b.3I;h v=60;h 1I=0;j(/2M/.1j(27.26))1I=Y(b.c.2Z(8.k,\'4w\').5E(/4r\\(1E=([0-9]{1,3})\\)/g,\'$1\'),10);H 1I=Y(b.c.2Z(8.k,\'1E\')*W,10);j(5F(1I))1I=W;j(d){j(d.r!=z)R=d.r;j(d.L!=z){j(b.c.m.1N(d.L))1r=b.c.m.1k(d.L)*1I/W;H 1r=d.L}j(d.I!=z){j(b.c.m.1N(d.I))1p=b.c.m.1k(d.I)*1I/W;H 1p=d.I}j(d.F!=z)K=d.F;j(d.u!=z)u=d.u;j(d.v!=z)v=d.v;H 8.d.u=u}1r=1r/W.0;1p=1p/W.0;d={r:R,F:K,u:u,L:1r,I:1p,v:v};h 4x=B b.c.24(k,1r,1p,d);8.1V(4x)};b.c.30.w=B b.c.U();b.c.30.w.1v=b.c.30;b.c.2Y=p(k,d){j(!8.1Y)q b.c.m.21(\'2Y\');b.c.U.1s(8,d);8.1t=\'2Y\';h k=b.c.1x(k);8.k=k;j(!8.k)q;h R=1O;h K=D;h V=b.5Z;h v=60;h 2F=D;b.c.3l(k);h 1m=b.c.2n(k);h 4l=1m.C;h 4I=0;h 4u=d?d.L:1m.C;h 4t=d?d.I:0;h 2j=D;j(d){j(d.r!=z)R=d.r;j(d.L!=z){j(b.c.m.1N(d.L))4l=b.c.m.1k(d.L)*1m.C/W;H 4l=b.c.m.2A(d.L)}j(d.I!=z){j(b.c.m.1N(d.I))4I=b.c.m.1k(d.I)*1m.C/W;H 4I=b.c.m.2A(d.I)}j(d.F!=z)K=d.F;j(d.u!=z)V=d.u;j(d.v!=z)v=d.v;j(d.1S!=z)2j=d.1S}h T=B b.c.m.2d;T.A=1m.A;T.C=4l;h 12=B b.c.m.2d;12.A=1m.A;12.C=4I;d={r:R,F:K,u:V,2G:2F,1S:2j,L:4u,I:4t,v:v};h 6s=B b.c.1P(k,T,12,d);8.1V(6s)};b.c.2Y.w=B b.c.U();b.c.2Y.w.1v=b.c.2Y;b.c.2O=p(k,d){j(!8.1Y)q b.c.m.21(\'2O\');b.c.U.1s(8,d);8.1t=\'2O\';h R=1O;h 1B="#8u";h K=D;h V=b.4q;h v=60;h k=b.c.1x(k);8.k=k;j(!8.k)q;h 1o=b.c.4G(k);j(1o=="8q")1o="#8r";j(d){j(d.r!=z)R=d.r;j(d.L!=z)1o=d.L;j(d.I!=z)1B=d.I;j(d.F!=z)K=d.F;j(d.u!=z)V=d.u;j(d.v!=z)v=d.v}j(1o.25(\'3j\')!=-1)h 1o=b.c.m.3j(Y(1o.2s(1o.25(\'(\')+1,1o.25(\',\')),10),Y(1o.2s(1o.25(\',\')+1,1o.33(\',\')),10),Y(1o.2s(1o.33(\',\')+1,1o.25(\')\')),10));j(1B.25(\'3j\')!=-1)h 1B=b.c.m.3j(Y(1B.2s(1B.25(\'(\')+1,1B.25(\',\')),10),Y(1B.2s(1B.25(\',\')+1,1B.33(\',\')),10),Y(1B.2s(1B.33(\',\')+1,1B.25(\')\')),10));h 1o=b.c.m.5k(1o);h 1B=b.c.m.5k(1B);8.6m=b.c.1a(k,\'4e-5j\');d={r:R,F:K,u:V,v:v};h 6k=B b.c.2E(k,1o,1B,d);8.1V(6k);8.2N({3Q:p(J){b.c.1h(J.k,\'4e-5j\',\'1Z\')},3J:p(J){b.c.1h(J.k,\'4e-5j\',J.6m);j(J.E==b.15&&J.d.6n)b.c.1h(k,\'4e-2K\',J.d.6n)}})};b.c.2O.w=B b.c.U();b.c.2O.w.1v=b.c.2O;b.c.2P=p(k,d){j(!8.1Y)q b.c.m.21(\'2P\');b.c.U.1s(8,d);8.1t=\'2P\';h k=b.c.1x(k);8.k=k;j(!8.k)q;h R=1O;h K=D;h V=b.4q;h v=60;h 31=D;h 2i=b.c.m.6r(k);h E=-1;j(/2M 7.0/.1j(27.26)&&/5n 5D/.1j(27.26))b.c.2L(k);b.c.3l(k);j(/2M 6.0/.1j(27.26)&&/5n 5D/.1j(27.26)){h 1F=b.c.1a(k,\'1L\');j(1F&&(1F==\'5o\'||1F==\'8l\')){b.c.1h(k,\'1L\',\'6g\');b.c.1h(k,\'1b\',\'\');b.c.1h(k,\'1f\',\'\')}}j(2i){b.c.2L(2i);b.c.3l(2i);h 68=b.c.2n(2i,k);b.c.1h(2i,\'A\',68.A+\'1Q\')}h 22=b.c.2n(k);h 2S=B b.c.m.2d();h 1X=B b.c.m.2d();2S.A=1X.A=22.A;2S.C=1X.C=22.C;j(!8.d.I){j(!d)d={};d.I=\'0%\'}j(d&&d.67!==z&&d.67===O)31=O;j(d.r!=z)R=d.r;j(d.L!=z){j(31){j(b.c.m.1N(d.L))22.A=2S.A*b.c.m.1k(d.L)/W;H 22.A=b.c.m.2A(d.L)}H{j(b.c.m.1N(d.L))22.C=2S.C*b.c.m.1k(d.L)/W;H 22.C=b.c.m.2A(d.L)}}j(d.I!=z){j(31){j(b.c.m.1N(d.I))1X.A=2S.A*b.c.m.1k(d.I)/W;H 1X.A=b.c.m.2A(d.I)}H{j(b.c.m.1N(d.I))1X.C=2S.C*b.c.m.1k(d.I)/W;H 1X.C=b.c.m.2A(d.I)}}j(d.F!=z)K=d.F;j(d.u!=z)V=d.u;j(d.v!=z)v=d.v;d={r:R,u:V,2G:D,F:K,v:v};h 5r=B b.c.1P(k,22,1X,d);8.2k(5r);j((22.A<1X.A&&31)||(22.C<1X.C&&!31))E=1;h Z=B b.c.m.1G();h 13=B b.c.m.1G();13.x=Z.x=b.c.3W(2i,\'1f\');13.y=Z.y=b.c.3W(2i,\'1b\');13.N=Z.N;j(31)13.x=Y(Z.x+E*(22.A-1X.A),10);H 13.y=Y(Z.y+E*(22.C-1X.C),10);j(E==1){h 3x=Z;h Z=13;h 13=3x}d={r:R,u:V,F:K,L:Z,I:13,v:v};h 66=B b.c.1A(2i,Z,13,d);8.2k(66)};b.c.2P.w=B b.c.U();b.c.2P.w.1v=b.c.2P;b.c.2q=p(k,d){j(!k)q;j(!8.1Y)q b.c.m.21(\'2q\');b.c.U.1s(8,d);8.1t=\'2q\';h R=1O;h K=D;h 2F=O;h 5q=D;h 5p=O;h 2j=D;h V=b.6a;h v=60;h k=b.c.1x(k);8.k=k;j(!8.k)q;b.c.3l(k);h 4v=b.c.2n(k);h 2b=4v.A;h 2r=4v.C;h 2a=(2b==0)?1:2r/2b;h T=B b.c.m.2d;T.A=0;T.C=0;h 12=B b.c.m.2d;12.A=2b;12.C=2r;h 4u=d?d.L:4v.A;h 4t=d?d.I:0;h 2p=b.c.m.2A;j(d){j(d.5C!=z)5p=d.5C;j(d.r!=z)R=d.r;j(d.1S!=z)2j=d.1S;j(d.2G!=z)2F=d.2G;j(d.L!=z){j(b.c.m.1N(d.L)){T.A=2b*(b.c.m.1k(d.L)/W);T.C=2r*(b.c.m.1k(d.L)/W)}H{j(5q){T.C=2p(d.L);T.A=2p(d.L)/2a}H{T.A=2p(d.L);T.C=2a*2p(d.L)}}}j(d.I!=z){j(b.c.m.1N(d.I)){12.A=2b*(b.c.m.1k(d.I)/W);12.C=2r*(b.c.m.1k(d.I)/W)}H{j(5q){12.C=2p(d.I);12.A=2p(d.I)/2a}H{12.A=2p(d.I);12.C=2a*2p(d.I)}}}j(d.F!=z)K=d.F;j(d.u!=z)V=d.u;j(d.v!=z)v=d.v}d={r:R,F:K,u:V,2G:2F,1S:2j,v:v};h 3G=B b.c.1P(k,T,12,d);8.2k(3G);j(5p){b.c.2L(k);h Q=B b.c.m.1G();Q.x=Y(b.c.2Z(k,"1f"),10);Q.y=Y(b.c.2Z(k,"1b"),10);j(!Q.x)Q.x=0;j(!Q.y)Q.y=0;d={r:R,F:K,u:V,L:4u,I:4t,v:v};h Z=B b.c.m.1G;Z.x=Q.x+(2b-T.A)/2.0;Z.y=Q.y+(2r-T.C)/2.0;h 13=B b.c.m.1G;13.x=Q.x+(2b-12.A)/2.0;13.y=Q.y+(2r-12.C)/2.0;h 3v=B b.c.1A(k,Z,13,d);8.2k(3v)}};b.c.2q.w=B b.c.U();b.c.2q.w.1v=b.c.2q;b.c.2H=p(k,d){j(!8.1Y)q b.c.m.21(\'2H\');b.c.U.1s(8,d);8.d.E=D;j(8.d.F)8.d.F=D;8.1t=\'2H\';h k=b.c.1x(k);8.k=k;j(!8.k)q;h R=W;h V=b.43;h v=60;h 3u=4;j(d){j(d.r!=z)3u=1g.4n(8.d.r/R)-1;j(d.v!=z)v=d.v;j(d.u!=z)V=d.u}b.c.2L(k);h Q=B b.c.m.1G();Q.x=Y(b.c.1a(k,"1f"),10);Q.y=Y(b.c.1a(k,"1b"),10);j(!Q.x)Q.x=0;j(!Q.y)Q.y=0;h 41=B b.c.m.1G;41.x=Q.x;41.y=Q.y;h 3b=B b.c.m.1G;3b.x=Q.x+20;3b.y=Q.y+0;h 3t=B b.c.m.1G;3t.x=Q.x+ -20;3t.y=Q.y+0;d={r:1g.4n(R/2),F:D,v:v,u:V};h J=B b.c.1A(k,41,3b,d);8.1V(J);d={r:R,F:D,v:v,u:V};h 6d=B b.c.1A(k,3b,3t,d);h 6c=B b.c.1A(k,3t,3b,d);18(h i=0;i<3u;i++){j(i%2==0)8.1V(6d);H 8.1V(6c)}h 1F=(3u%2==0)?3b:3t;d={r:1g.4n(R/2),F:D,v:v,u:V};h J=B b.c.1A(k,1F,41,d);8.1V(J)};b.c.2H.w=B b.c.U();b.c.2H.w.1v=b.c.2H;b.c.2H.w.K=p(){};b.c.2U=p(k,d){j(!8.1Y)q b.c.m.21(\'2U\');j(!d)d={};j(!d.I)d.I=\'0%\';j(!d.L)d.L=\'W%\';d.5C=D;b.c.2q.1s(8,k,d);8.1t=\'2U\'};b.c.2U.w=B b.c.2q();b.c.2U.w.1v=b.c.2U;b.c.2B=p(k,d){j(!8.1Y)q b.c.m.21(\'2B\');b.c.U.1s(8,d);8.d.E=D;j(8.d.F)8.d.F=D;h k=b.c.1x(k);h 1I=0;8.k=k;j(!8.k)q;8.1t=\'2B\';h R=W;h 1r=W.0;h 1p=0.0;h K=D;h V=b.43;h v=60;j(/2M/.1j(27.26))1I=Y(b.c.2Z(8.k,\'4w\').5E(/4r\\(1E=([0-9]{1,3})\\)/g,\'$1\'),10);H 1I=Y(b.c.2Z(8.k,\'1E\')*W,10);j(5F(1I)){1I=W}j(d){j(d.L!=z){j(b.c.m.1N(d.L))1r=b.c.m.1k(d.L)*1I/W;H 1r=d.L}j(d.I!=z){j(b.c.m.1N(d.I))1p=b.c.m.1k(d.I)*1I/W;H 1p=d.I}j(d.u!=z)V=d.u;j(d.v!=z)v=d.v}d={r:R,F:K,u:V,v:v};1r=1r/W.0;1p=1p/W.0;h 4x=B b.c.24(k,1r,1p,d);h 6p=B b.c.24(k,1p,1r,d);h 3u=Y(8.d.r/7o,10);18(h i=0;i<3u;i++){8.1V(4x);8.1V(6p)}};b.c.2B.w=B b.c.U();b.c.2B.w.1v=b.c.2B;b.c.2B.w.K=p(){};b.c.3a=p(k,d){j(!8.1Y)q b.c.m.21(\'3a\');b.c.U.1s(8,d);h k=b.c.1x(k);8.k=k;j(!8.k)q;8.1t=\'3a\';h K=D;h 2F=D;h R=1O;h V=b.3I;h v=60;b.c.2L(k);j(d){j(d.F!=z)K=d.F;j(d.r!=z)R=d.r;j(d.u!=z)V=d.u;j(d.v!=z)v=d.v}h 1m=b.c.4b(k);h 1K=1m.A;h 1M=1m.C;d={r:R,F:K,u:V,v:v};h 1r=1.0;h 1p=0.0;h 4B=B b.c.24(k,1r,1p,d);8.2k(4B);h Z=b.c.48(k);h 13=B b.c.m.1G;13.x=1K/2.0*-1.0;13.y=1M/2.0*-1.0;d={r:R,F:K,u:V,L:Z,I:13,v:v};h 3v=B b.c.1A(k,Z,13,d);8.2k(3v);h 1q=8;8.2N({3Q:p(){j(1q.E==b.1J){1q.k.11.1R=\'3T\'}},3J:p(){j(1q.E==b.15){1q.k.11.1R=\'1Z\'}}})};b.c.3a.w=B b.c.U;b.c.3a.w.1v=b.c.3a;b.c.2T=p(k,d){j(!8.1Y)q b.c.m.21(\'2T\');b.c.U.1s(8,d);h k=b.c.1x(k);8.k=k;j(!8.k)q;h R=1O;h v=60;h V=b.3I;h E=b.15;h K=D;8.1t=\'2T\';b.c.2L(k);j(d){j(d.r!=z)R=d.r;j(d.F!=z)K=d.F;j(d.v!=z)v=d.v;j(d.u!=z)V=d.u;j(d.7p!=z)E=-1}h Q=B b.c.m.1G();Q.x=Y(b.c.1a(k,"1f"),10);Q.y=Y(b.c.1a(k,"1b"),10);j(!Q.x)Q.x=0;j(!Q.y)Q.y=0;h Z=B b.c.m.1G;Z.x=Q.x+0;Z.y=Q.y+0;h 13=B b.c.m.1G;13.x=Q.x+0;13.y=Q.y+(E*7t);d={L:Z,I:13,r:R,F:K,u:V,v:v};h 3v=B b.c.1A(k,d.L,d.I,d);8.2k(3v);h 1r=1.0;h 1p=0.0;d={r:R,F:K,u:V,v:v};h 4B=B b.c.24(k,1r,1p,d);8.2k(4B);h 1q=8;8.2N({3Q:p(){1q.k.11.1R=\'3T\'},3J:p(){j(1q.E==b.15){1q.k.11.1R=\'1Z\'}}})};b.c.2T.w=B b.c.U();b.c.2T.w.1v=b.c.2T;b.c.2V=p(k,d){j(!8.1Y)q b.c.m.21(\'2V\');b.c.U.1s(8,d);h k=b.c.1x(k);8.k=k;j(!8.k)q;8.1t=\'2V\';h R=1O;h K=D;h 2F=O;h 2j=D;h V=b.3I;h v=v;b.c.3l(k);h 1m=b.c.2n(k);h 1K=1m.A;h 1M=1m.C;h 28=1K;h 2c=1M/5;h T=B b.c.m.2d;T.A=1K;T.C=1M;h 12=B b.c.m.2d;12.A=28;12.C=2c;j(d){j(d.r!=z)R=1g.4n(d.r/2);j(d.F!=z)K=d.F;j(d.1S!=z)2j=d.1S;j(d.v!=z)v=d.v;j(d.u!=z)V=d.u}d={r:R,F:K,2G:2F,1S:2j,u:V,v:v};h 3G=B b.c.1P(k,T,12,d);8.1V(3G);T.A=12.A;T.C=12.C;12.A=\'0%\';h 3G=B b.c.1P(k,T,12,d);8.1V(3G)};b.c.2V.w=B b.c.U();b.c.2V.w.1v=b.c.2V;b.c.7T=p(k,d){q b.c.m.23(\'30\',k,d)};b.c.7U=p(k,d){q b.c.m.23(\'2Y\',k,d)};b.c.7L=p(k,d){q b.c.m.23(\'2O\',k,d)};b.c.7K=p(k,d){q b.c.m.23(\'2P\',k,d)};b.c.7B=p(k,d){q b.c.m.23(\'2q\',k,d)};b.c.7C=p(k,d){q b.c.m.23(\'2H\',k,d)};b.c.7A=p(k,d){q b.c.m.23(\'2U\',k,d)};b.c.7z=p(k,d){q b.c.m.23(\'2B\',k,d)};b.c.7x=p(k,d){q b.c.m.23(\'3a\',k,d)};b.c.7y=p(k,d){q b.c.m.23(\'2T\',k,d)};b.c.7I=p(k,d){q b.c.m.23(\'2V\',k,d)};',62,541,'||||||||this|||Spry|Effect|options||||var||if|element||Utils|||function|return|duration|||transition|fps|prototype|||null|width|new|height|false|direction|toggle|effectsArray|else|to|effect|doToggle|from|length|units|true|floor|startOffsetPosition|durationInMilliseconds||fromRect|Cluster|kindOfTransition|100|Animator|parseInt|fromPos||style|toRect|toPos|elapsed|forwards|||for|time|getStyleProp|top|begin|computedStyle|change|left|Math|setStyleProp|value|test|getPercentValue|intProp|originalRect|typeof|fromColor|toOpacity|self|fromOpacity|call|name|isRunning|constructor|elStyle|getElement|prop|refElement|Move|toColor|currIdx|showError|opacity|pos|Position|result|originalOpacity|backwards|startWidth|position|startHeight|isPercentValue|1000|Size|px|display|useCSSBox|dimensions|startColor|addNextEffect|tryComputedStyle|toDim|notStaticAnimator|none||showInitError|fromDim|DoEffect|Opacity|indexOf|userAgent|navigator|stopWidth|stop|propFactor|originalWidth|stopHeight|Rectangle|hexToInt|cancelRemaining|childImages|startOpacity|firstChildElt|fullCSSBox|addParallelEffect|visibility|observers|getDimensionsRegardlessOfDisplayState|enforceVisible|pixelValue|Grow|originalHeight|substring|notifyObservers|substr|stopOpacity|stopColor|getComputedStyle|Notifier|fontSize|getPixelValue|Pulsate|len|startMilliseconds|Color|doScaleContent|scaleContent|Shake|getElapsedMilliseconds|start|color|makePositioned|MSIE|addObserver|Highlight|Slide|ele|effects|initDim|DropOut|Squish|Fold|prepareStart|node|Blind|getStylePropRegardlessOfDisplayState|Fade|slideHorizontally|effectB|lastIndexOf|heightFactor|optionsA|observer|catch|try|widthFactor|Puff|rightPos|interval|hidden|childCurr|document|startRedColor|startBlueColor|displayElement|rgb|displayOrig|makeClipping|intToHex|margin|finish|optionsB|allEffectsDidRun|animate|startY|leftPos|steps|moveEffect|startGreenColor|tmp|obs|overflow|setup|propVisible|toLowerCase|undefined|propDisplay|middle|sizeEffect|startX|fifthTransition|onPostEffect|in|startEltIn|stopGreenColor|stopBlueColor|step|break|onPreEffect|stopRedColor|half|block|effectA|Registry|intPropStyle|methodName|suppressNotifications|arguments|ef|centerPos|stopY|linearTransition|oStringList|kind|stopX|window|getPosition|timer|Number|getDimensions|isPercent|tmpval|background|blueColor|greenColor|redColor|compositeColorHex|unitIndex|stringToCamelize|fromHeightPx|padding|ceil|startTime|found|sinusoidalTransition|alpha|border|optionTo|optionFrom|dimRect|filter|fadeEffect|camelizedString|cancel|stopFlagReset|opacityEffect|pow|drawEffect|visibilityOrig|eff|getBgColor|currDate|toHeightPx|defaultView|withoutTimer|onStep|fontFactor|right|bottom|dynamicFromPos|unknown|SpryRegistry|objectCountA|dimensionsCurr|objectCountB|typeA|getRegisteredEffect|imgCurr|targetImagesOut|Transitions|sqrt|trans|compare|isFirstEntry|effectName|data|opera|currentStyle|string|setTransition|setFps|nodeType|heightCache|css|camelized|camelize|needsCache|stopTime|isInvisible|image|longColorVersion|margin_left|toggleCluster|Windows|static|growFromCenter|calcHeight|size|ClusteredEffect|margin_top|dynamicStartColor|dynamicStartOpacity|getOpacity|setInterval|baseEffectIsStillRunning|initNextEffectsRunning|evalNextEffectsRunning|dynamicFromRect|growCenter|NT|replace|isNaN|onCancel|onToggle|blueInt|greenInt|queue|redHex|focus|blueHex|greenHex|parallel|redInt|integerNum|case|number|effectsAreTheSame|PI|cos|setOptions|callback|circleTransition||msg|_ClusteredEffect|Array|hexStr|cleanWhitespace|move|horizontal|childRect|enableNotifications|squareTransition|optionsAreIdentical|effectToLeft|effectToRight|addEffect|typeB|relative|imageCnt|toUpperCase|childCountInit|highlightEffect|split|restoreBackgroundImage|restoreColor|setDuration|appearEffect|styleProp|getFirstChildElement|blindEffect|childNodes|startHeightPercent|startWidthPercent|stopWidthPercent|stopHeightPercent|border_right|padding_top|fetchChildImages|padding_left|origLeft|origMarginLeft|margin_right|margin_bottom|padding_right|Conflicting|startFromBorder_top|startFromBorder_bottom|startFromMargin_right|startFromMargin_bottom|startFromMargin_left|border_left|border_bottom|border_top|startFromMargin_top|startFromPadding_right|startFromBorder_right|startFromBorder_left|startFromPadding_top|startFromPadding_bottom|startFromPadding_left|el|padding_bottom|id|getElementById|while|emergency|origMarginTop|em|timeElapsed|getTime|round|Date|origTop|concat|redColorRange|Effects|switch|documentation|migration|default|toString|borderRightWidth|match|nextSibling|firstChild|hasChildNodes|img|200|dropIn|charAt|read|9a|160|blueColorRange|greenColorRange|accessed|DoPuff|DoDropOut|DoPulsate|DoSquish|DoGrow|DoShake|growSpecificTransition|sin|backgroundColor|squarerootTransition|borderBottomWidth|DoFold|pulsateTransition|DoSlide|DoHighlight|be|can|push|as|anymore|class|The|DoFade|DoBlind|alert|ERR|borderTopWidth|Please|getElementsByTagName|font|scroll|Unbalanced|zoom|disableNotifications|parseFloat|widthRange|getOffsetPosition|splice|marginBottom|offsetTop|startTop|Element|auto|clearInterval|paddingRight|offsetLeft|visible|startLeft|not|marginTop|fixed|getPropertyValue|removeObserver|paddingLeft|offsetWidth|transparent|ffff99|paddingTop|offsetHeight|ffffff|rangeMoveX|hasLayout|propA|propB|removeChild|marginRight|rangeMoveY|borderLeftWidth|marginLeft|repeat|paddingBottom|opacityRange|heightRange|nodeValue'.split('|'),0,{}))
--- a/includes/clientside/static/acl.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/acl.js Sat Nov 03 07:43:35 2007 -0400
@@ -4,6 +4,9 @@
var aclPermList = false;
var aclDataCache = false;
+// Can be set to true by slow themes (St. Patty)
+var aclDisableTransitionFX = false;
+
function ajaxOpenACLManager(page_id, namespace)
{
if(IE)
@@ -56,7 +59,7 @@
{
document.getElementById(aclManagerID+'_main').innerHTML = '';
document.getElementById(aclManagerID + '_back').style.display = 'none';
- document.getElementById(aclManagerID + '_next').value = 'Next >';
+ document.getElementById(aclManagerID + '_next').value = $lang.get('etc_wizard_next');
groups = parseJSON(ajax.responseText);
if ( groups.mode == 'error' )
{
@@ -101,13 +104,13 @@
grpb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'block'; document.getElementById('enACL_usrbox_'+seed).style.display = 'none'; };
lbl = document.createElement('label');
lbl.appendChild(grpb);
- lbl.appendChild(document.createTextNode('A usergroup'));
+ lbl.appendChild(document.createTextNode($lang.get('acl_radio_usergroup')));
lbl.style.display = 'block';
span.appendChild(grpsel);
anoninfo = document.createElement('div');
anoninfo.className = 'info-box-mini';
- anoninfo.appendChild(document.createTextNode('To edit permissions for guests, select "a specific user", and enter Anonymous as the username.'));
+ anoninfo.appendChild(document.createTextNode($lang.get('acl_msg_guest_howto')));
span.appendChild(document.createElement('br'));
span.appendChild(anoninfo);
@@ -119,13 +122,13 @@
usrb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'none'; document.getElementById('enACL_usrbox_'+seed).style.display = 'block'; };
lbl2 = document.createElement('label');
lbl2.appendChild(usrb);
- lbl2.appendChild(document.createTextNode('A specific user'));
+ lbl2.appendChild(document.createTextNode($lang.get('acl_radio_user')));
lbl2.style.display = 'block';
usrsel = document.createElement('input');
usrsel.type = 'text';
usrsel.name = 'username';
- usrsel.onkeyup = function() { ajaxUserNameComplete(this); };
+ usrsel.onkeyup = function() { new AutofillUsername(this, undefined, true); };
usrsel.id = 'userfield_' + aclManagerID;
try {
usrsel.setAttribute("autocomplete","off");
@@ -164,21 +167,21 @@
lblPage = document.createElement('label');
lblPage.style.display = 'block';
lblPage.appendChild(scopeRadioPage);
- lblPage.appendChild(document.createTextNode('Only this page'));
+ lblPage.appendChild(document.createTextNode($lang.get('acl_radio_scope_thispage')));
lblGlobal = document.createElement('label');
lblGlobal.style.display = 'block';
lblGlobal.appendChild(scopeRadioGlobal);
- lblGlobal.appendChild(document.createTextNode('The entire website'));
+ lblGlobal.appendChild(document.createTextNode($lang.get('acl_radio_scope_wholesite')));
lblGroup = document.createElement('label');
lblGroup.style.display = 'block';
lblGroup.appendChild(scopeRadioGroup);
- lblGroup.appendChild(document.createTextNode('A group of pages'));
+ lblGroup.appendChild(document.createTextNode($lang.get('acl_radio_scope_pagegroup')));
scopediv1.appendChild(lblPage);
scopediv2.appendChild(lblGroup);
scopediv3.appendChild(lblGlobal);
scopedesc = document.createElement('p');
- scopedesc.appendChild(document.createTextNode('What should this access rule control?'));
+ scopedesc.appendChild(document.createTextNode($lang.get('acl_lbl_scope')));
scopePGrp = document.createElement('select');
scopePGrp.style.marginLeft = '13px';
@@ -216,10 +219,10 @@
container.style.paddingTop = '50px';
head = document.createElement('h2');
- head.appendChild(document.createTextNode('Manage page access'));
+ head.appendChild(document.createTextNode($lang.get('acl_lbl_welcome_title')));
desc = document.createElement('p');
- desc.appendChild(document.createTextNode('Please select who should be affected by this access rule.'));
+ desc.appendChild(document.createTextNode($lang.get('acl_lbl_welcome_body')));
container.appendChild(head);
container.appendChild(desc);
@@ -316,11 +319,14 @@
// Build the ACL edit form
// try {
- act_desc = ( data.type == 'new' ) ? 'Create access rule' : 'Editing permissions';
- target_type_t = ( data.target_type == 1 ) ? 'group' : 'user';
- target_name_t = data.target_name;
- var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : ( data.namespace == '__PageGroup' ) ? 'this group of pages' : 'this page';
- html = '<h2>'+act_desc+'</h2><p>This panel allows you to edit what the '+target_type_t+' "<b>'+target_name_t+'</b>" can do on <b>' + scope_type + '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.</p>';
+
+ var act_desc = ( data.type == 'new' ) ? $lang.get('acl_lbl_editwin_title_create') : $lang.get('acl_lbl_editwin_title_edit');
+ var target_type_t = ( data.target_type == 1 ) ? $lang.get('acl_target_type_group') : $lang.get('acl_target_type_user');
+ var target_name_t = data.target_name;
+ var scope_type = ( data.page_id == false && data.namespace == false ) ? $lang.get('acl_scope_type_wholesite') : ( data.namespace == '__PageGroup' ) ? $lang.get('acl_scope_type_pagegroup') : $lang.get('acl_scope_type_thispage');
+
+ html = '<h2>'+act_desc+'</h2>';
+ html += '<p>' + $lang.get('acl_lbl_editwin_body', { target_type: target_type_t, target: target_name_t, scope_type: scope_type }) + '</p>';
parser = new templateParser(data.template.acl_field_begin);
html += parser.run();
@@ -332,7 +338,14 @@
cls = ( cls == 'row1' ) ? 'row2' : 'row1';
p = new templateParser(data.template.acl_field_item);
vars = new Object();
- vars['FIELD_DESC'] = data.acl_descs[i];
+ if ( data.acl_descs[i].match(/^([a-z0-9_]+)$/) )
+ {
+ vars['FIELD_DESC'] = $lang.get(data.acl_descs[i]);
+ }
+ else
+ {
+ vars['FIELD_DESC'] = data.acl_descs[i];
+ }
vars['FIELD_DENY_CHECKED'] = '';
vars['FIELD_DISALLOW_CHECKED'] = '';
vars['FIELD_WIKIMODE_CHECKED'] = '';
@@ -364,7 +377,7 @@
html += parser.run();
if(data.type == 'edit')
- html += '<p id="'+aclManagerID+'_deletelnk" style="text-align: right;"><a href="#delete_acl_rule" onclick="if(confirm(\'Do you really want to delete this rule?\')) __aclDeleteRule(); return false;" style="color: red;">Delete this rule</a></p>';
+ html += '<p id="'+aclManagerID+'_deletelnk" style="text-align: right;"><a href="#delete_acl_rule" onclick="if(confirm(\'' + $lang.get('acl_msg_deleterule_confirm') + '\')) __aclDeleteRule(); return false;" style="color: red;">' + $lang.get('acl_lbl_deleterule') + '</a></p>';
var main = document.getElementById(aclManagerID + '_main');
main.innerHTML = html;
@@ -380,7 +393,7 @@
aclPermList = array_keys(data.acl_types);
document.getElementById(aclManagerID + '_back').style.display = 'inline';
- document.getElementById(aclManagerID + '_next').value = 'Save Changes';
+ document.getElementById(aclManagerID + '_next').value = $lang.get('etc_save_changes');
// } catch(e) { alert(e); aclDebug(ajax.responseText); }
@@ -390,24 +403,24 @@
note.className = 'info-box';
note.style.marginLeft = '0';
var b = document.createElement('b');
- b.appendChild(document.createTextNode('Permissions updated'));
+ b.appendChild(document.createTextNode($lang.get('acl_lbl_save_success_title')));
note.appendChild(b);
note.appendChild(document.createElement('br'));
- note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.'));
+ note.appendChild(document.createTextNode($lang.get('acl_lbl_save_success_body', { target_name: data.target_name })));
note.appendChild(document.createElement('br'));
var a = document.createElement('a');
a.href = 'javascript:void(0);';
a.onclick = function() { this.parentNode.parentNode.removeChild(this.parentNode); return false; };
- a.appendChild(document.createTextNode('[ dismiss :'));
+ a.appendChild(document.createTextNode('[ ' + $lang.get('acl_btn_success_dismiss') + ' :'));
note.appendChild(a);
var a2 = document.createElement('a');
a2.href = 'javascript:void(0);';
a2.onclick = function() { killACLManager(); return false; };
- a2.appendChild(document.createTextNode(': close manager ]'));
+ a2.appendChild(document.createTextNode(': ' + $lang.get('acl_btn_success_close') + ' ]'));
note.appendChild(a2);
document.getElementById(aclManagerID + '_main').insertBefore(note, document.getElementById(aclManagerID + '_main').firstChild);
if(!document.getElementById(aclManagerID+'_deletelnk'))
- document.getElementById(aclManagerID + '_main').innerHTML += '<p id="'+aclManagerID+'_deletelnk" style="text-align: right;"><a href="#delete_acl_rule" onclick="if(confirm(\'Do you really want to delete this rule?\')) __aclDeleteRule(); return false;" style="color: red;">Delete this rule</a></p>';
+ document.getElementById(aclManagerID + '_main').innerHTML += '<p id="'+aclManagerID+'_deletelnk" style="text-align: right;"><a href="#delete_acl_rule" onclick="if(confirm(\'' + $lang.get('acl_msg_deleterule_confirm') + '\')) __aclDeleteRule(); return false;" style="color: red;">' + $lang.get('acl_lbl_deleterule') + '</a></p>';
//fadeInfoBoxes();
document.getElementById(aclManagerID+'_main').scrollTop = 0;
@@ -425,7 +438,7 @@
{
document.getElementById(aclManagerID+'_main').innerHTML = '';
document.getElementById(aclManagerID + '_back').style.display = 'none';
- document.getElementById(aclManagerID + '_next').value = 'Next >';
+ document.getElementById(aclManagerID + '_next').value = $lang.get('etc_wizard_next');
var thispage = strToPageID(title);
groups.page_id = thispage[0];
groups.namespace = thispage[1];
@@ -438,20 +451,20 @@
note.style.width = '558px';
note.id = 'aclSuccessNotice_' + Math.floor(Math.random() * 100000);
b = document.createElement('b');
- b.appendChild(document.createTextNode('Entry deleted'));
+ b.appendChild(document.createTextNode($lang.get('acl_lbl_delete_success_title')));
note.appendChild(b);
note.appendChild(document.createElement('br'));
- note.appendChild(document.createTextNode('The access rules for '+aclDataCache.target_name+' on this page have been deleted.'));
+ note.appendChild(document.createTextNode($lang.get('acl_lbl_delete_success_title', { target_name: aclDataCache.target_name })));
note.appendChild(document.createElement('br'));
a = document.createElement('a');
a.href = '#';
a.onclick = function() { opacity(this.parentNode.id, 100, 0, 1000); setTimeout('var div = document.getElementById("' + this.parentNode.id + '"); div.parentNode.removeChild(div);', 1100); return false; };
- a.appendChild(document.createTextNode('[ dismiss :'));
+ a.appendChild(document.createTextNode('[ ' + $lang.get('acl_btn_success_dismiss') + ' :'));
note.appendChild(a);
a = document.createElement('a');
a.href = '#';
a.onclick = function() { killACLManager(); return false; };
- a.appendChild(document.createTextNode(': close manager ]'));
+ a.appendChild(document.createTextNode(': ' + $lang.get('acl_btn_success_close') + ' ]'));
note.appendChild(a);
document.getElementById(aclManagerID + '_main').insertBefore(note, document.getElementById(aclManagerID + '_main').firstChild);
//fadeInfoBoxes();
@@ -494,7 +507,7 @@
function __aclBuildWizardWindow()
{
- darken();
+ darken(aclDisableTransitionFX);
box = document.createElement('div');
box.style.width = '640px'
box.style.height = '440px';
@@ -539,7 +552,7 @@
back = document.createElement('input');
back.type = 'button';
- back.value = '< Back';
+ back.value = $lang.get('etc_wizard_back');
back.style.fontWeight = 'normal';
back.onclick = function() { ajaxACLSwitchToSelector(); return false; };
back.style.display = 'none';
@@ -547,14 +560,14 @@
saver = document.createElement('input');
saver.type = 'submit';
- saver.value = 'Next >';
+ saver.value = $lang.get('etc_wizard_next');
saver.style.fontWeight = 'bold';
saver.id = aclManagerID + '_next';
closer = document.createElement('input');
closer.type = 'button';
- closer.value = 'Cancel Changes';
- closer.onclick = function() { if(!confirm('Do you really want to close the ACL manager?')) return false; killACLManager(); return false; }
+ closer.value = $lang.get('etc_cancel_changes');
+ closer.onclick = function() { if(!confirm($lang.get('acl_msg_closeacl_confirm'))) return false; killACLManager(); return false; }
spacer1 = document.createTextNode(' ');
spacer2 = document.createTextNode(' ');
@@ -570,7 +583,16 @@
body = document.getElementsByTagName('body')[0];
body.appendChild(box);
- setTimeout("document.getElementById('"+aclManagerID+"').style.display = 'block'; opacity('"+aclManagerID+"', 0, 100, 500); opacity('"+aclManagerID + '_panel'+"', 0, 100, 500);", 1000);
+ if ( aclDisableTransitionFX )
+ {
+ document.getElementById(aclManagerID).style.display = 'block';
+ changeOpac(100, aclManagerID);
+ changeOpac(100, aclManagerID + '_panel');
+ }
+ else
+ {
+ setTimeout("document.getElementById('"+aclManagerID+"').style.display = 'block'; opacity('"+aclManagerID+"', 0, 100, 500); opacity('"+aclManagerID + '_panel'+"', 0, 100, 500);", 1000);
+ }
}
function killACLManager()
@@ -578,8 +600,16 @@
el = document.getElementById(aclManagerID);
if(el)
{
- opacity(aclManagerID, 100, 0, 500);
- setTimeout('var el = document.getElementById(aclManagerID); el.parentNode.removeChild(el); enlighten();', 750);
+ if ( aclDisableTransitionFX )
+ {
+ enlighten(true);
+ el.parentNode.removeChild(el);
+ }
+ else
+ {
+ opacity(aclManagerID, 100, 0, 500);
+ setTimeout('var el = document.getElementById(aclManagerID); el.parentNode.removeChild(el); enlighten();', 750);
+ }
}
}
@@ -604,7 +634,7 @@
var target_type = parseInt(getRadioState(thefrm, 'target_type', ['1', '2']));
if(isNaN(target_type))
{
- alert('Please select a target type.');
+ alert($lang.get('acl_err_pleaseselect_targettype'));
return false;
}
target_id = ( target_type == 1 ) ? parseInt(thefrm.group_id.value) : thefrm.username.value;
@@ -646,7 +676,7 @@
}
if(target_id == '')
{
- alert('Please enter a username.');
+ alert($lang.get('acl_err_pleaseselect_username'));
return false;
}
__aclJSONSubmitAjaxHandler(obj);
--- a/includes/clientside/static/ajax.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/ajax.js Sat Nov 03 07:43:35 2007 -0400
@@ -71,7 +71,7 @@
if(ajax.readyState == 4) {
unsetAjaxLoading();
if(edit_open) {
- c=confirm('Do you really want to revert your changes?');
+ c=confirm($lang.get('editor_msg_revert_confirm'));
if(!c) return;
}
edit_open = true;
@@ -82,18 +82,18 @@
// Allow the textarea grippifier to re-create the resizer control on the textarea
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas));
}
- disableUnload('If you do, any changes that you have made to this page will be lost.');
+ disableUnload($lang.get('editor_msg_unload'));
var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ?
- '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor' :
- 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>' ;
+ '<a href="#" onclick="setEditorText(); return false;">' + $lang.get('editor_btn_wikitext') + '</a> | ' + $lang.get('editor_btn_graphical') :
+ $lang.get('editor_btn_wikitext') + ' | <a href="#" onclick="setEditorMCE(); return false;">' + $lang.get('editor_btn_graphical') + '</a>' ;
document.getElementById('ajaxEditContainer').innerHTML = '\
<div id="mdgPreviewContainer"></div> \
<span id="switcher">' + switcher + '</span><br />\
<form name="mdgAjaxEditor" method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
<textarea id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
- Edit summary: <input id="ajaxEditSummary" size="40" /><br />\
- <input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">This is a minor edit</label><br />\
- <a href="#" onclick="void(ajaxSavePage()); return false;">save changes</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">preview changes</a> | <a href="#" onclick="void(ajaxEditor()); return false;">revert changes</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">discard changes</a>\
+ ' + $lang.get('editor_lbl_edit_summary') + ' <input id="ajaxEditSummary" size="40" /><br />\
+ <input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">' + $lang.get('editor_lbl_minor_edit') + '</label><br />\
+ <a href="#" onclick="void(ajaxSavePage()); return false;">' + $lang.get('editor_btn_save') + '</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">' + $lang.get('editor_btn_preview') + '</a> | <a href="#" onclick="void(ajaxEditor()); return false;">' + $lang.get('editor_btn_revert') + '</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">' + $lang.get('editor_btn_cancel') + '</a>\
<br />\
'+editNotice+'\
</form>';
@@ -110,14 +110,14 @@
{
$('ajaxEditArea').switchToMCE();
createCookie('enano_editor_mode', 'tinymce', 365);
- $('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor';
+ $('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">' + $lang.get('editor_btn_wikitext') + '</a> | ' + $lang.get('editor_btn_graphical');
}
function setEditorText()
{
$('ajaxEditArea').destroyMCE();
createCookie('enano_editor_mode', 'text', 365);
- $('switcher').object.innerHTML = 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>';
+ $('switcher').object.innerHTML = $lang.get('editor_btn_wikitext') + ' | <a href="#" onclick="setEditorMCE(); return false;">' + $lang.get('editor_btn_graphical') + '</a>';
}
function ajaxViewSource()
@@ -129,11 +129,7 @@
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() {
if(ajax.readyState == 4) {
unsetAjaxLoading();
- if(edit_open) {
- c=confirm('Do you really want to revert your changes?');
- if(!c) return;
- }
- edit_open = true;
+ edit_open = false;
selectButtonMajor('article');
selectButtonMinor('edit');
if(in_array('ajaxEditArea', grippied_textareas))
@@ -144,7 +140,7 @@
document.getElementById('ajaxEditContainer').innerHTML = '\
<form method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
<textarea readonly="readonly" id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
- <a href="#" onclick="void(ajaxReset()); return false;">close viewer</a>\
+ <a href="#" onclick="void(ajaxReset()); return false;">' + $lang.get('editor_btn_closeviewer') + '</a>\
</form>';
initTextareas();
}
@@ -194,7 +190,7 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- c = confirm('Do you really want to discard your changes?');
+ c = confirm($lang.get('editor_msg_discard_confirm'));
if(!c) return;
ajaxReset();
}
@@ -204,6 +200,9 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
+ var ns_id = strToPageID(title);
+ if ( ns_id[1] == 'Special' || ns_id[1] == 'Admin' )
+ return false;
enableUnload();
setAjaxLoading();
ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() {
@@ -226,7 +225,7 @@
if(shift) {
r = 'NO_REASON';
} else {
- r = prompt('Reason for (un)protecting:');
+ r = prompt($lang.get('ajax_protect_prompt_reason'));
if(!r || r=='') return;
}
setAjaxLoading();
@@ -248,7 +247,7 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.');
+ r = prompt($lang.get('ajax_rename_prompt'));
if(!r || r=='') return;
setAjaxLoading();
ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() {
@@ -278,12 +277,12 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- var reason = prompt('Please enter your reason for deleting this page.');
+ var reason = prompt($lang.get('ajax_delete_prompt_reason'));
if ( !reason || reason == '' )
{
return false;
}
- c = confirm('You are about to REVERSIBLY delete this page. Do you REALLY want to do this?\n\n(Comments and categorization data, as well as any attached files, will be permanently lost)');
+ c = confirm($lang.get('ajax_delete_confirm'));
if(!c)
{
return;
@@ -303,7 +302,7 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- c = confirm('Are you sure that you want to vote that this page be deleted?');
+ c = confirm($lang.get('ajax_delvote_confirm'));
if(!c) return;
setAjaxLoading();
ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() {
@@ -319,7 +318,7 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?');
+ c = confirm($lang.get('ajax_delvote_reset_confirm'));
if(!c) return;
setAjaxLoading();
ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() {
@@ -457,9 +456,9 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?');
+ c = confirm($lang.get('ajax_clearlogs_confirm'));
if(!c) return;
- c = confirm('You\'re ABSOLUTELY sure???');
+ c = confirm($lang.get('ajax_clearlogs_confirm_nag'));
if(!c) return;
setAjaxLoading();
ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() {
@@ -563,13 +562,13 @@
if ( KILL_SWITCH )
return true;
var inner_html = '';
- inner_html += '<p><label>Theme: ';
+ inner_html += '<p><label>' + $lang.get('ajax_changestyle_lbl_theme') + ' ';
inner_html += ' <select id="chtheme_sel_theme" onchange="ajaxGetStyles(this.value);">';
- inner_html += ' <option value="_blank" selected="selected">[Select]</option>';
+ inner_html += ' <option value="_blank" selected="selected">' + $lang.get('ajax_changestyle_select') + '</option>';
inner_html += ENANO_THEME_LIST;
inner_html += ' </select>';
inner_html += '</label></p>';
- var chtheme_mb = new messagebox(MB_OKCANCEL|MB_ICONQUESTION, 'Change your theme', inner_html);
+ var chtheme_mb = new messagebox(MB_OKCANCEL|MB_ICONQUESTION, $lang.get('ajax_changestyle_title'), inner_html);
chtheme_mb.onbeforeclick['OK'] = ajaxChangeStyleComplete;
}
@@ -614,7 +613,7 @@
var p_parent = document.createElement('p');
var label = document.createElement('label');
p_parent.id = 'chtheme_sel_style_parent';
- label.appendChild(document.createTextNode('Style: '));
+ label.appendChild(document.createTextNode($lang.get('ajax_changestyle_lbl_style') + ' '));
var select = document.createElement('select');
select.id = 'chtheme_sel_style';
for ( var i in options )
@@ -643,7 +642,7 @@
var style = $('chtheme_sel_style');
if ( !theme.object || !style.object )
{
- alert('Please select a theme from the list.');
+ alert($lang.get('ajax_changestyle_pleaseselect_theme'));
return true;
}
var theme_id = theme.object.value;
@@ -667,7 +666,7 @@
{
if ( ajax.responseText == 'GOOD' )
{
- var c = confirm('Your theme preference has been changed.\nWould you like to reload the page now to see the changes?');
+ var c = confirm($lang.get('ajax_changestyle_success'));
if ( c )
window.location.reload();
}
@@ -822,6 +821,33 @@
window.location = loc;
}
+var navto_ns;
+var navto_pg;
+var navto_ul;
+
+function ajaxLoginNavTo(namespace, page_id, min_level)
+{
+ // IE <6 pseudo-compatibility
+ if ( KILL_SWITCH )
+ return true;
+ navto_pg = page_id;
+ navto_ns = namespace;
+ navto_ul = min_level;
+ if ( auth_level < min_level )
+ {
+ ajaxPromptAdminAuth(function(k) {
+ ENANO_SID = k;
+ auth_level = navto_ul;
+ var loc = makeUrlNS(navto_ns, navto_pg);
+ if ( (ENANO_SID + ' ').length > 1 )
+ window.location = loc;
+ }, min_level);
+ return false;
+ }
+ var loc = makeUrlNS(navto_ns, navto_pg);
+ window.location = loc;
+}
+
function ajaxAdminUser(username)
{
// IE <6 pseudo-compatibility
@@ -849,7 +875,7 @@
// IE <6 pseudo-compatibility
if ( KILL_SWITCH )
return true;
- if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') )
+ if ( !confirm($lang.get('ajax_killphp_confirm')) )
return false;
var $killdiv = $dynano('php_killer');
if ( !$killdiv.object )
@@ -870,7 +896,7 @@
var newdiv = document.createElement('div');
// newdiv.style = $killdiv.object.style;
newdiv.className = $killdiv.object.className;
- newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.';
+ newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />' + $lang.get('ajax_killphp_success');
$killdiv.object.parentNode.appendChild(newdiv);
$killdiv.object.parentNode.removeChild($killdiv.object);
}
@@ -907,14 +933,14 @@
if ( !catbox )
return false;
var linkbox = catbox.parentNode.firstChild.firstChild.nextSibling;
- linkbox.firstChild.nodeValue = 'show page categorization';
+ linkbox.firstChild.nodeValue = $lang.get('catedit_catbox_link_showcategorization');
linkbox.onclick = function() { ajaxTagToCat(); return false; };
catHTMLBuf = catbox.innerHTML;
catbox.innerHTML = '';
- catbox.appendChild(document.createTextNode('Page tags: '));
+ catbox.appendChild(document.createTextNode($lang.get('tags_lbl_page_tags')+' '));
if ( json.tags.length < 1 )
{
- catbox.appendChild(document.createTextNode('No tags on this page'));
+ catbox.appendChild(document.createTextNode($lang.get('tags_lbl_no_tags')));
}
for ( var i = 0; i < json.tags.length; i++ )
{
@@ -938,7 +964,7 @@
var addlink = document.createElement('a');
addlink.href = '#';
addlink.onclick = function() { try { ajaxAddTagStage1(); } catch(e) { }; return false; };
- addlink.appendChild(document.createTextNode('(add a tag)'));
+ addlink.appendChild(document.createTextNode($lang.get('tags_btn_add_tag')));
catbox.appendChild(addlink);
}
}
@@ -957,7 +983,7 @@
var addlink = document.createElement('a');
addlink.href = '#';
addlink.onclick = function() { ajaxAddTagStage2(this.parentNode.firstChild.nextSibling.value, this.parentNode); return false; };
- addlink.appendChild(document.createTextNode('+ Add'));
+ addlink.appendChild(document.createTextNode($lang.get('tags_btn_add')));
text.type = 'text';
text.size = '15';
text.onkeyup = function(e)
@@ -969,7 +995,7 @@
}
adddiv.style.margin = '5px 0 0 0';
- adddiv.appendChild(document.createTextNode('Add a tag: '));
+ adddiv.appendChild(document.createTextNode($lang.get('tags_lbl_add_tag')+' '));
adddiv.appendChild(text);
adddiv.appendChild(document.createTextNode(' '));
adddiv.appendChild(addlink);
@@ -1011,7 +1037,7 @@
var node = parent.childNodes[1];
var insertafter = false;
var nukeafter = false;
- if ( node.nodeValue == 'No tags on this page' )
+ if ( node.nodeValue == $lang.get('tags_lbl_no_tags') )
{
nukeafter = true;
}
@@ -1052,12 +1078,12 @@
var writeNoTags = false;
if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == ', ' )
arrDelete.push(parentobj.previousSibling.previousSibling.previousSibling);
- else if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == 'Page tags: ' )
+ else if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == $lang.get('tags_lbl_page_tags') + ' ' )
arrDelete.push(parentobj.nextSibling);
- if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == 'Page tags: ' &&
+ if ( parentobj.previousSibling.previousSibling.previousSibling.nodeValue == $lang.get('tags_lbl_page_tags') + ' ' &&
parentobj.nextSibling.nextSibling.firstChild )
- if ( parentobj.nextSibling.nextSibling.firstChild.nodeValue == '(add a tag)')
+ if ( parentobj.nextSibling.nextSibling.firstChild.nodeValue == $lang.get('tags_btn_add_tag'))
writeNoTags = true;
ajaxPost(stdAjaxPrefix + '&_mode=deltag', 'tag_id=' + String(tag_id), function()
@@ -1075,7 +1101,7 @@
}
if ( writeNoTags )
{
- var node1 = document.createTextNode('No tags on this page');
+ var node1 = document.createTextNode($lang.get('tags_lbl_no_tags'));
var node2 = document.createTextNode(' ');
insertAfter(parent, node1, parent.firstChild);
insertAfter(parent, node2, node1);
@@ -1098,7 +1124,7 @@
return false;
addtag_open = false;
var linkbox = catbox.parentNode.firstChild.firstChild.nextSibling;
- linkbox.firstChild.nodeValue = 'show page tags';
+ linkbox.firstChild.nodeValue = $lang.get('tags_catbox_link');
linkbox.onclick = function() { ajaxCatToTag(); return false; };
catbox.innerHTML = catHTMLBuf;
catHTMLBuf = false;
@@ -1121,7 +1147,7 @@
if ( keepalive_interval )
clearInterval(keepalive_interval);
var span = document.getElementById('keepalivestat');
- span.firstChild.nodeValue = 'Turn on keep-alive';
+ span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_off');
}
else
{
@@ -1129,7 +1155,7 @@
if ( !keepalive_interval )
keepalive_interval = setInterval('ajaxPingServer();', 600000);
var span = document.getElementById('keepalivestat');
- span.firstChild.nodeValue = 'Turn off keep-alive';
+ span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_on');
ajaxPingServer();
}
}
@@ -1141,20 +1167,50 @@
if ( !keepalive_interval )
keepalive_interval = setInterval('ajaxPingServer();', 600000);
var span = document.getElementById('keepalivestat');
- span.firstChild.nodeValue = 'Turn off keep-alive';
- ajaxPingServer();
+ span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_on');
}
else
{
if ( keepalive_interval )
clearInterval(keepalive_interval);
var span = document.getElementById('keepalivestat');
- span.firstChild.nodeValue = 'Turn on keep-alive';
+ span.firstChild.nodeValue = $lang.get('adm_btn_keepalive_off');
}
};
function aboutKeepAlive()
{
- new messagebox(MB_OK|MB_ICONINFORMATION, 'About the keep-alive feature', 'Keep-alive is a new Enano feature that keeps your administrative session from timing out while you are using the administration panel. This feature can be useful if you are editing a large page or doing something in the administration interface that will take longer than 15 minutes.<br /><br />For security reasons, Enano mandates that high-privilege logins last only 15 minutes, with the time being reset each time a page is loaded (or, more specifically, each time the session API is started). The consequence of this is that if you are performing an action in the administration panel that takes more than 15 minutes, your session may be terminated. The keep-alive feature attempts to relieve this by sending a "ping" to the server every 10 minutes.<br /><br />Please note that keep-alive state is determined by a cookie. Thus, if you log out and then back in as a different administrator, keep-alive will use the same setting that was used when you were logged in as the first administrative user. In the same way, if you log into the administration panel under your account from another computer, keep-alive will be set to "off".');
+ new messagebox(MB_OK|MB_ICONINFORMATION, $lang.get('user_keepalive_info_title'), $lang.get('user_keepalive_info_body'));
}
+function ajaxShowCaptcha(code)
+{
+ var mydiv = document.createElement('div');
+ mydiv.style.backgroundColor = '#FFFFFF';
+ mydiv.style.padding = '10px';
+ mydiv.style.position = 'absolute';
+ mydiv.style.top = '0px';
+ mydiv.id = 'autoCaptcha';
+ mydiv.style.zIndex = String( getHighestZ() + 1 );
+ var img = document.createElement('img');
+ img.onload = function()
+ {
+ if ( this.loaded )
+ return true;
+ var mydiv = document.getElementById('autoCaptcha');
+ var width = getWidth();
+ var divw = $(mydiv).Width();
+ var left = ( width / 2 ) - ( divw / 2 );
+ mydiv.style.left = left + 'px';
+ fly_in_top(mydiv, false, true);
+ this.loaded = true;
+ };
+ img.src = makeUrlNS('Special', 'Captcha/' + code);
+ img.onclick = function() { this.src = this.src + '/a'; };
+ img.style.cursor = 'pointer';
+ mydiv.appendChild(img);
+ domObjChangeOpac(0, mydiv);
+ var body = document.getElementsByTagName('body')[0];
+ body.appendChild(mydiv);
+}
+
--- a/includes/clientside/static/autocomplete.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/autocomplete.js Sat Nov 03 07:43:35 2007 -0400
@@ -160,7 +160,24 @@
thediv.id = id;
unObj.onblur = function() { destroyUsernameDropdowns(); }
- eval(ajax.responseText);
+ var response = String(ajax.responseText) + ' ';
+ if ( response.substr(0,1) != '{' )
+ {
+ new messagebox(MB_OK|MB_ICONSTOP, 'Invalid response', 'Invalid or unexpected JSON response from server:<pre>' + ajax.responseText + '</pre>');
+ return false;
+ }
+
+ response = parseJSON(response);
+ var errorstring = false;
+ if ( response.mode == 'error' )
+ {
+ errorstring = response.error;
+ }
+ else
+ {
+ var userlist = response.users_real;
+ }
+
if(errorstring)
{
html = '<span style="color: #555; padding: 4px;">'+errorstring+'</span>';
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/includes/clientside/static/autofill.js Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,512 @@
+/**
+ * Javascript auto-completion for form fields.
+ */
+
+var af_current = false;
+
+function AutofillUsername(parent, event, allowanon)
+{
+ // if this is IE, use the old code
+ if ( IE )
+ {
+ ajaxUserNameComplete(parent);
+ return false;
+ }
+ if ( parent.afobj )
+ {
+ parent.afobj.go();
+ return true;
+ }
+
+ parent.autocomplete = 'off';
+ parent.setAttribute('autocomplete', 'off');
+
+ this.repeat = false;
+ this.event = event;
+ this.box_id = false;
+ this.boxes = new Array();
+ this.state = false;
+ this.allowanon = ( allowanon ) ? true : false;
+
+ if ( !parent.id )
+ parent.id = 'afuser_' + Math.floor(Math.random() * 1000000);
+
+ this.field_id = parent.id;
+
+ // constants
+ this.KEY_UP = 38;
+ this.KEY_DOWN = 40;
+ this.KEY_ESC = 27;
+ this.KEY_TAB = 9;
+ this.KEY_ENTER = 13;
+
+ // response cache
+ this.responses = new Object();
+
+ // ajax placeholder
+ this.process_dataset = function(resp_json)
+ {
+ // window.console.info('Processing the following dataset.');
+ // window.console.debug(resp_json);
+ var autofill = this;
+
+ if ( typeof(autofill.event) == 'object' )
+ {
+ if ( autofill.event.keyCode )
+ {
+ if ( autofill.event.keyCode == autofill.KEY_ENTER && autofill.boxes.length < 1 && !autofill.box_id )
+ {
+ // user hit enter after accepting a suggestion - submit the form
+ var frm = findParentForm($(autofill.field_id).object);
+ frm._af_acting = false;
+ frm.submit();
+ // window.console.info('Submitting form');
+ return false;
+ }
+ if ( autofill.event.keyCode == autofill.KEY_UP || autofill.event.keyCode == autofill.KEY_DOWN || autofill.event.keyCode == autofill.KEY_ESC || autofill.event.keyCode == autofill.KEY_TAB || autofill.event.keyCode == autofill.KEY_ENTER )
+ {
+ autofill.keyhandler();
+ // window.console.info('Control key detected, called keyhandler and exiting');
+ return true;
+ }
+ }
+ }
+
+ if ( this.box_id )
+ {
+ this.destroy();
+ // window.console.info('already have a box open - destroying and exiting');
+ //return false;
+ }
+
+ var users = new Array();
+ for ( var i = 0; i < resp_json.users_real.length; i++ )
+ {
+ try
+ {
+ var user = resp_json.users_real[i].toLowerCase();
+ var inp = $(autofill.field_id).object.value;
+ inp = inp.toLowerCase();
+ if ( user.indexOf(inp) > -1 )
+ {
+ users.push(resp_json.users_real[i]);
+ }
+ }
+ catch(e)
+ {
+ users.push(resp_json.users_real[i]);
+ }
+ }
+
+ // This was used ONLY for debugging the DOM and list logic
+ // resp_json.users = resp_json.users_real;
+
+ // construct table
+ var div = document.createElement('div');
+ div.className = 'tblholder';
+ div.style.clip = 'rect(0px,auto,auto,0px)';
+ div.style.maxHeight = '200px';
+ div.style.overflow = 'auto';
+ div.style.zIndex = '9999';
+ var table = document.createElement('table');
+ table.border = '0';
+ table.cellSpacing = '1';
+ table.cellPadding = '3';
+
+ var tr = document.createElement('tr');
+ var th = document.createElement('th');
+ th.appendChild(document.createTextNode('Username suggestions'));
+ tr.appendChild(th);
+ table.appendChild(tr);
+
+ if ( users.length < 1 )
+ {
+ var tr = document.createElement('tr');
+ var td = document.createElement('td');
+ td.className = 'row1';
+ td.appendChild(document.createTextNode('No suggestions'));
+ td.afobj = autofill;
+ tr.appendChild(td);
+ table.appendChild(tr);
+ }
+ else
+
+ for ( var i = 0; i < users.length; i++ )
+ {
+ var user = users[i];
+ var tr = document.createElement('tr');
+ var td = document.createElement('td');
+ td.className = ( i == 0 ) ? 'row2' : 'row1';
+ td.appendChild(document.createTextNode(user));
+ td.afobj = autofill;
+ td.style.cursor = 'pointer';
+ td.onclick = function()
+ {
+ this.afobj.set(this.firstChild.nodeValue);
+ }
+ tr.appendChild(td);
+ table.appendChild(tr);
+ }
+
+ // Finalize div
+ var tb_top = $(autofill.field_id).Top();
+ var tb_height = $(autofill.field_id).Height();
+ var af_top = tb_top + tb_height - 9;
+ var tb_left = $(autofill.field_id).Left();
+ var af_left = tb_left;
+
+ div.style.position = 'absolute';
+ div.style.left = af_left + 'px';
+ div.style.top = af_top + 'px';
+ div.style.width = '200px';
+ div.style.fontSize = '7pt';
+ div.style.fontFamily = 'Trebuchet MS, arial, helvetica, sans-serif';
+ div.id = 'afuserdrop_' + Math.floor(Math.random() * 1000000);
+ div.appendChild(table);
+
+ autofill.boxes.push(div.id);
+ autofill.box_id = div.id;
+ if ( users.length > 0 )
+ autofill.state = users[0];
+
+ var body = document.getElementsByTagName('body')[0];
+ body.appendChild(div);
+
+ autofill.repeat = true;
+ }
+
+ // perform ajax call
+ this.fetch_and_process = function()
+ {
+ af_current = this;
+ var processResponse = function()
+ {
+ if ( ajax.readyState == 4 )
+ {
+ var afobj = af_current;
+ af_current = false;
+ // parse the JSON response
+ var response = String(ajax.responseText) + ' ';
+ if ( response.substr(0,1) != '{' )
+ {
+ new messagebox(MB_OK|MB_ICONSTOP, 'Invalid response', 'Invalid or unexpected JSON response from server:<pre>' + ajax.responseText + '</pre>');
+ return false;
+ }
+ if ( $(afobj.field_id).object.value.length < 3 )
+ return false;
+ var resp_json = parseJSON(response);
+ var resp_code = $(afobj.field_id).object.value.toLowerCase().substr(0, 3);
+ afobj.responses[resp_code] = resp_json;
+ afobj.process_dataset(resp_json);
+ }
+ }
+ var usernamefragment = ajaxEscape($(this.field_id).object.value);
+ ajaxGet(stdAjaxPrefix + '&_mode=fillusername&name=' + usernamefragment + '&allowanon=' + ( this.allowanon ? '1' : '0' ), processResponse);
+ }
+
+ this.go = function()
+ {
+ if ( document.getElementById(this.field_id).value.length < 3 )
+ {
+ this.destroy();
+ return false;
+ }
+
+ if ( af_current )
+ return false;
+
+ var resp_code = $(this.field_id).object.value.toLowerCase().substr(0, 3);
+ if ( this.responses.length < 1 || ! this.responses[ resp_code ] )
+ {
+ // window.console.info('Cannot find dataset ' + resp_code + ' in cache, sending AJAX request');
+ this.fetch_and_process();
+ }
+ else
+ {
+ // window.console.info('Using cached dataset: ' + resp_code);
+ var resp_json = this.responses[ resp_code ];
+ this.process_dataset(resp_json);
+ }
+ document.getElementById(this.field_id).onkeyup = function(event)
+ {
+ this.afobj.event = event;
+ this.afobj.go();
+ }
+ document.getElementById(this.field_id).onkeydown = function(event)
+ {
+ var form = findParentForm(this);
+ if ( typeof(event) != 'object' )
+ var event = window.event;
+ if ( typeof(event) == 'object' )
+ {
+ if ( event.keyCode == this.afobj.KEY_ENTER && this.afobj.boxes.length < 1 && !this.afobj.box_id )
+ {
+ // user hit enter after accepting a suggestion - submit the form
+ form._af_acting = false;
+ return true;
+ }
+ }
+ form._af_acting = true;
+ }
+ }
+
+ this.keyhandler = function()
+ {
+ var key = this.event.keyCode;
+ if ( key == this.KEY_ENTER && !this.repeat )
+ {
+ var form = findParentForm($(this.field_id).object);
+ form._af_acting = false;
+ return true;
+ }
+ switch(key)
+ {
+ case this.KEY_UP:
+ this.focus_up();
+ break;
+ case this.KEY_DOWN:
+ this.focus_down();
+ break;
+ case this.KEY_ESC:
+ this.destroy();
+ break;
+ case this.KEY_TAB:
+ this.destroy();
+ break;
+ case this.KEY_ENTER:
+ this.set();
+ break;
+ }
+
+ var form = findParentForm($(this.field_id).object);
+ form._af_acting = false;
+ }
+
+ this.get_state_td = function()
+ {
+ var div = document.getElementById(this.box_id);
+ if ( !div )
+ return false;
+ if ( !this.state )
+ return false;
+ var table = div.firstChild;
+ for ( var i = 1; i < table.childNodes.length; i++ )
+ {
+ // the table is DOM-constructed so no cruddy HTML hacks :-)
+ var child = table.childNodes[i];
+ var tn = child.firstChild.firstChild;
+ if ( tn.nodeValue == this.state )
+ return child.firstChild;
+ }
+ return false;
+ }
+
+ this.focus_down = function()
+ {
+ var state_td = this.get_state_td();
+ if ( !state_td )
+ return false;
+ if ( state_td.parentNode.nextSibling )
+ {
+ // Ooh boy, DOM stuff can be so complicated...
+ // <tr> --> <tr>
+ // <td> <td>
+ // user user
+
+ var newstate = state_td.parentNode.nextSibling.firstChild.firstChild.nodeValue;
+ if ( !newstate )
+ return false;
+ this.state = newstate;
+ state_td.className = 'row1';
+ state_td.parentNode.nextSibling.firstChild.className = 'row2';
+
+ // Exception - automatically scroll around if the item is off-screen
+ var height = $(this.box_id).Height();
+ var top = $(this.box_id).object.scrollTop;
+ var scroll_bottom = height + top;
+
+ var td_top = $(state_td.parentNode.nextSibling.firstChild).Top() - $(this.box_id).Top();
+ var td_height = $(state_td.parentNode.nextSibling.firstChild).Height();
+ var td_bottom = td_top + td_height;
+
+ if ( td_bottom > scroll_bottom )
+ {
+ var scrollY = td_top - height + 2*td_height - 7;
+ // window.console.debug(scrollY);
+ $(this.box_id).object.scrollTop = scrollY;
+ /*
+ var newtd = state_td.parentNode.nextSibling.firstChild;
+ var a = document.createElement('a');
+ var id = 'autofill' + Math.floor(Math.random() * 100000);
+ a.name = id;
+ a.id = id;
+ newtd.appendChild(a);
+ window.location.hash = '#' + id;
+ */
+
+ // In firefox, scrolling like that makes the field get unfocused
+ $(this.field_id).object.focus();
+ }
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ this.focus_up = function()
+ {
+ var state_td = this.get_state_td();
+ if ( !state_td )
+ return false;
+ if ( state_td.parentNode.previousSibling && state_td.parentNode.previousSibling.firstChild.tagName != 'TH' )
+ {
+ // Ooh boy, DOM stuff can be so complicated...
+ // <tr> <-- <tr>
+ // <td> <td>
+ // user user
+
+ var newstate = state_td.parentNode.previousSibling.firstChild.firstChild.nodeValue;
+ if ( !newstate )
+ {
+ return false;
+ }
+ this.state = newstate;
+ state_td.className = 'row1';
+ state_td.parentNode.previousSibling.firstChild.className = 'row2';
+
+ // Exception - automatically scroll around if the item is off-screen
+ var top = $(this.box_id).object.scrollTop;
+
+ var td_top = $(state_td.parentNode.previousSibling.firstChild).Top() - $(this.box_id).Top();
+
+ if ( td_top < top )
+ {
+ $(this.box_id).object.scrollTop = td_top - 10;
+ /*
+ var newtd = state_td.parentNode.previousSibling.firstChild;
+ var a = document.createElement('a');
+ var id = 'autofill' + Math.floor(Math.random() * 100000);
+ a.name = id;
+ a.id = id;
+ newtd.appendChild(a);
+ window.location.hash = '#' + id;
+ */
+
+ // In firefox, scrolling like that makes the field get unfocused
+ $(this.field_id).object.focus();
+ }
+ }
+ else
+ {
+ $(this.box_id).object.scrollTop = 0;
+ return false;
+ }
+ }
+
+ this.destroy = function()
+ {
+ this.repeat = false;
+ var body = document.getElementsByTagName('body')[0];
+ var div = document.getElementById(this.box_id);
+ if ( !div )
+ return false;
+ setTimeout('var body = document.getElementsByTagName("body")[0]; body.removeChild(document.getElementById("'+div.id+'"));', 20);
+ // hackish workaround for divs that stick around past their welcoming period
+ for ( var i = 0; i < this.boxes.length; i++ )
+ {
+ var div = document.getElementById(this.boxes[i]);
+ if ( div )
+ setTimeout('var body = document.getElementsByTagName("body")[0]; var div = document.getElementById("'+div.id+'"); if ( div ) body.removeChild(div);', 20);
+ delete(this.boxes[i]);
+ }
+ this.box_id = false;
+ this.state = false;
+ }
+
+ this.set = function(val)
+ {
+ var ta = document.getElementById(this.field_id);
+ if ( val )
+ ta.value = val;
+ else if ( this.state )
+ ta.value = this.state;
+ this.destroy();
+ }
+
+ this.sleep = function()
+ {
+ if ( this.box_id )
+ {
+ var div = document.getElementById(this.box_id);
+ div.style.display = 'none';
+ }
+ var el = $(this.field_id).object;
+ var fr = findParentForm(el);
+ el._af_acting = false;
+ }
+
+ this.wake = function()
+ {
+ if ( this.box_id )
+ {
+ var div = document.getElementById(this.box_id);
+ div.style.display = 'block';
+ }
+ }
+
+ parent.onblur = function()
+ {
+ af_current = this.afobj;
+ window.setTimeout('if ( af_current ) af_current.sleep(); af_current = false;', 50);
+ }
+
+ parent.onfocus = function()
+ {
+ af_current = this.afobj;
+ window.setTimeout('if ( af_current ) af_current.wake(); af_current = false;', 50);
+ }
+
+ parent.afobj = this;
+ var frm = findParentForm(parent);
+ if ( frm.onsubmit )
+ {
+ frm.orig_onsubmit = frm.onsubmit;
+ frm.onsubmit = function(e)
+ {
+ if ( this._af_acting )
+ return false;
+ this.orig_onsubmit(e);
+ }
+ }
+ else
+ {
+ frm.onsubmit = function()
+ {
+ if ( this._af_acting )
+ return false;
+ }
+ }
+
+ if ( parent.value.length < 3 )
+ {
+ this.destroy();
+ return false;
+ }
+}
+
+function findParentForm(o)
+{
+ if ( o.tagName == 'FORM' )
+ return o;
+ while(true)
+ {
+ o = o.parentNode;
+ if ( !o )
+ return false;
+ if ( o.tagName == 'FORM' )
+ return o;
+ }
+ return false;
+}
+
--- a/includes/clientside/static/comments.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/comments.js Sat Nov 03 07:43:35 2007 -0400
@@ -48,7 +48,7 @@
annihiliateComment(response.id);
break;
case 'materialize':
- alert('Your comment has been posted. If it does not appear right away, it is probably awaiting approval.');
+ alert($lang.get('comment_msg_comment_posted'));
hideCommentForm();
materializeComment(response);
break;
@@ -70,36 +70,43 @@
// Header
- html += '<h3>Article Comments</h3>';
+ html += '<h3>' + $lang.get('comment_heading') + '</h3>';
- var ns = ( strToPageID(title)[1]=='Article' ) ? 'article' : ( strToPageID(title)[1].toLowerCase() ) + ' page';
+ var ns = ENANO_PAGE_TYPE;
// Counters
if ( data.auth_mod_comments )
{
var cnt = ( data.auth_mod_comments ) ? data.count_total : data.count_appr;
- if ( cnt == 0 ) cnt = 'no';
- var s = ( cnt == 1 ) ? '' : 's';
- var is = ( cnt == 1 ) ? 'is' : 'are';
- html += "<p id=\"comment_status\">There "+is+" " + cnt + " comment"+s+" on this "+ns+".";
+
+ var subst = {
+ num_comments: cnt,
+ page_type: ns
+ }
+ var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) );
+
+ html += "<p id=\"comment_status\"><span>" + count_msg + '</span>';
if ( data.count_unappr > 0 )
{
- html += ' <span style="color: #D84308">' + data.count_unappr + ' of those are unapproved.</span>';
+ html += ' <span style="color: #D84308" id="comment_status_unapp">' + $lang.get('comment_msg_count_unapp_mod', { num_unapp: data.count_unappr }) + '</span>';
}
html += '</p>';
}
else
{
var cnt = data.count_appr;
- if ( cnt == 0 ) cnt = 'no';
- var s = ( cnt == 1 ) ? '' : 's';
- var is = ( cnt == 1 ) ? 'is' : 'are';
- html += "<p id=\"comment_status\">There "+is+" " + cnt + " comment"+s+" on this "+ns+".";
+
+ var subst = {
+ num_comments: cnt,
+ page_type: ns
+ }
+ var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) );
+
+ html += "<p id=\"comment_status\">" + count_msg;
if ( data.count_unappr > 0 )
{
- var s = ( data.count_unappr == 1 ) ? '' : 's';
- var is = ( data.count_unappr == 1 ) ? 'is' : 'are';
- html += ' However, there '+is+' '+data.count_unappr+' additional comment'+s+' awaiting approval.';
+ var unappr_msg = ( data.count_unappr == 1 ) ? $lang.get('comment_msg_count_unapp_one') : $lang.get('comment_msg_count_unapp_plural', { num_unapp: data.count_unappr });
+ html += ' ' + unappr_msg;
}
html += '</p>';
}
@@ -118,28 +125,28 @@
// Posting form
- html += '<h3>Got something to say?</h3>';
- html += '<p>If you have comments or suggestions on this article, you can shout it out here.';
+ html += '<h3>' + $lang.get('comment_postform_title') + '</h3>';
+ html += '<p>' + $lang.get('comment_postform_blurb');
if ( data.approval_needed )
- html+=' Before your post will be visible to the public, a moderator will have to approve it.';
- html += ' <a id="leave_comment_button" href="#" onclick="displayCommentForm(); return false;">Leave a comment...</a></p>';
+ html+=' ' + $lang.get('comment_postform_blurb_unapp');
+ html += ' <a id="leave_comment_button" href="#" onclick="displayCommentForm(); return false;">' + $lang.get('comment_postform_blurb_link') + '</a></p>';
html += '<div id="comment_form" style="display: none;">';
html += ' <table border="0">';
- html += ' <tr><td>Your name/screen name:</td><td>';
+ html += ' <tr><td>' + $lang.get('comment_postform_field_name') + '</td><td>';
if ( data.user_id > 1 ) html += data.username + '<input id="commentform_name" type="hidden" value="'+data.username+'" size="40" />';
else html += '<input id="commentform_name" type="text" size="40" />';
html += ' </td></tr>';
- html += ' <tr><td>Comment subject:</td><td><input id="commentform_subject" type="text" size="40" /></td></tr>';
- html += ' <tr><td>Comment:</td><td><textarea id="commentform_message" rows="15" cols="50"></textarea></td></tr>';
+ html += ' <tr><td>' + $lang.get('comment_postform_field_subject') + '</td><td><input id="commentform_subject" type="text" size="40" /></td></tr>';
+ html += ' <tr><td>' + $lang.get('comment_postform_field_comment') + '</td><td><textarea id="commentform_message" rows="15" cols="50"></textarea></td></tr>';
if ( !data.logged_in && data.guest_posting == '1' )
{
- html += ' <tr><td>Visual confirmation:<br /><small>Please enter the confirmation code seen in the image on the right into the box. If you cannot read the code, please click on the image to generate a new one. This helps to prevent automated bot posting.</small></td><td>';
+ html += ' <tr><td>' + $lang.get('comment_postform_field_captcha_title') + '<br /><small>' + $lang.get('comment_postform_field_captcha_blurb') + '</small></td><td>';
html += ' <img alt="CAPTCHA image" src="'+makeUrlNS('Special', 'Captcha/' + data.captcha)+'" onclick="this.src=\''+makeUrlNS('Special', 'Captcha/' + data.captcha)+'/\'+Math.floor(Math.random()*10000000);" style="cursor: pointer;" /><br />';
- html += ' Confirmation code: <input type="text" size="8" id="commentform_captcha" />';
+ html += ' ' + $lang.get('comment_postform_field_captcha_label') + ' <input type="text" size="8" id="commentform_captcha" />';
html += ' <!-- This input is used to track the ID of the CAPTCHA image --> <input type="hidden" id="commentform_captcha_id" value="'+data.captcha+'" />';
html += ' </td></tr>';
}
- html += ' <tr><td colspan="2" style="text-align: center;"><input type="button" onclick="submitComment();" value="Submit comment" /></td></tr>';
+ html += ' <tr><td colspan="2" style="text-align: center;"><input type="button" onclick="submitComment();" value="' + $lang.get('comment_postform_btn_submit') + '" /></td></tr>';
html += ' </table>';
html += '</div>';
@@ -171,7 +178,7 @@
tplvars.SIGNATURE = this_comment.signature;
if ( this_comment.approved != '1' )
- tplvars.SUBJECT += ' <span style="color: #D84308">(Unapproved)</span>';
+ tplvars.SUBJECT += ' <span style="color: #D84308">' + $lang.get('comment_msg_note_unapp') + '</span>';
// Name
tplvars.NAME = this_comment.name;
@@ -179,29 +186,29 @@
tplvars.NAME = '<a href="' + makeUrlNS('User', this_comment.name) + '">' + this_comment.name + '</a>';
// User level
- tplvars.USER_LEVEL = 'Guest';
- if ( this_comment.user_level >= data.user_level.member ) tplvars.USER_LEVEL = 'Member';
- if ( this_comment.user_level >= data.user_level.mod ) tplvars.USER_LEVEL = 'Moderator';
- if ( this_comment.user_level >= data.user_level.admin ) tplvars.USER_LEVEL = 'Administrator';
-
+ tplvars.USER_LEVEL = $lang.get('user_type_guest');
+ if ( this_comment.user_level >= data.user_level.member ) tplvars.USER_LEVEL = $lang.get('user_type_member');
+ if ( this_comment.user_level >= data.user_level.mod ) tplvars.USER_LEVEL = $lang.get('user_type_mod');
+ if ( this_comment.user_level >= data.user_level.admin ) tplvars.USER_LEVEL = $lang.get('user_type_admin');
+
// Send PM link
- tplvars.SEND_PM_LINK=(this_comment.user_id>1 && data.logged_in)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/Compose/To/' + ( this_comment.name.replace(/ /g, '_') )) +'">Send private message</a><br />':'';
+ tplvars.SEND_PM_LINK=(this_comment.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/Compose/To/' + ( this_comment.name.replace(/ /g, '_') )) +'">' + $lang.get('comment_btn_send_privmsg') + '</a><br />':'';
// Add buddy link
- tplvars.ADD_BUDDY_LINK=(this_comment.user_id>1 && data.logged_in && this_comment.is_buddy != 1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' + ( this_comment.name.replace(/ /g, '_') )) +'">Add to buddy list</a><br />':'';
+ tplvars.ADD_BUDDY_LINK=(this_comment.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' + ( this_comment.name.replace(/ /g, '_') )) +'">' + $lang.get('comment_btn_add_buddy') + '</a><br />':'';
// Edit link
- tplvars.EDIT_LINK='<a href="#edit_'+i+'" onclick="editComment(\''+i+'\', this); return false;" id="cmteditlink_'+i+'">edit</a>';
+ tplvars.EDIT_LINK='<a href="#edit_'+i+'" onclick="editComment(\''+i+'\', this); return false;" id="cmteditlink_'+i+'">' + $lang.get('comment_btn_edit') + '</a>';
// Delete link
- tplvars.DELETE_LINK='<a href="#delete_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">delete</a>';
+ tplvars.DELETE_LINK='<a href="#delete_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">' + $lang.get('comment_btn_delete') + '</a>';
// Moderation: (Un)approve link
- var appr = ( this_comment.approved == 1 ) ? 'Unapprove' : 'Approve';
+ var appr = ( this_comment.approved == 1 ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve');
tplvars.MOD_APPROVE_LINK='<a href="#approve_'+i+'" id="comment_approve_'+i+'" onclick="approveComment(\''+i+'\'); return false;">'+appr+'</a>';
// Moderation: Delete post link
- tplvars.MOD_DELETE_LINK='<a href="#mod_del_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">Delete</a>';
+ tplvars.MOD_DELETE_LINK='<a href="#mod_del_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">' + $lang.get('comment_btn_mod_delete') + '</a>';
var tplbool = new Object();
@@ -212,9 +219,9 @@
tplbool.is_foe = ( this_comment.is_buddy == 1 && this_comment.is_friend == 0 );
if ( tplbool.is_friend )
- tplvars.USER_LEVEL += '<br /><b>On your friend list</b>';
+ tplvars.USER_LEVEL += '<br /><b>' + $lang.get('comment_on_friend_list') + '</b>';
else if ( tplbool.is_foe )
- tplvars.USER_LEVEL += '<br /><b>On your foe list</b>';
+ tplvars.USER_LEVEL += '<br /><b>' + $lang.get('comment_on_foe_list') + '</b>';
parser.assign_vars(tplvars);
parser.assign_bool(tplbool);
@@ -255,7 +262,7 @@
cmt.appendChild(ta);
link.style.fontWeight = 'bold';
- link.innerHTML = 'save';
+ link.innerHTML = $lang.get('comment_btn_save');
link.onclick = function() { var id = this.id.substr(this.id.indexOf('_')+1); saveComment(id, this); return false; };
}
@@ -273,7 +280,7 @@
'subj' : subj
};
link.style.fontWeight = 'normal';
- link.innerHTML = 'edit';
+ link.innerHTML = $lang.get('comment_btn_edit');
link.onclick = function() { var id = this.id.substr(this.id.indexOf('_')+1); editComment(id, this); return false; };
ajaxComments(req);
}
@@ -282,7 +289,7 @@
{
if ( !shift )
{
- var c = confirm('Do you really want to delete this comment?');
+ var c = confirm($lang.get('comment_msg_delete_confirm'));
if(!c)
return false;
}
@@ -340,36 +347,17 @@
}
if ( data.approved && data.approved != '1' )
{
- document.getElementById('subject_' + data.id).innerHTML += ' <span style="color: #D84308">(Unapproved)</span>';
+ document.getElementById('subject_' + data.id).innerHTML += ' <span style="color: #D84308">' + $lang.get('comment_msg_note_unapp') + '</span>';
}
if ( data.approved && ( typeof(data.approve_updated) == 'string' && data.approve_updated == 'yes' ) )
{
- var appr = ( data.approved == '1' ) ? 'Unapprove' : 'Approve';
+ var appr = ( data.approved == '1' ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve');
document.getElementById('comment_approve_'+data.id).innerHTML = appr;
- // Update approval status
- var p = document.getElementById('comment_status');
- var count = p.firstChild.nodeValue.split(' ')[2];
-
- if ( p.firstChild.nextSibling )
- {
- var span = p.firstChild.nextSibling;
- var is = ( data.approved == '1' ) ? -1 : 1;
- var n_unapp = parseInt(span.firstChild.nodeValue.split(' ')[0]) + is;
- n_unapp = n_unapp + '';
- }
+ if ( data.approved == '1' )
+ comment_decrement_unapproval();
else
- {
- var span = document.createElement('span');
- p.innerHTML += ' ';
- span.innerHTML = ' ';
- span.style.color = '#D84308';
- var n_unapp = '1';
- p.appendChild(span);
- }
- span.innerHTML = n_unapp + ' of those are unapproved.';
- if ( n_unapp == '0' )
- p.removeChild(span);
+ comment_increment_unapproval();
}
if ( data.text )
{
@@ -396,41 +384,24 @@
// Does the actual DOM object removal
function annihiliateComment(id) // Did I spell that right?
{
- // Approved?
- var p = document.getElementById('comment_status');
-
+ var approved = true;
if(document.getElementById('comment_approve_'+id))
{
var appr = document.getElementById('comment_approve_'+id).firstChild.nodeValue;
- if ( p.firstChild.nextSibling && appr == 'Approve' )
+ if ( appr == $lang.get('comment_btn_mod_approve') )
{
- var span = p.firstChild.nextSibling;
- var t = span.firstChild.nodeValue;
- var n_unapp = ( parseInt(t.split(' ')[0]) ) - 1;
- if ( n_unapp == 0 )
- p.removeChild(span);
- else
- span.firstChild.nodeValue = n_unapp + t.substr(t.indexOf(' '));
+ approved = false;
}
}
var div = document.getElementById('comment_holder_'+id);
div.parentNode.removeChild(div);
- var t = p.firstChild.nodeValue.split(' ');
- t[2] = ( parseInt(t[2]) - 1 ) + '';
- delete(t.toJSONString);
- if ( t[2] == '1' )
+
+ // update approval status
+ if ( document.getElementById('comment_count_unapp_inner') && !approved )
{
- t[1] = 'is';
- t[3] = 'comment';
+ comment_decrement_unapproval();
}
- else
- {
- t[1] = 'are';
- t[3] = 'comments';
- }
- t = implode(' ', t);
- p.firstChild.nodeValue = t;
}
function materializeComment(data)
@@ -465,32 +436,32 @@
tplvars.NAME = '<a href="' + makeUrlNS('User', data.name) + '">' + data.name + '</a>';
if ( data.approved != '1' )
- tplvars.SUBJECT += ' <span style="color: #D84308">(Unapproved)</span>';
+ tplvars.SUBJECT += ' <span style="color: #D84308">' + $lang.get('comment_msg_note_unapp') + '</span>';
// User level
- tplvars.USER_LEVEL = 'Guest';
- if ( data.user_level >= data.user_level_list.member ) tplvars.USER_LEVEL = 'Member';
- if ( data.user_level >= data.user_level_list.mod ) tplvars.USER_LEVEL = 'Moderator';
- if ( data.user_level >= data.user_level_list.admin ) tplvars.USER_LEVEL = 'Administrator';
+ tplvars.USER_LEVEL = $lang.get('user_type_guest');
+ if ( data.user_level >= data.user_level_list.member ) tplvars.USER_LEVEL = $lang.get('user_type_member');
+ if ( data.user_level >= data.user_level_list.mod ) tplvars.USER_LEVEL = $lang.get('user_type_mod');
+ if ( data.user_level >= data.user_level_list.admin ) tplvars.USER_LEVEL = $lang.get('user_type_admin');
// Send PM link
- tplvars.SEND_PM_LINK=(data.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/Compose/To/' + ( data.name.replace(/ /g, '_') )) +'">Send private message</a><br />':'';
+ tplvars.SEND_PM_LINK=(data.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/Compose/To/' + ( data.name.replace(/ /g, '_') )) +'">' + $lang.get('comment_btn_send_privmsg') + '</a><br />':'';
// Add buddy link
- tplvars.ADD_BUDDY_LINK=(data.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' + ( data.name.replace(/ /g, '_') )) +'">Add to buddy list</a><br />':'';
+ tplvars.ADD_BUDDY_LINK=(data.user_id>1)?'<a onclick="window.open(this.href); return false;" href="'+ makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' + ( data.name.replace(/ /g, '_') )) +'">' + $lang.get('comment_btn_add_buddy') + '</a><br />':'';
// Edit link
- tplvars.EDIT_LINK='<a href="#edit_'+i+'" onclick="editComment(\''+i+'\', this); return false;" id="cmteditlink_'+i+'">edit</a>';
+ tplvars.EDIT_LINK='<a href="#edit_'+i+'" onclick="editComment(\''+i+'\', this); return false;" id="cmteditlink_'+i+'">' + $lang.get('comment_btn_edit') + '</a>';
// Delete link
- tplvars.DELETE_LINK='<a href="#delete_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">delete</a>';
+ tplvars.DELETE_LINK='<a href="#delete_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">' + $lang.get('comment_btn_delete') + '</a>';
// Moderation: (Un)approve link
- var appr = ( data.approved == 1 ) ? 'Unapprove' : 'Approve';
+ var appr = ( data.approved == 1 ) ? $lang.get('comment_btn_mod_unapprove') : $lang.get('comment_btn_mod_approve');
tplvars.MOD_APPROVE_LINK='<a href="#approve_'+i+'" id="comment_approve_'+i+'" onclick="approveComment(\''+i+'\'); return false;">'+appr+'</a>';
// Moderation: Delete post link
- tplvars.MOD_DELETE_LINK='<a href="#mod_del_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">Delete</a>';
+ tplvars.MOD_DELETE_LINK='<a href="#mod_del_'+i+'" onclick="deleteComment(\''+i+'\'); return false;">' + $lang.get('comment_btn_mod_delete') + '</a>';
var tplbool = new Object();
@@ -519,50 +490,80 @@
document.getElementById('comment_source_'+i).value = data.comment_source;
- var p = document.getElementById('comment_status');
- var t = p.firstChild.nodeValue.split(' ');
- var n = ( isNaN(parseInt(t[2])) ) ? 0 : parseInt(t[2]);
- t[2] = ( n + 1 ) + '';
- delete(t.toJSONString);
- if ( t[2] == '1' )
- {
- t[1] = 'is';
- t[3] = 'comment';
+ var cnt = document.getElementById('comment_count_inner').innerHTML;
+ cnt = parseInt(cnt);
+ if ( isNaN(cnt) )
+ cnt = 0;
+
+ var subst = {
+ num_comments: cnt,
+ page_type: ENANO_PAGE_TYPE
}
- else
- {
- t[1] = 'are';
- t[3] = 'comments';
- }
- t = implode(' ', t);
- p.firstChild.nodeValue = t;
+
+ var count_msg = ( cnt == 0 ) ? $lang.get('comment_msg_count_zero', subst) : ( ( cnt == 1 ) ? $lang.get('comment_msg_count_one', subst) : $lang.get('comment_msg_count_plural', subst) );
+
+ document.getElementById('comment_status').firstChild.innerHTML = count_msg;
if(document.getElementById('comment_approve_'+i))
{
- var appr = document.getElementById('comment_approve_'+i).firstChild.nodeValue;
- if ( p.firstChild.nextSibling && appr == 'Approve' )
+ var is_unappr = document.getElementById('comment_approve_'+i).firstChild.nodeValue;
+ is_unappr = ( is_unappr == $lang.get('comment_btn_mod_approve') );
+ if ( is_unappr )
{
- var span = p.firstChild.nextSibling;
- var t = span.firstChild.nodeValue;
- var n_unapp = ( parseInt(t.split(' ')[0]) ) - 1;
- if ( n_unapp == 0 )
- p.removeChild(span);
- else
- span.firstChild.nodeValue = n_unapp + t.substr(t.indexOf(' '));
- }
- else if ( appr == 'Approve' && !p.firstChild.nextSibling )
- {
- var span = document.createElement('span');
- p.innerHTML += ' ';
- span.innerHTML = '1 of those are unapproved.';
- span.style.color = '#D84308';
- var n_unapp = '1';
- p.appendChild(span);
+ comment_increment_unapproval();
}
}
}
+function comment_decrement_unapproval()
+{
+ if ( document.getElementById('comment_count_unapp_inner') )
+ {
+ var num_unapp = parseInt(document.getElementById('comment_count_unapp_inner').innerHTML);
+ if ( !isNaN(num_unapp) )
+ {
+ num_unapp = num_unapp - 1;
+ if ( num_unapp == 0 )
+ {
+ var p = document.getElementById('comment_status');
+ p.removeChild(p.childNodes[2]);
+ p.removeChild(p.childNodes[1]);
+ }
+ else
+ {
+ var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: num_unapp });
+ document.getElementById('comment_count_unapp_inner').parentNode.innerHTML = count_msg;
+ }
+ }
+ }
+}
+
+function comment_increment_unapproval()
+{
+ if ( document.getElementById('comment_count_unapp_inner') )
+ {
+ var num_unapp = parseInt(document.getElementById('comment_count_unapp_inner').innerHTML);
+ if ( isNaN(num_unapp) )
+ num_unapp = 0;
+ num_unapp = num_unapp + 1;
+ var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: num_unapp });
+ document.getElementById('comment_count_unapp_inner').parentNode.innerHTML = count_msg;
+ }
+ else
+ {
+ var count_msg = $lang.get('comment_msg_count_unapp_mod', { num_unapp: 1 });
+ var status = document.getElementById('comment_status');
+ if ( !status.childNodes[1] )
+ status.appendChild(document.createTextNode(' '));
+ var span = document.createElement('span');
+ span.id = 'comment_status_unapp';
+ span.style.color = '#D84308';
+ span.innerHTML = count_msg;
+ status.appendChild(span);
+ }
+}
+
function htmlspecialchars(text)
{
text = text.replace(/</g, '<');
--- a/includes/clientside/static/enano-lib-basic.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/enano-lib-basic.js Sat Nov 03 07:43:35 2007 -0400
@@ -112,6 +112,7 @@
var startwidth = false;
var startheight = false;
var do_width = false;
+var ajax_load_icon = scriptPath + '/images/loading.gif';
// You have an NSIS coder in your midst...
var MB_OK = 1;
@@ -264,6 +265,7 @@
'admin-menu.js',
'ajax.js',
'autocomplete.js',
+ 'autofill.js',
'base64.js',
'dropdown.js',
'faders.js',
@@ -275,6 +277,7 @@
'toolbar.js',
'windows.js',
'rijndael.js',
+ 'l10n.js',
'template-compiler.js',
'acl.js',
'comments.js',
@@ -283,6 +286,7 @@
'flyin.js',
'paginate.js',
'pwstrength.js',
+ 'SpryEffects.js',
'loader.js'
];
--- a/includes/clientside/static/faders.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/faders.js Sat Nov 03 07:43:35 2007 -0400
@@ -93,18 +93,29 @@
var y = getScrollOffset();
if(document.getElementById('messageBox')) return;
darken(true);
+ if ( aclDisableTransitionFX )
+ {
+ document.getElementById('specialLayer_darkener').style.zIndex = '5';
+ }
var master_div = document.createElement('div');
+ master_div.style.zIndex = '6';
var mydiv = document.createElement('div');
mydiv.style.width = '400px';
mydiv.style.height = '200px';
w = getWidth();
h = getHeight();
- //master_div.style.left = (w / 2) - 200+'px';
- //master_div.style.top = (h / 2) + y - 120+'px';
- master_div.style.top = '-10000px';
- master_div.style.position = ( IE ) ? 'absolute' : 'fixed';
- z = getHighestZ(); // document.getElementById('specialLayer_darkener').style.zIndex;
- mydiv.style.zIndex = parseInt(z) + 1;
+ if ( aclDisableTransitionFX )
+ {
+ master_div.style.left = ((w / 2) - 200)+'px';
+ master_div.style.top = ((h / 2) + y - 120)+'px';
+ master_div.style.position = 'absolute';
+ }
+ else
+ {
+ master_div.style.top = '-10000px';
+ master_div.style.position = ( IE ) ? 'absolute' : 'fixed';
+ }
+ z = ( aclDisableTransitionFX ) ? document.getElementById('specialLayer_darkener').style.zIndex : getHighestZ();
mydiv.style.backgroundColor = '#FFFFFF';
mydiv.style.padding = '10px';
mydiv.style.marginBottom = '1px';
@@ -115,11 +126,13 @@
buttondiv.style.width = '400px';
w = getWidth();
h = getHeight();
- // buttondiv.style.left = (w / 2) - 200+'px';
- // buttondiv.style.top = (h / 2) + y + 101+'px';
- // buttondiv.style.position = ( IE ) ? 'absolute' : 'fixed';
- z = getHighestZ(); // document.getElementById('specialLayer_darkener').style.zIndex;
- buttondiv.style.zIndex = parseInt(z) + 1;
+ if ( aclDisableTransitionFX )
+ {
+ //buttondiv.style.left = ((w / 2) - 200)+'px';
+ //buttondiv.style.top = ((h / 2) + y + 101)+'px';
+ }
+ //buttondiv.style.position = ( IE ) ? 'absolute' : 'fixed';
+ z = ( aclDisableTransitionFX ) ? document.getElementById('specialLayer_darkener').style.zIndex : getHighestZ();
buttondiv.style.backgroundColor = '#C0C0C0';
buttondiv.style.padding = '10px';
buttondiv.style.textAlign = 'right';
@@ -171,7 +184,8 @@
{
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'OK';
+ btn.value = $lang.get('etc_ok');
+ btn._GenericName = 'OK';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
@@ -181,14 +195,16 @@
{
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'OK';
+ btn.value = $lang.get('etc_ok');
+ btn._GenericName = 'OK';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'Cancel';
+ btn.value = $lang.get('etc_cancel');
+ btn._GenericName = 'Cancel';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
@@ -198,14 +214,16 @@
{
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'Yes';
+ btn.value = $lang.get('etc_yes');
+ btn._GenericName = 'Yes';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'No';
+ btn.value = $lang.get('etc_no');
+ btn._GenericName = 'No';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
@@ -215,21 +233,24 @@
{
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'Yes';
+ btn.value = $lang.get('etc_yes');
+ btn._GenericName = 'Yes';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'No';
+ btn.value = $lang.get('etc_no');
+ btn._GenericName = 'No';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
btn = document.createElement('input');
btn.type = 'button';
- btn.value = 'Cancel';
+ btn.value = $lang.get('etc_cancel');
+ btn._GenericName = 'Cancel';
btn.onclick = this.clickHandler;
btn.style.margin = '0 3px';
buttondiv.appendChild(btn);
@@ -265,7 +286,8 @@
body.appendChild(master_div);
- setTimeout('mb_runFlyIn();', 100);
+ if ( !aclDisableTransitionFX )
+ setTimeout('mb_runFlyIn();', 100);
this.onclick = new Array();
this.onbeforeclick = new Array();
@@ -281,7 +303,7 @@
function messagebox_click(obj, mb)
{
- val = obj.value;
+ val = ( typeof ( obj._GenericName ) == 'string' ) ? obj._GenericName : obj.value;
if(typeof mb.onbeforeclick[val] == 'function')
{
var o = mb.onbeforeclick[val];
@@ -293,9 +315,19 @@
var mydiv = document.getElementById('messageBox');
var maindiv = mydiv.parentNode;
- var to = fly_out_top(maindiv, true, false);
- setTimeout("var mbdiv = document.getElementById('messageBox'); mbdiv.parentNode.removeChild(mbdiv.nextSibling); mbdiv.parentNode.removeChild(mbdiv); enlighten(true);", to);
+ if ( aclDisableTransitionFX )
+ {
+ var mbdiv = document.getElementById('messageBox');
+ mbdiv.parentNode.removeChild(mbdiv.nextSibling);
+ mbdiv.parentNode.removeChild(mbdiv);
+ enlighten(true);
+ }
+ else
+ {
+ var to = fly_out_top(maindiv, true, false);
+ setTimeout("var mbdiv = document.getElementById('messageBox'); mbdiv.parentNode.removeChild(mbdiv.nextSibling); mbdiv.parentNode.removeChild(mbdiv); enlighten(true);", to);
+ }
if(typeof mb.onclick[val] == 'function')
{
o = mb.onclick[val];
@@ -417,7 +449,7 @@
function mb_logout()
{
- var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to log out?', 'If you log out, you will no longer be able to access your user preferences, your private messages, or certain areas of this site until you log in again.');
+ var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title'), $lang.get('user_logout_confirm_body'));
mb.onclick['Yes'] = function()
{
window.location = makeUrlNS('Special', 'Logout/' + title);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/includes/clientside/static/l10n.js Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,60 @@
+/*
+ * Enano client-side localization library
+ */
+
+var Language = function(lang_id)
+{
+ if ( typeof(enano_lang) != 'object' )
+ return false;
+ if ( typeof(enano_lang[lang_id]) != 'object' )
+ return false;
+ this.strings = enano_lang[lang_id];
+
+ this.get = function(string_id, subst)
+ {
+ var catname = string_id.substr(0, string_id.indexOf('_'));
+ var string_name = string_id.substr(string_id.indexOf('_') + 1);
+ if ( typeof(this.strings[catname]) != 'object' )
+ return string_id;
+ if ( typeof(this.strings[catname][string_name]) != 'string' )
+ return string_id;
+ return '[LJS] ' + this.perform_subst(this.strings[catname][string_name], subst);
+ }
+
+ this.perform_subst = function(str, subst)
+ {
+ // var this_regex = /%this\.([a-z0-9_]+)%/;
+ // var match;
+ // while ( str.match(this_regex) )
+ // {
+ // match = str.match(this_regex);
+ // alert(match);
+ // }
+ // hackish workaround for %config.*%
+ str = str.replace(/%config\.([a-z0-9_]+)%/g, '%$1%');
+ if ( typeof(subst) == 'object' )
+ {
+ for ( var i in subst )
+ {
+ if ( !i.match(/^([a-z0-9_]+)$/) )
+ continue;
+ var regex = new RegExp('%' + i + '%', 'g');
+ str = str.replace(regex, subst[i]);
+ }
+ }
+ return str;
+ }
+
+}
+
+var $lang;
+
+var language_onload = function()
+{
+ $lang = new Language(ENANO_LANG_ID);
+ // for debugging :-)
+ // alert( $lang.get('user_err_invalid_credentials_lockout_captcha', { lockout_fails: '3', lockout_threshold: '5', lockout_duration: '15' }) );
+}
+
+addOnloadHook(language_onload);
+
--- a/includes/clientside/static/loader.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/loader.js Sat Nov 03 07:43:35 2007 -0400
@@ -1,27 +1,8 @@
// Some final stuff - loader routines, etc.
-var __tmpEnanoStartup9843275;
-
-function enanoStartup(e) {
- if ( !e )
- {
- // Delay initting sliders until images are loaded
- if ( typeof(window.onload) == 'function' )
- __tmpEnanoStartup9843275 = window.onload;
- else
- __tmpEnanoStartup9843275 = function(){};
- window.onload = function(e){__tmpEnanoStartup9843275(e);initSliders();};
- }
- else
- {
- initSliders();
- }
-}
-
function mdgInnerLoader(e)
{
jws.startup();
- enanoStartup(e);
if(window.location.hash == '#comments') ajaxComments();
window.onkeydown=isKeyPressed;
window.onkeyup=function(e) { isKeyPressed(e); };
@@ -34,6 +15,7 @@
{
dbx_set_key();
}
+ initSliders();
runOnloadHooks(e);
}
if(window.onload) var ld = window.onload;
--- a/includes/clientside/static/misc.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/misc.js Sat Nov 03 07:43:35 2007 -0400
@@ -196,7 +196,7 @@
{
if ( document.getElementById('ajaxloadicon') )
{
- document.getElementById('ajaxloadicon').src=scriptPath + '/images/loading.gif';
+ document.getElementById('ajaxloadicon').src=ajax_load_icon;
}
}
@@ -301,6 +301,63 @@
var ajax_auth_prompt_cache = false;
var ajax_auth_mb_cache = false;
var ajax_auth_level_cache = false;
+var ajax_auth_error_string = false;
+var ajax_auth_show_captcha = false;
+
+function ajaxAuthErrorToString($data)
+{
+ var $errstring = $data.error;
+ // this was literally copied straight from the PHP code.
+ switch($data.error)
+ {
+ case 'key_not_found':
+ $errstring = $lang.get('user_err_key_not_found');
+ break;
+ case 'key_wrong_length':
+ $errstring = $lang.get('user_err_key_wrong_length');
+ break;
+ case 'too_big_for_britches':
+ $errstring = $lang.get('user_err_too_big_for_britches');
+ break;
+ case 'invalid_credentials':
+ $errstring = $lang.get('user_err_invalid_credentials');
+ var subst = {
+ lockout_fails: $data.lockout_fails,
+ lockout_threshold: $data.lockout_threshold,
+ lockout_duration: $data.lockout_duration
+ }
+ if ( $data.lockout_policy == 'lockout' )
+ {
+ $errstring += $lang.get('user_err_invalid_credentials_lockout', subst);
+ }
+ else if ( $data.lockout_policy == 'captcha' )
+ {
+ $errstring += $lang.get('user_err_invalid_credentials_lockout_captcha', subst);
+ }
+ break;
+ case 'backend_fail':
+ $errstring = $lang.get('user_err_backend_fail');
+ break;
+ case 'locked_out':
+ $attempts = parseInt($data['lockout_fails']);
+ if ( $attempts > $data['lockout_threshold'])
+ $attempts = $data['lockout_threshold'];
+ $time_rem = $data.time_rem;
+ $s = ( $time_rem == 1 ) ? '' : $lang.get('meta_plural');
+
+ var subst = {
+ lockout_threshold: $data.lockout_threshold,
+ time_rem: $time_rem,
+ plural: $s,
+ captcha_blurb: ( $data.lockout_policy == 'captcha' ? $lang.get('user_err_locked_out_captcha_blurb') : '' )
+ }
+
+ $errstring = $lang.get('user_err_locked_out', subst);
+
+ break;
+ }
+ return $errstring;
+}
function ajaxPromptAdminAuth(call_on_ok, level)
{
@@ -312,13 +369,24 @@
level = USER_LEVEL_MEMBER;
ajax_auth_level_cache = level;
var loading_win = '<div align="center" style="text-align: center;"> \
- <p>Fetching an encryption key...</p> \
- <p><small>Not working? Use the <a href="'+makeUrlNS('Special', 'Login/' + title)+'">alternate login form</a>.</p> \
+ <p>' + $lang.get('user_login_ajax_fetching_key') + '</p> \
+ <p><small>' + $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title) }) + '</p> \
<p><img alt="Please wait..." src="'+scriptPath+'/images/loading-big.gif" /></p> \
</div>';
- var title = ( level > USER_LEVEL_MEMBER ) ? 'You are requesting a sensitive operation.' : 'Please enter your username and password to continue.';
+ var title = ( level > USER_LEVEL_MEMBER ) ? $lang.get('user_login_ajax_prompt_title_elev') : $lang.get('user_login_ajax_prompt_title');
ajax_auth_mb_cache = new messagebox(MB_OKCANCEL|MB_ICONLOCK, title, loading_win);
ajax_auth_mb_cache.onbeforeclick['OK'] = ajaxValidateLogin;
+ ajax_auth_mb_cache.onbeforeclick['Cancel'] = function()
+ {
+ if ( document.getElementById('autoCaptcha') )
+ {
+ var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ setTimeout(function() {
+ var d = document.getElementById('autoCaptcha');
+ d.parentNode.removeChild(d);
+ }, to);
+ }
+ }
ajaxAuthLoginInnerSetup();
}
@@ -334,30 +402,65 @@
return false;
}
response = parseJSON(response);
+ var disable_controls = false;
+ if ( response.locked_out && !ajax_auth_error_string )
+ {
+ response.error = 'locked_out';
+ ajax_auth_error_string = ajaxAuthErrorToString(response);
+ if ( response.lockout_policy == 'captcha' )
+ {
+ ajax_auth_show_captcha = response.captcha;
+ }
+ else
+ {
+ disable_controls = true;
+ }
+ }
var level = ajax_auth_level_cache;
var form_html = '';
- if ( level > USER_LEVEL_MEMBER )
+ var shown_error = false;
+ if ( ajax_auth_error_string )
+ {
+ shown_error = true;
+ form_html += '<div class="error-box-mini" id="ajax_auth_error">' + ajax_auth_error_string + '</div>';
+ ajax_auth_error_string = false;
+ }
+ else if ( level > USER_LEVEL_MEMBER )
{
- form_html += 'Please re-enter your login details, to verify your identity.<br /><br />';
+ form_html += $lang.get('user_login_ajax_prompt_body_elev') + '<br /><br />';
}
+ if ( ajax_auth_show_captcha )
+ {
+ var captcha_html = ' \
+ <tr> \
+ <td>' + $lang.get('user_login_field_captcha') + ':</td> \
+ <td><input type="hidden" id="ajaxlogin_captcha_hash" value="' + ajax_auth_show_captcha + '" /><input type="text" tabindex="3" size="25" id="ajaxlogin_captcha_code" /> \
+ </tr>';
+ }
+ else
+ {
+ var captcha_html = '';
+ }
+ var disableme = ( disable_controls ) ? 'disabled="disabled" ' : '';
form_html += ' \
<table border="0" align="center"> \
<tr> \
- <td>Username:</td><td><input tabindex="1" id="ajaxlogin_user" type="text" size="25" /> \
+ <td>' + $lang.get('user_login_field_username') + ':</td><td><input tabindex="1" id="ajaxlogin_user" type="text" ' + disableme + 'size="25" /> \
</tr> \
<tr> \
- <td>Password:</td><td><input tabindex="2" id="ajaxlogin_pass" type="password" size="25" /> \
+ <td>' + $lang.get('user_login_field_password') + ':</td><td><input tabindex="2" id="ajaxlogin_pass" type="password" ' + disableme + 'size="25" /> \
</tr> \
+ ' + captcha_html + ' \
<tr> \
<td colspan="2" style="text-align: center;"> \
- <br /><small>Trouble logging in? Try the <a href="'+makeUrlNS('Special', 'Login/' + title)+'">full login form</a>.<br />';
+ <small>' + $lang.get('user_login_ajax_link_fullform', { link_full_form: makeUrlNS('Special', 'Login/' + title, 'level=' + level) }) + '<br />';
if ( level <= USER_LEVEL_MEMBER )
{
form_html += ' \
- Did you <a href="'+makeUrlNS('Special', 'PasswordReset')+'">forget your password</a>?<br /> \
- Maybe you need to <a href="'+makeUrlNS('Special', 'Register')+'">create an account</a>.</small>';
+ ' + $lang.get('user_login_ajax_link_forgotpass', { forgotpass_link: makeUrlNS('Special', 'PasswordReset') }) + '<br /> \
+ ' + $lang.get('user_login_createaccount_blurb', { reg_link: makeUrlNS('Special', 'Register') });
}
- form_html += ' \
+ form_html += '</small> \
</td> \
</tr> \
</table> \
@@ -375,8 +478,39 @@
{
$('ajaxlogin_user').object.focus();
}
- $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); };
- $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); };
+ if ( ajax_auth_show_captcha )
+ {
+ $('ajaxlogin_captcha_code').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); };
+ $('ajaxlogin_captcha_code').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); };
+ }
+ else
+ {
+ $('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); };
+ $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); };
+ }
+ if ( disable_controls )
+ {
+ var panel = document.getElementById('messageBoxButtons');
+ panel.firstChild.disabled = true;
+ }
+ /*
+ ## This causes the background image to disappear under Fx 2
+ if ( shown_error )
+ {
+ // fade to #FFF4F4
+ var fader = new Spry.Effect.Highlight('ajax_auth_error', {duration: 1000, from: '#FFF4F4', to: '#805600', restoreColor: '#805600', finish: function()
+ {
+ var fader = new Spry.Effect.Highlight('ajax_auth_error', {duration: 3000, from: '#805600', to: '#FFF4F4', restoreColor: '#FFF4F4'});
+ fader.start();
+ }});
+ fader.start();
+ }
+ */
+ if ( ajax_auth_show_captcha )
+ {
+ ajaxShowCaptcha(ajax_auth_show_captcha);
+ ajax_auth_show_captcha = false;
+ }
}
});
}
@@ -391,6 +525,15 @@
password = document.getElementById('ajaxlogin_pass').value;
auth_enabled = false;
+ if ( document.getElementById('autoCaptcha') )
+ {
+ var to = fly_out_top(document.getElementById('autoCaptcha'), false, true);
+ setTimeout(function() {
+ var d = document.getElementById('autoCaptcha');
+ d.parentNode.removeChild(d);
+ }, to);
+ }
+
disableJSONExts();
//
@@ -446,11 +589,17 @@
'level' : ajax_auth_level_cache
};
+ if ( document.getElementById('ajaxlogin_captcha_hash') )
+ {
+ json_data.captcha_hash = document.getElementById('ajaxlogin_captcha_hash').value;
+ json_data.captcha_code = document.getElementById('ajaxlogin_captcha_code').value;
+ }
+
json_data = toJSONString(json_data);
json_data = encodeURIComponent(json_data);
var loading_win = '<div align="center" style="text-align: center;"> \
- <p>Logging in...</p> \
+ <p>' + $lang.get('user_login_ajax_loggingin') + '</p> \
<p><img alt="Please wait..." src="'+scriptPath+'/images/loading-big.gif" /></p> \
</div>';
@@ -488,8 +637,25 @@
}
break;
case 'error':
- alert(response.error);
- ajaxAuthLoginInnerSetup();
+ if ( response.data.error == 'invalid_credentials' || response.data.error == 'locked_out' )
+ {
+ ajax_auth_error_string = ajaxAuthErrorToString(response.data);
+ mb_current_obj.updateContent('');
+ document.getElementById('messageBox').style.backgroundColor = '#C0C0C0';
+ var mb_parent = document.getElementById('messageBox').parentNode;
+ new Spry.Effect.Shake(mb_parent, {duration: 1500}).start();
+ setTimeout("document.getElementById('messageBox').style.backgroundColor = '#FFF'; ajaxAuthLoginInnerSetup();", 2500);
+
+ if ( response.data.lockout_policy == 'captcha' && response.data.error == 'locked_out' )
+ {
+ ajax_auth_show_captcha = response.captcha;
+ }
+ }
+ else
+ {
+ ajax_auth_error_string = ajaxAuthErrorToString(response.data);
+ ajaxAuthLoginInnerSetup();
+ }
break;
default:
alert(ajax.responseText);
--- a/includes/clientside/static/template-compiler.js Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/clientside/static/template-compiler.js Sat Nov 03 07:43:35 2007 -0400
@@ -54,6 +54,7 @@
code = code.replace(new RegExp(unescape('%0A'), 'g'), '\\n');
code = "'" + code + "'";
code = code.replace(/\{([A-z0-9_-]+)\}/ig, "' + this.tpl_strings['$1'] + '");
+ code = code.replace(/\{lang:([a-z0-9_]+)\}/g, "' + $lang.get('$1') + '");
code = code.replace(/\<!-- BEGIN ([A-z0-9_-]+) --\>([\s\S]*?)\<!-- BEGINELSE \1 --\>([\s\S]*?)\<!-- END \1 --\>/ig, "' + ( ( this.tpl_bool['$1'] == true ) ? '$2' : '$3' ) + '");
code = code.replace(/\<!-- BEGIN ([A-z0-9_-]+) --\>([\s\S]*?)\<!-- END \1 --\>/ig, "' + ( ( this.tpl_bool['$1'] == true ) ? '$2' : '' ) + '");
return code;
--- a/includes/comment.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/comment.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/common.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/common.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 (Banshee)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -23,7 +23,7 @@
exit;
}
-$version = '1.0.1';
+$version = '1.1.1';
function microtime_float()
{
@@ -56,12 +56,7 @@
if(defined('ENANO_DEBUG'))
{
-// require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php');
- function dc_here($m) { return false; }
- function dc_dump($a, $g) { return false; }
- function dc_watch($n) { return false; }
- function dc_start_timer($u) { return false; }
- function dc_stop_timer($m) { return false; }
+ require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php');
} else {
function dc_here($m) { return false; }
function dc_dump($a, $g) { return false; }
@@ -73,6 +68,9 @@
if ( file_exists( ENANO_ROOT . '/_nightly.php') )
require(ENANO_ROOT.'/_nightly.php');
+// List of scheduled tasks
+$cron_tasks = array();
+
// Start including files. LOTS of files. Yeah!
require_once(ENANO_ROOT.'/includes/constants.php');
dc_here('Enano CMS '.$version.' (dev) - debug window<br />Powered by debugConsole');
@@ -83,6 +81,7 @@
require_once(ENANO_ROOT.'/includes/sessions.php');
require_once(ENANO_ROOT.'/includes/template.php');
require_once(ENANO_ROOT.'/includes/plugins.php');
+require_once(ENANO_ROOT.'/includes/lang.php');
require_once(ENANO_ROOT.'/includes/comment.php');
require_once(ENANO_ROOT.'/includes/wikiformat.php');
require_once(ENANO_ROOT.'/includes/diff.php');
@@ -108,6 +107,7 @@
// In addition, $enano_config is used to fetch config information if die_semicritical() is called.
global $email;
+global $lang;
if(!isset($_SERVER['HTTP_HOST'])) grinding_halt('Cannot get hostname', '<p>Your web browser did not provide the HTTP Host: field. This site requires a modern browser that supports the HTTP 1.1 standard.</p>');
@@ -154,6 +154,65 @@
grinding_halt('Version mismatch', '<p>It seems that the Enano release we\'re trying to run ('.$version.') is different from the version specified in your database ('.enano_version().'). Perhaps you need to <a href="'.scriptPath.'/upgrade.php">upgrade</a>?</p>');
}
+//
+// Low level maintenance
+//
+
+// If the search algorithm backend has been changed, empty out the search cache (the two cache formats are incompatible with each other)
+if ( getConfig('last_search_algo') != SEARCH_MODE )
+{
+ if ( !$db->sql_query('DELETE FROM '.table_prefix.'search_cache;') )
+ $db->_die();
+ setConfig('last_search_algo', SEARCH_MODE);
+}
+
+// If the AES key size has been changed, bail out and fast
+if ( !getConfig('aes_key_size') )
+{
+ setConfig('aes_key_size', AES_BITS);
+}
+else if ( $ks = getConfig('aes_key_size') )
+{
+ if ( intval($ks) != AES_BITS )
+ {
+ grinding_halt('AES key size changed', '<p>Enano has detected that the AES key size in constants.php has been changed. This change cannot be performed after installation, otherwise the private key would have to be re-generated and all passwords would have to be re-encrypted.</p><p>Please change the key size back to ' . $ks . ' bits and reload this page.</p>');
+ }
+}
+
+// Same for AES block size
+if ( !getConfig('aes_block_size') )
+{
+ setConfig('aes_block_size', AES_BLOCKSIZE);
+}
+else if ( $ks = getConfig('aes_block_size') )
+{
+ if ( intval($ks) != AES_BLOCKSIZE )
+ {
+ grinding_halt('AES block size changed', '<p>Enano has detected that the AES block size in constants.php has been changed. This change cannot be performed after installation, otherwise all passwords would have to be re-encrypted.</p><p>Please change the block size back to ' . $ks . ' bits and reload this page.</p>');
+ }
+}
+
+// Is there no default language?
+if ( getConfig('lang_default') === false )
+{
+ $q = $db->sql_query('SELECT lang_id FROM '.table_prefix.'language LIMIT 1;');
+ if ( !$q )
+ $db->_die('common.php - setting default language');
+ if ( $db->numrows() < 1 && !defined('ENANO_ALLOW_LOAD_NOLANG') )
+ {
+ grinding_halt('No languages', '<p>There are no languages installed on this site.</p>
+ <p>If you are the website administrator, you may install a language by writing and executing a simple PHP script to install it:</p>
+ <pre>
+<?php
+define("ENANO_ALLOW_LOAD_NOLANG", 1);
+$_GET["title"] = "langinstall";
+require("includes/common.php");
+install_language("eng", "English", "English", ENANO_ROOT . "/language/english/enano.json");</pre>');
+ }
+ $row = $db->fetchrow();
+ setConfig('default_language', $row['lang_id']);
+}
+
// Our list of tables included in Enano
$system_table_list = Array(
table_prefix.'categories',
@@ -176,7 +235,10 @@
table_prefix.'groups',
table_prefix.'group_members',
table_prefix.'acl',
- table_prefix.'search_cache'
+ table_prefix.'search_cache',
+ table_prefix.'page_groups',
+ table_prefix.'page_group_members',
+ table_prefix.'tags'
);
dc_here('common: initializing base classes');
@@ -232,7 +294,7 @@
$text = RenderMan::render($n) . '
<div class="info-box">
- If you have an administrative account, you may <a href="'.makeUrlNS('Special', 'Login').'">log in</a> to the site or <a href="'.makeUrlNS('Special', 'Administration').'">use the administration panel</a>.
+ If you have an administrative account, you may <a href="'.makeUrlNS('Special', 'Login').'">log in</a> to the site.
</div>';
$paths->wiki_mode = 0;
die_semicritical('Site disabled', $text);
--- a/includes/constants.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/constants.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* constants.php - important defines used Enano-wide
*
@@ -37,6 +37,10 @@
define('PAGE_GRP_CATLINK', 1);
define('PAGE_GRP_TAGGED', 2);
define('PAGE_GRP_NORMAL', 3);
+define('PAGE_GRP_REGEX', 4);
+
+// Identifier for the default meta-language
+define('LANG_DEFAULT', 0);
//
// User types - don't touch these
--- a/includes/dbal.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/dbal.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/email.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/email.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/functions.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/functions.php Sat Nov 03 07:43:35 2007 -0400
@@ -273,15 +273,19 @@
* @param string $timeout Timeout, in seconds, to delay the redirect. Defaults to 3.
*/
-function redirect($url, $title = 'Redirecting...', $message = 'Please wait while you are redirected.', $timeout = 3)
+function redirect($url, $title = 'etc_redirect_title', $message = 'etc_redirect_body', $timeout = 3)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $timeout == 0 )
{
header('Location: ' . $url);
header('HTTP/1.1 307 Temporary Redirect');
}
+
+ $title = $lang->get($title);
+ $message = $lang->get($message);
$template->add_header('<meta http-equiv="refresh" content="' . $timeout . '; url=' . str_replace('"', '\\"', $url) . '" />');
$template->add_header('<script type="text/javascript">
@@ -295,7 +299,12 @@
$template->tpl_strings['PAGE_NAME'] = $title;
$template->header(true);
- echo '<p>' . $message . '</p><p>If you are not redirected within ' . ( $timeout + 1 ) . ' seconds, <a href="' . str_replace('"', '\\"', $url) . '">please click here</a>.</p>';
+ echo '<p>' . $message . '</p>';
+ $subst = array(
+ 'timeout' => ( $timeout + 1 ),
+ 'redirect_url' => str_replace('"', '\\"', $url)
+ );
+ echo '<p>' . $lang->get('etc_redirect_timeout', $subst) . '</p>';
$template->footer(true);
$db->close();
@@ -423,7 +432,9 @@
$str = '0x';
foreach($nums as $n)
{
- $str .= (string)dechex($n);
+ $byte = (string)dechex($n);
+ if ( strlen($byte) < 2 )
+ $byte = '0' . $byte;
}
return $str;
}
@@ -630,6 +641,7 @@
function show_category_info()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $paths->namespace == 'Category' )
{
@@ -745,9 +757,9 @@
{
echo '<div class="mdg-comment" style="margin: 10px 0 0 0;" id="category_box_wrapper">';
echo '<div style="float: right;">';
- echo '(<a href="#" onclick="ajaxCatToTag(); return false;">show page tags</a>)';
+ echo '(<a href="#" onclick="ajaxCatToTag(); return false;">' . $lang->get('tags_catbox_link') . '</a>)';
echo '</div>';
- echo '<div id="mdgCatBox">Categories: ';
+ echo '<div id="mdgCatBox">' . $lang->get('catedit_catbox_lbl_categories') . ' ';
$where = '( c.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )';
$prefix = table_prefix;
@@ -777,13 +789,13 @@
}
else
{
- echo '(Uncategorized)';
+ echo $lang->get('catedit_catbox_lbl_uncategorized');
}
$can_edit = ( $session->get_permissions('edit_cat') && ( !$paths->page_protected || $session->get_permissions('even_when_protected') ) );
if ( $can_edit )
{
- $edit_link = '<a href="' . makeUrl($paths->page, 'do=catedit', true) . '" onclick="ajaxCatEdit(); return false;">edit categorization</a>';
+ $edit_link = '<a href="' . makeUrl($paths->page, 'do=catedit', true) . '" onclick="ajaxCatEdit(); return false;">' . $lang->get('catedit_catbox_link_edit') . '</a>';
echo ' [ ' . $edit_link . ' ]';
}
@@ -874,23 +886,19 @@
function display_page_headers()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
{
$delvote_ips = unserialize($paths->cpage['delvote_ips']);
$hr = htmlspecialchars(implode(', ', $delvote_ips['u']));
- $is = 'is';
- $s = '';
- $s2 = 's';
- if ( $paths->cpage['delvotes'] > 1)
- {
- $is = 'are';
- $s = 's';
- $s2 = '';
- }
+
+ $string_id = ( $paths->cpage['delvotes'] == 1 ) ? 'delvote_lbl_votes_one' : 'delvote_lbl_votes_plural';
+ $string = $lang->get($string_id, array('num_users' => $paths->cpage['delvotes']));
+
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;" id="mdgDeleteVoteNoticeBox">
- <b>Notice:</b> There '.$is.' '.$paths->cpage['delvotes'].' user'.$s.' that think'.$s2.' this page should be deleted.<br />
- <b>Users that voted:</b> ' . $hr . '<br />
- <a href="'.makeUrl($paths->page, 'do=deletepage').'" onclick="ajaxDeletePage(); return false;">Delete page</a> | <a href="'.makeUrl($paths->page, 'do=resetvotes').'" onclick="ajaxResetDelVotes(); return false;">Reset votes</a>
+ <b>' . $lang->get('etc_lbl_notice') . '</b> ' . $string . '<br />
+ <b>' . $lang->get('delvote_lbl_users_that_voted') . '</b> ' . $hr . '<br />
+ <a href="'.makeUrl($paths->page, 'do=deletepage').'" onclick="ajaxDeletePage(); return false;">' . $lang->get('delvote_btn_deletepage') . '</a> | <a href="'.makeUrl($paths->page, 'do=resetvotes').'" onclick="ajaxResetDelVotes(); return false;">' . $lang->get('delvote_btn_resetvotes') . '</a>
</div>';
}
}
@@ -1789,6 +1797,26 @@
function sanitize_html($html, $filter_php = true)
{
+ // Random seed for substitution
+ $rand_seed = md5( sha1(microtime()) . mt_rand() );
+
+ // Strip out comments that are already escaped
+ preg_match_all('/<!--(.*?)-->/', $html, $comment_match);
+ $i = 0;
+ foreach ( $comment_match[0] as $comment )
+ {
+ $html = str_replace_once($comment, "{HTMLCOMMENT:$i:$rand_seed}", $html);
+ $i++;
+ }
+
+ // Strip out code sections that will be postprocessed by Text_Wiki
+ preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)\n</code>(\s|$);msi', $html, $code_match);
+ $i = 0;
+ foreach ( $code_match[0] as $code )
+ {
+ $html = str_replace_once($code, "{TW_CODE:$i:$rand_seed}", $html);
+ $i++;
+ }
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>(.*?)</\\1>#is', '<\\1\\2\\3javascript:\\59>\\60</\\1>', $html);
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>#is', '<\\1\\2\\3javascript:\\59>', $html);
@@ -1802,6 +1830,8 @@
$tag_whitelist = array_keys ( setupAttributeWhitelist() );
if ( !$filter_php )
$tag_whitelist[] = '?php';
+ // allow HTML comments
+ $tag_whitelist[] = '!--';
$len = strlen($html);
$in_quote = false;
$quote_char = '';
@@ -1862,8 +1892,12 @@
}
else
{
+ // If not filtering PHP, don't bother to strip
if ( $tag_name == '?php' && !$filter_php )
continue;
+ // If this is a comment, likewise skip this "tag"
+ if ( $tag_name == '!--' )
+ continue;
$f = fixTagAttributes( $attribs_only, $tag_name );
$s = ( empty($f) ) ? '' : ' ';
@@ -1891,15 +1925,28 @@
}
}
-
+
// Vulnerability from ha.ckers.org/xss.html:
// <script src="http://foo.com/xss.js"
// <
// The rule is so specific because everything else will have been filtered by now
$html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html);
- // Unstrip comments
- $html = preg_replace('/<!--([^>]*?)-->/i', '', $html);
+ // Restore stripped comments
+ $i = 0;
+ foreach ( $comment_match[0] as $comment )
+ {
+ $html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html);
+ $i++;
+ }
+
+ // Restore stripped code
+ $i = 0;
+ foreach ( $code_match[0] as $code )
+ {
+ $html = str_replace_once("{TW_CODE:$i:$rand_seed}", $code, $html);
+ $i++;
+ }
return $html;
@@ -2705,7 +2752,7 @@
function sanitize_tag($tag)
{
$tag = strtolower($tag);
- $tag = preg_replace('/[^\w _-]+/', '', $tag);
+ $tag = preg_replace('/[^\w _@\$%\^&-]+/', '', $tag);
$tag = trim($tag);
return $tag;
}
@@ -2757,7 +2804,7 @@
$strip_tags = implode('|', $strip_tags);
// Strip out the tags and replace with placeholders
- preg_match_all("#<($strip_tags)(.*?)>(.*?)</($strip_tags)>#is", $html, $matches);
+ preg_match_all("#<($strip_tags)([ ]+.*?)?>(.*?)</($strip_tags)>#is", $html, $matches);
$seed = md5(microtime() . mt_rand()); // Random value used for placeholders
for ($i = 0;$i < sizeof($matches[1]); $i++)
{
@@ -2765,7 +2812,7 @@
}
// Optimize (but don't obfuscate) Javascript
- preg_match_all('/<script(.*?)>(.+?)<\/script>/is', $html, $jscript);
+ preg_match_all('/<script([ ]+.*?)?>(.*?)(\]\]>)?<\/script>/is', $html, $jscript);
// list of Javascript reserved words - from about.com
$reserved_words = array('abstract', 'as', 'boolean', 'break', 'byte', 'case', 'catch', 'char', 'class', 'continue', 'const', 'debugger', 'default', 'delete', 'do',
@@ -2780,6 +2827,8 @@
{
$js =& $jscript[2][$i];
+ // echo('<pre>' . "-----------------------------------------------------------------------------\n" . htmlspecialchars($js) . '</pre>');
+
// for line optimization, explode it
$particles = explode("\n", $js);
@@ -3127,6 +3176,53 @@
return $score;
}
+/**
+ * Installs a language.
+ * @param string The ISO-639-3 identifier for the language. Maximum of 6 characters, usually 3.
+ * @param string The name of the language in English (Spanish)
+ * @param string The name of the language natively (Español)
+ * @param string The path to the file containing the language's strings. Optional.
+ */
+
+function install_language($lang_code, $lang_name_neutral, $lang_name_local, $lang_file = false)
+{
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'language WHERE lang_code = "' . $db->escape($lang_code) . '";');
+ if ( !$q )
+ $db->_die('functions.php - checking for language existence');
+
+ if ( $db->numrows() > 0 )
+ // Language already exists
+ return false;
+
+ $q = $db->sql_query('INSERT INTO ' . table_prefix . 'language(lang_code, lang_name_default, lang_name_native)
+ VALUES(
+ "' . $db->escape($lang_code) . '",
+ "' . $db->escape($lang_name_neutral) . '",
+ "' . $db->escape($lang_name_native) . '"
+ );');
+ if ( !$q )
+ $db->_die('functions.php - installing language');
+
+ $lang_id = $db->insert_id();
+ if ( empty($lang_id) )
+ return false;
+
+ // Do we also need to install a language file?
+ if ( is_string($lang_file) && file_exists($lang_file) )
+ {
+ $lang = new Language($lang_id);
+ $lang->import($lang_file);
+ }
+ else if ( is_string($lang_file) && !file_exists($lang_file) )
+ {
+ echo '<b>Notice:</b> Can\'t load language file, so the specified language wasn\'t fully installed.<br />';
+ return false;
+ }
+ return true;
+}
+
//die('<pre>Original: 01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>');
?>
--- a/includes/graphs.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/graphs.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/js-compressor.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/js-compressor.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* Javascript compression library - used to compact the client-side Javascript code (all 72KB of it!) to save some bandwidth
*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/includes/lang.php Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,432 @@
+<?php
+
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.1.1
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+/**
+ * Language class - processes, stores, and retrieves language strings.
+ * @package Enano
+ * @subpackage Localization
+ * @copyright 2007 Dan Fuhry
+ * @license GNU General Public License
+ */
+
+class Language
+{
+
+ /**
+ * The numerical ID of the loaded language.
+ * @var int
+ */
+
+ var $lang_id;
+
+ /**
+ * The ISO-639-3 code for the loaded language. This should be grabbed directly from the database.
+ * @var string
+ */
+
+ var $lang_code;
+
+ /**
+ * Used to track when a language was last changed, to allow browsers to cache language data
+ * @var int
+ */
+
+ var $lang_timestamp;
+
+ /**
+ * Will be an object that holds an instance of the class configured with the site's default language. Only instanciated when needed.
+ * @var object
+ */
+
+ var $default;
+
+ /**
+ * The list of loaded strings.
+ * @var array
+ * @access private
+ */
+
+ var $strings = array();
+
+ /**
+ * Constructor.
+ * @param int|string Language ID or code to load.
+ */
+
+ function __construct($lang)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ if ( defined('IN_ENANO_INSTALL') )
+ {
+ // special case for the Enano installer: it will load its own strings from a JSON file and just use this API for fetching and templatizing them.
+ $this->lang_id = LANG_DEFAULT;
+ $this->lang_code = 'neutral';
+ return true;
+ }
+ if ( is_string($lang) )
+ {
+ $sql_col = 'lang_code="' . $db->escape($lang) . '"';
+ }
+ else if ( is_int($lang) )
+ {
+ $sql_col = 'lang_id=' . $lang . '';
+ }
+ else
+ {
+ $db->_die('lang.php - attempting to pass invalid value to constructor');
+ }
+
+ $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : 'def';
+ $q = $db->sql_query("SELECT lang_id, lang_code, last_changed, ( lang_id = $lang_default ) AS is_default FROM " . table_prefix . "language WHERE $sql_col OR lang_id = $lang_default ORDER BY is_default DESC LIMIT 1;");
+
+ if ( !$q )
+ $db->_die('lang.php - main select query');
+
+ if ( $db->numrows() < 1 )
+ $db->_die('lang.php - There are no languages installed');
+
+ $row = $db->fetchrow();
+
+ $this->lang_id = intval( $row['lang_id'] );
+ $this->lang_code = $row['lang_code'];
+ $this->lang_timestamp = $row['last_changed'];
+ }
+
+ /**
+ * PHP 4 constructor.
+ * @param int|string Language ID or code to load.
+ */
+
+ function Language($lang)
+ {
+ $this->__construct($lang);
+ }
+
+ /**
+ * Fetches language strings from the database, or a cache file if it's available.
+ * @param bool If true (default), allows the cache to be used.
+ */
+
+ function fetch($allow_cache = true)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ $lang_file = ENANO_ROOT . "/cache/lang_{$this->lang_id}.php";
+ // Attempt to load the strings from a cache file
+ if ( file_exists($lang_file) && $allow_cache )
+ {
+ // Yay! found it
+ $this->load_cache_file($lang_file);
+ }
+ else
+ {
+ // No cache file - select and retrieve from the database
+ $q = $db->sql_unbuffered_query("SELECT string_category, string_name, string_content FROM " . table_prefix . "language_strings WHERE lang_id = {$this->lang_id};");
+ if ( !$q )
+ $db->_die('lang.php - selecting language string data');
+ if ( $row = $db->fetchrow() )
+ {
+ $strings = array();
+ do
+ {
+ $cat =& $row['string_category'];
+ if ( !is_array($strings[$cat]) )
+ {
+ $strings[$cat] = array();
+ }
+ $strings[$cat][ $row['string_name'] ] = $row['string_content'];
+ }
+ while ( $row = $db->fetchrow() );
+ // all done fetching
+ $this->merge($strings);
+ }
+ else
+ {
+ $db->_die('lang.php - No strings for language ' . $this->lang_code);
+ }
+ }
+ }
+
+ /**
+ * Loads a file from the disk cache (treated as PHP) and merges it into RAM.
+ * @param string File to load
+ */
+
+ function load_cache_file($file)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ // We're using eval() here because it makes handling scope easier.
+
+ if ( !file_exists($file) )
+ $db->_die('lang.php - requested cache file doesn\'t exist');
+
+ $contents = file_get_contents($file);
+ $contents = preg_replace('/([\s]*)<\?php/', '', $contents);
+
+ @eval($contents);
+
+ if ( !isset($lang_cache) || ( isset($lang_cache) && !is_array($lang_cache) ) )
+ $db->_die('lang.php - the cache file is invalid (didn\'t set $lang_cache as an array)');
+
+ $this->merge($lang_cache);
+ }
+
+ /**
+ * Merges a standard language assoc array ($arr[cat][stringid]) with the master in RAM.
+ * @param array
+ */
+
+ function merge($strings)
+ {
+ // This is stupidly simple.
+ foreach ( $strings as $cat_id => $contents )
+ {
+ if ( !is_array($this->strings[$cat_id]) )
+ $this->strings[$cat_id] = array();
+ foreach ( $contents as $string_id => $string )
+ {
+ $this->strings[$cat_id][$string_id] = $string;
+ }
+ }
+ }
+
+ /**
+ * Imports a JSON-format language file into the database and merges with current strings.
+ * @param string Path to the JSON file to load
+ */
+
+ function import($file)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ if ( !file_exists($file) )
+ $db->_die('lang.php - can\'t import language file: string file doesn\'t exist');
+
+ $contents = trim(@file_get_contents($file));
+
+ if ( empty($contents) )
+ $db->_die('lang.php - can\'t load the contents of the language file');
+
+ // Trim off all text before and after the starting and ending braces
+ $contents = preg_replace('/^([^{]+)\{/', '{', $contents);
+ $contents = preg_replace('/\}([^}]+)$/', '}', $contents);
+
+ $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ $langdata = $json->decode($contents);
+
+ if ( !is_array($langdata) )
+ $db->_die('lang.php - invalid language file');
+
+ if ( !isset($langdata['categories']) || !isset($langdata['strings']) )
+ $db->_die('lang.php - language file does not contain the proper items');
+
+ $insert_list = array();
+ $delete_list = array();
+
+ foreach ( $langdata['categories'] as $category )
+ {
+ if ( isset($langdata['strings'][$category]) )
+ {
+ foreach ( $langdata['strings'][$category] as $string_name => $string_value )
+ {
+ $string_name = $db->escape($string_name);
+ $string_value = $db->escape($string_value);
+ $category_name = $db->escape($category);
+ $insert_list[] = "({$this->lang_id}, '$category_name', '$string_name', '$string_value')";
+ $delete_list[] = "( lang_id = {$this->lang_id} AND string_category = '$category_name' AND string_name = '$string_name' )";
+ }
+ }
+ }
+
+ $delete_list = implode(" OR\n ", $delete_list);
+ $sql = "DELETE FROM " . table_prefix . "language_strings WHERE $delete_list;";
+
+ // Free some memory
+ unset($delete_list);
+
+ // Run the query
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die('lang.php - couldn\'t kill off them old strings');
+
+ $insert_list = implode(",\n ", $insert_list);
+ $sql = "INSERT INTO " . table_prefix . "language_strings(lang_id, string_category, string_name, string_content) VALUES\n $insert_list;";
+
+ // Free some memory
+ unset($insert_list);
+
+ // Run the query
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die('lang.php - couldn\'t insert strings in import()');
+
+ // YAY! done!
+ // This will regenerate the cache file if possible.
+ $this->regen_caches();
+ }
+
+ /**
+ * Refetches the strings and writes out the cache file.
+ */
+
+ function regen_caches()
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ $lang_file = ENANO_ROOT . "/cache/lang_{$this->lang_id}.php";
+
+ // Refresh the strings in RAM to the latest copies in the DB
+ $this->fetch(false);
+
+ $handle = @fopen($lang_file, 'w');
+ if ( !$handle )
+ // Couldn't open the file. Silently fail and let the strings come from the database.
+ return false;
+
+ // The file's open, that means we should be good.
+ fwrite($handle, '<?php
+// This file was generated automatically by Enano. You should not edit this file because any changes you make
+// to it will not be visible in the ACP and all changes will be lost upon any changes to strings in the admin panel.
+
+$lang_cache = ');
+
+ $exported = $this->var_export_string($this->strings);
+ if ( empty($exported) )
+ // Ehh, that's not good
+ $db->_die('lang.php - var_export_string() failed');
+
+ fwrite($handle, $exported . '; ?>');
+
+ // Update timestamp in database
+ $q = $db->sql_query('UPDATE ' . table_prefix . 'language SET last_changed = ' . time() . ' WHERE lang_id = ' . $this->lang_id . ';');
+ if ( !$q )
+ $db->_die('lang.php - updating timestamp on language');
+
+ // Done =)
+ fclose($handle);
+ }
+
+ /**
+ * Calls var_export() on whatever, and returns the function's output.
+ * @param mixed Whatever you want var_exported. Usually an array.
+ * @return string
+ */
+
+ function var_export_string($val)
+ {
+ ob_start();
+ var_export($val);
+ $contents = ob_get_contents();
+ ob_end_clean();
+ return $contents;
+ }
+
+ /**
+ * Fetches a language string from the cache in RAM. If it isn't there, it will call fetch() again and then try. If it still can't find it, it will ask for the string
+ * in the default language. If even then the string can't be found, this function will return what was passed to it.
+ *
+ * This will also templatize strings. If a string contains variables in the format %foo%, you may specify the second parameter as an associative array in the format
+ * of 'foo' => 'foo substitute'.
+ *
+ * @param string ID of the string to fetch. This will always be in the format of category_stringid.
+ * @param array Optional. Associative array of substitutions.
+ * @return string
+ */
+
+ function get($string_id, $substitutions = false)
+ {
+ // Extract the category and string ID
+ $category = substr($string_id, 0, ( strpos($string_id, '_') ));
+ $string_name = substr($string_id, ( strpos($string_id, '_') + 1 ));
+ $found = false;
+ if ( isset($this->strings[$category]) && isset($this->strings[$category][$string_name]) )
+ {
+ $found = true;
+ $string = $this->strings[$category][$string_name];
+ }
+ if ( !$found )
+ {
+ // Ehh, the string wasn't found. Rerun fetch() and try again.
+ $this->fetch();
+ if ( isset($this->strings[$category]) && isset($this->strings[$category][$string_name]) )
+ {
+ $found = true;
+ $string = $this->strings[$category][$string_name];
+ }
+ if ( !$found )
+ {
+ // STILL not found. Check the default language.
+ $lang_default = ( $x = getConfig('default_language') ) ? intval($x) : $this->lang_id;
+ if ( $lang_default != $this->lang_id )
+ {
+ if ( !is_object($this->default) )
+ $this->default = new Language($lang_default);
+ return $this->default->get($string_id, $substitutions);
+ }
+ }
+ }
+ if ( !$found )
+ {
+ // Alright, it's nowhere. Return the input, grumble grumble...
+ return $string_id;
+ }
+ // Found it!
+ // Perform substitutions.
+ // if ( is_array($substitutions) )
+ // die('<pre>' . print_r($substitutions, true) . '</pre>');
+ if ( !is_array($substitutions) )
+ $substitutions = array();
+ return $this->substitute($string, $substitutions);
+ }
+
+ /**
+ * Processes substitutions.
+ * @param string
+ * @param array
+ * @return string
+ */
+
+ function substitute($string, $subs)
+ {
+ preg_match_all('/%this\.([a-z0-9_]+)%/', $string, $matches);
+ if ( count($matches[0]) > 0 )
+ {
+ foreach ( $matches[1] as $i => $string_id )
+ {
+ $result = $this->get($string_id);
+ $string = str_replace($matches[0][$i], $result, $string);
+ }
+ }
+ preg_match_all('/%config\.([a-z0-9_]+)%/', $string, $matches);
+ if ( count($matches[0]) > 0 )
+ {
+ foreach ( $matches[1] as $i => $string_id )
+ {
+ $result = getConfig($string_id);
+ $string = str_replace($matches[0][$i], $result, $string);
+ }
+ }
+ foreach ( $subs as $key => $value )
+ {
+ $subs[$key] = strval($value);
+ $string = str_replace("%{$key}%", "{$subs[$key]}", $string);
+ }
+ return "L $string";
+ }
+
+} // class Language
+
+?>
--- a/includes/pageprocess.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/pageprocess.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.1 (Loch Ness)
+ * Version 1.1.1
* pageprocess.php - intelligent retrieval of pages
* Copyright (C) 2006-2007 Dan Fuhry
*
@@ -212,7 +212,7 @@
return false;
}
}
- else if ( $this->namespace == 'User' )
+ else if ( $this->namespace == 'User' && strpos($this->page_id, '/') === false )
{
$this->_handle_userpage();
}
@@ -371,6 +371,8 @@
global $db, $session, $paths, $template, $plugins; // Common objects
$text = $this->fetch_text();
+ $text = preg_replace('/([\s]*)__NOBREADCRUMBS__([\s]*)/', '', $text);
+ $text = preg_replace('/([\s]*)__NOTOC__([\s]*)/', '', $text);
$redir_enabled = false;
if ( preg_match('/^#redirect \[\[([^\]]+?)\]\]/i', $text, $match ) )
@@ -418,6 +420,7 @@
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
$this->header();
+ $this->do_breadcrumbs();
if ( $_errormsg )
{
@@ -631,6 +634,8 @@
));
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username);
+ $target_username = explode('/', $target_username);
+ $target_username = $target_username[0];
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
{
@@ -704,6 +709,13 @@
echo '<tr><td class="row3">Real name: ' . $userdata['real_name'] . '</td></tr>';
}
+ // Administer user button
+
+ if ( $session->user_level >= USER_LEVEL_ADMIN )
+ {
+ echo '<tr><td class="row1"><a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&user=' . urlencode($target_username), true) . '" onclick="ajaxAdminUser(\'' . addslashes($target_username) . '\'); return false;">Administer user</a></td></tr>';
+ }
+
// Comments
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>';
@@ -930,6 +942,7 @@
function _handle_redirect($page_id, $namespace)
{
+ global $db, $session, $paths, $template, $plugins; // Common objects
$arr_pid = array($this->page_id, $this->namespace);
if ( $namespace == 'Special' || $namespace == 'Admin' )
{
@@ -939,7 +952,7 @@
{
return 'This page infinitely redirects with another page (or another series of pages), and the infinite redirect was trapped.';
}
- $page_id_key = $paths->nslist[ $namespace ] . $page_id;
+ $page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
if ( !isset($paths->pages[$page_id_key]) )
{
return 'This page redirects to another page that doesn\'t exist.';
@@ -963,14 +976,39 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ // Log it for crying out loud
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
+
$ob = '';
- $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ //$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
if ( $this->send_headers )
{
$ob .= $template->getHeader();
}
+ if ( count($this->redirect_stack) > 0 )
+ {
+ $stack = array_reverse($this->redirect_stack);
+ foreach ( $stack as $oldtarget )
+ {
+ $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
+ $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
+ $page_data = $paths->pages[$page_id_key];
+ $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
+ $a = '<a href="' . $url . '">' . $title . '</a>';
+
+ $url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
+ $page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
+ $page_data = $paths->pages[$page_id_key];
+ $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
+ $b = '<a href="' . $url . '">' . $title . '</a>';
+
+ $ob .= '<small>(Redirected to ' . $b . ' from ' . $a . ')<br /></small>';
+ }
+ }
+
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
if ( $this->send_headers )
@@ -1044,8 +1082,11 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ header('HTTP/1.1 404 Not Found');
+
$this->header();
- header('HTTP/1.1 404 Not Found');
+ $this->do_breadcrumbs();
+
if ( $userpage )
{
echo '<h3>There is no page with this title yet.</h3>
@@ -1075,6 +1116,10 @@
{
$r = $db->fetchrow();
echo '<p><b>This page was deleted on ' . $r['date_string'] . '.</b> The stated reason was:</p><blockquote>' . $r['edit_summary'] . '</blockquote><p>You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ if ( $session->user_level >= USER_LEVEL_ADMIN )
+ {
+ echo '<p>Additional admin options: <a href="' . makeUrl($paths->page, 'do=detag', true) . '" title="Remove any tags on this page">detag page</a></p>';
+ }
}
$db->free_result();
}
@@ -1085,6 +1130,58 @@
}
/**
+ * Echoes out breadcrumb data, if appropriate.
+ * @access private
+ */
+
+ function do_breadcrumbs()
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ if ( strpos($this->text_cache, '__NOBREADCRUMBS__') !== false )
+ return false;
+ $breadcrumb_data = explode('/', $this->page_id);
+ if ( count($breadcrumb_data) > 1 )
+ {
+ echo '<!-- Start breadcrumbs -->
+ <div class="breadcrumbs">
+ ';
+ foreach ( $breadcrumb_data as $i => $higherpage )
+ {
+ $higherpage = $paths->nslist[$this->namespace] . sanitize_page_id(implode('/', array_slice($breadcrumb_data, 0, ($i+1))));
+ if ( ($i + 1) == count($breadcrumb_data) )
+ {
+ $title = get_page_title($higherpage, false);
+ if ( !$this->page_exists )
+ {
+ $title = explode('/', $title);
+ $title = array_reverse($title);
+ $title = $title[0];
+ }
+ echo htmlspecialchars($title);
+ break;
+ }
+ else if ( isPage($higherpage) )
+ {
+ $title = get_page_title($higherpage, false);
+ echo '<a href="' . makeUrl($higherpage, false, true) . '">' . htmlspecialchars($title) . '</a>';
+ }
+ else
+ {
+ $title = get_page_title($higherpage, false);
+ $title = explode('/', $title);
+ $title = array_reverse($title);
+ $title = $title[0];
+ echo '<a href="' . makeUrl($higherpage, false, true) . '" class="wikilink-nonexistent">' . htmlspecialchars($title) . '</a>';
+ }
+ echo ' » ';
+ }
+ echo '</div>
+ <!-- End breadcrumbs -->
+ ';
+ }
+ }
+
+ /**
* PHP 4 constructor.
* @see PageProcessor::__construct()
*/
--- a/includes/pageutils.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/pageutils.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,7 +1,8 @@
<?php
+
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
*
@@ -15,18 +16,27 @@
class PageUtils {
/**
- * List possible username completions
+ * Tell if a username is used or not.
* @param $name the name to check for
- * @return array
+ * @return string
*/
function checkusername($name)
{
global $db, $session, $paths, $template, $plugins; // Common objects
- $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE username=\''.$db->escape(rawurldecode($name)).'\'');
- if(!$q) die(mysql_error());
- if($db->numrows() < 1) { $db->free_result(); return('good'); }
- else { $db->free_result(); return('bad'); }
+ $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
+ if ( !$q )
+ {
+ die(mysql_error());
+ }
+ if ( $db->numrows() < 1)
+ {
+ $db->free_result(); return('good');
+ }
+ else
+ {
+ $db->free_result(); return('bad');
+ }
}
/**
@@ -57,10 +67,10 @@
$pid = RenderMan::strToPageID($page);
if($pid[1] == 'Special' || $pid[1] == 'Admin')
{
- die('This type of page ('.$paths->nslist[$pid[1]].') cannot be edited because the page source code is not stored in the database.');
+ die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
}
- $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$pid[0].'\' AND namespace=\''.$pid[1].'\'');
+ $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
if ( !$e )
{
$db->_die('The page text could not be selected.');
@@ -123,7 +133,7 @@
return $r;
}
- $fname = 'page_'.$pid[1].'_'.$paths->pages[$page]['urlname_nons'];
+ $fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
@call_user_func($fname);
}
@@ -147,7 +157,7 @@
return $r;
}
- $fname = 'page_'.$pid[1].'_'.$pid[0];
+ $fname = 'page_' . $pid[1] . '_' . $pid[0];
if ( !function_exists($fname) )
{
$title = 'Page backend not found';
@@ -190,12 +200,17 @@
<p>You have requested a page that doesn\'t exist yet.';
if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
- if($session->get_permissions('history_rollback')) {
- $e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;');
- if(!$e) $db->_die('The deletion log could not be selected.');
- if($db->numrows() > 0) {
+ if ( $session->get_permissions('history_rollback') )
+ {
+ $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
+ if ( !$e )
+ {
+ $db->_die('The deletion log could not be selected.');
+ }
+ if ($db->numrows() > 0 )
+ {
$r = $db->fetchrow();
- echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
}
$db->free_result();
}
@@ -233,15 +248,16 @@
return $text;
}
- if($hist_id) {
- $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$paths->pages[$page]['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' AND log_type=\'page\' AND action=\'edit\' AND time_id='.$db->escape($hist_id).'');
+ if ( $hist_id )
+ {
+ $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
if($db->numrows() < 1)
{
$db->_die('There were no rows in the text table that matched the page text query.');
}
$r = $db->fetchrow();
$db->free_result();
- $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.$r['date_string'].'.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id='.$hist_id).'" onclick="ajaxRollback(\''.$hist_id.'\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
+ $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
if( !$paths->pages[$page]['special'] )
{
@@ -252,7 +268,7 @@
display_page_headers();
}
- eval('?>'.$message);
+ eval('?>' . $message);
if( !$paths->pages[$page]['special'] )
{
@@ -286,7 +302,7 @@
// This is it, this is what all of Enano has been working up to...
- eval('?>'.$message);
+ eval('?>' . $message);
if( !$paths->pages[$page]['special'] )
{
@@ -322,8 +338,9 @@
if(!isset($paths->pages[$pname]))
{
- if(!PageUtils::createPage($page_id, $namespace))
- return 'The page did not exist, and I was not able to create it. Permissions problem?';
+ $create = PageUtils::createPage($page_id, $namespace);
+ if ( $create != 'good' )
+ return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
$paths->page_exists = true;
}
@@ -337,10 +354,10 @@
$msg = $db->escape($message);
$minor = $minor ? 'true' : 'false';
- $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
+ $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
- $q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';';
+ $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
$e = $db->sql_query($q);
if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
@@ -362,32 +379,38 @@
if(in_array($namespace, Array('Special', 'Admin')))
{
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
- return false; // Can't create a special page
+ return 'You can\'t create a special page in the database';
}
if(!isset($paths->nslist[$namespace]))
{
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
- return false; // Couldn't look up namespace
+ return 'Couldn\'t look up the namespace';
}
$pname = $paths->nslist[$namespace] . $page_id;
if(isset($paths->pages[$pname]))
{
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
- return false; // Page already exists
+ return 'Page already exists';
}
if(!$session->get_permissions('create_page'))
{
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
- return false; // Access denied
+ return 'Not authorized to create pages';
}
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
{
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
- return false; // Not authorized to create system messages
+ return 'Not authorized to create system messages';
+ }
+
+ if ( substr($page_id, 0, 8) == 'Project:' )
+ {
+ // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
+ return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
}
$page_id = dirtify_page_id($page_id);
@@ -398,7 +421,7 @@
if(!preg_match($regex, $page))
{
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
- return false; // Name contains invalid characters
+ return 'Name contains invalid characters';
}
$page_id = sanitize_page_id( $page_id );
@@ -421,16 +444,15 @@
$paths->add_page($page_data);
- $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');');
- $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
- $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
+ $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
+ $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
+ $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
if($qa && $qb && $qc)
- return true;
+ return 'good';
else
{
- echo $db->get_error();
- return false;
+ return $db->get_error();
}
}
@@ -450,31 +472,41 @@
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
- if(!$session->get_permissions('protect')) return('Insufficient access rights');
- if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.');
- if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.');
-
- if($reason!='NO_REASON') {
- switch($level)
- {
- case 0:
- $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
- break;
- case 1:
- $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
- break;
- case 2:
- $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
- break;
- default:
- return 'PageUtils::protect(): Invalid value for $level';
- break;
- }
- if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
+ if ( !$session->get_permissions('protect') )
+ {
+ return('Insufficient access rights');
+ }
+ if ( !$wiki )
+ {
+ return('Page protection only has an effect when Wiki Mode is enabled.');
+ }
+ if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
+ {
+ return('Invalid $level parameter.');
}
- $q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
- if(!$q) $db->_die('The pages table was not updated.');
+ switch($level)
+ {
+ case 0:
+ $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
+ break;
+ case 1:
+ $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
+ break;
+ case 2:
+ $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
+ break;
+ default:
+ return 'PageUtils::protect(): Invalid value for $level';
+ break;
+ }
+ if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
+
+ $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
+ if ( !$q )
+ {
+ $db->_die('The pages table was not updated.');
+ }
return('good');
}
@@ -489,6 +521,7 @@
function histlist($page_id, $namespace)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if(!$session->get_permissions('history_view'))
return 'Access denied';
@@ -499,16 +532,19 @@
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
- $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' ORDER BY time_id DESC;';
- if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
- echo 'History of edits and actions<h3>Edits:</h3>';
+ $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
+ if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
+ echo $lang->get('history_page_subtitle') . '
+ <h3>' . $lang->get('history_heading_edits') . '</h3>';
$numrows = $db->numrows();
- if($numrows < 1) echo 'No history entries in this category.';
+ if ( $numrows < 1 )
+ {
+ echo $lang->get('history_no_entries');
+ }
else
{
-
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
- <input type="submit" value="Compare selected revisions" />
+ <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
<input type="hidden" name="do" value="diff" />
@@ -516,17 +552,18 @@
<div class="tblholder">
<table border="0" width="100%" cellspacing="1" cellpadding="4">
<tr>
- <th colspan="2">Diff</th>
- <th>Date/time</th>
- <th>User</th>
- <th>Edit summary</th>
- <th>Minor</th>
- <th colspan="3">Actions</th>
+ <th colspan="2">' . $lang->get('history_col_diff') . '</th>
+ <th>' . $lang->get('history_col_datetime') . '</th>
+ <th>' . $lang->get('history_col_user') . '</th>
+ <th>' . $lang->get('history_col_summary') . '</th>
+ <th>' . $lang->get('history_col_minor') . '</th>
+ <th colspan="3">' . $lang->get('history_col_actions') . '</th>
</tr>'."\n"."\n";
$cls = 'row2';
$ticker = 0;
- while($r = $db->fetchrow()) {
+ while ( $r = $db->fetchrow() )
+ {
$ticker++;
@@ -551,29 +588,42 @@
$s1 = '';
$s2 = '';
}
- if($ticker > 1) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
- if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
+ if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
+ if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
// Date and time
- echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n";
+ echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
// User
- if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"';
- else $rc = '';
- echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" ';
- if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
- echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n";
+ if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
+ {
+ $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
+ }
+ else
+ {
+ $rc = '';
+ }
+ echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" ';
+ if ( !isPage($paths->nslist['User'] . $r['author']) )
+ {
+ echo 'class="wikilink-nonexistent"';
+ }
+ echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
// Edit summary
- echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n";
+ if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
+ {
+ $r['edit_summary'] = $lang->get('history_summary_clearlogs');
+ }
+ echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
// Minor edit
- echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
+ echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
// Actions!
- echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n";
- echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n";
- echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n";
+ echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
+ echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
+ echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
echo '</tr>'."\n"."\n";
@@ -582,18 +632,33 @@
</div>
<br />
<input type="hidden" name="do" value="diff" />
- <input type="submit" value="Compare selected revisions" />
+ <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
</form>
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
}
$db->free_result();
- echo '<h3>Other changes:</h3>';
- $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\' ORDER BY time_id DESC;';
- if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
- if($db->numrows() < 1) echo 'No history entries in this category.';
- else {
+ echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
+ $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
+ if ( !$db->sql_query($q) )
+ {
+ $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
+ }
+ if ( $db->numrows() < 1 )
+ {
+ echo $lang->get('history_no_entries');
+ }
+ else
+ {
- echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ echo '<div class="tblholder">
+ <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
+ <th>' . $lang->get('history_col_datetime') . '</th>
+ <th>' . $lang->get('history_col_user') . '</th>
+ <th>' . $lang->get('history_col_minor') . '</th>
+ <th>' . $lang->get('history_col_action_taken') . '</th>
+ <th>' . $lang->get('history_col_extra') . '</th>
+ <th colspan="2"></th>
+ </tr>';
$cls = 'row2';
while($r = $db->fetchrow()) {
@@ -603,37 +668,32 @@
echo '<tr>';
// Date and time
- echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">';
+ echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
// User
- echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" ';
+ echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" ';
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
- echo '>'.$r['author'].'</a></td class="'.$cls.'">';
+ echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
// Minor edit
- echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
+ echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
// Action taken
- echo '<td class="'.$cls.'">';
+ echo '<td class="' . $cls . '">';
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
- if ($r['action']=='prot') echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
- elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
- elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
- elseif($r['action']=='rename') echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
- elseif($r['action']=='create') echo 'Created page</td><td class="'.$cls.'">';
- elseif($r['action']=='delete') echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
- elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
+ if ($r['action']=='prot') echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ elseif($r['action']=='unprot') echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ elseif($r['action']=='rename') echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
+ elseif($r['action']=='create') echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
+ elseif($r['action']=='delete') echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' '.htmlspecialchars($r['edit_summary']);
echo '</td>';
// Actions!
- echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>';
- echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>';
-
- //echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): ';
-
- if($r['minor_edit']) echo '<b> - minor edit</b>';
- echo '<br />';
+ echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
+ echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
echo '</tr>';
}
@@ -654,71 +714,157 @@
function rollback($id)
{
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!$session->get_permissions('history_rollback')) return('You are not authorized to perform rollbacks.');
- if(!preg_match('#^([0-9]+)$#', (string)$id)) return('The value "id" on the query string must be an integer.');
- $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
- if(!$e) $db->_die('The rollback data could not be selected.');
+ if ( !$session->get_permissions('history_rollback') )
+ {
+ return('You are not authorized to perform rollbacks.');
+ }
+ if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ {
+ return('The value "id" on the query string must be an integer.');
+ }
+ $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
+ if ( !$e )
+ {
+ $db->_die('The rollback data could not be selected.');
+ }
$rb = $db->fetchrow();
$db->free_result();
- switch($rb['log_type']) {
+
+ if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ {
+ $pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ if ( !isset($paths->pages[$pagekey]) )
+ {
+ return "Page doesn't exist";
+ }
+ $pagedata =& $paths->pages[$pagekey];
+ $protected = false;
+ // Special case: is the page protected? if so, check for even_when_protected permissions
+ if($pagedata['protected'] == 2)
+ {
+ // The page is semi-protected, determine permissions
+ if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ {
+ $protected = false;
+ }
+ else
+ {
+ $protected = true;
+ }
+ }
+ else
+ {
+ $protected = ( $pagedata['protected'] == 1 );
+ }
+
+ $perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+
+ if ( $protected && !$perms->get_permissions('even_when_protected') )
+ {
+ return "Because this page is protected, you need moderator rights to roll back changes.";
+ }
+ }
+ else
+ {
+ $perms =& $session;
+ }
+
+ switch($rb['log_type'])
+ {
case "page":
- switch($rb['action']) {
+ switch($rb['action'])
+ {
case "edit":
+ if ( !$perms->get_permissions('edit_page') )
+ return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
$t = $db->escape($rb['page_text']);
- $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
- if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.');
+ $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
+ if ( !$e )
+ {
+ return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ }
+ else
+ {
+ return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
+ }
break;
case "rename":
+ if ( !$perms->get_permissions('rename') )
+ return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
$t = $db->escape($rb['edit_summary']);
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
- if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.');
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
+ if ( !$e )
+ {
+ return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ }
+ else
+ {
+ return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
+ }
break;
case "prot":
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
- if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
+ if ( !$perms->get_permissions('protect') )
+ return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
+ if ( !$e )
+ return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ else
+ return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
break;
case "semiprot":
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
- if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
+ if ( !$perms->get_permissions('protect') )
+ return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
+ if ( !$e )
+ return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ else
+ return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
break;
case "unprot":
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
- if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.');
+ if ( !$perms->get_permissions('protect') )
+ return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
+ if ( !$e )
+ return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ else
+ return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
break;
case "delete":
- if(!$session->get_permissions('history_rollback_extra')) return('Administrative privileges are required for page undeletion.');
- if(isset($paths->pages[$paths->cpage['urlname']])) return('You cannot raise a dead page that is alive.');
+ if ( !$perms->get_permissions('history_rollback_extra') )
+ return 'Administrative privileges are required for page undeletion.';
+ if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ return 'You cannot raise a dead page that is alive.';
$name = str_replace('_', ' ', $rb['page_id']);
- $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
$r = $db->fetchrow();
- $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
- return('The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.');
+ $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
break;
case "reupload":
- if(!$session->get_permissions('history_rollbacks_extra')) return('Administrative privileges are required for file rollbacks.');
+ if ( !$session->get_permissions('history_rollbacks_extra') )
+ {
+ return 'Administrative privileges are required for file rollbacks.';
+ }
$newtime = time();
$newdate = date('d M Y h:i a');
- if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
- if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
- return('The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.');
+ if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
+ return 'Error during query: '.mysql_error();
+ if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
+ return 'Error during query: '.mysql_error();
+ return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
break;
default:
- return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
+ return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
break;
}
break;
case "security":
case "login":
- return('A '.$rb['log_type'].'-related log entry cannot be rolled back.');
+ return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
break;
default:
- return('Unknown log entry type: "'.$rb['log_type'].'"');
+ return('Unknown log entry type: "' . $rb['log_type'] . '"');
}
}
@@ -749,9 +895,9 @@
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
$subj = RenderMan::preprocess_text($subject);
if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
- $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')';
+ $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
$e = $db->sql_query($q);
- if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))');
+ if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
}
@@ -770,6 +916,7 @@
function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
$pname = $paths->nslist[$namespace] . $page_id;
@@ -781,15 +928,15 @@
case "delete":
if(isset($flags['id']))
{
- $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
+ $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
} else {
$n = $db->escape($flags['name']);
$s = $db->escape($flags['subj']);
$t = $db->escape($flags['text']);
- $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
}
$e=$db->sql_query($q);
- if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
break;
case "approve":
if(isset($flags['id']))
@@ -799,20 +946,20 @@
$n = $db->escape($flags['name']);
$s = $db->escape($flags['subj']);
$t = $db->escape($flags['text']);
- $where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\'';
+ $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
}
- $q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;';
+ $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
$e = $db->sql_query($q);
- if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
$r = $db->fetchrow();
$db->free_result();
$a = ( $r['approved'] ) ? '0' : '1';
- $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';';
+ $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
$e=$db->sql_query($q);
- if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
- if($a=='1') $v = 'Unapprove';
- else $v = 'Approve';
- echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";';
+ if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
+ if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
+ else $v = $lang->get('comment_btn_mod_approve');
+ echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
break;
}
}
@@ -824,42 +971,53 @@
$tpl = $template->makeParser('comment.tpl');
- $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;');
+ $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
if(!$e) $db->_die('The comment text data could not be selected.');
$num_unapp = $db->numrows();
$db->free_result();
- $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;');
+ $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
if(!$e) $db->_die('The comment text data could not be selected.');
$num_app = $db->numrows();
$db->free_result();
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
- FROM '.table_prefix.'comments AS c
- LEFT JOIN '.table_prefix.'users AS u
+ FROM ' . table_prefix.'comments AS c
+ LEFT JOIN ' . table_prefix.'users AS u
ON c.user_id=u.user_id
- WHERE page_id=\''.$page_id.'\'
- AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;');
+ WHERE page_id=\'' . $page_id . '\'
+ AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
- $_ob .= '<h3>Article Comments</h3>';
+ $_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
+
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
- if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments';
- if($n < 1)
+
+ $subst = array(
+ 'num_comments' => $n,
+ 'page_type' => $template->namespace_string
+ );
+
+ $_ob .= '<p>';
+ $_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
+
+ if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
{
- $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
- if($namespace != 'Article') $_ob .= ' page';
- $_ob .= '.</p>';
- } else $_ob .= '<p>There '.$s.' on this article.';
- if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>';
- elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
+ $_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
+ }
+ else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
+ {
+ $ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
+ $_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
+ }
$_ob .= '</p>';
$list = 'list = { ';
// _die(htmlspecialchars($ttext));
$i = -1;
- while($row = $db->fetchrow($lq))
+ while ( $row = $db->fetchrow($lq) )
{
$i++;
$strings = Array();
$bool = Array();
- if($session->get_permissions('mod_comments') || $row['approved']) {
+ if ( $session->get_permissions('mod_comments') || $row['approved'] )
+ {
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
// Comment ID (used in the Javascript apps)
@@ -867,14 +1025,14 @@
// Determine the name, and whether to link to the user page or not
$name = '';
- if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
+ if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
$name .= $row['name'];
- if($row['user_id'] > 0) $name .= '</a>';
+ if($row['user_id'] > 1) $name .= '</a>';
$strings['NAME'] = $name; unset($name);
// Subject
$s = $row['subject'];
- if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
$strings['SUBJECT'] = $s;
// Date and time
@@ -885,16 +1043,17 @@
{
default:
case USER_LEVEL_GUEST:
- $l = 'Guest';
+ $l = $lang->get('user_type_guest');
break;
case USER_LEVEL_MEMBER:
- $l = 'Member';
+ case USER_LEVEL_CHPREF:
+ $l = $lang->get('user_type_member');
break;
case USER_LEVEL_MOD:
- $l = 'Moderator';
+ $l = $lang->get('user_type_mod');
break;
case USER_LEVEL_ADMIN:
- $l = 'Administrator';
+ $l = $lang->get('user_type_admin');
break;
}
$strings['USER_LEVEL'] = $l; unset($l);
@@ -905,10 +1064,10 @@
if($session->get_permissions('edit_comments'))
{
// Edit link
- $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id='.$row['comment_id']).'" id="editbtn_'.$i.'">edit</a>';
+ $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
// Delete link
- $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id='.$row['comment_id']).'">delete</a>';
+ $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
}
else
{
@@ -920,19 +1079,19 @@
}
// Send PM link
- $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : '';
+ $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
// Add Buddy link
- $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : '';
+ $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
// Mod links
$applink = '';
- $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">';
- if($row['approved']) $applink .= 'Unapprove';
- else $applink .= 'Approve';
+ $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
+ if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
+ else $applink .= $lang->get('comment_btn_mod_approve');
$applink .= '</a>';
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
- $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id='.$row['comment_id']).'">Delete</a>';
+ $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
// Signature
$strings['SIGNATURE'] = '';
@@ -950,38 +1109,37 @@
}
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
{
- if(!$session->get_permissions('post_comments'))
- {
- $_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
- }
- else
+ if($session->get_permissions('post_comments'))
{
- $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
- if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
- if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
- $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
- $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
+ $_ob .= $lang->get('comment_postform_blurb');
+ if(getConfig('approve_comments')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
+ if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ {
+ $_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
+ }
+ $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
+ $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
<div id="mdgCommentForm">
- <h3>Comment form</h3>
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
<table border="0">
- <tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr>
- <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ <tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
+ <tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
{
$session->kill_captcha();
$captcha = $session->make_captcha();
- $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
+ $_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
}
$_ob .= '
- <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
- <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ <tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ <tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
</table>
</form>
</div>';
}
} else {
- $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>';
+ $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
}
$list .= '};';
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
@@ -1052,7 +1210,7 @@
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
{
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
- $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
$s = $db->sql_query($q);
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
$r = $db->fetchrow($s);
@@ -1061,13 +1219,13 @@
}
$s = RenderMan::preprocess_text($subject);
$t = RenderMan::preprocess_text($text);
- $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
$result = $db->sql_query($sql);
if($result)
{
return 'result="GOOD";
- list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
- list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.';
+ list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
+ list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
s = unescape(\''.rawurlencode($s).'\');
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
}
@@ -1075,7 +1233,7 @@
{
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
Performed SQL:
- '.$sql.'
+ ' . $sql . '
Error returned by MySQL: '.mysql_error()).'");';
}
@@ -1101,7 +1259,7 @@
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
{
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
- $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
$s = $db->sql_query($q);
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
$r = $db->fetchrow($s);
@@ -1110,13 +1268,13 @@
}
$s = RenderMan::preprocess_text($subject);
$t = RenderMan::preprocess_text($text);
- $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
$result = $db->sql_query($sql);
if($result)
return 'good';
else return 'Enano encountered a problem whilst saving the comment.
Performed SQL:
- '.$sql.'
+ ' . $sql . '
Error returned by MySQL: '.mysql_error();
}
@@ -1148,16 +1306,16 @@
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
{
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
- $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
$s = $db->sql_query($q);
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
$r = $db->fetchrow($s);
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
$db->free_result();
}
- $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
$e=$db->sql_query($q);
- if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
return('good');
}
@@ -1182,16 +1340,16 @@
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
{
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
- $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
$s = $db->sql_query($q);
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
$r = $db->fetchrow($s);
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
$db->free_result();
}
- $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;';
+ $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
$e=$db->sql_query($q);
- if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
return('good');
}
@@ -1206,6 +1364,7 @@
function rename($page_id, $namespace, $name)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
$pname = $paths->nslist[$namespace] . $page_id;
@@ -1214,28 +1373,32 @@
if( empty($name))
{
- die('Name is too short');
+ return($lang->get('ajax_rename_too_short'));
}
if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
{
- $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')');
+ $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
if ( !$e )
{
$db->_die('The page title could not be updated.');
}
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
if ( !$e )
{
$db->_die('The page title could not be updated.');
}
else
{
- return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
+ $subst = array(
+ 'page_name_old' => $paths->pages[$pname]['name'],
+ 'page_name_new' => $name
+ );
+ return $lang->get('ajax_rename_success', $subst);
}
}
else
{
- return('Access is denied.');
+ return($lang->get('etc_access_denied'));
}
}
@@ -1249,22 +1412,26 @@
function flushlogs($page_id, $namespace)
{
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
+ global $lang;
+ if(!$session->get_permissions('clear_logs'))
+ {
+ return $lang->get('etc_access_denied');
+ }
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
if(!$e) $db->_die('The log entries could not be deleted.');
// If the page exists, make a backup of it in case it gets spammed/vandalized
// If not, the admin's probably deleting a trash page
if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
{
- $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
$row = $db->fetchrow();
$db->free_result();
- $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
+ $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
}
- return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ return $lang->get('ajax_clearlogs_success');
}
/**
@@ -1278,26 +1445,27 @@
function deletepage($page_id, $namespace, $reason)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
$perms = $session->fetch_page_acl($page_id, $namespace);
$x = trim($reason);
if ( empty($x) )
{
- return 'Invalid reason for deletion passed';
+ return $lang->get('ajax_delete_need_reason');
}
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
- $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
+ $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
if(!$e) $db->_die('The page log entry could not be inserted.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
if(!$e) $db->_die('The page categorization entries could not be deleted.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
if(!$e) $db->_die('The page comments could not be deleted.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
if(!$e) $db->_die('The page text entry could not be deleted.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
if(!$e) $db->_die('The page entry could not be deleted.');
- $e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\'');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
if(!$e) $db->_die('The file entry could not be deleted.');
- return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ return $lang->get('ajax_delete_success');
}
/**
@@ -1310,9 +1478,10 @@
function delvote($page_id, $namespace)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( !$session->get_permissions('vote_delete') )
{
- return 'Access denied';
+ return $lang->get('etc_access_denied');
}
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
@@ -1351,7 +1520,7 @@
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
{
- return 'It appears that you have already voted to have this page deleted.';
+ return $lang->get('ajax_delvote_already_voted');
}
$ips['u'][] = $session->username;
@@ -1360,10 +1529,10 @@
$cv++;
- $q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
$w = $db->sql_query($q);
- return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
+ return $lang->get('ajax_delvote_success');
}
/**
@@ -1376,11 +1545,18 @@
function resetdelvotes($page_id, $namespace)
{
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
- $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ global $lang;
+ if(!$session->get_permissions('vote_reset'))
+ {
+ return $lang->get('etc_access_denied');
+ }
+ $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
$e = $db->sql_query($q);
if(!$e) $db->_die('The number of delete votes was not reset.');
- else return('The number of votes for having this page deleted has been reset to zero.');
+ else
+ {
+ return $lang->get('ajax_delvote_reset_success');
+ }
}
/**
@@ -1393,14 +1569,17 @@
{
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
- $dir = './themes/'.$_GET['id'].'/css/';
+ if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
+ return $json->encode(false);
+
+ $dir = './themes/' . $_GET['id'] . '/css/';
$list = Array();
// Open a known directory, and proceed to read its contents
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
- if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { // _printable.css should be included with every theme
- // it should be a copy of the original style, but
+ if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
+ { // it should be a copy of the original style, but
// mostly black and white
// Note to self: document this
$list[] = substr($file, 0, strlen($file)-4);
@@ -1438,9 +1617,11 @@
function catedit_raw($page_id, $namespace)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
ob_start();
$_ob = '';
- $e = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
+ $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
$cat_current = Array();
while($r = $db->fetchrow())
@@ -1475,11 +1656,11 @@
}
echo 'catlist = new Array();'; // Initialize the client-side category list
- $_ob .= '<h3>Select which categories this page should be included in.</h3>
+ $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
if ( sizeof($cat_info) < 1 )
{
- $_ob .= '<p>There are no categories on this site yet.</p>';
+ $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
}
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
{
@@ -1492,15 +1673,15 @@
$is_prot = true;
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
- echo 'catlist['.$i.'] = \''.$cat_info[$i]['urlname_nons'].'\';';
- $_ob .= '<span class="catCheck"><input '.$prot.' name="'.$cat_info[$i]['urlname_nons'].'" id="mdgCat_'.$cat_info[$i]['urlname_nons'].'" type="checkbox"';
+ echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
+ $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
- $_ob .= '/> <label for="mdgCat_'.$cat_info[$i]['urlname_nons'].'">'.$cat_info[$i]['name'].$prottext.'</label></span><br />';
+ $_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
}
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
- $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
$cont = ob_get_contents();
ob_end_clean();
@@ -1550,9 +1731,9 @@
if(!$auth)
{
// Find out if the page is currently in the category
- $q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
if(!$q)
- return 'MySQL error: '.$db->get_error();
+ return 'MySQL error: ' . $db->get_error();
if($db->numrows() > 0)
{
$auth = true;
@@ -1560,13 +1741,13 @@
}
$db->free_result();
}
- if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')';
+ if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
}
if(sizeof($rowlist) > 0)
{
$val = implode(',', $rowlist);
- $q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
- $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
if(!$e) $db->_die('The old category data could not be deleted.');
$e = $db->sql_query($q);
if(!$e) $db->_die('The new category data could not be inserted.');
@@ -1574,7 +1755,7 @@
}
else
{
- $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
if(!$e) $db->_die('The old category data could not be deleted.');
return('GOOD');
}
@@ -1592,9 +1773,15 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
- if(!isset($level) || (isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level))) return('Invalid mode string');
- $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode='.$level.' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
- if(!$q) return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
+ {
+ return('Invalid mode string');
+ }
+ $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
+ if ( !$q )
+ {
+ return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ }
return('GOOD');
}
@@ -1609,21 +1796,37 @@
function setpass($page_id, $namespace, $pass)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
// Determine permissions
if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
$a = $session->get_permissions('password_reset');
else
$a = $session->get_permissions('password_set');
if(!$a)
- return 'Access is denied';
+ return $lang->get('etc_access_denied');
if(!isset($pass)) return('Password was not set on URL');
$p = $pass;
- if(!preg_match('#([0-9a-f]){40,40}#', $p)) $p = sha1($p);
- if($p=='da39a3ee5e6b4b0d3255bfef95601890afd80709') $p = '';
- $e = $db->sql_query('UPDATE '.table_prefix.'pages SET password=\''.$p.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
- if(!$e) die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
- if($p=='') return('The password for this page has been disabled.');
- else return('The password for this page has been set.');
+ if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
+ {
+ $p = sha1($p);
+ }
+ if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
+ // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
+ $p = '';
+ $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
+ if ( !$e )
+ {
+ die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ }
+ // Is the new password blank?
+ if ( $p == '' )
+ {
+ return $lang->get('ajax_password_disable_success');
+ }
+ else
+ {
+ return $lang->get('ajax_password_success');
+ }
}
/**
@@ -1634,7 +1837,8 @@
function genPreview($text)
{
- $ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ global $lang;
+ $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
ob_start();
eval('?>' . $text);
@@ -1654,7 +1858,7 @@
function scrollBox($text, $height = 250)
{
- return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">'.$text.'</div>';
+ return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
}
/**
@@ -1669,14 +1873,15 @@
function pagediff($page_id, $namespace, $id1, $id2)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if(!$session->get_permissions('history_view'))
- return 'Access denied';
+ return $lang->get('etc_access_denied');
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
// OK we made it through security
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
- if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
- if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
+ if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
+ if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
$row1 = $db->fetchrow($q1);
$db->free_result($q1);
$row2 = $db->fetchrow($q2);
@@ -1687,7 +1892,7 @@
$time1 = date('F d, Y h:i a', $id1);
$time2 = date('F d, Y h:i a', $id2);
$_ob = "
- <p>Comparing revisions: {$time1} → {$time2}</p>
+ <p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} → {$time2}</p>
";
// Free some memory
unset($row1, $row2, $q1, $q2);
@@ -1698,8 +1903,6 @@
/**
* Gets ACL information about the selected page for target type X and target ID Y.
- * @param string $page_id The page ID
- * @param string $namespace The namespace
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
* @return array
*/
@@ -1707,19 +1910,21 @@
function acl_editor($parms = Array())
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
{
return Array(
'mode' => 'error',
- 'error' => 'You are not authorized to view or edit access control lists.'
+ 'error' => $lang->get('acl_err_access_denied')
);
}
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
$page_id =& $parms['page_id'];
$namespace =& $parms['namespace'];
- $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\''.$db->escape($page_id).'\' AND a.namespace=\''.$db->escape($namespace).'\'';
- $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\'';
+ $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
+ $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
//die(print_r($page_id,true));
$template->load_theme();
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
@@ -1729,7 +1934,7 @@
{
return Array(
'mode' => 'error',
- 'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ 'error' => $lang->get('acl_err_missing_template'),
);
}
$return['template'] = $template->extract_vars('acledit.tpl');
@@ -1741,7 +1946,7 @@
{
case 'listgroups':
$return['groups'] = Array();
- $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
while($row = $db->fetchrow())
{
$return['groups'][] = Array(
@@ -1751,7 +1956,7 @@
}
$db->free_result();
$return['page_groups'] = Array();
- $q = $db->sql_query('SELECT pg_id,pg_name FROM '.table_prefix.'page_groups ORDER BY pg_name ASC;');
+ $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
if ( !$q )
return Array(
'mode' => 'error',
@@ -1775,22 +1980,22 @@
switch($parms['target_type'])
{
case ACL_TYPE_USER:
- $q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u
- LEFT JOIN '.table_prefix.'acl AS a
+ $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
+ LEFT JOIN ' . table_prefix.'acl AS a
ON a.target_id=u.user_id
WHERE a.target_type='.ACL_TYPE_USER.'
- AND u.username=\''.$db->escape($parms['target_id']).'\'
- '.$page_where_clause.';');
+ AND u.username=\'' . $db->escape($parms['target_id']) . '\'
+ ' . $page_where_clause . ';');
if(!$q)
return(Array('mode'=>'error','error'=>mysql_error()));
if($db->numrows() < 1)
{
$return['type'] = 'new';
- $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';');
+ $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
if(!$q)
return(Array('mode'=>'error','error'=>mysql_error()));
if($db->numrows() < 1)
- return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'));
$row = $db->fetchrow();
$return['target_name'] = $return['target_id'];
$return['target_id'] = intval($row['user_id']);
@@ -1822,22 +2027,22 @@
}
break;
case ACL_TYPE_GROUP:
- $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g
- LEFT JOIN '.table_prefix.'acl AS a
+ $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
+ LEFT JOIN ' . table_prefix.'acl AS a
ON a.target_id=g.group_id
WHERE a.target_type='.ACL_TYPE_GROUP.'
AND g.group_id=\''.intval($parms['target_id']).'\'
- '.$page_where_clause.';');
+ ' . $page_where_clause . ';');
if(!$q)
return(Array('mode'=>'error','error'=>mysql_error()));
if($db->numrows() < 1)
{
$return['type'] = 'new';
- $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
+ $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
if(!$q)
return(Array('mode'=>'error','error'=>mysql_error()));
if($db->numrows() < 1)
- return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
$row = $db->fetchrow();
$return['target_name'] = $row['group_name'];
$return['target_id'] = intval($row['group_id']);
@@ -1879,10 +2084,10 @@
case 'save_edit':
if ( defined('ENANO_DEMO_MODE') )
{
- return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
+ return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
}
- $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
- '.$page_where_clause_lite.';');
+ $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ ' . $page_where_clause_lite . ';');
if(!$q)
return Array('mode'=>'error','error'=>mysql_error());
$rules = $session->perm_to_string($parms['perms']);
@@ -1890,13 +2095,13 @@
{
return array(
'mode' => 'error',
- 'error' => 'Supplied rule list has a length of zero'
+ 'error' => $lang->get('acl_err_zero_list')
);
}
- $q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
- VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' :
- 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules )
- VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )';
+ $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
+ VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
+ 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
+ VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
return Array(
'mode' => 'success',
@@ -1910,10 +2115,10 @@
case 'delete':
if ( defined('ENANO_DEMO_MODE') )
{
- return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
+ return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
}
- $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
- '.$page_where_clause_lite.';');
+ $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ ' . $page_where_clause_lite . ';');
if(!$q)
return Array('mode'=>'error','error'=>mysql_error());
return Array(
@@ -1957,6 +2162,7 @@
function aclmanager($parms)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
ob_start();
// Convenience
$formstart = '<form
@@ -1977,20 +2183,21 @@
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
break;
case 'stage1':
- echo '<h3>Manage page access</h3>
- <p>Please select who should be affected by this access rule.</p>';
+ echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
+ <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
echo $formstart;
- echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
<p><select name="data[target_id_grp]">';
foreach ( $response['groups'] as $group )
{
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
}
+
// page group selector
$groupsel = '';
if ( count($response['page_groups']) > 0 )
{
- $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
+ $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
<p><select name="data[pg_id]">';
foreach ( $response['page_groups'] as $grp )
{
@@ -2000,24 +2207,24 @@
}
echo '</select></p>
- <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
<p>' . $template->username_field('data[target_id_user]') . '</p>
- <p>What should this access rule control?</p>
- <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
+ <p>' . $lang->get('acl_lbl_scope') . '</p>
+ <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
' . $groupsel . '
- <p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
<div style="margin: 0 auto 0 0; text-align: right;">
<input name="data[mode]" value="seltarget" type="hidden" />
<input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
- <input type="submit" value="Next >" />
+ <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
</div>';
echo $formend;
break;
case 'success':
echo '<div class="info-box">
- <b>Permissions updated</b><br />
- The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
+ ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
' . $formstart . '
<input type="hidden" name="data[mode]" value="seltarget" />
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
@@ -2026,14 +2233,14 @@
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
- <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
' . $formend . '
</div>';
break;
case 'delete':
echo '<div class="info-box">
- <b>Rule deleted</b><br />
- The selected access rule has been successfully deleted.<br />
+ <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
+ ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
' . $formstart . '
<input type="hidden" name="data[mode]" value="seltarget" />
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
@@ -2042,22 +2249,27 @@
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
- <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
' . $formend . '
</div>';
break;
case 'seltarget':
if ( $response['type'] == 'edit' )
{
- echo '<h3>Editing permissions</h3>';
+ echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
}
else
{
- echo '<h3>Create new rule</h3>';
+ echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
}
- $type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
- $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
- echo 'This panel allows you to edit what the '.$type.' "'.$response['target_name'].'" can do on <b>'.$scope.'</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
+ $type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
+ $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
+ $subs = array(
+ 'target_type' => $type,
+ 'target' => $response['target_name'],
+ 'scope_type' => $scope
+ );
+ echo $lang->get('acl_lbl_editwin_body', $subs);
echo $formstart;
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
echo $parser->run();
@@ -2091,7 +2303,14 @@
break;
}
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
- $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
+ {
+ $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
+ }
+ else
+ {
+ $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ }
$parser->assign_vars($vars);
echo $parser->run();
}
@@ -2104,7 +2323,7 @@
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
- ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
+ ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> <input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
</div>';
echo $formend;
break;
--- a/includes/paths.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/paths.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/**
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* paths.php - The part of Enano that actually manages content. Everything related to page handling and namespaces is in here.
*
@@ -46,52 +46,52 @@
// ACL types
// These can also be added from within plugins
- $session->register_acl_type('read', AUTH_ALLOW, 'Read page(s)');
- $session->register_acl_type('post_comments', AUTH_ALLOW, 'Post comments', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('edit_comments', AUTH_ALLOW, 'Edit own comments', Array('post_comments'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('edit_page', AUTH_WIKIMODE, 'Edit page', Array('view_source'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('view_source', AUTH_WIKIMODE, 'View source', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); // Only used if the page is protected
- $session->register_acl_type('mod_comments', AUTH_DISALLOW, 'Moderate comments', Array('edit_comments'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('history_view', AUTH_WIKIMODE, 'View history/diffs', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('history_rollback', AUTH_DISALLOW, 'Rollback history', Array('history_view'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'Undelete page(s)', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('protect', AUTH_DISALLOW, 'Protect page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('rename', AUTH_WIKIMODE, 'Rename page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('clear_logs', AUTH_DISALLOW, 'Clear page logs (dangerous)', Array('read', 'protect', 'even_when_protected'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('vote_delete', AUTH_ALLOW, 'Vote to delete', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('vote_reset', AUTH_DISALLOW, 'Reset delete votes', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('delete_page', AUTH_DISALLOW, 'Delete page(s)', Array(), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('tag_create', AUTH_ALLOW, 'Tag page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('tag_delete_own', AUTH_ALLOW, 'Remove own page tags', Array('read', 'tag_create'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('tag_delete_other', AUTH_DISALLOW, 'Remove others\' page tags', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('set_wiki_mode', AUTH_DISALLOW, 'Set per-page wiki mode', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('password_set', AUTH_DISALLOW, 'Set password', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('password_reset', AUTH_DISALLOW, 'Disable/reset password', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('mod_misc', AUTH_DISALLOW, 'Super moderator (generate SQL backtraces, view IP addresses, and send large numbers of private messages)', Array(), 'All');
- $session->register_acl_type('edit_cat', AUTH_WIKIMODE, 'Edit categorization', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('even_when_protected', AUTH_DISALLOW, 'Allow editing, renaming, and categorization even when protected', Array('edit_page', 'rename', 'mod_comments', 'edit_cat'), 'Article|User|Project|Template|File|Help|System|Category');
- $session->register_acl_type('upload_files', AUTH_DISALLOW, 'Upload files', Array('create_page'), 'Article|User|Project|Template|File|Help|System|Category|Special');
- $session->register_acl_type('upload_new_version', AUTH_WIKIMODE, 'Upload new versions of files', Array('upload_files'), 'Article|User|Project|Template|File|Help|System|Category|Special');
- $session->register_acl_type('create_page', AUTH_WIKIMODE, 'Create pages', Array(), 'Article|User|Project|Template|File|Help|System|Category|Special');
- $session->register_acl_type('php_in_pages', AUTH_DISALLOW, 'Embed PHP code in pages', Array('edit_page'), 'Article|User|Project|Template|File|Help|System|Category|Admin');
- $session->register_acl_type('edit_acl', AUTH_DISALLOW, 'Edit access control lists', Array('read', 'post_comments', 'edit_comments', 'edit_page', 'view_source', 'mod_comments', 'history_view', 'history_rollback', 'history_rollback_extra', 'protect', 'rename', 'clear_logs', 'vote_delete', 'vote_reset', 'delete_page', 'set_wiki_mode', 'password_set', 'password_reset', 'mod_misc', 'edit_cat', 'even_when_protected', 'upload_files', 'upload_new_version', 'create_page', 'php_in_pages'));
+ $session->register_acl_type('read', AUTH_ALLOW, 'perm_read');
+ $session->register_acl_type('post_comments', AUTH_ALLOW, 'perm_post_comments', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('edit_comments', AUTH_ALLOW, 'perm_edit_comments', Array('post_comments'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('edit_page', AUTH_WIKIMODE, 'perm_edit_page', Array('view_source'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('view_source', AUTH_WIKIMODE, 'perm_view_source', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); // Only used if the page is protected
+ $session->register_acl_type('mod_comments', AUTH_DISALLOW, 'perm_mod_comments', Array('edit_comments'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('history_view', AUTH_WIKIMODE, 'perm_history_view', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('history_rollback', AUTH_DISALLOW, 'perm_history_rollback', Array('history_view'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'perm_history_rollback_extra', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('protect', AUTH_DISALLOW, 'perm_protect', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('rename', AUTH_WIKIMODE, 'perm_rename', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('clear_logs', AUTH_DISALLOW, 'perm_clear_logs', Array('read', 'protect', 'even_when_protected'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('vote_delete', AUTH_ALLOW, 'perm_vote_delete', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('vote_reset', AUTH_DISALLOW, 'perm_vote_reset', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('delete_page', AUTH_DISALLOW, 'perm_delete_page', Array(), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('tag_create', AUTH_ALLOW, 'perm_tag_create', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('tag_delete_own', AUTH_ALLOW, 'perm_tag_delete_own', Array('read', 'tag_create'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('tag_delete_other', AUTH_DISALLOW, 'perm_tag_delete_other', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('set_wiki_mode', AUTH_DISALLOW, 'perm_set_wiki_mode', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('password_set', AUTH_DISALLOW, 'perm_password_set', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('password_reset', AUTH_DISALLOW, 'perm_password_reset', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('mod_misc', AUTH_DISALLOW, 'perm_mod_misc', Array(), 'All');
+ $session->register_acl_type('edit_cat', AUTH_WIKIMODE, 'perm_edit_cat', Array('read'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('even_when_protected', AUTH_DISALLOW, 'perm_even_when_protected', Array('edit_page', 'rename', 'mod_comments', 'edit_cat'), 'Article|User|Project|Template|File|Help|System|Category');
+ $session->register_acl_type('upload_files', AUTH_DISALLOW, 'perm_upload_files', Array('create_page'), 'Article|User|Project|Template|File|Help|System|Category|Special');
+ $session->register_acl_type('upload_new_version', AUTH_WIKIMODE, 'perm_upload_new_version', Array('upload_files'), 'Article|User|Project|Template|File|Help|System|Category|Special');
+ $session->register_acl_type('create_page', AUTH_WIKIMODE, 'perm_create_page', Array(), 'Article|User|Project|Template|File|Help|System|Category|Special');
+ $session->register_acl_type('php_in_pages', AUTH_DISALLOW, 'perm_php_in_pages', Array('edit_page'), 'Article|User|Project|Template|File|Help|System|Category|Admin');
+ $session->register_acl_type('edit_acl', AUTH_DISALLOW, 'perm_edit_acl', Array('read', 'post_comments', 'edit_comments', 'edit_page', 'view_source', 'mod_comments', 'history_view', 'history_rollback', 'history_rollback_extra', 'protect', 'rename', 'clear_logs', 'vote_delete', 'vote_reset', 'delete_page', 'set_wiki_mode', 'password_set', 'password_reset', 'mod_misc', 'edit_cat', 'even_when_protected', 'upload_files', 'upload_new_version', 'create_page', 'php_in_pages'));
// DO NOT add new admin pages here! Use a plugin to call $paths->addAdminNode();
- $this->addAdminNode('General', 'General Configuration', 'GeneralConfig');
- $this->addAdminNode('General', 'File uploads', 'UploadConfig');
- $this->addAdminNode('General', 'Allowed file types', 'UploadAllowedMimeTypes');
- $this->addAdminNode('General', 'Manage Plugins', 'PluginManager');
- $this->addAdminNode('General', 'Backup database', 'DBBackup');
- $this->addAdminNode('Content', 'Manage Pages', 'PageManager');
- $this->addAdminNode('Content', 'Edit page content', 'PageEditor');
- $this->addAdminNode('Content', 'Manage page groups', 'PageGroups');
- $this->addAdminNode('Appearance', 'Manage themes', 'ThemeManager');
- $this->addAdminNode('Users', 'Manage users', 'UserManager');
- $this->addAdminNode('Users', 'Edit groups', 'GroupManager');
- $this->addAdminNode('Users', 'COPPA support', 'COPPA');
- $this->addAdminNode('Users', 'Mass e-mail', 'MassEmail');
- $this->addAdminNode('Security', 'Security log', 'SecurityLog');
- $this->addAdminNode('Security', 'Ban control', 'BanControl');
+ $this->addAdminNode('adm_cat_general', 'adm_page_general_config', 'GeneralConfig');
+ $this->addAdminNode('adm_cat_general', 'adm_page_file_uploads', 'UploadConfig');
+ $this->addAdminNode('adm_cat_general', 'adm_page_file_types', 'UploadAllowedMimeTypes');
+ $this->addAdminNode('adm_cat_general', 'adm_page_plugins', 'PluginManager');
+ $this->addAdminNode('adm_cat_general', 'adm_page_db_backup', 'DBBackup');
+ $this->addAdminNode('adm_cat_content', 'adm_page_manager', 'PageManager');
+ $this->addAdminNode('adm_cat_content', 'adm_page_editor', 'PageEditor');
+ $this->addAdminNode('adm_cat_content', 'adm_page_pg_groups', 'PageGroups');
+ $this->addAdminNode('adm_cat_appearance', 'adm_page_themes', 'ThemeManager');
+ $this->addAdminNode('adm_cat_users', 'adm_page_users', 'UserManager');
+ $this->addAdminNode('adm_cat_users', 'adm_page_user_groups', 'GroupManager');
+ $this->addAdminNode('adm_cat_users', 'adm_page_coppa', 'COPPA');
+ $this->addAdminNode('adm_cat_users', 'adm_page_mass_email', 'MassEmail');
+ $this->addAdminNode('adm_cat_security', 'adm_page_security_log', 'SecurityLog');
+ $this->addAdminNode('adm_cat_security', 'adm_page_ban_control', 'BanControl');
$code = $plugins->setHook('acl_rule_init');
foreach ( $code as $cmd )
@@ -493,24 +493,29 @@
// Parses a (very carefully formed) array into Javascript code compatible with the Tigra Tree Menu used in the admin menu
function parseAdminTree()
{
+ global $lang;
+
$k = array_keys($this->admin_tree);
$i = 0;
$ret = '';
- $ret .= "var TREE_ITEMS = [\n ['Administration panel home', 'javascript:ajaxPage(\'".$this->nslist['Admin']."Home\');',\n ";
+ $ret .= "var TREE_ITEMS = [\n ['" . $lang->get('adm_btn_home') . "', 'javascript:ajaxPage(\'".$this->nslist['Admin']."Home\');',\n ";
foreach($k as $key)
{
$i++;
- $ret .= "['".$key."', 'javascript:trees[0].toggle($i)', \n";
+ $name = ( preg_match('/^[a-z0-9_]+$/', $key) ) ? $lang->get($key) : $key;
+ $ret .= "['".$name."', 'javascript:trees[0].toggle($i)', \n";
foreach($this->admin_tree[$key] as $c)
{
$i++;
- $ret .= " ['".$c['name']."', 'javascript:ajaxPage(\\'".$this->nslist['Admin'].$c['pageid']."\\');'],\n";
+ $name = ( preg_match('/^[a-z0-9_]+$/', $key) ) ? $lang->get($c['name']) : $c['name'];
+
+ $ret .= " ['".$name."', 'javascript:ajaxPage(\\'".$this->nslist['Admin'].$c['pageid']."\\');'],\n";
}
$ret .= " ],\n";
}
- $ret .= " ['Log out of admin panel', 'javascript:ajaxPage(\\'".$this->nslist['Admin']."AdminLogout\\');'],\n";
- $ret .= " ['<span id=\\'keepalivestat\\'>Loading keep-alive control...</span>', 'javascript:ajaxToggleKeepalive();',
- ['About keep-alive', 'javascript:aboutKeepAlive();']
+ $ret .= " ['" . $lang->get('adm_btn_logout') . "', 'javascript:ajaxPage(\\'".$this->nslist['Admin']."AdminLogout\\');'],\n";
+ $ret .= " ['<span id=\\'keepalivestat\\'>" . $lang->get('adm_btn_keepalive_loading') . "</span>', 'javascript:ajaxToggleKeepalive();',
+ ['" . $lang->get('adm_btn_keepalive_about') . "', 'javascript:aboutKeepAlive();']
],\n";
// I used this while I painstakingly wrote the Runt code that auto-expands certain nodes based on the value of a bitfield stored in a cookie. *shudders*
// $ret .= " ['(debug) Clear menu bitfield', 'javascript:createCookie(\\'admin_menu_state\\', \\'1\\', 365);'],\n";
@@ -855,14 +860,35 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
- $page_id = $db->escape(sanitize_page_id($page_id));
+ static $cache = array();
+
+ if ( count($cache) == 0 )
+ {
+ foreach ( $this->nslist as $key => $_ )
+ {
+ $cache[$key] = array();
+ }
+ }
+
if ( !isset($this->nslist[$namespace]) )
- die('$paths->get_page_groups(): HACKING ATTEMPT');
+ die('$paths->get_page_groups(): HACKING ATTEMPT: namespace "'. htmlspecialchars($namespace) .'" doesn\'t exist');
+
+ $page_id_unescaped = $paths->nslist[$namespace] .
+ dirtify_page_id($page_id);
+ $page_id_str = $paths->nslist[$namespace] .
+ sanitize_page_id($page_id);
+
+ $page_id = $db->escape(sanitize_page_id($page_id));
+
+ if ( isset($cache[$namespace][$page_id]) )
+ {
+ return $cache[$namespace][$page_id];
+ }
$group_list = array();
// What linked categories have this page?
- $q = $db->sql_query('SELECT g.pg_id FROM '.table_prefix.'page_groups AS g
+ $q = $db->sql_unbuffered_query('SELECT g.pg_id, g.pg_type, g.pg_target FROM '.table_prefix.'page_groups AS g
LEFT JOIN '.table_prefix.'categories AS c
ON ( ( c.category_id = g.pg_target AND g.pg_type = ' . PAGE_GRP_CATLINK . ' ) OR c.category_id IS NULL )
LEFT JOIN '.table_prefix.'page_group_members AS m
@@ -872,47 +898,32 @@
WHERE
( c.page_id=\'' . $page_id . '\' AND c.namespace=\'' . $namespace . '\' ) OR
( t.page_id=\'' . $page_id . '\' AND t.namespace=\'' . $namespace . '\' ) OR
- ( m.page_id=\'' . $page_id . '\' AND m.namespace=\'' . $namespace . '\' );');
+ ( m.page_id=\'' . $page_id . '\' AND m.namespace=\'' . $namespace . '\' ) OR
+ ( g.pg_type = ' . PAGE_GRP_REGEX . ' );');
if ( !$q )
$db->_die();
while ( $row = $db->fetchrow() )
{
- $group_list[] = $row['pg_id'];
+ if ( $row['pg_type'] == PAGE_GRP_REGEX )
+ {
+ //echo "<debug> matching page " . htmlspecialchars($page_id_unescaped) . " against regex <tt>" . htmlspecialchars($row['pg_target']) . "</tt>.";
+ if ( @preg_match($row['pg_target'], $page_id_unescaped) || @preg_match($row['pg_target'], $page_id_str) )
+ {
+ //echo "..matched";
+ $group_list[] = $row['pg_id'];
+ }
+ //echo "<br />";
+ }
+ else
+ {
+ $group_list[] = $row['pg_id'];
+ }
}
$db->free_result();
- /*
- // Static-page groups
- $q = $db->sql_query('SELECT g.pg_id FROM '.table_prefix.'page_groups AS g
- LEFT JOIN '.table_prefix.'page_group_members AS m
- ON ( g.pg_id = m.pg_id )
- WHERE m.page_id=\'' . $page_id . '\' AND m.namespace=\'' . $namespace . '\'
- GROUP BY g.pg_id;');
-
- if ( !$q )
- $db->_die();
-
- while ( $row = $db->fetchrow() )
- {
- $group_list[] = $row['pg_id'];
- }
-
- // Tag groups
-
- $q = $db->sql_query('SELECT g.pg_id FROM '.table_prefix.'page_groups AS g
- LEFT JOIN '.table_prefix.'tags AS t
- ON ( t.tag_name = g.pg_target AND pg_type = ' . PAGE_GRP_TAGGED . ' )
- WHERE t.page_id = \'' . $page_id . '\' AND t.namespace = \'' . $namespace . '\';');
- if ( !$q )
- $db->_die();
-
- while ( $row = $db->fetchrow() )
- {
- $group_list[] = $row['pg_id'];
- }
- */
+ $cache[$namespace][$page_id] = $group_list;
return $group_list;
--- a/includes/plugins.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/plugins.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/render.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/render.php Sat Nov 03 07:43:35 2007 -0400
@@ -248,6 +248,12 @@
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
}
+ $code = $plugins->setHook('render_wikiformat_pre');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
+
if ( !$plaintext )
{
// Process images
@@ -264,7 +270,8 @@
}
}
- $template_regex = "/\{\{([^\]]+?)((\n([ ]*?)[A-z0-9]+([ ]*?)=([ ]*?)(.+?))*)\}\}/is";
+ //$template_regex = "/\{\{([^\]]+?)((\n([ ]*?)[A-z0-9]+([ ]*?)=([ ]*?)(.+?))*)\}\}/is";
+ $template_regex = "/\{\{(.+)((\n|\|[ ]*([A-z0-9]+)[ ]*=[ ]*(.+))*)\}\}/isU";
$i = 0;
while ( preg_match($template_regex, $text) )
{
@@ -290,10 +297,26 @@
$result = $wiki->transform($text, 'Xhtml');
}
- // if ( !$plaintext )
- // {
- // $result = RenderMan::process_imgtags_stage2($result, $taglist);
- // }
+ // HTML fixes
+ $result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
+ $result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
+ $result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
+ $result = str_replace("<pre><code>\n", "<pre><code>", $result);
+ $result = preg_replace("/<p><table([^>]*?)><\/p>/", "<table\\1>", $result);
+ $result = str_replace("<br />\n</td>", "\n</td>", $result);
+ $result = str_replace("<p><tr>", "<tr>", $result);
+ $result = str_replace("<tr><br />", "<tr>", $result);
+ $result = str_replace("</tr><br />", "</tr>", $result);
+ $result = str_replace("</table><br />", "</table>", $result);
+ $result = preg_replace('/<\/table>$/', "</table><br /><br />", $result);
+ $result = str_replace("<p></div></p>", "</div>", $result);
+ $result = str_replace("<p></table></p>", "</table>", $result);
+
+ $code = $plugins->setHook('render_wikiformat_post');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
// Reinsert <nowiki> sections
for($i=0;$i<$nw;$i++)
@@ -311,7 +334,8 @@
}
- function wikiFormat($message, $filter_links = true, $do_params = false, $plaintext = false) {
+ function wikiFormat($message, $filter_links = true, $do_params = false, $plaintext = false)
+ {
global $db, $session, $paths, $template, $plugins; // Common objects
return RenderMan::next_gen_wiki_format($message, $plaintext, $filter_links, $do_params);
@@ -384,6 +408,8 @@
$result = str_replace("</table></p>", "</table>", $result);
$result = str_replace("</table><br />", "</table>", $result);
$result = preg_replace('/<\/table>$/', "</table><br /><br />", $result);
+ $result = str_replace("<p></div></p>", "</div>", $result);
+ $result = str_replace("<p></table></p>", "</table>", $result);
$result = str_replace('<nowiki>', '<nowiki>', $result);
$result = str_replace('</nowiki>', '</nowiki>', $result);
@@ -460,8 +486,8 @@
list($page_id, $namespace) = RenderMan::strToPageID($matches[1][$i]);
$pid_clean = $paths->nslist[$namespace] . sanitize_page_id($page_id);
- $url = makeUrl($matches[1][$i], false, true);
- $inner_text = htmlspecialchars(get_page_title($pid_clean));
+ $url = makeUrl($pid_clean, false, true);
+ $inner_text = ( isPage($pid_clean) ) ? htmlspecialchars(get_page_title($pid_clean)) : htmlspecialchars($matches[1][$i]);
$quot = '"';
$exists = ( isPage($pid_clean) ) ? '' : ' class="wikilink-nonexistent"';
@@ -473,46 +499,6 @@
return $text;
}
- /* *
- * Replaces template inclusions with the templates
- * @param string $message The text to format
- * @return string
- * /
-
- function old_include_templates($message)
- {
- $random_id = md5( time() . mt_rand() );
- preg_match_all('#\{\{(.+?)\}\}#s', $message, $matchlist);
- foreach($matchlist[1] as $m)
- {
- $mn = $m;
- // Strip out wikilinks and re-add them after the explosion (because of the "|")
- preg_match_all('#\[\[(.+?)\]\]#i', $m, $linklist);
- //echo '<pre>'.print_r($linklist, true).'</pre>';
- for($i=0;$i<sizeof($linklist[1]);$i++)
- {
- $mn = str_replace('[['.$linklist[1][$i].']]', '{WIKILINK:'.$random_id.':'.$i.'}', $mn);
- }
-
- $ar = explode('|', $mn);
-
- for($j=0;$j<sizeof($ar);$j++)
- {
- for($i=0;$i<sizeof($linklist[1]);$i++)
- {
- $ar[$j] = str_replace('{WIKILINK:'.$random_id.':'.$i.'}', '[['.$linklist[1][$i].']]', $ar[$j]);
- }
- }
-
- $tp = $ar[0];
- unset($ar[0]);
- $tp = str_replace(' ', '_', $tp);
- $message = str_replace('{{'.$m.'}}', RenderMan::getTemplate($tp, $ar), $message);
- }
- return $message;
- }
- */
-
/**
* Parses a partial template tag in wikitext, and return an array with the parameters.
* @param string The portion of the template tag that contains the parameters.
@@ -528,16 +514,26 @@
function parse_template_vars($input)
{
- $input = explode("\n", trim( $input ));
+ if ( !preg_match('/^(\|[ ]*([A-z0-9_]+)([ ]*)=([ ]*)(.+?))*$/is', trim($input)) )
+ {
+ $using_pipes = false;
+ $input = explode("\n", trim( $input ));
+ }
+ else
+ {
+ $using_pipes = true;
+ $input = substr($input, 1);
+ $input = explode("|", trim( $input ));
+ }
$parms = Array();
$current_line = '';
$current_parm = '';
foreach ( $input as $num => $line )
{
- if ( preg_match('/^([ ]*?)([A-z0-9_]+?)([ ]*?)=([ ]*?)(.+?)$/i', $line, $matches) )
+ if ( preg_match('/^[ ]*([A-z0-9_]+)([ ]*)=([ ]*)(.+?)$/is', $line, $matches) )
{
- $parm =& $matches[2];
- $text =& $matches[5];
+ $parm =& $matches[1];
+ $text =& $matches[4];
if ( $parm == $current_parm )
{
$current_line .= $text;
@@ -570,6 +566,7 @@
/**
* Processes all template tags within a block of wikitext.
+ * Updated in 1.0.2 to also parse template tags in the format of {{Foo |a = b |b = c |c = therefore, a}}
* @param string The text to process
* @return string Formatted text
* @example
@@ -578,16 +575,18 @@
parm1 = Foo
parm2 = Bar
}}';
- $text = include_templates($text);
+ $text = RenderMan::include_templates($text);
* </code>
*/
function include_templates($text)
{
global $db, $session, $paths, $template, $plugins; // Common objects
- $template_regex = "/\{\{([^\]]+?)((\n([ ]*?)[A-z0-9]+([ ]*?)=([ ]*?)(.+?))*)\}\}/is";
+ // $template_regex = "/\{\{([^\]]+?)((\n([ ]*?)[A-z0-9]+([ ]*?)=([ ]*?)(.+?))*)\}\}/is";
+ $template_regex = "/\{\{(.+)(((\n|[ ]*\|)[ ]*([A-z0-9]+)[ ]*=[ ]*(.+))*)\}\}/isU";
if ( $count = preg_match_all($template_regex, $text, $matches) )
{
+ //die('<pre>' . print_r($matches, true) . '</pre>');
for ( $i = 0; $i < $count; $i++ )
{
$matches[1][$i] = sanitize_page_id($matches[1][$i]);
@@ -595,10 +594,9 @@
if ( !empty($parmsection) )
{
$parms = RenderMan::parse_template_vars($parmsection);
- foreach ( $parms as $j => $parm )
- {
- $parms[$j] = $parm;
- }
+ if ( !is_array($parms) )
+ // Syntax error
+ $parms = array();
}
else
{
@@ -710,6 +708,7 @@
':-/' => 'face-plain.png',
':joke:' => 'face-plain.png',
']:->' => 'face-devil-grin.png',
+ ']:->' => 'face-devil-grin.png',
':kiss:' => 'face-kiss.png',
':-P' => 'face-tongue-out.png',
':P' => 'face-tongue-out.png',
--- a/includes/search.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/search.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* search.php - algorithm used to search pages
*
--- a/includes/sessions.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/sessions.php Sat Nov 03 07:43:35 2007 -0400
@@ -362,6 +362,7 @@
function start()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if($this->started) return;
$this->started = true;
$user = false;
@@ -381,6 +382,9 @@
if(!$this->compat && $userdata['account_active'] != 1 && $data[1] != 'Special' && $data[1] != 'Admin')
{
+ $language = intval(getConfig('default_language'));
+ $lang = new Language($language);
+
$this->logout();
$a = getConfig('account_activation');
switch($a)
@@ -480,6 +484,13 @@
}
$user = true;
+ // Set language
+ if ( !defined('ENANO_ALLOW_LOAD_NOLANG') )
+ {
+ $lang_id = intval($userdata['user_lang']);
+ $lang = new Language($lang_id);
+ }
+
if(isset($_REQUEST['auth']) && !$this->sid_super)
{
// Now he thinks he's a moderator. Or maybe even an administrator. Let's find out if he's telling the truth.
@@ -547,14 +558,55 @@
* @param string $aes_key The MD5 hash of the encryption key, hex-encoded
* @param string $challenge The 256-bit MD5 challenge string - first 128 bits should be the hash, the last 128 should be the challenge salt
* @param int $level The privilege level we're authenticating for, defaults to 0
+ * @param array $captcha_hash Optional. If we're locked out and the lockout policy is captcha, this should be the identifier for the code.
+ * @param array $captcha_code Optional. If we're locked out and the lockout policy is captcha, this should be the code the user entered.
* @return string 'success' on success, or error string on failure
*/
- function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER)
+ function login_with_crypto($username, $aes_data, $aes_key, $challenge, $level = USER_LEVEL_MEMBER, $captcha_hash = false, $captcha_code = false)
{
global $db, $session, $paths, $template, $plugins; // Common objects
$privcache = $this->private_key;
+
+ if ( !defined('IN_ENANO_INSTALL') )
+ {
+ // Lockout stuff
+ $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
+ $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
+ // convert to minutes
+ $duration = $duration * 60;
+ $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
+ if ( $policy == 'captcha' && $captcha_hash && $captcha_code )
+ {
+ // policy is captcha -- check if it's correct, and if so, bypass lockout check
+ $real_code = $this->get_captcha($captcha_hash);
+ }
+ if ( $policy != 'disable' && !( $policy == 'captcha' && isset($real_code) && $real_code == $captcha_code ) )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ $timestamp_cutoff = time() - $duration;
+ $q = $this->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
+ $fails = $db->numrows();
+ if ( $fails >= $threshold )
+ {
+ // ooh boy, somebody's in trouble ;-)
+ $row = $db->fetchrow();
+ $db->free_result();
+ return array(
+ 'success' => false,
+ 'error' => 'locked_out',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy,
+ 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'lockout_last_time' => $row['timestamp']
+ );
+ }
+ $db->free_result();
+ }
+ }
// Instanciate the Rijndael encryption object
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
@@ -563,13 +615,19 @@
$aes_key = $this->fetch_public_key($aes_key);
if(!$aes_key)
- return 'Couldn\'t look up public key "'.$aes_key.'" for decryption';
+ return array(
+ 'success' => false,
+ 'error' => 'key_not_found'
+ );
// Convert the key to a binary string
$bin_key = hexdecode($aes_key);
if(strlen($bin_key) != AES_BITS / 8)
- return 'The decryption key is the wrong length';
+ return array(
+ 'success' => false,
+ 'error' => 'key_wrong_length'
+ );
// Decrypt our password
$password = $aes->decrypt($aes_data, $bin_key, ENC_HEX);
@@ -585,13 +643,34 @@
$this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
if($db->numrows() < 1)
{
- return "The username and/or password is incorrect.\n$db->latest_query";
// This wasn't logged in <1.0.2, dunno how it slipped through
if($level > USER_LEVEL_MEMBER)
$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
else
$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
-
+
+ if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ // increment fail count
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');');
+ $fails++;
+ // ooh boy, somebody's in trouble ;-)
+ return array(
+ 'success' => false,
+ 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'time_rem' => ( $duration / 60 ),
+ 'lockout_policy' => $policy
+ );
+ }
+
+ return array(
+ 'success' => false,
+ 'error' => 'invalid_credentials'
+ );
}
$row = $db->fetchrow();
@@ -642,7 +721,10 @@
if($success)
{
if($level > $row['user_level'])
- return 'You are not authorized for this level of access.';
+ return array(
+ 'success' => false,
+ 'error' => 'too_big_for_britches'
+ );
$sess = $this->register_session(intval($row['user_id']), $username, $password, $level);
if($sess)
@@ -662,10 +744,15 @@
{
eval($cmd);
}
- return 'success';
+ return array(
+ 'success' => true
+ );
}
else
- return 'Your login credentials were correct, but an internal error occurred while registering the session key in the database.';
+ return array(
+ 'success' => false,
+ 'error' => 'backend_fail'
+ );
}
else
{
@@ -674,7 +761,28 @@
else
$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
- return 'The username and/or password is incorrect.';
+ // Do we also need to increment the lockout countdown?
+ if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ // increment fail count
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');');
+ $fails++;
+ return array(
+ 'success' => false,
+ 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'time_rem' => ( $duration / 60 ),
+ 'lockout_policy' => $policy
+ );
+ }
+
+ return array(
+ 'success' => false,
+ 'error' => 'invalid_credentials'
+ );
}
}
@@ -700,6 +808,45 @@
return $this->login_compat($username, $pass_hashed, $level);
}
+ if ( !defined('IN_ENANO_INSTALL') )
+ {
+ // Lockout stuff
+ $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
+ $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
+ // convert to minutes
+ $duration = $duration * 60;
+ $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
+ if ( $policy == 'captcha' && $captcha_hash && $captcha_code )
+ {
+ // policy is captcha -- check if it's correct, and if so, bypass lockout check
+ $real_code = $this->get_captcha($captcha_hash);
+ }
+ if ( $policy != 'disable' && !( $policy == 'captcha' && isset($real_code) && $real_code == $captcha_code ) )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ $timestamp_cutoff = time() - $duration;
+ $q = $this->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
+ $fails = $db->numrows();
+ if ( $fails > $threshold )
+ {
+ // ooh boy, somebody's in trouble ;-)
+ $row = $db->fetchrow();
+ $db->free_result();
+ return array(
+ 'success' => false,
+ 'error' => 'locked_out',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy,
+ 'time_rem' => $duration - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'lockout_last_time' => $row['timestamp']
+ );
+ }
+ $db->free_result();
+ }
+ }
+
// Instanciate the Rijndael encryption object
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
@@ -709,7 +856,35 @@
// Retrieve the real password from the database
$this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
if($db->numrows() < 1)
- return 'The username and/or password is incorrect.';
+ {
+ // This wasn't logged in <1.0.2, dunno how it slipped through
+ if($level > USER_LEVEL_MEMBER)
+ $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
+ else
+ $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
+
+ // Do we also need to increment the lockout countdown?
+ if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ // increment fail count
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');');
+ $fails++;
+ return array(
+ 'success' => false,
+ 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy
+ );
+ }
+
+ return array(
+ 'success' => false,
+ 'error' => 'invalid_credentials'
+ );
+ }
$row = $db->fetchrow();
// Check to see if we're logging in using a temporary password
@@ -758,7 +933,10 @@
if($success)
{
if((int)$level > (int)$row['user_level'])
- return 'You are not authorized for this level of access.';
+ return array(
+ 'success' => false,
+ 'error' => 'too_big_for_britches'
+ );
$sess = $this->register_session(intval($row['user_id']), $username, $real_pass, $level);
if($sess)
{
@@ -773,10 +951,15 @@
eval($cmd);
}
- return 'success';
+ return array(
+ 'success' => true
+ );
}
else
- return 'Your login credentials were correct, but an internal error occured while registering the session key in the database.';
+ return array(
+ 'success' => false,
+ 'error' => 'backend_fail'
+ );
}
else
{
@@ -785,7 +968,27 @@
else
$this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
- return 'The username and/or password is incorrect.';
+ // Do we also need to increment the lockout countdown?
+ if ( $policy != 'disable' && !defined('IN_ENANO_INSTALL') )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ // increment fail count
+ $this->sql('INSERT INTO '.table_prefix.'lockout(ipaddr, timestamp, action) VALUES(\'' . $ipaddr . '\', UNIX_TIMESTAMP(), \'credential\');');
+ $fails++;
+ return array(
+ 'success' => false,
+ 'error' => ( $fails >= $threshold ) ? 'locked_out' : 'invalid_credentials',
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy
+ );
+ }
+
+ return array(
+ 'success' => false,
+ 'error' => 'invalid_credentials'
+ );
}
}
@@ -857,7 +1060,7 @@
{
// Stash it in a cookie
// For now, make the cookie last forever, we can change this in 1.1.x
- setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' );
+ setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) ) );
$_COOKIE['sid'] = $session_key;
}
// $keyhash is stored in the database, this is for compatibility with the older DB structure
@@ -919,6 +1122,7 @@
function register_guest_session()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
$this->username = $_SERVER['REMOTE_ADDR'];
$this->user_level = USER_LEVEL_GUEST;
if($this->compat || defined('IN_ENANO_INSTALL'))
@@ -932,6 +1136,12 @@
$this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
}
$this->user_id = 1;
+ if ( !defined('ENANO_ALLOW_LOAD_NOLANG') )
+ {
+ // This is a VERY special case we are allowing. It lets the installer create languages using the Enano API.
+ $language = intval(getConfig('default_language'));
+ $lang = new Language($language);
+ }
}
/**
@@ -959,7 +1169,7 @@
}
$keyhash = md5($key);
$salt = $db->escape($keydata[3]);
- $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,x.* FROM '.table_prefix.'session_keys AS k
+ $query = $db->sql_query('SELECT u.user_id AS uid,u.username,u.password,u.email,u.real_name,u.user_level,u.theme,u.style,u.signature,u.reg_time,u.account_active,u.activation_key,k.source_ip,k.time,k.auth_level,COUNT(p.message_id) AS num_pms,u.user_lang,x.* FROM '.table_prefix.'session_keys AS k
LEFT JOIN '.table_prefix.'users AS u
ON ( u.user_id=k.user_id )
LEFT JOIN '.table_prefix.'users_extra AS x
@@ -1114,7 +1324,10 @@
if($level > USER_LEVEL_CHPREF)
{
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
- if(!$this->user_logged_in || $this->auth_level < USER_LEVEL_MOD) return 'success';
+ if(!$this->user_logged_in || $this->auth_level < USER_LEVEL_MOD)
+ {
+ return 'success';
+ }
// Destroy elevated privileges
$keyhash = md5(strrev($this->sid_super));
$this->sql('DELETE FROM '.table_prefix.'session_keys WHERE session_key=\''.$keyhash.'\' AND user_id=\'' . $this->user_id . '\';');
@@ -2117,13 +2330,30 @@
return false;
}
+ // cache of permission objects (to save RAM and SQL queries)
+ static $objcache = array();
+
+ if ( count($objcache) == 0 )
+ {
+ foreach ( $paths->nslist as $key => $_ )
+ {
+ $objcache[$key] = array();
+ }
+ }
+
+ if ( isset($objcache[$namespace][$page_id]) )
+ {
+ return $objcache[$namespace][$page_id];
+ }
+
//if ( !isset( $paths->pages[$paths->nslist[$namespace] . $page_id] ) )
//{
// // Page does not exist
// return false;
//}
- $object = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
+ $objcache[$namespace][$page_id] = new Session_ACLPageInfo( $page_id, $namespace, $this->acl_types, $this->acl_descs, $this->acl_deps, $this->acl_base_cache );
+ $object =& $objcache[$namespace][$page_id];
return $object;
--- a/includes/stats.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/stats.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,7 +1,8 @@
<?php
+
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
* stats.php - handles statistics for pages (disablable in the admin CP)
*
--- a/includes/tagcloud.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/tagcloud.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.1 (Loch Ness)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/includes/template.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/template.php Sat Nov 03 07:43:35 2007 -0400
@@ -42,7 +42,7 @@
$this->plugin_blocks = Array();
$this->theme_loaded = false;
- $this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto;">
+ $this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
</div>';
@@ -135,6 +135,7 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $email;
+ global $lang;
dc_here("template: initializing all variables");
@@ -197,37 +198,38 @@
switch($paths->namespace) {
case "Article":
default:
- $ns = 'article';
+ $ns = $lang->get('onpage_lbl_page_article');
break;
case "Admin":
- $ns = 'administration page';
+ $ns = $lang->get('onpage_lbl_page_admin');
break;
case "System":
- $ns = 'system message';
+ $ns = $lang->get('onpage_lbl_page_system');
break;
case "File":
- $ns = 'uploaded file';
+ $ns = $lang->get('onpage_lbl_page_file');
break;
case "Help":
- $ns = 'documentation page';
+ $ns = $lang->get('onpage_lbl_page_help');
break;
case "User":
- $ns = 'user page';
+ $ns = $lang->get('onpage_lbl_page_user');
break;
case "Special":
- $ns = 'special page';
+ $ns = $lang->get('onpage_lbl_page_special');
break;
case "Template":
- $ns = 'template';
+ $ns = $lang->get('onpage_lbl_page_template');
break;
case "Project":
- $ns = 'project page';
+ $ns = $lang->get('onpage_lbl_page_project');
break;
case "Category":
- $ns = 'category';
+ $ns = $lang->get('onpage_lbl_page_category');
break;
}
$this->namespace_string = $ns;
+ unset($ns);
$code = $plugins->setHook('page_type_string_set');
foreach ( $code as $cmd )
{
@@ -284,14 +286,25 @@
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na;
if ( $session->get_permissions('mod_comments') && $nu > 0 )
{
- $n .= ' total/'.$nu.' unapp.';
+ $subst = array(
+ 'num_comments' => $nc,
+ 'num_unapp' => $nu
+ );
+ $btn_text = $lang->get('onpage_btn_discussion_unapp', $subst);
+ }
+ else
+ {
+ $subst = array(
+ 'num_comments' => $nc
+ );
+ $btn_text = $lang->get('onpage_btn_discussion', $subst);
}
$button->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="View the comments that other users have posted about this page (alt-c)" accesskey="c"',
'PARENTFLAGS' => 'id="mdgToolbar_discussion"',
'HREF' => makeUrl($paths->page, 'do=comments', true),
- 'TEXT' => 'discussion ('.$n.')',
+ 'TEXT' => $btn_text,
));
$tb .= $button->run();
@@ -303,7 +316,7 @@
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="Edit the contents of this page (alt-e)" accesskey="e"',
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
'HREF' => makeUrl($paths->page, 'do=edit', true),
- 'TEXT' => 'edit this page'
+ 'TEXT' => $lang->get('onpage_btn_edit')
));
$tb .= $button->run();
// View source button
@@ -314,7 +327,7 @@
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxViewSource()); return false; }" title="View the source code (wiki markup) that this page uses (alt-e)" accesskey="e"',
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
'HREF' => makeUrl($paths->page, 'do=viewsource', true),
- 'TEXT' => 'view source'
+ 'TEXT' => $lang->get('onpage_btn_viewsource')
));
$tb .= $button->run();
}
@@ -325,7 +338,7 @@
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="View a log of actions taken on this page (alt-h)" accesskey="h"',
'PARENTFLAGS' => 'id="mdgToolbar_history"',
'HREF' => makeUrl($paths->page, 'do=history', true),
- 'TEXT' => 'history'
+ 'TEXT' => $lang->get('onpage_btn_history')
));
$tb .= $button->run();
}
@@ -339,7 +352,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="Change the display name of this page (alt-r)" accesskey="r"',
'HREF' => makeUrl($paths->page, 'do=rename', true),
- 'TEXT' => 'rename',
+ 'TEXT' => $lang->get('onpage_btn_rename'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -350,7 +363,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="Vote to have this page deleted (alt-d)" accesskey="d"',
'HREF' => makeUrl($paths->page, 'do=delvote', true),
- 'TEXT' => 'vote to delete this page',
+ 'TEXT' => $lang->get('onpage_btn_votedelete'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -361,7 +374,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="Vote to have this page deleted (alt-y)" accesskey="y"',
'HREF' => makeUrl($paths->page, 'do=resetvotes', true),
- 'TEXT' => 'reset deletion votes',
+ 'TEXT' => $lang->get('onpage_btn_votedelete_reset'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -372,7 +385,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'title="View a version of this page that is suitable for printing"',
'HREF' => makeUrl($paths->page, 'printable=yes', true),
- 'TEXT' => 'view printable version',
+ 'TEXT' => $lang->get('onpage_btn_printable'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -382,7 +395,7 @@
{
$label = $this->makeParserText($tplvars['toolbar_label']);
- $label->assign_vars(array('TEXT' => 'protection:'));
+ $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_protect')));
$t0 = $label->run();
$ctmp = '';
@@ -393,7 +406,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="Prevents all non-administrators from editing this page. [alt-i]"'.$ctmp,
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true),
- 'TEXT' => 'on'
+ 'TEXT' => $lang->get('onpage_btn_protect_on')
));
$t1 = $menubtn->run();
@@ -405,7 +418,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="Allows everyone to edit this page. [alt-o]"'.$ctmp,
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true),
- 'TEXT' => 'off'
+ 'TEXT' => $lang->get('onpage_btn_protect_off')
));
$t2 = $menubtn->run();
@@ -417,7 +430,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="Allows only users who have been registered for 4 days to edit this page. [alt-p]"'.$ctmp,
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true),
- 'TEXT' => 'semi'
+ 'TEXT' => $lang->get('onpage_btn_protect_semi')
));
$t3 = $menubtn->run();
@@ -436,7 +449,7 @@
{
// label at start
$label = $this->makeParserText($tplvars['toolbar_label']);
- $label->assign_vars(array('TEXT' => 'page wiki mode:'));
+ $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_wikimode')));
$t0 = $label->run();
// on button
@@ -448,7 +461,7 @@
$menubtn->assign_vars(array(
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp,
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true),
- 'TEXT' => 'on'
+ 'TEXT' => $lang->get('onpage_btn_wikimode_on')
));
$t1 = $menubtn->run();
@@ -461,7 +474,7 @@
$menubtn->assign_vars(array(
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp,
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true),
- 'TEXT' => 'off'
+ 'TEXT' => $lang->get('onpage_btn_wikimode_off')
));
$t2 = $menubtn->run();
@@ -474,7 +487,7 @@
$menubtn->assign_vars(array(
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp,
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true),
- 'TEXT' => 'global'
+ 'TEXT' => $lang->get('onpage_btn_wikimode_global')
));
$t3 = $menubtn->run();
@@ -495,7 +508,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="Remove all edit and action logs for this page from the database. IRREVERSIBLE! (alt-l)" accesskey="l"',
'HREF' => makeUrl($paths->page, 'do=flushlogs', true),
- 'TEXT' => 'clear page logs',
+ 'TEXT' => $lang->get('onpage_btn_clearlogs'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -503,14 +516,22 @@
// Delete page button
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
{
- $s = 'delete this page';
+ $s = $lang->get('onpage_btn_deletepage');
if ( $paths->cpage['delvotes'] == 1 )
{
- $s .= ' (<b>'.$paths->cpage['delvotes'].'</b> vote)';
+ $subst = array(
+ 'num_votes' => $paths->cpage['delvotes'],
+ 'plural' => ''
+ );
+ $s .= $lang->get('onpage_btn_deletepage_votes', $subst);
}
else if ( $paths->cpage['delvotes'] > 1 )
{
- $s .= ' (<b>'.$paths->cpage['delvotes'].'</b> votes)';
+ $subst = array(
+ 'num_votes' => $paths->cpage['delvotes'],
+ 'plural' => $lang->get('meta_plural')
+ );
+ $s .= $lang->get('onpage_btn_deletepage_votes', $subst);
}
$menubtn->assign_vars(array(
@@ -542,13 +563,13 @@
{
// label at start
$label = $this->makeParserText($tplvars['toolbar_label']);
- $label->assign_vars(array('TEXT' => 'page password:'));
+ $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_password')));
$t0 = $label->run();
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="Require a password in order for this page to be viewed"',
'HREF' => '#',
- 'TEXT' => 'set',
+ 'TEXT' => $lang->get('onpage_btn_password_set'),
));
$t = $menubtn->run();
@@ -561,7 +582,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="Manage who can do what with this page (alt-m)" accesskey="m"',
'HREF' => makeUrl($paths->page, 'do=aclmanager', true),
- 'TEXT' => 'manage page access',
+ 'TEXT' => $lang->get('onpage_btn_acl'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -572,7 +593,7 @@
$menubtn->assign_vars(array(
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="Administrative options for this page" accesskey="g"',
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true),
- 'TEXT' => 'administrative options',
+ 'TEXT' => $lang->get('onpage_btn_admin'),
));
$this->toolbar_menu .= $menubtn->run();
}
@@ -583,7 +604,7 @@
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="Additional options for working with this page"',
'PARENTFLAGS' => '',
'HREF' => makeUrl($paths->page, 'do=moreoptions', true),
- 'TEXT' => 'more options'
+ 'TEXT' => $lang->get('onpage_btn_moreoptions')
));
$tb .= $button->run();
}
@@ -625,14 +646,17 @@
$this->tpl_bool['stupid_mode'] = false;
- if($paths->page == $paths->nslist['Special'].'Administration') $this->tpl_bool['in_admin'] = true;
- else $this->tpl_bool['in_admin'] = false;
+ $this->tpl_bool['in_admin'] = ( ( $paths->cpage['urlname_nons'] == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' );
$p = ( isset($_GET['printable']) ) ? '/printable' : '';
// Add the e-mail address client code to the header
$this->add_header($email->jscode());
+ // Add language file
+ $lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true);
+ $this->add_header("<script type=\"text/javascript\" src=\"$lang_uri\"></script>");
+
// Generate the code for the Log out and Change theme sidebar buttons
// Once again, the new template parsing system can be used here
@@ -641,7 +665,7 @@
$parser->assign_vars(Array(
'HREF'=>makeUrlNS('Special', 'Logout'),
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"',
- 'TEXT'=>'Log out',
+ 'TEXT'=>$lang->get('sidebar_btn_logout'),
));
$logout_link = $parser->run();
@@ -649,7 +673,7 @@
$parser->assign_vars(Array(
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page),
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"',
- 'TEXT'=>'Log in',
+ 'TEXT'=>$lang->get('sidebar_btn_login'),
));
$login_link = $parser->run();
@@ -657,7 +681,7 @@
$parser->assign_vars(Array(
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page),
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"',
- 'TEXT'=>'Change theme',
+ 'TEXT'=>$lang->get('sidebar_btn_changestyle'),
));
$theme_link = $parser->run();
@@ -665,7 +689,7 @@
$parser->assign_vars(Array(
'HREF'=>makeUrlNS('Special', 'Administration'),
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"',
- 'TEXT'=>'Administration',
+ 'TEXT'=>$lang->get('sidebar_btn_administration'),
));
$admin_link = $parser->run();
@@ -711,7 +735,9 @@
}
}
$js_dynamic .= '\';
- var ENANO_CURRENT_THEME = \''. $session->theme .'\';';
+ var ENANO_CURRENT_THEME = \''. $session->theme .'\';
+ var ENANO_LANG_ID = ' . $lang->lang_id . ';
+ var ENANO_PAGE_TYPE = "' . addslashes($this->namespace_string) . '";';
foreach($paths->nslist as $k => $c)
{
$js_dynamic .= "namespace_list['{$k}'] = '$c';";
@@ -773,6 +799,8 @@
function header($simple = false)
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
ob_start();
if(!$this->theme_loaded)
@@ -784,7 +812,13 @@
dc_here('template: generating and sending the page header');
if(!defined('ENANO_HEADERS_SENT'))
define('ENANO_HEADERS_SENT', '');
- if(!$this->no_headers) echo ( $simple ) ? $this->process_template('simple-header.tpl') : $this->process_template('header.tpl');
+ if ( !$this->no_headers )
+ {
+ $header = ( $simple ) ?
+ $this->process_template('simple-header.tpl') :
+ $this->process_template('header.tpl');
+ echo $header;
+ }
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 )
{
echo $this->notify_unread_pms();
@@ -793,7 +827,7 @@
{
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true);
echo '<div class="usermessage">';
- echo '<b>Your administrative session has timed out.</b> <a href="' . $login_link . '">Log in again</a>';
+ echo $lang->get('user_msg_elev_timed_out', array( 'login_link' => $login_link ));
echo '</div>';
}
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) )
@@ -871,78 +905,294 @@
else return '';
}
- function process_template($file) {
+ /**
+ * Compiles and executes a template based on the current variables and booleans. Loads
+ * the theme and initializes variables if needed. This mostly just calls child functions.
+ * @param string File to process
+ * @return string
+ */
+
+ function process_template($file)
+ {
global $db, $session, $paths, $template, $plugins; // Common objects
if(!defined('ENANO_TEMPLATE_LOADED'))
{
$this->load_theme();
$this->init_vars();
}
- eval($this->compile_template($file));
- return $tpl_code;
+
+ $compiled = $this->compile_template($file);
+ return eval($compiled);
}
- function extract_vars($file) {
+ /**
+ * Loads variables from the specified template file. Returns an associative array containing the variables.
+ * @param string Template file to process (elements.tpl)
+ * @return array
+ */
+
+ function extract_vars($file)
+ {
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!$this->theme)
+
+ // Sometimes this function gets called before the theme is loaded
+ // This is a bad coding practice so this function will always be picky.
+ if ( !$this->theme )
{
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>');
}
- if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting');
- $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file);
+
+ // Full pathname of template file
+ $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file;
+
+ // Make sure the template even exists
+ if ( !is_file($tpl_file_fullpath) )
+ {
+ die_semicritical('Cannot find template file',
+ '<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
+ the current theme.</p>
+ <p>Additional debugging information:<br />
+ <b>Theme currently in use: </b>' . $this->theme . '<br />
+ <b>Requested file: </b>' . $file . '
+ </p>');
+ }
+ // Retrieve file contents
+ $text = file_get_contents($tpl_file_fullpath);
+ if ( !$text )
+ {
+ return false;
+ }
+
+ // Get variables, regular expressions FTW
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
+
+ // Initialize return values
$tplvars = Array();
- for($i=0;$i<sizeof($matches[1]);$i++)
+
+ // Loop through each match, setting $tplvars[ $first_subpattern ] to $second_subpattern
+ for ( $i = 0; $i < sizeof($matches[1]); $i++ )
{
- $tplvars[$matches[1][$i]] = $matches[2][$i];
+ $tplvars[ $matches[1][$i] ] = $matches[2][$i];
}
+
+ // All done!
return $tplvars;
}
- function compile_template($text) {
+
+ /**
+ * Compiles a block of template code.
+ * @param string The text to process
+ * @return string
+ */
+
+ function compile_tpl_code($text)
+ {
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting');
- $n = $text;
- $tpl_filename = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $n) . '.php';
- if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting');
- if(file_exists($tpl_filename) && getConfig('cache_thumbs')=='1')
+ // A random seed used to salt tags
+ $seed = md5 ( microtime() . mt_rand() );
+
+ // Strip out PHP sections
+ preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches);
+
+ foreach ( $php_matches[0] as $i => $match )
+ {
+ // Substitute the PHP section with a random tag
+ $tag = "{PHP:$i:$seed}";
+ $text = str_replace_once($match, $tag, $text);
+ }
+
+ // Escape slashes and single quotes in template code
+ $text = str_replace('\\', '\\\\', $text);
+ $text = str_replace('\'', '\\\'', $text);
+
+ // Initialize the PHP compiled code
+ $text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;';
+
+ ##
+ ## Main rules
+ ##
+
+ //
+ // Conditionals
+ //
+
+ $keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN');
+ $code = $plugins->setHook('template_compile_logic_keyword');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
+
+ $keywords = implode('|', $keywords);
+
+ // Matches
+ // 1 2 3 4 56 7 8
+ $regexp = '/(<!-- ('. $keywords .') ([A-z0-9_-]+) -->)(.*)((<!-- BEGINELSE \\3 -->)(.*))?(<!-- END \\3 -->)/isU';
+
+ /*
+ The way this works is: match all blocks using the standard form with a different keyword in the block each time,
+ and replace them with appropriate PHP logic. Plugin-extensible now. :-)
+
+ The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need
+ to compile templates (using this method) once for each time the template file is changed.
+ */
+ while ( preg_match($regexp, $text) )
{
- include($tpl_filename);
- $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text);
- if(isset($md5) && $md5 == md5($text)) {
- return str_replace('\\"', '"', $tpl_text);
+ preg_match_all($regexp, $text, $matches);
+ for ( $i = 0; $i < count($matches[0]); $i++ )
+ {
+ $start_tag =& $matches[1][$i];
+ $type =& $matches[2][$i];
+ $test =& $matches[3][$i];
+ $particle_true =& $matches[4][$i];
+ $else_tag =& $matches[6][$i];
+ $particle_else =& $matches[7][$i];
+ $end_tag =& $matches[8][$i];
+
+ switch($type)
+ {
+ case 'BEGIN':
+ $cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']";
+ break;
+ case 'BEGINNOT':
+ $cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )";
+ break;
+ case 'IFPLUGIN':
+ $cond = "getConfig('plugin_$test') == '1'";
+ break;
+ case 'IFSET':
+ $cond = "isset(\$this->tpl_strings['$test'])";
+ break;
+ default:
+ $code = $plugins->setHook('template_compile_logic_cond');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
+ break;
+ }
+
+ if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) )
+ continue;
+
+ $tag_complete = <<<TPLCODE
+ ';
+ /* START OF CONDITION: $type ($test) */
+ if ( $cond )
+ {
+ echo '$particle_true';
+ /* ELSE OF CONDITION: $type ($test) */
+ }
+ else
+ {
+ echo '$particle_else';
+ /* END OF CONDITION: $type ($test) */
+ }
+ echo '
+TPLCODE;
+
+ $text = str_replace_once($matches[0][$i], $tag_complete, $text);
+
}
}
- $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$n);
+
+ // For debugging ;-)
+ // die("<pre><?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?></pre>");
+
+ //
+ // Data substitution/variables
+ //
+
+ // System messages
+ $text = preg_replace('/<!-- SYSMSG ([A-z0-9\._-]+?) -->/is', '\' . $this->tplWikiFormat($pages->sysMsg(\'\\1\')) . \'', $text);
+
+ // Template variables
+ $text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text);
+
+ // Reinsert PHP
+
+ foreach ( $php_matches[1] as $i => $match )
+ {
+ // Substitute the random tag with the "real" PHP code
+ $tag = "{PHP:$i:$seed}";
+ $text = str_replace_once($tag, "'; $match echo '", $text);
+ }
+
+ // echo('<pre>' . htmlspecialchars($text) . '</pre>');
+
+ return $text;
+
+ }
+
+ /**
+ * Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code.
+ * @param string Filename of template (header.tpl)
+ * @return string
+ */
+
+ function compile_template($filename)
+ {
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ // Full path to template file
+ $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename;
+
+ // Make sure the file exists
+ if ( !is_file($tpl_file_fullpath) )
+ {
+ die_semicritical('Cannot find template file',
+ '<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
+ the current theme.</p>
+ <p>Additional debugging information:<br />
+ <b>Theme currently in use: </b>' . $this->theme . '<br />
+ <b>Requested file: </b>' . $file . '
+ </p>');
+ }
+
+ // Check for cached copy
+ // This will make filenames in the pattern of theme-file.tpl.php
+ $cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php';
+
+ // Only use cached copy if caching is enabled
+ // (it is enabled by default I think)
+ if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' )
+ {
+ // Cache files are auto-generated, but otherwise are normal PHP files
+ include($cache_file);
+
+ // Fetch content of the ORIGINAL
+ $text = file_get_contents($tpl_file_fullpath);
+
+ // $md5 will be set by the cached file
+ // This makes sure that a cached copy of the template is used only if its MD5
+ // matches the MD5 of the file that the compiled file was compiled from.
+ if ( isset($md5) && $md5 == md5($text) )
+ {
+ return $this->compile_template_text_post(str_replace('\\"', '"', $tpl_text));
+ }
+ }
+
+ // We won't use the cached copy here
+ $text = file_get_contents($tpl_file_fullpath);
+
+ // This will be used later when writing the cached file
$md5 = md5($text);
- $seed = md5 ( microtime() . mt_rand() );
- preg_match_all("/<\?php(.*?)\?>/is", $text, $m);
- //die('<pre>'.htmlspecialchars(print_r($m, true)).'</pre>');
- for($i = 0; $i < sizeof($m[1]); $i++)
+ // Preprocessing and checks complete - compile the code
+ $text = $this->compile_tpl_code($text);
+
+ // Perhaps caching is enabled and the admin has changed the template?
+ if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' )
{
- $text = str_replace("<?php{$m[1][$i]}?>", "{PHPCODE:{$i}:{$seed}}", $text);
- }
- //die('<pre>'.htmlspecialchars($text).'</pre>');
- $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean();';
- $text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text);
- $text = preg_replace('#<!-- IFSET (.*?) -->#is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text);
- $text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text);
- $text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text);
- $text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text);
- $text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { echo \'', $text);
- $text = preg_replace('#<!-- END (.*?) -->#is', '\'; } echo \'', $text);
- $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
- for($i = 0; $i < sizeof($m[1]); $i++)
- {
- $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text);
- }
- if(is_writable(ENANO_ROOT.'/cache/') && getConfig('cache_thumbs')=='1')
- {
- //die($tpl_filename);
- $h = fopen($tpl_filename, 'w');
- if(!$h) return $text;
- $t = addslashes($text);
+ $h = fopen($cache_file, 'w');
+ if ( !$h )
+ {
+ // Couldn't open the file - silently ignore and return
+ return $text;
+ }
+
+ // Escape the compiled code so it can be eval'ed
+ $text_escaped = addslashes($text);
$notice = <<<EOF
/*
@@ -951,43 +1201,61 @@
*/
EOF;
- fwrite($h, '<?php ' . $notice . ' $md5 = \''.$md5.'\'; $tpl_text = \''.$t.'\'; ?>');
+ // This is really just a normal PHP file that sets a variable or two and exits.
+ // $tpl_text actually will contain the compiled code
+ fwrite($h, '<?php ' . $notice . ' $md5 = \'' . $md5 . '\'; $tpl_text = \'' . $text_escaped . '\'; ?>');
fclose($h);
}
- return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+
+ return $this->compile_template_text_post($text); //('<pre>'.htmlspecialchars($text).'</pre>');
}
- function compile_template_text($text) {
- $seed = md5 ( microtime() . mt_rand() );
- preg_match_all("/<\?php(.*?)\?>/is", $text, $m);
- //die('<pre>'.htmlspecialchars(print_r($m, true)).'</pre>');
- for($i = 0; $i < sizeof($m[1]); $i++)
- {
- $text = str_replace("<?php{$m[1][$i]}?>", "{PHPCODE:{$i}:{$seed}}", $text);
- }
- //die('<pre>'.htmlspecialchars($text).'</pre>');
- $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;';
- $text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text);
- $text = preg_replace('#<!-- IFSET (.*?) -->#is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text);
- $text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text);
- $text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text);
- $text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text);
- $text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { echo \'', $text);
- $text = preg_replace('#<!-- END (.*?) -->#is', '\'; } echo \'', $text);
- $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
- for($i = 0; $i < sizeof($m[1]); $i++)
- {
- $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text);
- }
- return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+
+ /**
+ * Compiles (parses) some template code with the current master set of variables and booleans.
+ * @param string Text to process
+ * @return string
+ */
+
+ function compile_template_text($text)
+ {
+ // this might do something else in the future, possibly cache large templates
+ return $this->compile_template_text_post($this->compile_tpl_code($text));
}
+ /**
+ * For convenience - compiles AND parses some template code.
+ * @param string Text to process
+ * @return string
+ */
+
function parse($text)
{
$text = $this->compile_template_text($text);
+ $text = $this->compile_template_text_post($text);
return eval($text);
}
+ /**
+ * Post-processor for template code. Basically what this does is it localizes {lang:foo} blocks.
+ * @param string Mostly-processed TPL code
+ * @return string
+ */
+
+ function compile_template_text_post($text)
+ {
+ global $lang;
+ preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $text, $matches);
+ foreach ( $matches[1] as $i => $string_id )
+ {
+ $string = $lang->get($string_id);
+ $string = str_replace('\\', '\\\\', $string);
+ $string = str_replace('\'', '\\\'', $string);
+ $text = str_replace_once($matches[0][$i], $string, $text);
+ }
+ return $text;
+ }
+
// Steps to turn this:
// [[Project:Community Portal]]
// into this:
@@ -1004,8 +1272,21 @@
// So you can implement custom logic into your sidebar if you wish.
// "Real" PHP support coming soon :-D
- function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') {
+ /**
+ * Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval().
+ * This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the
+ * code _works_ and does a good job of checking for errors and cleanly complaining about them.
+ * @param string Text to process
+ * @param bool Ignored for backwards compatibility
+ * @param string File to get variables for sidebar data from
+ * @return string
+ */
+
+ function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl')
+ {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
$filter_links = false;
$tplvars = $this->extract_vars($filename);
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super;
@@ -1029,83 +1310,93 @@
// Conditionals
- preg_match_all('#\{if ([A-Za-z0-9_ &\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links);
+ preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links);
- for($i=0;$i<sizeof($links[1]);$i++)
+ // Temporary exception from coding standards - using tab length of 4 here for clarity
+ for ( $i = 0; $i < sizeof($links[1]); $i++ )
{
- $message = str_replace('{if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
-
- // Time for some manual parsing...
- $chk = false;
- $current_id = '';
- $prn_level = 0;
- // Used to keep track of where we are in the conditional
- // Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ...
- // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above.
- $in_var_now = true;
- $in_var_last = false;
- $current_var = '';
- $current_var_start_pos = 0;
- $current_var_end_pos = 0;
- $j = -1;
- $links[1][$i] = $links[1][$i] . ' ';
- $d = strlen($links[1][$i]);
- while($j < $d)
- {
- $j++;
- $in_var_last = $in_var_now;
+ $condition =& $links[1][$i];
+ $message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
- $char = substr($links[1][$i], $j, 1);
- $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false;
- if(!$in_var_last && $in_var_now)
- {
- $current_var_start_pos = $j;
- }
- if($in_var_last && !$in_var_now)
- {
- $current_var_end_pos = $j;
- }
- if($in_var_now)
+ // Time for some manual parsing...
+ $chk = false;
+ $current_id = '';
+ $prn_level = 0;
+ // Used to keep track of where we are in the conditional
+ // Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ...
+ // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above.
+ $in_var_now = true;
+ $in_var_last = false;
+ $current_var = '';
+ $current_var_start_pos = 0;
+ $current_var_end_pos = 0;
+ $j = -1;
+ $condition = $condition . ' ';
+ $d = strlen($condition);
+ while($j < $d)
{
- $current_var .= $char;
- continue;
+ $j++;
+ $in_var_last = $in_var_now;
+
+ $char = substr($condition, $j, 1);
+ $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false;
+ if(!$in_var_last && $in_var_now)
+ {
+ $current_var_start_pos = $j;
+ }
+ if($in_var_last && !$in_var_now)
+ {
+ $current_var_end_pos = $j;
+ }
+ if($in_var_now)
+ {
+ $current_var .= $char;
+ continue;
+ }
+ // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete.
+ if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9')
+ {
+ // XSS attack! Bail out
+ $errmsg = '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>';
+ $errmsg .= '<pre>';
+ $errmsg .= '{if '.htmlspecialchars($condition).'}';
+ $errmsg .= "\n ";
+ for ( $k = 0; $k < $j; $k++ )
+ {
+ $errmsg .= " ";
+ }
+ // Show position of error
+ $errmsg .= '<span style="color: red;">^</span>';
+ $errmsg .= '</pre>';
+ $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message);
+ continue 2;
+ }
+ if($current_var != '')
+ {
+ $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )';
+ $cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition));
+ $j = $j + strlen($cd) - strlen($current_var);
+ $current_var = '';
+ $condition = $cvt;
+ $d = strlen($condition);
+ }
}
- // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete.
- if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9')
- {
- // XSS attack! Bail out
- echo '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>';
- echo '<pre>';
- echo '{if '.$links[1][$i].'}';
- echo "\n ";
- for($k=0;$k<$j;$k++) echo " ";
- echo '<span style="color: red;">^</span>';
- echo '</pre>';
- continue 2;
- }
- if($current_var != '')
+ $condition = substr($condition, 0, strlen($condition)-1);
+ $condition = '$chk = ( '.$condition.' ) ? true : false;';
+ eval($condition);
+
+ if($chk)
{
- $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )';
- $cvt = substr($links[1][$i], 0, $current_var_start_pos) . $cd . substr($links[1][$i], $current_var_end_pos, strlen($links[1][$i]));
- $j = $j + strlen($cd) - strlen($current_var);
- $current_var = '';
- $links[1][$i] = $cvt;
- $d = strlen($links[1][$i]);
+ if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
+ else $c = $links[2][$i];
+ $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
}
- }
- $links[1][$i] = substr($links[1][$i], 0, strlen($links[1][$i])-1);
- $links[1][$i] = '$chk = ( '.$links[1][$i].' ) ? true : false;';
- eval($links[1][$i]);
-
- if($chk) { // isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]
- if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
- else $c = $links[2][$i];
- $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
- } else {
- if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
- else $c = '';
- $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
- }
+ else
+ {
+ if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
+ else $c = '';
+ $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ }
}
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links);
@@ -1124,6 +1415,15 @@
}
}
+ preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $message, $matches);
+ foreach ( $matches[1] as $i => $string_id )
+ {
+ $string = $lang->get($string_id);
+ $string = str_replace('\\', '\\\\', $string);
+ $string = str_replace('\'', '\\\'', $string);
+ $message = str_replace_once($matches[0][$i], $string, $message);
+ }
+
/*
* HTML RENDERER
*/
@@ -1174,26 +1474,28 @@
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message);
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message);
- preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\ ([^\]]+)]#', $message, $ext_link);
+ preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link);
+
+ // die('<pre>' . htmlspecialchars( print_r($ext_link, true) ) . '</pre>');
for ( $i = 0; $i < count($ext_link[0]); $i++ )
{
$text_parser->assign_vars(Array(
- 'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}",
+ 'HREF' => $ext_link[1][$i],
'FLAGS' => '',
- 'TEXT' => $ext_link[3][$i]
+ 'TEXT' => $ext_link[16][$i]
));
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
}
- preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', $message, $ext_link);
+ preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link);
for ( $i = 0; $i < count($ext_link[0]); $i++ )
{
$text_parser->assign_vars(Array(
- 'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}",
+ 'HREF' => $ext_link[1][$i],
'FLAGS' => '',
- 'TEXT' => htmlspecialchars("{$ext_link[1][$i]}://{$ext_link[2][$i]}")
+ 'TEXT' => htmlspecialchars($ext_link[1][$i])
));
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
}
@@ -1234,7 +1536,7 @@
function username_field($name, $value = false)
{
$randomid = md5( time() . microtime() . mt_rand() );
- $text = '<input name="'.$name.'" onkeyup="ajaxUserNameComplete(this)" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"';
+ $text = '<input name="'.$name.'" onkeyup="new AutofillUsername(this);" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"';
if($value) $text .= ' value="'.$value.'"';
$text .= ' />';
return $text;
@@ -1434,7 +1736,8 @@
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : '';
if(getConfig('sflogo_enabled')=='1')
{
- $ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="http://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>';
+ $sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http';
+ $ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="' . $sflogo_secure . '://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>';
}
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>';
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>';
--- a/includes/wikiengine/Tables.php Thu Sep 27 15:55:37 2007 -0400
+++ b/includes/wikiengine/Tables.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,8 +1,8 @@
<?php
-/**
+/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -422,6 +422,7 @@
* @return array
*/
function setupAttributeWhitelist() {
+ global $db, $session, $paths, $template, $plugins;
$common = array( 'id', 'class', 'lang', 'dir', 'title', 'style' );
$block = array_merge( $common, array( 'align' ) );
$tablealign = array( 'align', 'char', 'charoff', 'valign' );
@@ -570,6 +571,14 @@
# XHTML stuff
'acronym' => $common
);
+
+ // custom tags can be added by plugins
+ $code = $plugins->setHook('html_attribute_whitelist');
+ foreach ( $code as $cmd )
+ {
+ eval($cmd);
+ }
+
return $whitelist;
}
--- a/index.php Thu Sep 27 15:55:37 2007 -0400
+++ b/index.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,8 +1,8 @@
<?php
-/**
+/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * @Version 1.0.2 (Coblynau)
+ * Version 1.0.2 (Coblynau)
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -15,7 +15,7 @@
// Set up gzip encoding before any output is sent
- $aggressive_optimize_html = true;
+ $aggressive_optimize_html = false;
global $do_gzip;
$do_gzip = true;
@@ -89,11 +89,12 @@
if(!$q) $db->_die('The comment data could not be selected.');
$row = $db->fetchrow();
$db->free_result();
+ $row['subject'] = str_replace('\'', ''', $row['subject']);
echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">';
echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'>
- <tr><td class='row1'>Subject:</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
- <tr><td class='row2'>Comment:</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
- <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='Save Changes' /></td></tr>
+ <tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
+ <tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
+ <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr>
</table></div>";
echo '</form>';
break;
@@ -124,8 +125,12 @@
{
$text = $_POST['page_text'];
echo PageUtils::genPreview($_POST['page_text']);
+ $text = htmlspecialchars($text);
}
- else $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
+ else
+ {
+ $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
+ }
echo '
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data">
<br />
@@ -133,14 +138,19 @@
<br />
';
if($paths->wiki_mode)
- echo 'Edit summary: <input name="edit_summary" type="text" size="40" /><br /><label><input type="checkbox" name="minor" /> This is a minor edit</label><br />';
+ echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" /><br /><label><input type="checkbox" name="minor" /> This is a minor edit</label><br />';
echo '<br />
- <input type="submit" name="_save" value="Save changes" style="font-weight: bold;" />
- <input type="submit" name="_preview" value="Preview changes" />
- <input type="submit" name="_revert" value="Revert changes" />
- <input type="submit" name="_cancel" value="Cancel" />
+ <input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" />
+ <input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" />
+ <input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" />
+ <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" />
</form>
';
+ if ( getConfig('wiki_edit_notice') == '1' )
+ {
+ $notice = getConfig('wiki_edit_notice_text');
+ echo RenderMan::render($notice);
+ }
$template->footer();
break;
case 'viewsource':
@@ -151,7 +161,7 @@
<br />
<textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>';
echo '<br />
- <input type="submit" name="_cancel" value="Close viewer" />
+ <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" />
</form>
';
$template->footer();
@@ -193,7 +203,7 @@
break;
case 'moreoptions':
$template->header();
- echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">More options for this page</div><div style="clear: both;"></div></li>'.$template->tpl_strings['TOOLBAR_EXTRAS'].'</ul></div>';
+ echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>';
$template->footer();
break;
case 'protect':
@@ -202,32 +212,33 @@
{
if(!preg_match('#^([0-2]*){1}$#', $_POST['level'])) die_friendly('Error protecting page', '<p>Request validation failed</p>');
PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, intval($_POST['level']), $_POST['reason']);
- die_friendly('Page protected', '<p>The protection setting has been applied. <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>');
+
+ die_friendly($lang->get('page_protect_lbl_success_title'), '<p>' . $lang->get('page_protect_lbl_success_body', array( 'page_link' => makeUrl($paths->page) )) . '</p>');
}
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post">
<input type="hidden" name="level" value="<?php echo $_REQUEST['level']; ?>" />
- <?php if(isset($_POST['reason'])) echo '<p style="color: red;">Error: you must enter a reason for protecting this page.</p>'; ?>
- <p>Reason for protecting the page:</p>
+ <?php if(isset($_POST['reason'])) echo '<p style="color: red;">' . $lang->get('page_protect_err_need_reason') . '</p>'; ?>
+ <p><?php echo $lang->get('page_protect_lbl_reason'); ?></p>
<p><input type="text" name="reason" size="40" /><br />
- Protecion level to be applied: <b><?php
+ <?php echo $lang->get('page_protect_lbl_level'); ?> <b><?php
switch($_REQUEST['level'])
{
case '0':
- echo 'No protection';
+ echo $lang->get('page_protect_lbl_level_none');
break;
case '1':
- echo 'Full protection';
+ echo $lang->get('page_protect_lbl_level_full');
break;
case '2':
- echo 'Semi-protection';
+ echo $lang->get('page_protect_lbl_level_semi');
break;
default:
echo 'None;</b> Warning: request validation will fail after clicking submit<b>';
}
?></b></p>
- <p><input type="submit" value="Protect page" style="font-weight: bold;" /></p>
+ <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" /></p>
</form>
<?php
$template->footer();
@@ -236,37 +247,37 @@
if(!empty($_POST['newname']))
{
$r = PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newname']);
- die_friendly('Page renamed', '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>');
+ die_friendly('Page renamed', '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>');
}
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post">
- <?php if(isset($_POST['newname'])) echo '<p style="color: red;">Error: you must enter a new name for this page.</p>'; ?>
- <p>Please enter a new name for this page:</p>
+ <?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?>
+ <p><?php echo $lang->get('page_rename_lbl'); ?></p>
<p><input type="text" name="newname" size="40" /></p>
- <p><input type="submit" value="Rename page" style="font-weight: bold;" /></p>
+ <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p>
</form>
<?php
$template->footer();
break;
case 'flushlogs':
- if(!$session->get_permissions('clear_logs')) die_friendly('Access denied', '<p>Flushing the logs for a page <u>requires</u> administrative rights.</p>');
+ if(!$session->get_permissions('clear_logs'))
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ }
if(isset($_POST['_downthejohn']))
{
$template->header();
$result = PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
- echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
$template->footer();
break;
}
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post">
- <h3>You are about to <span style="color: red;">destroy</span> all logged edits and actions on this page.</h3>
- <p>Unlike deleting or editing this page, this action is <u>not reversible</u>! You should only do this if you are desparate for
- database space.</p>
- <p>Do you really want to continue?</p>
- <p><input type="submit" name="_downthejohn" value="Flush logs" style="color: red; font-weight: bold;" /></p>
+ <?php echo $lang->get('page_flushlogs_warning_stern'); ?>
+ <p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
</form>
<?php
$template->footer();
@@ -276,55 +287,66 @@
{
$template->header();
$result = PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
- echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
$template->footer();
break;
}
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post">
- <h3>Your vote counts.</h3>
- <p>If you think that this page is not relavent to the content on this site, or if it looks like this page was only created in
- an attempt to spam the site, you can request that this page be deleted by an administrator.</p>
- <p>After you vote, you should leave a comment explaining the reason for your vote, especially if you are the first person to
- vote against this page.</p>
- <p>So far, <?php echo ( $paths->cpage['delvotes'] == 1 ) ? $paths->cpage['delvotes'] . ' person has' : $paths->cpage['delvotes'] . ' people have'; ?> voted to delete this page.</p>
- <p><input type="submit" name="_ballotbox" value="Vote to delete this page" /></p>
+ <?php
+ echo $lang->get('page_delvote_warning_stern');
+ echo '<p>';
+ switch($paths->cpage['delvotes'])
+ {
+ case 0: echo $lang->get('page_delvote_count_zero'); break;
+ case 1: echo $lang->get('page_delvote_count_one'); break;
+ default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break;
+ }
+ echo '</p>';
+ ?>
+ <p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p>
</form>
<?php
$template->footer();
break;
case 'resetvotes':
- if(!$session->get_permissions('vote_reset')) die_friendly('Access denied', '<p>Resetting the deletion votes against this page <u>requires</u> admin rights.</p>');
+ if(!$session->get_permissions('vote_reset'))
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ }
if(isset($_POST['_youmaylivealittlelonger']))
{
$template->header();
$result = PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
- echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
$template->footer();
break;
}
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post">
- <p>This action will reset the number of votes against this page to zero. Are you sure you want to do this?</p>
- <p><input type="submit" name="_youmaylivealittlelonger" value="Reset votes" /></p>
+ <p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p>
+ <p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p>
</form>
<?php
$template->footer();
break;
case 'deletepage':
- if(!$session->get_permissions('delete_page')) die_friendly('Access denied', '<p>Deleting pages <u>requires</u> admin rights.</p>');
+ if(!$session->get_permissions('delete_page'))
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ }
if(isset($_POST['_adiossucker']))
{
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
if ( empty($reason) )
- $error = 'Please enter a reason for deleting this page.';
+ $error = $lang->get('ajax_delete_prompt_reason');
else
{
$template->header();
$result = PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
- echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
$template->footer();
break;
}
@@ -332,19 +354,19 @@
$template->header();
?>
<form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post">
- <h3>You are about to <span style="color: red;">destroy</span> this page.</h3>
- <p>While the deletion of the page itself is completely reversible, it is impossible to recover any comments or category information on this page. If this is a file page, the file along with all older revisions of it will be permanently deleted. Also, any custom information that this page is tagged with, such as a custom name, protection status, or additional settings such as whether to allow comments, will be permanently lost.</p>
- <p>Are you <u>absolutely sure</u> that you want to continue?<br />
- You will not be asked again.</p>
+ <?php echo $lang->get('page_delete_warning_stern'); ?>
<?php if ( isset($error) ) echo "<p>$error</p>"; ?>
- <p>Reason for deleting: <input type="text" name="reason" size="50" /></p>
- <p><input type="submit" name="_adiossucker" value="Delete this page" style="color: red; font-weight: bold;" /></p>
+ <p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p>
+ <p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
</form>
<?php
$template->footer();
break;
case 'setwikimode':
- if(!$session->get_permissions('set_wiki_mode')) die_friendly('Access denied', '<p>Changing the wiki mode setting <u>requires</u> admin rights.</p>');
+ if(!$session->get_permissions('set_wiki_mode'))
+ {
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ }
if ( isset($_POST['finish']) )
{
$level = intval($_POST['level']);
@@ -355,7 +377,7 @@
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $paths->namespace . '\';');
if ( !$q )
$db->_die();
- redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), 'Wiki mode for this page has been set. Redirecting you to the page...', 2);
+ redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2);
}
else
{
@@ -369,17 +391,13 @@
echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">';
echo '<input type="hidden" name="finish" value="foo" />';
echo '<input type="hidden" name="level" value="' . $level . '" />';
- $level_txt = ( $level == 0 ) ? 'disabled' : ( ( $level == 1 ) ? 'enabled' : 'use the global setting' );
- $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'Because this will disable the wiki behavior on this page, several features, most
- notably the ability for users to vote to have this page deleted, will be disabled as they are not relevant to non-wiki pages. In addition, users will not be able
- to edit this page unless an ACL rule specifically permits them.' : 'Because this will enable the wiki behavior on this page, users will gain the ability to
- freely edit this page unless an ACL rule specifically denies them. If your site is public and gets good traffic, you should be aware of the possiblity of vandalism, and you need to be ready to revert
- malicious edits to this page.';
+ $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' );
+ $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable';
?>
- <h3>You are changing wiki mode for this page.</h3>
- <p>Wiki features will be set to <?php echo $level_txt; ?>. <?php echo $blurb; ?></p>
- <p>If you want to continue, please click the button below.</p>
- <p><input type="submit" value="Set wiki mode" /></p>
+ <h3><?php echo $lang->get('page_wikimode_heading'); ?></h3>
+ <p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p>
+ <p><?php echo $lang->get('page_wikimode_warning'); ?></p>
+ <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p>
<?php
echo '</form>';
$template->footer();
@@ -398,16 +416,16 @@
case 'detag':
if ( $session->user_level < USER_LEVEL_ADMIN )
{
- die_friendly('Access denied', '<p>You need to be an administrator to detag pages.</p>');
+ die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
}
if ( $paths->page_exists )
{
- die_friendly('Invalid request', '<p>The detag action is only valid for pages that have been deleted in the past.</p>');
+ die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>');
}
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $paths->namespace . '\';');
if ( !$q )
$db->_die('Detag query, index.php:'.__LINE__);
- die_friendly('Page detagged', '<p>All stale tags have been removed from this page.</p>');
+ die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>');
break;
case 'aclmanager':
$data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups');
--- a/install.php Thu Sep 27 15:55:37 2007 -0400
+++ b/install.php Sat Nov 03 07:43:35 2007 -0400
@@ -1,1215 +1,1215 @@
-<?php
-
-/*
- * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
- * Copyright (C) 2006-2007 Dan Fuhry
- * install.php - handles everything related to installation and initial configuration
- *
- * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
- */
-
-@include('config.php');
-if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) {
- $_GET['title'] = 'Enano:WhoCaresWhatThisIs';
- require('includes/common.php');
- die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
- exit;
-}
-
-define('IN_ENANO_INSTALL', 'true');
-
-define('ENANO_VERSION', '1.0.2');
-// In beta versions, define ENANO_BETA_VERSION here
-define('ENANO_BETA_VERSION', '1');
-
-if(!defined('scriptPath')) {
- $sp = dirname($_SERVER['REQUEST_URI']);
- if($sp == '/' || $sp == '\\') $sp = '';
- define('scriptPath', $sp);
-}
-
-if(!defined('contentPath')) {
- $sp = dirname($_SERVER['REQUEST_URI']);
- if($sp == '/' || $sp == '\\') $sp = '';
- define('contentPath', $sp);
-}
-global $_starttime, $this_page, $sideinfo;
-$_starttime = microtime(true);
-
-// Determine directory (special case for development servers)
-if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
-{
- $filename = str_replace('/repo/', '/', __FILE__);
-}
-else
-{
- $filename = __FILE__;
-}
-
-define('ENANO_ROOT', dirname($filename));
-
-function is_page($p)
-{
- return true;
-}
-
-require('includes/wikiformat.php');
-require('includes/constants.php');
-require('includes/rijndael.php');
-require('includes/functions.php');
-
-strip_magic_quotes_gpc();
-
-//die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
-
-if(!function_exists('wikiFormat'))
-{
- function wikiFormat($message, $filter_links = true)
- {
- $wiki = & Text_Wiki::singleton('Mediawiki');
- $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename');
- $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath);
- $result = $wiki->transform($message, 'Xhtml');
-
- // HTML fixes
- $result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
- $result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
- $result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
-
- return $result;
- }
-}
-
-global $failed, $warned;
-
-$failed = false;
-$warned = false;
-
-function not($var)
-{
- if($var)
- {
- return false;
- }
- else
- {
- return true;
- }
-}
-
-function run_test($code, $desc, $extended_desc, $warn = false)
-{
- global $failed, $warned;
- static $cv = true;
- $cv = not($cv);
- $val = eval($code);
- if($val)
- {
- if($cv) $color='CCFFCC'; else $color='AAFFAA';
- echo "<tr><td style='background-color: #$color; width: 500px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
- } elseif(!$val && $warn) {
- if($cv) $color='FFFFCC'; else $color='FFFFAA';
- echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
- $warned = true;
- } else {
- if($cv) $color='FFCCCC'; else $color='FFAAAA';
- echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
- $failed = true;
- }
-}
-function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
-
-require_once('includes/template.php');
-
-if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome';
-switch($_GET['mode'])
-{
- case 'mysql_test':
- error_reporting(0);
- $dbhost = rawurldecode($_POST['host']);
- $dbname = rawurldecode($_POST['name']);
- $dbuser = rawurldecode($_POST['user']);
- $dbpass = rawurldecode($_POST['pass']);
- $dbrootuser = rawurldecode($_POST['root_user']);
- $dbrootpass = rawurldecode($_POST['root_pass']);
- if($dbrootuser != '')
- {
- $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass);
- if(!$conn)
- {
- $e = mysql_error();
- if(strstr($e, "Lost connection"))
- die('host'.$e);
- else
- die('root'.$e);
- }
- $rsp = 'good';
- $q = mysql_query('USE '.$dbname, $conn);
- if(!$q)
- {
- $e = mysql_error();
- if(strstr($e, 'Unknown database'))
- {
- $rsp .= '_creating_db';
- }
- }
- mysql_close($conn);
- $conn = mysql_connect($dbhost, $dbuser, $dbpass);
- if(!$conn)
- {
- $e = mysql_error();
- if(strstr($e, "Lost connection"))
- die('host'.$e);
- else
- $rsp .= '_creating_user';
- }
- mysql_close($conn);
- die($rsp);
- }
- else
- {
- $conn = mysql_connect($dbhost, $dbuser, $dbpass);
- if(!$conn)
- {
- $e = mysql_error();
- if(strstr($e, "Lost connection"))
- die('host'.$e);
- else
- die('auth'.$e);
- }
- $q = mysql_query('USE '.$dbname, $conn);
- if(!$q)
- {
- $e = mysql_error();
- if(strstr($e, 'Unknown database'))
- {
- die('name'.$e);
- }
- else
- {
- die('perm'.$e);
- }
- }
- }
- $v = mysql_get_server_info();
- if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
- mysql_close($conn);
- die('good');
- break;
- case 'pophelp':
- $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
- switch($topic)
- {
- case 'admin_embed_php':
- $title = 'Allow administrators to embed PHP';
- $content = '<p>This option allows you to control whether anything between the standard <?php and ?> tags will be treated as
- PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
- execute that code when the page is loaded. There are obvious potential security implications here, which should
- be carefully considered before enabling this option.</p>
- <p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
- the site with you, you should enable this to allow extreme customization of pages.</p>
- <p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
- is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
- embed Javascript and arbitrary HTML and CSS.</p>
- <p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
- using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
- using the "embedded PHP kill switch" in the administration panel. --></p>';
- break;
- default:
- $title = 'Invalid topic';
- $content = 'Invalid help topic.';
- break;
- }
- echo <<<EOF
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-<html>
- <head>
- <title>Enano installation quick help • {$title}</title>
- <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
- <style type="text/css">
- body {
- font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
- font-size: 9pt;
- }
- h2 { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
- h3 { font-size: 11pt; font-weight: bold; }
- li { list-style: url(../images/bullet.gif); }
- p { margin: 1.0em; }
- blockquote { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
- a { color: #7090B0; }
- a:hover { color: #90B0D0; }
- </style>
- </head>
- <body>
- <h2>{$title}</h2>
- {$content}
- <p style="text-align: right;">
- <a href="#" onclick="window.close(); return false;">Close window</a>
- </p>
- </body>
-</html>
-EOF;
- exit;
- break;
- default:
- break;
-}
-
-$template = new template_nodb();
-$template->load_theme('stpatty', 'shamrock', false);
-
-$modestrings = Array(
- 'welcome' => 'Welcome',
- 'license' => 'License Agreement',
- 'sysreqs' => 'Server requirements',
- 'database'=> 'Database information',
- 'website' => 'Website configuration',
- 'login' => 'Administration login',
- 'confirm' => 'Confirm installation',
- 'install' => 'Database installation',
- 'finish' => 'Installation complete'
- );
-
-$sideinfo = '';
-$vars = $template->extract_vars('elements.tpl');
-$p = $template->makeParserText($vars['sidebar_button']);
-foreach ( $modestrings as $id => $str )
-{
- if ( $_GET['mode'] == $id )
- {
- $flags = 'style="font-weight: bold; text-decoration: underline;"';
- $this_page = $str;
- }
- else
- {
- $flags = '';
- }
- $p->assign_vars(Array(
- 'HREF' => '#',
- 'FLAGS' => $flags . ' onclick="return false;"',
- 'TEXT' => $str
- ));
- $sideinfo .= $p->run();
-}
-
-$template->init_vars();
-
-if(isset($_GET['mode']) && $_GET['mode'] == 'css')
-{
- header('Content-type: text/css');
- echo $template->get_css();
- exit;
-}
-
-$template->header();
-if(!isset($_GET['mode'])) $_GET['mode'] = 'license';
-switch($_GET['mode'])
-{
- default:
- case 'welcome':
- ?>
- <div style="text-align: center; margin-top: 10px;">
- <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-green.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
- <h2>Welcome to Enano</h2>
- <h3>version 1.0.2 – beta 1<br />
- <span style="font-weight: normal;">also affectionately known as "coblynau" <tt>:)</tt></span></h3>
- <?php
- if ( file_exists('./_nightly.php') )
- {
- echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
- }
- ?>
- <form action="install.php?mode=license" method="post">
- <input type="submit" value="Start installation" />
- </form>
- </div>
- <?php
- break;
- case "license":
- ?>
- <h3>Welcome to the Enano installer.</h3>
- <p>Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.</p>
- <p>To get started, please read and accept the following license agreement. You've probably seen it before.</p>
- <div style="height: 500px; clip: rect(0px,auto,500px,auto); overflow: auto; padding: 10px; border: 1px dashed #456798; margin: 1em;">
- <h2>GNU General Public License</h2>
- <h3>Declaration of license usage</h3>
- <p>Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
- <p>This program is distributed in the hope that it will be useful, but <u>without any warranty</u>; without even the implied warranty of <u>merchantability</u> or <u>fitness for a particular purpose</u>. See the GNU General Public License (below) for more details.</p>
- <p><b>By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.</b></p>
- <h3>Human-readable version</h3>
- <p>Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.</p>
- <ul>
- <li>You may to run Enano for any purpose.</li>
- <li>You may study how Enano works and adapt it to your needs.</li>
- <li>You may redistribute copies so you can help your neighbor.</li>
- <li>You may improve Enano and release your improvements to the public, so that the whole community benefits.</li>
- </ul>
- <p>You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:</p>
- <ul>
- <li>You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
- <li>If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
- <li>If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.</li>
- </ul>
- <p><b>Disclaimer</b>: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.<br /><span style="color: #CCC">Text copied from the <a href="http://creativecommons.org/licenses/GPL/2.0/">Creative Commons GPL Deed page</a></span></p>
- <?php
- if ( defined('ENANO_BETA_VERSION') )
- {
- ?>
- <h3>Notice for prerelease versions</h3>
- <p>This version of Enano is designed only for testing and evaluation purposes. <b>It is not yet completely stable, and should not be used on production websites.</b> As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.</p>
- <?php
- }
- ?>
- <h3>Lawyer-readable version</h3>
- <?php echo wikiFormat(file_get_contents(ENANO_ROOT . '/GPL')); ?>
- </div>
- <div class="pagenav">
- <form action="install.php?mode=sysreqs" method="post">
- <table border="0">
- <tr>
- <td><input type="submit" value="I agree to the license terms" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you agree with the terms of the license<br />• Have your database host, name, username, and password available</p></td>
- </tr>
- </table>
- </form>
- </div>
- <?php
- break;
- case "sysreqs":
- error_reporting(E_ALL);
- ?>
- <h3>Checking your server</h3>
- <p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
- <table border="0" cellspacing="0" cellpadding="0">
- <?php
- run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
- run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
- run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
- run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
- //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
- run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
- run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
- run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
- run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
- echo '</table>';
- if(!$failed)
- {
- ?>
-
- <div class="pagenav">
- <?php
- if($warned) {
- echo '<table border="0" cellspacing="0" cellpadding="0">';
- run_test('return false;', 'Some scalebacks were made due to your server configuration.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />Fatal error:</b> call to undefined function wannahokaloogie() in file <b>'.__FILE__.'</b> on line <b>'.__LINE__.'', true);
- echo '</table>';
- } else {
- echo '<table border="0" cellspacing="0" cellpadding="0">';
- run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
- echo '</table>';
- }
- ?>
- <form action="install.php?mode=database" method="post">
- <table border="0">
- <tr>
- <td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />• Have your database host, name, username, and password available</p></td>
- </tr>
- </table>
- </form>
- </div>
- <?php
- } else {
- if($failed) {
- echo '<div class="pagenav"><table border="0" cellspacing="0" cellpadding="0">';
- run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.');
- echo '</table></div>';
- }
- }
- ?>
- <?php
- break;
- case "database":
- ?>
- <script type="text/javascript">
- function ajaxGet(uri, f) {
- if (window.XMLHttpRequest) {
- ajax = new XMLHttpRequest();
- } else {
- if (window.ActiveXObject) {
- ajax = new ActiveXObject("Microsoft.XMLHTTP");
- } else {
- alert('Enano client-side runtime error: No AJAX support, unable to continue');
- return;
- }
- }
- ajax.onreadystatechange = f;
- ajax.open('GET', uri, true);
- ajax.send(null);
- }
-
- function ajaxPost(uri, parms, f) {
- if (window.XMLHttpRequest) {
- ajax = new XMLHttpRequest();
- } else {
- if (window.ActiveXObject) {
- ajax = new ActiveXObject("Microsoft.XMLHTTP");
- } else {
- alert('Enano client-side runtime error: No AJAX support, unable to continue');
- return;
- }
- }
- ajax.onreadystatechange = f;
- ajax.open('POST', uri, true);
- ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- ajax.setRequestHeader("Content-length", parms.length);
- ajax.setRequestHeader("Connection", "close");
- ajax.send(parms);
- }
- function ajaxTestConnection()
- {
- v = verify();
- if(!v)
- {
- alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
- return false;
- }
- var frm = document.forms.dbinfo;
- db_host = escape(frm.db_host.value.replace('+', '%2B'));
- db_name = escape(frm.db_name.value.replace('+', '%2B'));
- db_user = escape(frm.db_user.value.replace('+', '%2B'));
- db_pass = escape(frm.db_pass.value.replace('+', '%2B'));
- db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
- db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
-
- parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
- ajaxPost('<?php echo scriptPath; ?>/install.php?mode=mysql_test', parms, function() {
- if(ajax.readyState==4)
- {
- s = ajax.responseText.substr(0, 4);
- t = ajax.responseText.substr(4, ajax.responseText.length);
- if(s.substr(0, 4)=='good')
- {
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/good.gif';
- document.getElementById('s_db_auth').src='images/good.gif';
- document.getElementById('s_db_root').src='images/good.gif';
- if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
- if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
- document.getElementById('s_mysql_version').src='images/good.gif';
- document.getElementById('e_mysql_version').innerHTML = 'Your version of MySQL meets Enano requirements.';
- }
- else
- {
- switch(s)
- {
- case 'host':
- document.getElementById('s_db_host').src='images/bad.gif';
- document.getElementById('s_db_name').src='images/unknown.gif';
- document.getElementById('s_db_auth').src='images/unknown.gif';
- document.getElementById('s_db_root').src='images/unknown.gif';
- document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
- document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
- break;
- case 'auth':
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/unknown.gif';
- document.getElementById('s_db_auth').src='images/bad.gif';
- document.getElementById('s_db_root').src='images/unknown.gif';
- document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
- document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
- break;
- case 'perm':
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/bad.gif';
- document.getElementById('s_db_auth').src='images/good.gif';
- document.getElementById('s_db_root').src='images/unknown.gif';
- document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
- document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
- break;
- case 'name':
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/bad.gif';
- document.getElementById('s_db_auth').src='images/good.gif';
- document.getElementById('s_db_root').src='images/unknown.gif';
- document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
- document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
- break;
- case 'root':
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/unknown.gif';
- document.getElementById('s_db_auth').src='images/unknown.gif';
- document.getElementById('s_db_root').src='images/bad.gif';
- document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
- document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
- break;
- case 'vers':
- document.getElementById('s_db_host').src='images/good.gif';
- document.getElementById('s_db_name').src='images/good.gif';
- document.getElementById('s_db_auth').src='images/good.gif';
- document.getElementById('s_db_root').src='images/good.gif';
- if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
- if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
-
- document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
- document.getElementById('s_mysql_version').src='images/bad.gif';
- default:
- alert(t);
- break;
- }
- }
- }
- });
- }
- function verify()
- {
- document.getElementById('e_db_host').innerHTML = '';
- document.getElementById('e_db_auth').innerHTML = '';
- document.getElementById('e_db_name').innerHTML = '';
- document.getElementById('e_db_root').innerHTML = '';
- var frm = document.forms.dbinfo;
- ret = true;
- if(frm.db_host.value != '')
- {
- document.getElementById('s_db_host').src='images/unknown.gif';
- }
- else
- {
- document.getElementById('s_db_host').src='images/bad.gif';
- ret = false;
- }
- if(frm.db_name.value.match(/^([a-z0-9_]+)$/g))
- {
- document.getElementById('s_db_name').src='images/unknown.gif';
- }
- else
- {
- document.getElementById('s_db_name').src='images/bad.gif';
- ret = false;
- }
- if(frm.db_user.value != '')
- {
- document.getElementById('s_db_auth').src='images/unknown.gif';
- }
- else
- {
- document.getElementById('s_db_auth').src='images/bad.gif';
- ret = false;
- }
- if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
- {
- document.getElementById('s_table_prefix').src='images/good.gif';
- }
- else
- {
- document.getElementById('s_table_prefix').src='images/bad.gif';
- ret = false;
- }
- if(frm.db_root_user.value == '')
- {
- document.getElementById('s_db_root').src='images/good.gif';
- }
- else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
- {
- document.getElementById('s_db_root').src='images/bad.gif';
- ret = false;
- }
- else
- {
- document.getElementById('s_db_root').src='images/unknown.gif';
- }
- if(ret) frm._cont.disabled = false;
- else frm._cont.disabled = true;
- return ret;
- }
- window.onload = verify;
- </script>
- <p>Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend,
- and we need to have access to a MySQL server in order to continue.</p>
- <p>If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from
- <a href="http://www.mysql.com/">MySQL.com</a>. <b>Please note that, like Enano, MySQL is licensed under the GNU GPL.</b>
- If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL
- or purchase a proprietary license.</p>
- <?php
- if ( file_exists('/etc/enano-is-virt-appliance') )
- {
- echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
- }
- ?>
- <form name="dbinfo" action="install.php?mode=website" method="post">
- <table border="0">
- <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
- <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td><input name="db_pass" size="30" type="password" /></td></tr>
- <tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
- <tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
- <tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
- <tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
- <tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
- <tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" /> <label for="dtcheck">Drop existing tables</label></td></tr>
- <tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
- </table>
- <div class="pagenav">
- <table border="0">
- <tr>
- <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Check your MySQL connection using the "Test Connection" button.<br />• Be aware that your database information will be transmitted unencrypted several times.</p></td>
- </tr>
- </table>
- </div>
- </form>
- <?php
- break;
- case "website":
- if(!isset($_POST['_cont'])) {
- echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
- $template->footer();
- exit;
- }
- unset($_POST['_cont']);
- ?>
- <script type="text/javascript">
- function verify()
- {
- var frm = document.forms.siteinfo;
- ret = true;
- if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
- {
- document.getElementById('s_name').src='images/good.gif';
- }
- else
- {
- document.getElementById('s_name').src='images/bad.gif';
- ret = false;
- }
- if(frm.sitedesc.value.match(/^(.+)$/g))
- {
- document.getElementById('s_desc').src='images/good.gif';
- }
- else
- {
- document.getElementById('s_desc').src='images/bad.gif';
- ret = false;
- }
- if(frm.copyright.value.match(/^(.+)$/g))
- {
- document.getElementById('s_copyright').src='images/good.gif';
- }
- else
- {
- document.getElementById('s_copyright').src='images/bad.gif';
- ret = false;
- }
- if(ret) frm._cont.disabled = false;
- else frm._cont.disabled = true;
- return ret;
- }
- window.onload = verify;
- </script>
- <form name="siteinfo" action="install.php?mode=login" method="post">
- <?php
- $k = array_keys($_POST);
- for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
- }
- ?>
- <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
- <table border="0">
- <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" /> <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
- <tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"> <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short"> <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite"> <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
- </table>
- <div class="pagenav">
- <table border="0">
- <tr>
- <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
- </tr>
- </table>
- </div>
- </form>
- <?php
- break;
- case "login":
- if(!isset($_POST['_cont'])) {
- echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
- $template->footer();
- exit;
- }
- unset($_POST['_cont']);
- require('config.php');
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
- if ( isset($crypto_key) )
- {
- $cryptkey = $crypto_key;
- }
- if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
- {
- $cryptkey = $aes->gen_readymade_key();
- $handle = @fopen(ENANO_ROOT.'/config.php', 'w');
- if(!$handle)
- {
- echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
- $template->footer();
- exit;
- }
- fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
- fclose($handle);
- }
- ?>
- <script type="text/javascript">
- function verify()
- {
- var frm = document.forms.login;
- ret = true;
- if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
- {
- document.getElementById('s_user').src = 'images/good.gif';
- }
- else
- {
- document.getElementById('s_user').src = 'images/bad.gif';
- ret = false;
- }
- if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
- {
- document.getElementById('s_password').src = 'images/good.gif';
- }
- else
- {
- document.getElementById('s_password').src = 'images/bad.gif';
- ret = false;
- }
- if(frm.admin_email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
- {
- document.getElementById('s_email').src = 'images/good.gif';
- }
- else
- {
- document.getElementById('s_email').src = 'images/bad.gif';
- ret = false;
- }
- if(ret) frm._cont.disabled = false;
- else frm._cont.disabled = true;
- return ret;
- }
- window.onload = verify;
-
- function cryptdata()
- {
- if(!verify()) return false;
- }
- </script>
- <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
- <?php
- $k = array_keys($_POST);
- for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
- }
- ?>
- <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
- <table border="0">
- <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
- <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
- <tr>
- <td>
- Allow administrators to embed PHP code into pages:<br />
- <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
- <a href="install.php?mode=pophelp&topic=admin_embed_php"
- onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
- style="color: #D84308; text-decoration: underline;">important security implications</a>.
- </span></small>
- </td>
- <td>
- <label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>
- <label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
- </td>
- <td></td>
- </tr>
- <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
- </table>
- <div class="pagenav">
- <table border="0">
- <tr>
- <td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
- </tr>
- </table>
- </div>
- <div id="cryptdebug"></div>
- <input type="hidden" name="use_crypt" value="no" />
- <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
- <input type="hidden" name="crypt_data" value="" />
- </form>
- <script type="text/javascript">
- // <![CDATA[
- frm.admin_user.focus();
- function runEncryption()
- {
- str = '';
- for(i=0;i<keySizeInBits/4;i++) str+='0';
- var key = hexToByteArray(str);
- var pt = hexToByteArray(str);
- var ct = rijndaelEncrypt(pt, key, "ECB");
- var ect = byteArrayToHex(ct);
- switch(keySizeInBits)
- {
- case 128:
- v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
- break;
- case 192:
- v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
- break;
- case 256:
- v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
- break;
- }
- var testpassed = ( ect == v && md5_vm_test() );
- var frm = document.forms.login;
- if(testpassed)
- {
- // alert('encryption self-test passed');
- frm.use_crypt.value = 'yes';
- var cryptkey = frm.crypt_key.value;
- frm.crypt_key.value = '';
- if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
- {
- alert('Byte array conversion SUCKS');
- testpassed = false;
- }
- cryptkey = hexToByteArray(cryptkey);
- if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
- {
- frm._cont.disabled = true;
- len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
- alert('The key is messed up\nType: '+typeof(cryptkey)+len);
- }
- }
- else
- {
- // alert('encryption self-test FAILED');
- }
- if(testpassed)
- {
- pass = frm.admin_pass.value;
- pass = stringToByteArray(pass);
- cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
- //decrypted = rijndaelDecrypt(cryptstring, cryptkey, 'ECB');
- //decrypted = byteArrayToString(decrypted);
- //return false;
- if(!cryptstring)
- {
- return false;
- }
- cryptstring = byteArrayToHex(cryptstring);
- // document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
- frm.crypt_data.value = cryptstring;
- frm.admin_pass.value = '';
- frm.admin_pass_confirm.value = '';
- }
- return false;
- }
- // ]]>
- </script>
- <?php
- break;
- case "confirm":
- if(!isset($_POST['_cont'])) {
- echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
- $template->footer();
- exit;
- }
- unset($_POST['_cont']);
- ?>
- <form name="confirm" action="install.php?mode=install" method="post">
- <?php
- $k = array_keys($_POST);
- for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
- }
- ?>
- <h3>Enano is ready to install.</h3>
- <p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
- and then click the button below to install the database.</p>
- <ul>
- <li>Database hostname: <?php echo $_POST['db_host']; ?></li>
- <li>Database name: <?php echo $_POST['db_name']; ?></li>
- <li>Database user: <?php echo $_POST['db_user']; ?></li>
- <li>Database password: <hidden></li>
- <li>Site name: <?php echo $_POST['sitename']; ?></li>
- <li>Site description: <?php echo $_POST['sitedesc']; ?></li>
- <li>Administration username: <?php echo $_POST['admin_user']; ?></li>
- <li>Cipher strength: <?php echo (string)AES_BITS; ?>-bit AES<br /><small>Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.</small></li>
- </ul>
- <div class="pagenav">
- <table border="0">
- <tr>
- <td><input type="submit" value="Install Enano!" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Pray.</p></td>
- </tr>
- </table>
- </div>
- </form>
- <?php
- break;
- case "install":
- if(!isset($_POST['db_host']) ||
- !isset($_POST['db_name']) ||
- !isset($_POST['db_user']) ||
- !isset($_POST['db_pass']) ||
- !isset($_POST['sitename']) ||
- !isset($_POST['sitedesc']) ||
- !isset($_POST['copyright']) ||
- !isset($_POST['admin_user']) ||
- !isset($_POST['admin_pass']) ||
- !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
- !isset($_POST['urlscheme'])
- )
- {
- echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
- $template->footer();
- exit;
- }
- switch($_POST['urlscheme'])
- {
- case "ugly":
- default:
- $cp = scriptPath.'/index.php?title=';
- break;
- case "short":
- $cp = scriptPath.'/index.php/';
- break;
- case "tiny":
- $cp = scriptPath.'/';
- break;
- }
- function err($t) { global $template; echo $t; $template->footer(); exit; }
-
- echo 'Connecting to MySQL...';
- if($_POST['db_root_user'] != '')
- {
- $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
- if(!$conn) err('Error connecting to MySQL: '.mysql_error());
- $q = mysql_query('USE '.$_POST['db_name']);
- if(!$q)
- {
- $q = mysql_query('CREATE DATABASE '.$_POST['db_name']);
- if(!$q) err('Error initializing database: '.mysql_error());
- }
- $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
- if(!$q) err('Could not create the user account');
- $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
- if(!$q) err('Could not create the user account');
- mysql_close($conn);
- }
- $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
- if(!$conn) err('Error connecting to MySQL: '.mysql_error());
- $q = mysql_query('USE '.$_POST['db_name']);
- if(!$q) err('Error selecting database: '.mysql_error());
- echo 'done!<br />';
-
- // Are we supposed to drop any existing tables? If so, do it now
- if(isset($_POST['drop_tables']))
- {
- echo 'Dropping existing Enano tables...';
- // Our list of tables included in Enano
- $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' );
- $tables = implode(', ', $tables);
- $tables = str_replace('mdg_', $_POST['table_prefix'], $tables);
- $query_of_death = 'DROP TABLE '.$tables.';';
- mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist
- echo 'done!<br />';
- }
-
- $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
-
- echo 'Decrypting administration password...';
-
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
-
- if ( !empty($_POST['crypt_data']) )
- {
- require('config.php');
- if ( !isset($cryptkey) )
- {
- echo 'failed!<br />Cannot get the key from config.php';
- break;
- }
- $key = hexdecode($cryptkey);
-
- $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
-
- }
- else
- {
- $dec = $_POST['admin_pass'];
- }
- echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
- $privkey = $aes->gen_readymade_key();
- $pkba = hexdecode($privkey);
- $encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
-
- echo 'done!<br />Preparing for schema execution...';
- $schema = file_get_contents('schema.sql');
- $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema);
- $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema);
- $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema);
- $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema);
- $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($encpass ), $schema);
- $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema);
- $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema);
- $schema = str_replace('{{REAL_NAME}}', '', $schema);
- $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
- $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
- $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema);
- $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);
-
- if(isset($_POST['wiki_mode']))
- {
- $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
- }
- else
- {
- $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
- }
-
- // Build an array of queries
- $schema = explode("\n", $schema);
-
- foreach ( $schema as $i => $sql )
- {
- $query =& $schema[$i];
- $t = trim($query);
- if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
- {
- unset($schema[$i]);
- unset($query);
- }
- }
-
- $schema = array_values($schema);
- $schema = implode("\n", $schema);
- $schema = explode(";\n", $schema);
-
- foreach ( $schema as $i => $sql )
- {
- $query =& $schema[$i];
- if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
- {
- $query .= ';';
- }
- }
-
- // echo '<pre>' . htmlspecialchars(print_r($schema, true)) . '</pre>';
- // break;
-
- echo 'done!<br />Executing schema.sql...';
-
- // OK, do the loop, baby!!!
- foreach($schema as $q)
- {
- $r = mysql_query($q, $conn);
- if(!$r) err('Error during mainstream installation: '.mysql_error());
- }
-
- echo 'done!<br />Writing configuration files...';
- if($_POST['urlscheme']=='tiny')
- {
- $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
- if(!$ht) err('Error opening file .htaccess for writing');
- fwrite($ht, '
-RewriteEngine on
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
-RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
-');
- fclose($ht);
- }
-
- $config_file = '<?php
-/* Enano auto-generated configuration file - editing not recommended! */
-$dbhost = \''.addslashes($_POST['db_host']).'\';
-$dbname = \''.addslashes($_POST['db_name']).'\';
-$dbuser = \''.addslashes($_POST['db_user']).'\';
-$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
-if(!defined(\'ENANO_CONSTANTS\')) {
-define(\'ENANO_CONSTANTS\', \'\');
-define(\'table_prefix\', \''.$_POST['table_prefix'].'\');
-define(\'scriptPath\', \''.scriptPath.'\');
-define(\'contentPath\', \''.$cp.'\');
-define(\'ENANO_INSTALLED\', \'true\');
-}
-$crypto_key = \''.$privkey.'\';
-?>';
-
- $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w');
- if(!$cf_handle) err('Couldn\'t open file config.php for writing');
- fwrite($cf_handle, $config_file);
- fclose($cf_handle);
-
- echo 'done!<br />Starting the Enano API...';
-
- $template_bak = $template;
-
- // Get Enano loaded
- $_GET['title'] = 'Main_Page';
- require('includes/common.php');
-
- // We need to be logged in (with admin rights) before logs can be flushed
- $session->login_without_crypto($_POST['admin_user'], $dec, false);
-
- // Now that login cookies are set, initialize the session manager and ACLs
- $session->start();
- $paths->init();
-
- unset($template);
- $template =& $template_bak;
-
- echo 'done!<br />Initializing logs...';
-
- $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn);
- if ( !$q )
- err('Error setting up logs: '.$db->get_error());
-
- if ( !$session->get_permissions('clear_logs') )
- {
- echo '<br />Error: session manager won\'t permit flushing logs, these is a bug.';
- break;
- }
-
- // unset($session);
- // $session = new sessionManager();
- // $session->start();
-
- PageUtils::flushlogs('Main_Page', 'Article');
-
- echo 'done!<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
-
- // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
-
- break;
- case "finish":
- echo '<h3>Congratulations!</h3>
- <p>You have finished installing Enano on this server.</p>
- <h3>Now what?</h3>
- <p>Click the link below to see the main page for your website. Where to go from here:</p>
- <ul>
- <li>The first thing you should do is log into your site using the Log in link on the sidebar.</li>
- <li>Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.</li>
- <li>Visit the <a href="http://enanocms.org/Category:Plugins" onclick="window.open(this.href); return false;">Enano Plugin Gallery</a> to download and use plugins on your site.</li>
- <li>Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.</li>
- <li>Hire some moderators, to help you keep rowdy users tame.</li>
- <li>Tell the <a href="http://enanocms.org/Contact_us">Enano team</a> what you think.</li>
- <li><b>Spread the word about Enano by adding a link to the Enano homepage on your sidebar!</b> You can enable this option in the General Configuration section of the administration panel.</li>
- </ul>
- <p><a href="index.php">Go to your website...</a></p>';
- break;
-}
-$template->footer();
-
-?>
+<?php
+
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.1.1
+ * Copyright (C) 2006-2007 Dan Fuhry
+ * install.php - handles everything related to installation and initial configuration
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+@include('config.php');
+if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode'])))
+{
+ $_GET['title'] = 'Enano:Installation_locked';
+ require('includes/common.php');
+ die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
+ exit;
+}
+
+define('IN_ENANO_INSTALL', 'true');
+
+define('ENANO_VERSION', '1.1.1');
+// In beta versions, define ENANO_BETA_VERSION here
+
+if(!defined('scriptPath')) {
+ $sp = dirname($_SERVER['REQUEST_URI']);
+ if($sp == '/' || $sp == '\\') $sp = '';
+ define('scriptPath', $sp);
+}
+
+if(!defined('contentPath')) {
+ $sp = dirname($_SERVER['REQUEST_URI']);
+ if($sp == '/' || $sp == '\\') $sp = '';
+ define('contentPath', $sp);
+}
+global $_starttime, $this_page, $sideinfo;
+$_starttime = microtime(true);
+
+// Determine directory (special case for development servers)
+if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
+{
+ $filename = str_replace('/repo/', '/', __FILE__);
+}
+else
+{
+ $filename = __FILE__;
+}
+
+define('ENANO_ROOT', dirname($filename));
+
+function is_page($p)
+{
+ return true;
+}
+
+require('includes/wikiformat.php');
+require('includes/constants.php');
+require('includes/rijndael.php');
+require('includes/functions.php');
+
+strip_magic_quotes_gpc();
+
+//die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
+
+if(!function_exists('wikiFormat'))
+{
+ function wikiFormat($message, $filter_links = true)
+ {
+ $wiki = & Text_Wiki::singleton('Mediawiki');
+ $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename');
+ $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath);
+ $result = $wiki->transform($message, 'Xhtml');
+
+ // HTML fixes
+ $result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
+ $result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
+ $result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
+
+ return $result;
+ }
+}
+
+global $failed, $warned;
+
+$failed = false;
+$warned = false;
+
+function not($var)
+{
+ if($var)
+ {
+ return false;
+ }
+ else
+ {
+ return true;
+ }
+}
+
+function run_test($code, $desc, $extended_desc, $warn = false)
+{
+ global $failed, $warned;
+ static $cv = true;
+ $cv = not($cv);
+ $val = eval($code);
+ if($val)
+ {
+ if($cv) $color='CCFFCC'; else $color='AAFFAA';
+ echo "<tr><td style='background-color: #$color; width: 500px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
+ } elseif(!$val && $warn) {
+ if($cv) $color='FFFFCC'; else $color='FFFFAA';
+ echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
+ $warned = true;
+ } else {
+ if($cv) $color='FFCCCC'; else $color='FFAAAA';
+ echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
+ $failed = true;
+ }
+}
+function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
+
+require_once('includes/template.php');
+
+if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome';
+switch($_GET['mode'])
+{
+ case 'mysql_test':
+ error_reporting(0);
+ $dbhost = rawurldecode($_POST['host']);
+ $dbname = rawurldecode($_POST['name']);
+ $dbuser = rawurldecode($_POST['user']);
+ $dbpass = rawurldecode($_POST['pass']);
+ $dbrootuser = rawurldecode($_POST['root_user']);
+ $dbrootpass = rawurldecode($_POST['root_pass']);
+ if($dbrootuser != '')
+ {
+ $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass);
+ if(!$conn)
+ {
+ $e = mysql_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ die('root'.$e);
+ }
+ $rsp = 'good';
+ $q = mysql_query('USE '.$dbname, $conn);
+ if(!$q)
+ {
+ $e = mysql_error();
+ if(strstr($e, 'Unknown database'))
+ {
+ $rsp .= '_creating_db';
+ }
+ }
+ mysql_close($conn);
+ $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ if(!$conn)
+ {
+ $e = mysql_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ $rsp .= '_creating_user';
+ }
+ mysql_close($conn);
+ die($rsp);
+ }
+ else
+ {
+ $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ if(!$conn)
+ {
+ $e = mysql_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ die('auth'.$e);
+ }
+ $q = mysql_query('USE '.$dbname, $conn);
+ if(!$q)
+ {
+ $e = mysql_error();
+ if(strstr($e, 'Unknown database'))
+ {
+ die('name'.$e);
+ }
+ else
+ {
+ die('perm'.$e);
+ }
+ }
+ }
+ $v = mysql_get_server_info();
+ if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ mysql_close($conn);
+ die('good');
+ break;
+ case 'pophelp':
+ $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
+ switch($topic)
+ {
+ case 'admin_embed_php':
+ $title = 'Allow administrators to embed PHP';
+ $content = '<p>This option allows you to control whether anything between the standard <?php and ?> tags will be treated as
+ PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
+ execute that code when the page is loaded. There are obvious potential security implications here, which should
+ be carefully considered before enabling this option.</p>
+ <p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
+ the site with you, you should enable this to allow extreme customization of pages.</p>
+ <p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
+ is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
+ embed Javascript and arbitrary HTML and CSS.</p>
+ <p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
+ using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+ using the "embedded PHP kill switch" in the administration panel. --></p>';
+ break;
+ default:
+ $title = 'Invalid topic';
+ $content = 'Invalid help topic.';
+ break;
+ }
+ echo <<<EOF
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html>
+ <head>
+ <title>Enano installation quick help • {$title}</title>
+ <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+ <style type="text/css">
+ body {
+ font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
+ font-size: 9pt;
+ }
+ h2 { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
+ h3 { font-size: 11pt; font-weight: bold; }
+ li { list-style: url(../images/bullet.gif); }
+ p { margin: 1.0em; }
+ blockquote { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
+ a { color: #7090B0; }
+ a:hover { color: #90B0D0; }
+ </style>
+ </head>
+ <body>
+ <h2>{$title}</h2>
+ {$content}
+ <p style="text-align: right;">
+ <a href="#" onclick="window.close(); return false;">Close window</a>
+ </p>
+ </body>
+</html>
+EOF;
+ exit;
+ break;
+ default:
+ break;
+}
+
+$template = new template_nodb();
+$template->load_theme('stpatty', 'shamrock', false);
+
+$modestrings = Array(
+ 'welcome' => 'Welcome',
+ 'license' => 'License Agreement',
+ 'sysreqs' => 'Server requirements',
+ 'database'=> 'Database information',
+ 'website' => 'Website configuration',
+ 'login' => 'Administration login',
+ 'confirm' => 'Confirm installation',
+ 'install' => 'Database installation',
+ 'finish' => 'Installation complete'
+ );
+
+$sideinfo = '';
+$vars = $template->extract_vars('elements.tpl');
+$p = $template->makeParserText($vars['sidebar_button']);
+foreach ( $modestrings as $id => $str )
+{
+ if ( $_GET['mode'] == $id )
+ {
+ $flags = 'style="font-weight: bold; text-decoration: underline;"';
+ $this_page = $str;
+ }
+ else
+ {
+ $flags = '';
+ }
+ $p->assign_vars(Array(
+ 'HREF' => '#',
+ 'FLAGS' => $flags . ' onclick="return false;"',
+ 'TEXT' => $str
+ ));
+ $sideinfo .= $p->run();
+}
+
+$template->init_vars();
+
+if(isset($_GET['mode']) && $_GET['mode'] == 'css')
+{
+ header('Content-type: text/css');
+ echo $template->get_css();
+ exit;
+}
+
+$template->header();
+if(!isset($_GET['mode'])) $_GET['mode'] = 'license';
+switch($_GET['mode'])
+{
+ default:
+ case 'welcome':
+ ?>
+ <div style="text-align: center; margin-top: 10px;">
+ <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-green.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
+ <h2>Welcome to Enano</h2>
+ <h3>version 1.1.1 – unstable</h3>
+ <?php
+ if ( file_exists('./_nightly.php') )
+ {
+ echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
+ }
+ ?>
+ <form action="install.php?mode=license" method="post">
+ <input type="submit" value="Start installation" />
+ </form>
+ </div>
+ <?php
+ break;
+ case "license":
+ ?>
+ <h3>Welcome to the Enano installer.</h3>
+ <p>Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.</p>
+ <p>To get started, please read and accept the following license agreement. You've probably seen it before.</p>
+ <div style="height: 500px; clip: rect(0px,auto,500px,auto); overflow: auto; padding: 10px; border: 1px dashed #456798; margin: 1em;">
+ <h2>GNU General Public License</h2>
+ <h3>Declaration of license usage</h3>
+ <p>Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
+ <p>This program is distributed in the hope that it will be useful, but <u>without any warranty</u>; without even the implied warranty of <u>merchantability</u> or <u>fitness for a particular purpose</u>. See the GNU General Public License (below) for more details.</p>
+ <p><b>By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.</b></p>
+ <h3>Human-readable version</h3>
+ <p>Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.</p>
+ <ul>
+ <li>You may to run Enano for any purpose.</li>
+ <li>You may study how Enano works and adapt it to your needs.</li>
+ <li>You may redistribute copies so you can help your neighbor.</li>
+ <li>You may improve Enano and release your improvements to the public, so that the whole community benefits.</li>
+ </ul>
+ <p>You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:</p>
+ <ul>
+ <li>You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
+ <li>If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
+ <li>If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.</li>
+ </ul>
+ <p><b>Disclaimer</b>: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.<br /><span style="color: #CCC">Text copied from the <a href="http://creativecommons.org/licenses/GPL/2.0/">Creative Commons GPL Deed page</a></span></p>
+ <?php
+ if ( defined('ENANO_BETA_VERSION') )
+ {
+ ?>
+ <h3>Notice for prerelease versions</h3>
+ <p>This version of Enano is designed only for testing and evaluation purposes. <b>It is not yet completely stable, and should not be used on production websites.</b> As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.</p>
+ <?php
+ }
+ ?>
+ <h3>Lawyer-readable version</h3>
+ <?php echo wikiFormat(file_get_contents(ENANO_ROOT . '/GPL')); ?>
+ </div>
+ <div class="pagenav">
+ <form action="install.php?mode=sysreqs" method="post">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="I agree to the license terms" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you agree with the terms of the license<br />• Have your database host, name, username, and password available</p></td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ <?php
+ break;
+ case "sysreqs":
+ error_reporting(E_ALL);
+ ?>
+ <h3>Checking your server</h3>
+ <p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <?php
+ run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
+ run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
+ run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
+ run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
+ //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
+ run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+ run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
+ run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
+ run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
+ echo '</table>';
+ if(!$failed)
+ {
+ ?>
+
+ <div class="pagenav">
+ <?php
+ if($warned) {
+ echo '<table border="0" cellspacing="0" cellpadding="0">';
+ run_test('return false;', 'Some scalebacks were made due to your server configuration.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />Fatal error:</b> call to undefined function wannahokaloogie() in file <b>'.__FILE__.'</b> on line <b>'.__LINE__.'', true);
+ echo '</table>';
+ } else {
+ echo '<table border="0" cellspacing="0" cellpadding="0">';
+ run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
+ echo '</table>';
+ }
+ ?>
+ <form action="install.php?mode=database" method="post">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />• Have your database host, name, username, and password available</p></td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ <?php
+ } else {
+ if($failed) {
+ echo '<div class="pagenav"><table border="0" cellspacing="0" cellpadding="0">';
+ run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.');
+ echo '</table></div>';
+ }
+ }
+ ?>
+ <?php
+ break;
+ case "database":
+ ?>
+ <script type="text/javascript">
+ function ajaxGet(uri, f) {
+ if (window.XMLHttpRequest) {
+ ajax = new XMLHttpRequest();
+ } else {
+ if (window.ActiveXObject) {
+ ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ } else {
+ alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ return;
+ }
+ }
+ ajax.onreadystatechange = f;
+ ajax.open('GET', uri, true);
+ ajax.send(null);
+ }
+
+ function ajaxPost(uri, parms, f) {
+ if (window.XMLHttpRequest) {
+ ajax = new XMLHttpRequest();
+ } else {
+ if (window.ActiveXObject) {
+ ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ } else {
+ alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ return;
+ }
+ }
+ ajax.onreadystatechange = f;
+ ajax.open('POST', uri, true);
+ ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ ajax.setRequestHeader("Content-length", parms.length);
+ ajax.setRequestHeader("Connection", "close");
+ ajax.send(parms);
+ }
+ function ajaxTestConnection()
+ {
+ v = verify();
+ if(!v)
+ {
+ alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+ return false;
+ }
+ var frm = document.forms.dbinfo;
+ db_host = escape(frm.db_host.value.replace('+', '%2B'));
+ db_name = escape(frm.db_name.value.replace('+', '%2B'));
+ db_user = escape(frm.db_user.value.replace('+', '%2B'));
+ db_pass = escape(frm.db_pass.value.replace('+', '%2B'));
+ db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+ db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+
+ parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+ ajaxPost('<?php echo scriptPath; ?>/install.php?mode=mysql_test', parms, function() {
+ if(ajax.readyState==4)
+ {
+ s = ajax.responseText.substr(0, 4);
+ t = ajax.responseText.substr(4, ajax.responseText.length);
+ if(s.substr(0, 4)=='good')
+ {
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/good.gif';
+ document.getElementById('s_db_auth').src='images/good.gif';
+ document.getElementById('s_db_root').src='images/good.gif';
+ if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ document.getElementById('s_mysql_version').src='images/good.gif';
+ document.getElementById('e_mysql_version').innerHTML = 'Your version of MySQL meets Enano requirements.';
+ }
+ else
+ {
+ switch(s)
+ {
+ case 'host':
+ document.getElementById('s_db_host').src='images/bad.gif';
+ document.getElementById('s_db_name').src='images/unknown.gif';
+ document.getElementById('s_db_auth').src='images/unknown.gif';
+ document.getElementById('s_db_root').src='images/unknown.gif';
+ document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+ document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ break;
+ case 'auth':
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/unknown.gif';
+ document.getElementById('s_db_auth').src='images/bad.gif';
+ document.getElementById('s_db_root').src='images/unknown.gif';
+ document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ break;
+ case 'perm':
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/bad.gif';
+ document.getElementById('s_db_auth').src='images/good.gif';
+ document.getElementById('s_db_root').src='images/unknown.gif';
+ document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+ document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ break;
+ case 'name':
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/bad.gif';
+ document.getElementById('s_db_auth').src='images/good.gif';
+ document.getElementById('s_db_root').src='images/unknown.gif';
+ document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+ document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ break;
+ case 'root':
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/unknown.gif';
+ document.getElementById('s_db_auth').src='images/unknown.gif';
+ document.getElementById('s_db_root').src='images/bad.gif';
+ document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ break;
+ case 'vers':
+ document.getElementById('s_db_host').src='images/good.gif';
+ document.getElementById('s_db_name').src='images/good.gif';
+ document.getElementById('s_db_auth').src='images/good.gif';
+ document.getElementById('s_db_root').src='images/good.gif';
+ if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+
+ document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+ document.getElementById('s_mysql_version').src='images/bad.gif';
+ default:
+ alert(t);
+ break;
+ }
+ }
+ }
+ });
+ }
+ function verify()
+ {
+ document.getElementById('e_db_host').innerHTML = '';
+ document.getElementById('e_db_auth').innerHTML = '';
+ document.getElementById('e_db_name').innerHTML = '';
+ document.getElementById('e_db_root').innerHTML = '';
+ var frm = document.forms.dbinfo;
+ ret = true;
+ if(frm.db_host.value != '')
+ {
+ document.getElementById('s_db_host').src='images/unknown.gif';
+ }
+ else
+ {
+ document.getElementById('s_db_host').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.db_name.value.match(/^([a-z0-9_]+)$/g))
+ {
+ document.getElementById('s_db_name').src='images/unknown.gif';
+ }
+ else
+ {
+ document.getElementById('s_db_name').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.db_user.value != '')
+ {
+ document.getElementById('s_db_auth').src='images/unknown.gif';
+ }
+ else
+ {
+ document.getElementById('s_db_auth').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+ {
+ document.getElementById('s_table_prefix').src='images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_table_prefix').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.db_root_user.value == '')
+ {
+ document.getElementById('s_db_root').src='images/good.gif';
+ }
+ else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+ {
+ document.getElementById('s_db_root').src='images/bad.gif';
+ ret = false;
+ }
+ else
+ {
+ document.getElementById('s_db_root').src='images/unknown.gif';
+ }
+ if(ret) frm._cont.disabled = false;
+ else frm._cont.disabled = true;
+ return ret;
+ }
+ window.onload = verify;
+ </script>
+ <p>Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend,
+ and we need to have access to a MySQL server in order to continue.</p>
+ <p>If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from
+ <a href="http://www.mysql.com/">MySQL.com</a>. <b>Please note that, like Enano, MySQL is licensed under the GNU GPL.</b>
+ If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL
+ or purchase a proprietary license.</p>
+ <?php
+ if ( file_exists('/etc/enano-is-virt-appliance') )
+ {
+ echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
+ }
+ ?>
+ <form name="dbinfo" action="install.php?mode=website" method="post">
+ <table border="0">
+ <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+ <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+ <tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+ <tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ <tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ <tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+ <tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+ <tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" /> <label for="dtcheck">Drop existing tables</label></td></tr>
+ <tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
+ </table>
+ <div class="pagenav">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Check your MySQL connection using the "Test Connection" button.<br />• Be aware that your database information will be transmitted unencrypted several times.</p></td>
+ </tr>
+ </table>
+ </div>
+ </form>
+ <?php
+ break;
+ case "website":
+ if(!isset($_POST['_cont'])) {
+ echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+ $template->footer();
+ exit;
+ }
+ unset($_POST['_cont']);
+ ?>
+ <script type="text/javascript">
+ function verify()
+ {
+ var frm = document.forms.siteinfo;
+ ret = true;
+ if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
+ {
+ document.getElementById('s_name').src='images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_name').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.sitedesc.value.match(/^(.+)$/g))
+ {
+ document.getElementById('s_desc').src='images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_desc').src='images/bad.gif';
+ ret = false;
+ }
+ if(frm.copyright.value.match(/^(.+)$/g))
+ {
+ document.getElementById('s_copyright').src='images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_copyright').src='images/bad.gif';
+ ret = false;
+ }
+ if(ret) frm._cont.disabled = false;
+ else frm._cont.disabled = true;
+ return ret;
+ }
+ window.onload = verify;
+ </script>
+ <form name="siteinfo" action="install.php?mode=login" method="post">
+ <?php
+ $k = array_keys($_POST);
+ for($i=0;$i<sizeof($_POST);$i++) {
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ }
+ ?>
+ <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
+ <table border="0">
+ <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" /> <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
+ <tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"> <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short"> <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite"> <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
+ </table>
+ <div class="pagenav">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
+ </tr>
+ </table>
+ </div>
+ </form>
+ <?php
+ break;
+ case "login":
+ if(!isset($_POST['_cont'])) {
+ echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+ $template->footer();
+ exit;
+ }
+ unset($_POST['_cont']);
+ require('config.php');
+ $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ if ( isset($crypto_key) )
+ {
+ $cryptkey = $crypto_key;
+ }
+ if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
+ {
+ $cryptkey = $aes->gen_readymade_key();
+ $handle = @fopen(ENANO_ROOT.'/config.php', 'w');
+ if(!$handle)
+ {
+ echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
+ $template->footer();
+ exit;
+ }
+ fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
+ fclose($handle);
+ }
+ ?>
+ <script type="text/javascript">
+ function verify()
+ {
+ var frm = document.forms.login;
+ ret = true;
+ if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
+ {
+ document.getElementById('s_user').src = 'images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_user').src = 'images/bad.gif';
+ ret = false;
+ }
+ if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
+ {
+ document.getElementById('s_password').src = 'images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_password').src = 'images/bad.gif';
+ ret = false;
+ }
+ if(frm.admin_email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+ {
+ document.getElementById('s_email').src = 'images/good.gif';
+ }
+ else
+ {
+ document.getElementById('s_email').src = 'images/bad.gif';
+ ret = false;
+ }
+ if(ret) frm._cont.disabled = false;
+ else frm._cont.disabled = true;
+ return ret;
+ }
+ window.onload = verify;
+
+ function cryptdata()
+ {
+ if(!verify()) return false;
+ }
+ </script>
+ <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
+ <?php
+ $k = array_keys($_POST);
+ for($i=0;$i<sizeof($_POST);$i++) {
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ }
+ ?>
+ <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
+ <table border="0">
+ <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
+ <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr>
+ <td>
+ Allow administrators to embed PHP code into pages:<br />
+ <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
+ <a href="install.php?mode=pophelp&topic=admin_embed_php"
+ onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
+ style="color: #D84308; text-decoration: underline;">important security implications</a>.
+ </span></small>
+ </td>
+ <td>
+ <label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>
+ <label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
+ </td>
+ <td></td>
+ </tr>
+ <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
+ </table>
+ <div class="pagenav">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
+ </tr>
+ </table>
+ </div>
+ <div id="cryptdebug"></div>
+ <input type="hidden" name="use_crypt" value="no" />
+ <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
+ <input type="hidden" name="crypt_data" value="" />
+ </form>
+ <script type="text/javascript">
+ // <![CDATA[
+ frm.admin_user.focus();
+ function runEncryption()
+ {
+ str = '';
+ for(i=0;i<keySizeInBits/4;i++) str+='0';
+ var key = hexToByteArray(str);
+ var pt = hexToByteArray(str);
+ var ct = rijndaelEncrypt(pt, key, "ECB");
+ var ect = byteArrayToHex(ct);
+ switch(keySizeInBits)
+ {
+ case 128:
+ v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ break;
+ case 192:
+ v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ break;
+ case 256:
+ v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ break;
+ }
+ var testpassed = ( ect == v && md5_vm_test() );
+ var frm = document.forms.login;
+ if(testpassed)
+ {
+ // alert('encryption self-test passed');
+ frm.use_crypt.value = 'yes';
+ var cryptkey = frm.crypt_key.value;
+ frm.crypt_key.value = '';
+ if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
+ {
+ alert('Byte array conversion SUCKS');
+ testpassed = false;
+ }
+ cryptkey = hexToByteArray(cryptkey);
+ if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ {
+ frm._cont.disabled = true;
+ len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ }
+ }
+ else
+ {
+ // alert('encryption self-test FAILED');
+ }
+ if(testpassed)
+ {
+ pass = frm.admin_pass.value;
+ pass = stringToByteArray(pass);
+ cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ //decrypted = rijndaelDecrypt(cryptstring, cryptkey, 'ECB');
+ //decrypted = byteArrayToString(decrypted);
+ //return false;
+ if(!cryptstring)
+ {
+ return false;
+ }
+ cryptstring = byteArrayToHex(cryptstring);
+ // document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
+ frm.crypt_data.value = cryptstring;
+ frm.admin_pass.value = '';
+ frm.admin_pass_confirm.value = '';
+ }
+ return false;
+ }
+ // ]]>
+ </script>
+ <?php
+ break;
+ case "confirm":
+ if(!isset($_POST['_cont'])) {
+ echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+ $template->footer();
+ exit;
+ }
+ unset($_POST['_cont']);
+ ?>
+ <form name="confirm" action="install.php?mode=install" method="post">
+ <?php
+ $k = array_keys($_POST);
+ for($i=0;$i<sizeof($_POST);$i++) {
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ }
+ ?>
+ <h3>Enano is ready to install.</h3>
+ <p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
+ and then click the button below to install the database.</p>
+ <ul>
+ <li>Database hostname: <?php echo $_POST['db_host']; ?></li>
+ <li>Database name: <?php echo $_POST['db_name']; ?></li>
+ <li>Database user: <?php echo $_POST['db_user']; ?></li>
+ <li>Database password: <hidden></li>
+ <li>Site name: <?php echo $_POST['sitename']; ?></li>
+ <li>Site description: <?php echo $_POST['sitedesc']; ?></li>
+ <li>Administration username: <?php echo $_POST['admin_user']; ?></li>
+ <li>Cipher strength: <?php echo (string)AES_BITS; ?>-bit AES<br /><small>Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.</small></li>
+ </ul>
+ <div class="pagenav">
+ <table border="0">
+ <tr>
+ <td><input type="submit" value="Install Enano!" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Pray.</p></td>
+ </tr>
+ </table>
+ </div>
+ </form>
+ <?php
+ break;
+ case "install":
+ if(!isset($_POST['db_host']) ||
+ !isset($_POST['db_name']) ||
+ !isset($_POST['db_user']) ||
+ !isset($_POST['db_pass']) ||
+ !isset($_POST['sitename']) ||
+ !isset($_POST['sitedesc']) ||
+ !isset($_POST['copyright']) ||
+ !isset($_POST['admin_user']) ||
+ !isset($_POST['admin_pass']) ||
+ !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
+ !isset($_POST['urlscheme'])
+ )
+ {
+ echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
+ $template->footer();
+ exit;
+ }
+ switch($_POST['urlscheme'])
+ {
+ case "ugly":
+ default:
+ $cp = scriptPath.'/index.php?title=';
+ break;
+ case "short":
+ $cp = scriptPath.'/index.php/';
+ break;
+ case "tiny":
+ $cp = scriptPath.'/';
+ break;
+ }
+ function err($t) { global $template; echo $t; $template->footer(); exit; }
+
+ echo 'Connecting to MySQL...';
+ if($_POST['db_root_user'] != '')
+ {
+ $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ if(!$conn) err('Error connecting to MySQL: '.mysql_error());
+ $q = mysql_query('USE '.$_POST['db_name']);
+ if(!$q)
+ {
+ $q = mysql_query('CREATE DATABASE '.$_POST['db_name']);
+ if(!$q) err('Error initializing database: '.mysql_error());
+ }
+ $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
+ if(!$q) err('Could not create the user account');
+ $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
+ if(!$q) err('Could not create the user account');
+ mysql_close($conn);
+ }
+ $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ if(!$conn) err('Error connecting to MySQL: '.mysql_error());
+ $q = mysql_query('USE '.$_POST['db_name']);
+ if(!$q) err('Error selecting database: '.mysql_error());
+ echo 'done!<br />';
+
+ // Are we supposed to drop any existing tables? If so, do it now
+ if(isset($_POST['drop_tables']))
+ {
+ echo 'Dropping existing Enano tables...';
+ // Our list of tables included in Enano
+ $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' );
+ $tables = implode(', ', $tables);
+ $tables = str_replace('mdg_', $_POST['table_prefix'], $tables);
+ $query_of_death = 'DROP TABLE '.$tables.';';
+ mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist
+ echo 'done!<br />';
+ }
+
+ $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
+
+ echo 'Decrypting administration password...';
+
+ $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+
+ if ( !empty($_POST['crypt_data']) )
+ {
+ require('config.php');
+ if ( !isset($cryptkey) )
+ {
+ echo 'failed!<br />Cannot get the key from config.php';
+ break;
+ }
+ $key = hexdecode($cryptkey);
+
+ $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+
+ }
+ else
+ {
+ $dec = $_POST['admin_pass'];
+ }
+ echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
+ $privkey = $aes->gen_readymade_key();
+ $pkba = hexdecode($privkey);
+ $encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
+
+ echo 'done!<br />Preparing for schema execution...';
+ $schema = file_get_contents('schema.sql');
+ $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema);
+ $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema);
+ $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema);
+ $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema);
+ $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($encpass ), $schema);
+ $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema);
+ $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema);
+ $schema = str_replace('{{REAL_NAME}}', '', $schema);
+ $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
+ $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
+ $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema);
+ // Not anymore!! :-D
+ // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);
+
+ if(isset($_POST['wiki_mode']))
+ {
+ $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+ }
+ else
+ {
+ $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+ }
+
+ // Build an array of queries
+ $schema = explode("\n", $schema);
+
+ foreach ( $schema as $i => $sql )
+ {
+ $query =& $schema[$i];
+ $t = trim($query);
+ if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
+ {
+ unset($schema[$i]);
+ unset($query);
+ }
+ }
+
+ $schema = array_values($schema);
+ $schema = implode("\n", $schema);
+ $schema = explode(";\n", $schema);
+
+ foreach ( $schema as $i => $sql )
+ {
+ $query =& $schema[$i];
+ if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
+ {
+ $query .= ';';
+ }
+ }
+
+ // echo '<pre>' . htmlspecialchars(print_r($schema, true)) . '</pre>';
+ // break;
+
+ echo 'done!<br />Executing schema.sql...';
+
+ // OK, do the loop, baby!!!
+ foreach($schema as $q)
+ {
+ $r = mysql_query($q, $conn);
+ if(!$r) err('Error during mainstream installation: '.mysql_error());
+ }
+
+ echo 'done!<br />Writing configuration files...';
+ if($_POST['urlscheme']=='tiny')
+ {
+ $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
+ if(!$ht) err('Error opening file .htaccess for writing');
+ fwrite($ht, '
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
+RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
+');
+ fclose($ht);
+ }
+
+ $config_file = '<?php
+/* Enano auto-generated configuration file - editing not recommended! */
+$dbhost = \''.addslashes($_POST['db_host']).'\';
+$dbname = \''.addslashes($_POST['db_name']).'\';
+$dbuser = \''.addslashes($_POST['db_user']).'\';
+$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
+if(!defined(\'ENANO_CONSTANTS\')) {
+define(\'ENANO_CONSTANTS\', \'\');
+define(\'table_prefix\', \''.$_POST['table_prefix'].'\');
+define(\'scriptPath\', \''.scriptPath.'\');
+define(\'contentPath\', \''.$cp.'\');
+define(\'ENANO_INSTALLED\', \'true\');
+}
+$crypto_key = \''.$privkey.'\';
+?>';
+
+ $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w');
+ if(!$cf_handle) err('Couldn\'t open file config.php for writing');
+ fwrite($cf_handle, $config_file);
+ fclose($cf_handle);
+
+ echo 'done!<br />Starting the Enano API...';
+
+ $template_bak = $template;
+
+ // Get Enano loaded
+ $_GET['title'] = 'Main_Page';
+ require('includes/common.php');
+
+ // We need to be logged in (with admin rights) before logs can be flushed
+ $session->login_without_crypto($_POST['admin_user'], $dec, false);
+
+ // Now that login cookies are set, initialize the session manager and ACLs
+ $session->start();
+ $paths->init();
+
+ unset($template);
+ $template =& $template_bak;
+
+ echo 'done!<br />Initializing logs...';
+
+ $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn);
+ if ( !$q )
+ err('Error setting up logs: '.$db->get_error());
+
+ if ( !$session->get_permissions('clear_logs') )
+ {
+ echo '<br />Error: session manager won\'t permit flushing logs, these is a bug.';
+ break;
+ }
+
+ // unset($session);
+ // $session = new sessionManager();
+ // $session->start();
+
+ PageUtils::flushlogs('Main_Page', 'Article');
+
+ echo 'done!<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
+
+ // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
+
+ break;
+ case "finish":
+ echo '<h3>Congratulations!</h3>
+ <p>You have finished installing Enano on this server.</p>
+ <h3>Now what?</h3>
+ <p>Click the link below to see the main page for your website. Where to go from here:</p>
+ <ul>
+ <li>The first thing you should do is log into your site using the Log in link on the sidebar.</li>
+ <li>Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.</li>
+ <li>Visit the <a href="http://enanocms.org/Category:Plugins" onclick="window.open(this.href); return false;">Enano Plugin Gallery</a> to download and use plugins on your site.</li>
+ <li>Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.</li>
+ <li>Hire some moderators, to help you keep rowdy users tame.</li>
+ <li>Tell the <a href="http://enanocms.org/Contact_us">Enano team</a> what you think.</li>
+ <li><b>Spread the word about Enano by adding a link to the Enano homepage on your sidebar!</b> You can enable this option in the General Configuration section of the administration panel.</li>
+ </ul>
+ <p><a href="index.php">Go to your website...</a></p>';
+ break;
+}
+$template->footer();
+
+?>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/language/english/enano.json Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,556 @@
+/*
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * Version 1.1.1
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ */
+
+// This is the main language file for Enano. Feel free to use it as a base for your own translations.
+// All text in this file before the first left curly brace and all text after the last curly brace will
+// be trimmed. So you can use a limited amount of Javascript in this so that the language can be imported
+// via Javascript as well.
+
+var enano_lang = {
+ categories: [
+ 'adm', 'meta', 'user', 'page', 'comment', 'onpage', 'etc', 'editor', 'history', 'catedit', 'tags', 'delvote', 'ajax', 'sidebar', 'acl',
+ 'perm',
+ ],
+ strings: {
+ meta: {
+ adm: 'Administration panel nav menu',
+ meta: 'Language category strings',
+ user: 'Login, logout, and authentication',
+ page: 'Page creation and control',
+ comment: 'Comment display',
+ onpage: 'On-page buttons and controls',
+ etc: 'Miscellaneous strings',
+ editor: 'Page editor interface',
+ history: 'Page history and log viewer',
+ catedit: 'Categorization box and editor',
+ tags: 'Page tagging interface',
+ delvote: 'Page deletion vote interface',
+ ajax: 'On-page AJAX applets',
+ sidebar: 'Default sidebar blocks and buttons',
+ acl: 'Access control list editor',
+ perm: 'Page actions (for ACLs)',
+ plural: 's',
+ enano_about_poweredby: '<p>This website is powered by <a href="http://enanocms.org/">Enano</a>, the lightweight and open source CMS that everyone can use. Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano uses, please see <a href="http://enanocms.org/Legal_information">Legal Information</a>.</p><p>The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified, distributed, and used to create derivative works. For more information about Free Software, check out the <a href="http://en.wikipedia.org/wiki/Free_Software" onclick="window.open(this.href); return false;">Wikipedia page</a> or the <a href="http://www.fsf.org/" onclick="window.open(this.href); return false;">Free Software Foundation\'s</a> homepage.</p>',
+ enano_about_gpl: '<p>This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p><p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.</p><p>You should have received <a href="%gpl_link%">a copy of the GNU General Public License</a> along with this program; if not, write to:</p><p style="margin-left 2em;">Free Software Foundation, Inc.,<br />51 Franklin Street, Fifth Floor<br />Boston, MA 02110-1301, USA</p><p>Alternatively, you can <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">read it online</a>.</p>',
+ enano_about_lbl_enanoversion: '<a href="http://enanocms.org">Enano</a> version:',
+ enano_about_lbl_webserver: 'Web server:',
+ enano_about_lbl_serverplatform: 'Server platform:',
+ enano_about_lbl_phpversion: '<a href="http://www.php.net/">PHP</a> version:',
+ enano_about_lbl_mysqlversion: '<a href="http://www.mysql.com/">MySQL</a> version:',
+ },
+ user: {
+ login_message_short: 'Please enter your username and password to log in.',
+ login_message_short_elev: 'Please re-enter your login details',
+ login_body: 'Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="%reg_link%">create an account</a>.',
+ login_body_elev: 'You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.',
+ login_field_username: 'Username',
+ login_field_password: 'Password',
+ login_forgotpass_blurb: 'Forgot your password? <a href="%forgotpass_link%">No problem.</a>',
+ login_createaccount_blurb: 'Maybe you need to <a href="%reg_link%">create an account</a>.',
+ login_field_captcha: 'Code in image',
+ login_nocrypt_title: 'Important note regarding cryptography:',
+ login_nocrypt_body: 'Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="%nocrypt_link%">log in without using encryption</a>.',
+ login_nocrypt_countrylist: 'This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.',
+ login_usecrypt_title: 'Encryption is currently turned off.',
+ login_usecrypt_body: 'If you are not in one of the countries listed below, you should <a href="%usecrypt_link%">enable encryption</a> to secure the logon process.',
+ login_usecrypt_countrylist: 'The cryptography restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.',
+ login_success_title: 'Login successful',
+ login_success_body: 'You have successfully logged into the %config.site_name% site as "%username%". Redirecting to %redir_target%...',
+ login_success_body_mainpage: 'the main page',
+
+ login_ajax_fetching_key: 'Fetching an encryption key...',
+ login_ajax_prompt_title: 'Please enter your username and password to continue.',
+ login_ajax_prompt_title_elev: 'You are requesting a sensitive operation.',
+ login_ajax_prompt_body_elev: 'Please re-enter your login details, to verify your identity.',
+ login_ajax_link_fullform: 'Trouble logging in? Try the <a href="%link_full_form%">full login form</a>.',
+ login_ajax_link_forgotpass: 'Did you <a href="%forgotpass_link%">forget your password</a>?',
+ login_ajax_loggingin: 'Logging in...',
+
+ err_key_not_found: 'Enano couldn\'t look up the encryption key used to encrypt your password. This most often happens if a cache rotation occurred during your login attempt, or if you refreshed the login page.',
+ err_key_wrong_length: 'The encryption key was the wrong length.',
+ err_too_big_for_britches: 'You are trying to authenticate at a level that your user account does not permit.',
+ err_invalid_credentials: 'You have entered an invalid username or password. Please enter your login details again.',
+ err_invalid_credentials_lockout: ' You have used up %fails% out of %config.lockout_threshold% login attempts. After you have used up all %config.lockout_threshold% login attempts, you will be locked out from logging in for %config.lockout_duration% minutes.',
+ err_invalid_credentials_lockout_captcha: ' You have used up %lockout_fails% out of %config.lockout_threshold% login attempts. After you have used up all %config.lockout_threshold% login attempts, you will have to enter a visual confirmation code while logging in, effective for %config.lockout_duration% minutes.',
+ err_backend_fail: 'You entered the right credentials and everything was validated, but for some reason Enano couldn\'t register your session. This is an internal problem with the site and you are encouraged to contact site administration.',
+ err_locked_out: 'You have used up all %config.lockout_threshold% allowed login attempts. Please wait %time_rem% minute%plural% before attempting to log in again%captcha_blurb%.',
+ err_locked_out_captcha_blurb: ', or enter the visual confirmation code shown above in the appropriate box',
+
+ logout_success_title: 'Logged out',
+ logout_success_body: 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.',
+ logout_confirm_title: 'Are you sure you want to log out?',
+ logout_confirm_body: 'If you log out, you will no longer be able to access your user preferences, your private messages, or certain areas of this site until you log in again.',
+ logout_confirm_title_elev: 'Are you sure you want to de-authenticate?',
+ logout_confirm_body_elev: 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.',
+ logout_err_title: 'An error occurred during the logout process.',
+ // Unused at this point
+ logout_err_not_loggedin: 'You don\'t seem to be logged in.',
+
+ keepalive_info_title: 'About the keep-alive feature',
+ keepalive_info_body: 'Keep-alive is a new Enano feature that keeps your administrative session from timing out while you are using the administration panel. This feature can be useful if you are editing a large page or doing something in the administration interface that will take longer than 15 minutes.<br /><br />For security reasons, Enano mandates that high-privilege logins last only 15 minutes, with the time being reset each time a page is loaded (or, more specifically, each time the session API is started). The consequence of this is that if you are performing an action in the administration panel that takes more than 15 minutes, your session may be terminated. The keep-alive feature attempts to relieve this by sending a "ping" to the server every 10 minutes.<br /><br />Please note that keep-alive state is determined by a cookie. Thus, if you log out and then back in as a different administrator, keep-alive will use the same setting that was used when you were logged in as the first administrative user. In the same way, if you log into the administration panel under your account from another computer, keep-alive will be set to "off".<br /><br /><b>For more information:</b><br /><a href="http://docs.enanocms.org/Help:Appendix_B" onclick="window.open(this.href); return false;">Overview of Enano\'s security model</a>',
+
+ type_guest: 'Guest',
+ type_member: 'Member',
+ type_mod: 'Moderator',
+ type_admin: 'Administrator',
+
+ msg_elev_timed_out: '<b>Your administrative session has timed out.</b> <a href="%login_link%">Log in again</a>',
+
+ reg_err_captcha: 'The confirmation code you entered was incorrect.',
+ reg_err_disabled_title: 'Registration disabled',
+ reg_err_disabled_body: 'The administrator has disabled the registration of new accounts on this site.',
+ reg_err_disabled_body_adminblurb: 'Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="%reg_link%">force account registration to work</a>.',
+ reg_err_username_invalid: 'Your username must be at least two characters in length and may not contain any of the following characters: < > _ & ? \' " % / \\.',
+ // Not exactly an error
+ reg_err_password_good: 'The password you entered is valid.',
+ reg_err_alert_password_tooshort: 'Your password must be 6 characters or greater in length.',
+ reg_err_alert_password_nomatch: 'The passwords you entered do not match.',
+ reg_err_missing_key: 'Couldn\'t look up public encryption key',
+
+ reg_msg_greatercontrol: 'A user account enables you to have greater control over your browsing experience.',
+ reg_msg_table_title: 'Create a user account',
+ reg_msg_table_subtitle: 'Please tell us a little bit about yourself.',
+ reg_msg_username_checking: 'Checking availability...',
+ reg_msg_username_available: 'This username is available.',
+ reg_msg_username_unavailable: 'This username is already taken.',
+ reg_msg_password_length: 'Your password must be at least six characters in length.',
+ reg_msg_password_score: 'It needs to score at least <b>%config.pw_strength_minimum%</b> for your registration to be accepted.',
+ reg_msg_password_needmatch: 'The passwords you entered do not match.',
+ reg_msg_email_activuser: 'An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.',
+ reg_msg_realname_optional: 'Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.',
+ reg_msg_captcha_pleaseenter: 'Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a %regen_flags%>generate a new image</a>.',
+ reg_msg_captcha_blind: 'If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.',
+ reg_msg_success_title: 'Registration successful',
+ reg_msg_success_body: 'Thank you for registering, your user account has been created.',
+ reg_msg_success_activ_none: 'You may now <a href="%login_link%">log in</a> with the username and password that you created.',
+ reg_msg_success_activ_user: 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.',
+ reg_msg_success_activ_admin: 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.',
+ reg_msg_success_activ_coppa: 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.',
+
+ reg_lbl_field_username: 'Preferred username:',
+ reg_lbl_field_password: 'Password:',
+ reg_lbl_field_password_confirm: 'Enter your password again to confirm.',
+ reg_lbl_field_email: 'E-mail address:',
+ reg_lbl_field_email_coppa: 'Your parent or guardian\'s e-mail address:',
+ reg_lbl_field_realname: 'Real name:',
+ reg_lbl_field_captcha: 'Visual confirmation',
+ reg_lbl_field_captcha_code: 'Code:',
+
+ reg_coppa_title: 'Before you can register, please tell us your age.',
+ reg_coppa_link_atleast13: 'I was born <b>on or before</b> %yo13_date% and am <b>at least</b> 13 years of age',
+ reg_coppa_link_not13: 'I was born <b>after</b> %yo13_date% and am <b>less than</b> 13 years of age',
+ },
+ onpage: {
+ lbl_pagetools: 'Page tools',
+ lbl_page_article: 'article',
+ lbl_page_admin: 'administration page',
+ lbl_page_system: 'system message',
+ lbl_page_file: 'uploaded file',
+ lbl_page_help: 'documentation page',
+ lbl_page_user: 'user page',
+ lbl_page_special: 'special page',
+ lbl_page_template: 'template',
+ lbl_page_project: 'project page',
+ lbl_page_category: 'category',
+
+ btn_discussion: 'discussion (%num_comments%)',
+ btn_discussion_unapp: 'discussion (%num_comments% total, %num_unapp% unapp.)',
+ btn_edit: 'edit this page',
+ btn_viewsource: 'view source',
+ btn_history: 'history',
+ btn_moreoptions: 'more options',
+
+ btn_rename: 'rename',
+ btn_printable: 'view printable version',
+ btn_votedelete: 'vote to delete this page',
+ btn_votedelete_reset: 'reset deletion votes',
+ lbl_wikimode: 'page wiki mode:',
+ btn_wikimode_on: 'on',
+ btn_wikimode_off: 'off',
+ btn_wikimode_global: 'global',
+ lbl_protect: 'protection:',
+ btn_protect_on: 'on',
+ btn_protect_off: 'off',
+ btn_protect_semi: 'semi',
+ btn_clearlogs: 'clear page logs',
+ btn_deletepage: 'delete this page',
+ btn_deletepage_votes: ' (<b>%num_votes%</b> vote%plural%)',
+ lbl_password: 'page password:',
+ btn_password_set: 'set',
+ btn_acl: 'manage page access',
+ btn_admin: 'administrative options',
+ },
+ comment: {
+ lbl_subject: 'Subject',
+ lbl_mod_options: 'Moderator options:',
+ heading: 'Article comments',
+ btn_send_privmsg: 'Send private message',
+ btn_add_buddy: 'Add to buddy list',
+ btn_edit: 'edit',
+ btn_delete: 'delete',
+ btn_mod_approve: 'Approve',
+ btn_mod_unapprove: 'Unapprove',
+ btn_mod_delete: 'Delete',
+ btn_save: 'save',
+
+ msg_comment_posted: 'Your comment has been posted. If it does not appear right away, it is probably awaiting approval.',
+
+ msg_count_zero: 'There are <span id="comment_count_inner">no</span> comments on this %page_type%.',
+ msg_count_one: 'There is <span id="comment_count_inner">1</span> comment on this %page_type%.',
+ msg_count_plural: 'There are <span id="comment_count_inner">%num_comments%</span> comments on this %page_type%.',
+
+ msg_count_unapp_mod: '<span id="comment_count_unapp_inner">%num_unapp%</span> of those are unapproved.',
+ msg_count_unapp_one: 'However, there is <span id="comment_count_unapp_inner">1</span> additional comment awaiting approval.',
+ msg_count_unapp_plural: 'However, there are <span id="comment_count_unapp_inner">%num_unapp%</span> additional comments awaiting approval.',
+
+ msg_note_unapp: '(Unapproved)',
+
+ msg_delete_confirm: 'Do you really want to delete this comment?',
+
+ postform_title: 'Got something to say?',
+ postform_blurb: 'If you have comments or suggestions on this article, you can shout it out here.',
+ postform_blurb_unapp: 'Before your post will be visible to the public, a moderator will have to approve it.',
+ postform_blurb_captcha: 'Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.',
+ postform_blurb_link: 'Leave a comment...',
+ postform_field_name: 'Your name/screen name:',
+ postform_field_subject: 'Comment subject:',
+ postform_field_comment: 'Comment:',
+ postform_field_captcha_title: 'Visual confirmation:',
+ postform_field_captcha_blurb: 'Please enter the confirmation code seen in the image on the right into the box. If you cannot read the code, please click on the image to generate a new one. This helps to prevent automated bot posting.',
+ postform_field_captcha_label: 'Confirmation code:',
+ postform_field_captcha_cantread_js: 'If you can\'t read the code, click on the image to generate a new one.',
+ postform_field_captcha_cantread_nojs: 'If you can\'t read the code, please refresh this page to generate a new one.',
+ postform_btn_submit: 'Submit comment',
+
+ on_friend_list: 'On your friend list',
+ on_foe_list: 'On your foe list',
+ },
+ adm: {
+ cat_general: 'General',
+ cat_content: 'Content',
+ cat_appearance: 'Appearance',
+ cat_users: 'Users',
+ cat_security: 'Security',
+ cat_plugins: 'Plugin configuration',
+
+ page_general_config: 'General configuration',
+ page_file_uploads: 'File uploads',
+ page_file_types: 'Allowed file types',
+ page_plugins: 'Manage plugins',
+ page_db_backup: 'Backup database',
+
+ page_manager: 'Manage pages',
+ page_editor: 'Edit page content',
+ page_pg_groups: 'Manage page groups',
+
+ page_themes: 'Manage themes',
+
+ page_users: 'Manage users',
+ page_user_groups: 'Edit user groups',
+ page_coppa: 'COPPA support',
+ page_mass_email: 'Mass e-mail',
+
+ page_security_log: 'Security log',
+ page_ban_control: 'Ban control',
+
+ btn_home: 'Administration panel home',
+ btn_logout: 'Log out of admin panel',
+ btn_keepalive_off: 'Turn on keep-alive',
+ btn_keepalive_on: 'Turn off keep-alive',
+ btn_keepalive_about: 'About keep-alive',
+ btn_keepalive_loading: 'Loading keep-alive button...',
+
+ err_not_auth_title: 'Error: Not authenticated',
+ err_not_auth_body: 'It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="%login_link%">re-authenticate</a> to continue.',
+ },
+ editor: {
+ msg_revert_confirm: 'Do you really want to revert your changes?',
+ msg_discard_confirm: 'Do you really want to discard your changes?',
+ msg_unload: 'If you do, any changes that you have made to this page will be lost.',
+ btn_graphical: 'graphical editor',
+ btn_wikitext: 'wikitext editor',
+ lbl_edit_summary: 'Edit summary:',
+ lbl_minor_edit: 'This is a minor edit',
+ btn_save: 'Save changes',
+ btn_preview: 'Show preview',
+ btn_revert: 'Revert changes',
+ btn_cancel: 'Cancel and return to page',
+ btn_closeviewer: 'Close viewer',
+ preview_blurb: '<b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.',
+ },
+ history: {
+ summary_clearlogs: 'Automatic backup created when logs were purged',
+ page_subtitle: 'History of edits and actions',
+ heading_edits: 'Edits:',
+ heading_other: 'Other changes:',
+ no_entries: 'No history entries in this category.',
+ btn_compare: 'Compare selected revisions',
+ col_diff: 'Diff',
+ col_datetime: 'Date/time',
+ col_user: 'User',
+ col_summary: 'Edit summary',
+ col_minor: 'Minor',
+ col_actions: 'Actions',
+ col_action_taken: 'Action taken',
+ col_extra: 'Extra info',
+ extra_reason: 'Reason:',
+ extra_oldtitle: 'Old title:',
+ tip_rdns: 'Click cell background for reverse DNS info',
+ action_view: 'View',
+ action_contrib: 'User contribs',
+ action_restore: 'Restore',
+ action_revert: 'Revert action',
+ log_protect: 'Protected page',
+ log_unprotect: 'Unprotected page',
+ log_semiprotect: 'Semi-protected page',
+ log_rename: 'Renamed page',
+ log_create: 'Created page',
+ log_delete: 'Deleted page',
+ log_uploadnew: 'Uploaded new file version',
+ lbl_comparingrevisions: 'Comparing revisions:',
+ },
+ page: {
+ protect_lbl_success_title: 'Page protected',
+ protect_lbl_success_body: 'The protection setting has been applied. <a href="%page_link%">Return to the page</a>.',
+ protect_err_need_reason: 'Error: you must enter a reason for protecting this page.',
+ protect_lbl_reason: 'Reason for protecting the page:',
+ protect_lbl_level: 'Protecion level to be applied:',
+ protect_lbl_level_none: 'No protection',
+ protect_lbl_level_semi: 'Semi-protection',
+ protect_lbl_level_full: 'Full protection',
+ protect_btn_submit: 'Protect page',
+
+ rename_err_need_name: 'Error: you must enter a new name for this page.',
+ rename_lbl: 'Please enter a new name for this page:',
+ rename_btn_submit: 'Rename page',
+
+ flushlogs_warning_stern: '<h3>You are about to <span style="color: red;">destroy</span> all logged edits and actions on this page.</h3><p>Unlike deleting or editing this page, this action is <u>not reversible</u>! You should only do this if you are desparate for database space.</p><p>Do you really want to continue?</p>',
+ flushlogs_btn_submit: 'Flush logs',
+
+ delvote_warning_stern: '<h3>Your vote counts.</h3><p>If you think that this page is not relavent to the content on this site, or if it looks like this page was only created in an attempt to spam the site, you can request that this page be deleted by an administrator.</p><p>After you vote, you should leave a comment explaining the reason for your vote, especially if you are the first person to vote against this page.</p>',
+
+ delvote_count_zero: 'So far, no one has voted for the deletion of this page.',
+ delvote_count_one: 'So far, one person has voted to delete this page.',
+ delvote_count_plural: 'So far, %delvotes% people have voted to delete this page.',
+ delvote_btn_submit: 'Vote to delete this page',
+ delvote_reset_btn_submit: 'Reset votes',
+
+ delete_warning_stern: '<h3>You are about to <span style="color: red;">destroy</span> this page.</h3><p>While the deletion of the page itself is completely reversible, it is impossible to recover any comments or category information on this page. If this is a file page, the file along with all older revisions of it will be permanently deleted. Also, any custom information that this page is tagged with, such as a custom name, protection status, or additional settings such as whether to allow comments, will be permanently lost.</p><p>Are you <u>absolutely sure</u> that you want to continue?<br />You will not be asked again.</p>',
+ delete_btn_submit: 'Delete this page',
+ delete_lbl_reason: 'Reason for deleting:',
+
+ wikimode_success_redirect: 'Wiki mode for this page has been set. Redirecting you to the page...',
+ wikimode_level_on: 'Wiki features will be enabled.',
+ wikimode_level_off: 'Wiki features will be disabled.',
+ wikimode_level_global: 'Wiki features will be synchronized to the global setting.',
+ wikimode_heading: 'You are changing wiki mode for this page.',
+ wikimode_warning: 'If you want to continue, please click the button below.',
+ wikimode_blurb_disable: 'Because this will disable the wiki behavior on this page, several features, most notably the ability for users to vote to have this page deleted, will be disabled as they are not relevant to non-wiki pages. In addition, users will not be able to edit this page unless an ACL rule specifically permits them.',
+ wikimode_blurb_enable: 'Because this will enable the wiki behavior on this page, users will gain the ability to freely edit this page unless an ACL rule specifically denies them. If your site is public and gets good traffic, you should be aware of the possiblity of vandalism, and you need to be ready to revert malicious edits to this page.',
+ wikimode_btn_submit: 'Set wiki mode',
+
+ detag_err_page_exists: 'The detag action is only valid for pages that have been deleted in the past.',
+ detag_success_title: 'Page detagged',
+ detag_success_body: 'All stale tags have been removed from this page.',
+ },
+ catedit: {
+ title: 'Select which categories this page should be included in.',
+ no_categories: 'There are no categories on this site yet.',
+ catbox_lbl_categories: 'Categories:',
+ catbox_lbl_uncategorized: '(Uncategorized)',
+ catbox_link_edit: 'edit categorization',
+ catbox_link_showcategorization: 'show page categorization',
+ },
+ tags: {
+ catbox_link: 'show page tags',
+ lbl_page_tags: 'Page tags:',
+ lbl_no_tags: 'No tags on this page',
+ btn_add_tag: '(add a tag)',
+ lbl_add_tag: 'Add a tag:',
+ btn_add: '+ Add',
+ },
+ delvote: {
+ lbl_votes_one: 'There is one user that thinks this page should be deleted.',
+ lbl_votes_plural: 'There are %num_users% users that think this page should be deleted.',
+ lbl_users_that_voted: 'Users that voted:',
+ btn_deletepage: 'Delete page',
+ btn_resetvotes: 'Reset votes',
+ },
+ ajax: {
+ // Client-side messages
+ protect_prompt_reason: 'Reason for (un)protecting:',
+ rename_prompt: 'What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.',
+ delete_prompt_reason: 'Please enter your reason for deleting this page.',
+ delete_confirm: 'You are about to REVERSIBLY delete this page. Do you REALLY want to do this?\n\n(Comments and categorization data, as well as any attached files, will be permanently lost)',
+ delvote_confirm: 'Are you sure that you want to vote that this page be deleted?',
+ delvote_reset_confirm: 'This action will reset the number of votes against this page to zero. Do you really want to do this?',
+ clearlogs_confirm: 'You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?',
+ clearlogs_confirm_nag: 'You\'re ABSOLUTELY sure???',
+ changestyle_select: '[Select]',
+ changestyle_title: 'Change your theme',
+ changestyle_pleaseselect_theme: 'Please select a theme from the list.',
+ changestyle_lbl_theme: 'Theme:',
+ changestyle_lbl_style: 'Style:',
+ changestyle_success: 'Your theme preference has been changed.\nWould you like to reload the page now to see the changes?',
+ killphp_confirm: 'Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.',
+ killphp_success: 'Embedded PHP in pages has been disabled.',
+ lbl_moreoptions_nojs: 'More options for this page',
+
+ // Server-side responses
+ rename_too_short: 'The name you entered is too short. Please enter a longer name for this page.',
+ rename_success: 'The page "%page_name_old%" has been renamed to "%page_name_new%". You are encouraged to leave a comment explaining your action.\n\nYou will see the change take effect the next time you reload this page.',
+ clearlogs_success: 'The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.',
+ delete_need_reason: 'Invalid reason for deletion passed. Please enter a reason for deleting this page.',
+ delete_success: 'This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.',
+ delvote_success: 'Your vote to have this page deleted has been cast.\nYou are encouraged to leave a comment explaining the reason for your vote.',
+ delvote_already_voted: 'It appears that you have already voted to have this page deleted.',
+ delvote_reset_success: 'The number of votes for having this page deleted has been reset to zero.',
+ password_success: 'The password for this page has been set.',
+ password_disable_success: 'The password for this page has been disabled.',
+
+ },
+ sidebar: {
+ title_navigation: 'Navigation',
+ title_tools: 'Tools',
+ title_search: 'Search',
+ title_links: 'Links',
+
+ btn_home: 'Home',
+ btn_createpage: 'Create a page',
+ btn_uploadfile: 'Upload file',
+ btn_specialpages: 'Special pages',
+ btn_administration: 'Administration',
+ btn_editsidebar: 'Edit the sidebar',
+ btn_search_go: 'Go',
+
+ btn_userpage: 'User page',
+ btn_mycontribs: 'My contributions',
+ btn_preferences: 'Preferences',
+ btn_privatemessages: 'Private messages',
+ btn_groupcp: 'Group control panel',
+ btn_register: 'Create an account',
+ btn_login: 'Log in',
+ btn_logout: 'Log out',
+ btn_changestyle: 'Change theme',
+ },
+ acl: {
+ err_access_denied: 'You are not authorized to view or edit access control lists.',
+ err_missing_template: 'It seems that (a) the file acledit.tpl is missing from this theme, and (b) the JSON response is working.',
+ err_user_not_found: 'The username you entered was not found.',
+ err_bad_group_id: 'The group ID you submitted is not valid.',
+ err_demo: 'Editing access control lists is disabled in the administration demo.',
+ err_zero_list: 'Supplied rule list has a length of zero',
+ err_pleaseselect_targettype: 'Please select a target type.',
+ err_pleaseselect_username: 'Please enter a username.',
+
+ radio_usergroup: 'A usergroup',
+ radio_user: 'A specific user',
+ radio_scope_thispage: 'Only this page',
+ radio_scope_wholesite: 'The entire website',
+ radio_scope_pagegroup: 'A group of pages',
+
+ lbl_scope: 'What should this access rule control?',
+ lbl_welcome_title: 'Manage page access',
+ lbl_welcome_body: 'Please select who should be affected by this access rule.',
+ lbl_editwin_title_create: 'Create access rule',
+ lbl_editwin_title_edit: 'Editing permissions',
+ lbl_editwin_body: 'This panel allows you to edit what the %target_type% "<b>%target%</b>" can do on <b>%scope_type%</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.',
+ lbl_deleterule: 'Delete this rule',
+ lbl_save_success_title: 'Permissions updated',
+ lbl_save_success_body: 'The permissions for %target_name% on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.',
+ lbl_delete_success_title: 'Rule deleted',
+ lbl_delete_success_body: 'The access rules for %target_name% on this page have been deleted.',
+ lbl_field_deny: 'Deny',
+ lbl_field_disallow: 'Disallow',
+ lbl_field_wikimode: 'Wiki mode',
+ lbl_field_allow: 'Allow',
+ lbl_help: '<p><b>Permission types:</b></p><ul><li><b>Allow</b> means that the user is allowed to access the item</li><li><b>Wiki mode</b> means the user can access the item if wiki mode is active (per-page wiki mode is taken into account)</li><li><b>Disallow</b> means the user is denied access unless something allows it.</li><li><b>Deny</b> means that the user is denied access to the item. This setting overrides all other permissions.</li></ul>',
+
+ scope_type_wholesite: 'this entire site',
+ scope_type_thispage: 'this page',
+ scope_type_pagegroup: 'this group of pages',
+
+ target_type_user: 'user',
+ target_type_group: 'group',
+
+ msg_guest_howto: 'To edit permissions for guests, select "a specific user", and enter Anonymous as the username.',
+ msg_deleterule_confirm: 'Do you really want to delete this rule?',
+ msg_closeacl_confirm: 'Do you really want to close the ACL manager?',
+
+ btn_success_dismiss: 'dismiss',
+ btn_success_close: 'close manager',
+ btn_deleterule: 'Delete rule',
+ btn_createrule: 'Create rule',
+ btn_returnto_editor: 'Return to ACL editor',
+ btn_returnto_userscope: 'Return to user/scope selection',
+ },
+ perm: {
+ read: 'Read page(s)',
+ post_comments: 'Post comments',
+ edit_comments: 'Edit own comments',
+ edit_page: 'Edit page',
+ view_source: 'View source',
+ mod_comments: 'Moderate comments',
+ history_view: 'View history/diffs',
+ history_rollback: 'Rollback history',
+ history_rollback_extra: 'Undelete page(s)',
+ protect: 'Protect page(s)',
+ rename: 'Rename page(s)',
+ clear_logs: 'Clear page logs (dangerous)',
+ vote_delete: 'Vote to delete',
+ vote_reset: 'Reset delete votes',
+ delete_page: 'Delete page(s)',
+ tag_create: 'Tag page(s)',
+ tag_delete_own: 'Remove own page tags',
+ tag_delete_other: 'Remove others\' page tags',
+ set_wiki_mode: 'Set per-page wiki mode',
+ password_set: 'Set password',
+ password_reset: 'Disable/reset password',
+ mod_misc: 'Super moderator (generate SQL backtraces, view IP addresses, and send large numbers of private messages)',
+ edit_cat: 'Edit categorization',
+ even_when_protected: 'Allow editing, renaming, and categorization even when protected',
+ upload_files: 'Upload files',
+ upload_new_version: 'Upload new versions of files',
+ create_page: 'Create pages',
+ php_in_pages: 'Embed PHP code in pages',
+ edit_acl: 'Edit access control lists',
+ },
+ etc: {
+ redirect_title: 'Redirecting...',
+ redirect_body: 'Please wait while you are redirected.',
+ redirect_timeout: 'If you are not redirected within %timeout% seconds, please <a href="%redirect_url%">click here</a>.',
+ // Generic "Save Changes" button
+ save_changes: 'Save changes',
+ // Generic "Cancel changes" button
+ cancel_changes: 'Cancel changes',
+ // Generic wizard buttons
+ wizard_next: 'Next >',
+ wizard_back: '< Back',
+ wizard_previous: '< Previous',
+ // Generic "Notice:" label
+ lbl_notice: 'Notice:',
+ // Generic "Access denied"
+ access_denied: 'Access to the specified file, resource, or action is denied.',
+ access_denied_short: 'Access denied',
+ return_to_page: 'Return to the page',
+ invalid_request_short: 'Invalid request',
+ // Message box buttons
+ ok: 'OK',
+ cancel: 'Cancel',
+ yes: 'Yes',
+ no: 'No'
+ }
+ }
+};
+
+// All done! :-)
+
--- a/licenses/index.html Thu Sep 27 15:55:37 2007 -0400
+++ b/licenses/index.html Sat Nov 03 07:43:35 2007 -0400
@@ -110,6 +110,7 @@
<p><a href="bsdlic.html">View the text of this license</a></p>
<ul>
<li><a href="http://pajhome.org.uk/">Paul Johnston</a>'s implementations of the MD5 and SHA1 algorithms in Javascript</li>
+ <li><a href="http://labs.adobe.com/technologies/spry/">Adobe Spry</a>, used for some Javascript effects</li>
</ul>
<h2>The MIT/X License</h2>
--- a/plugins/PrivateMessages.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/PrivateMessages.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:PrivateMessages, which is used to manage private message functions. Also handles buddy lists.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -35,12 +35,18 @@
function page_Special_PrivateMessages()
{
global $db, $session, $paths, $template, $plugins; // Common objects
- if(!$session->user_logged_in) die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
+ if ( !$session->user_logged_in )
+ {
+ die_friendly('Access denied', '<p>You need to <a href="'.makeUrlNS('Special', 'Login/'.$paths->page).'">log in</a> to view your private messages.</p>');
+ }
$argv = Array();
$argv[] = $paths->getParam(0);
$argv[] = $paths->getParam(1);
$argv[] = $paths->getParam(2);
- if(!$argv[0]) $argv[0] = 'InVaLiD';
+ if ( !$argv[0] )
+ {
+ $argv[0] = 'InVaLiD';
+ }
switch($argv[0])
{
default:
@@ -48,17 +54,29 @@
break;
case 'View':
$id = $argv[1];
- if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
+ if ( !preg_match('#^([0-9]+)$#', $id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
$q = $db->sql_query('SELECT p.message_from, p.message_to, p.subject, p.message_text, p.date, p.folder_name, u.signature FROM '.table_prefix.'privmsgs AS p LEFT JOIN '.table_prefix.'users AS u ON (p.message_from=u.username) WHERE message_id='.$id.'');
- if(!$q) $db->_die('The message data could not be selected.');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
$r = $db->fetchrow();
$db->free_result();
- if( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' ) die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
- if($r['message_to'] == $session->username)
+ if ( ($r['message_to'] != $session->username && $r['message_from'] != $session->username ) || $r['folder_name']=='drafts' )
+ {
+ die_friendly('Access denied', '<p>You are not authorized to view this message.</p>');
+ }
+ if ( $r['message_to'] == $session->username )
{
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET message_read=1 WHERE message_id='.$id.'');
$db->free_result();
- if(!$q) $db->_die('Could not mark message as read');
+ if ( !$q )
+ {
+ $db->_die('Could not mark message as read');
+ }
}
$template->header();
userprefs_show_menu();
@@ -69,7 +87,7 @@
<tr><td class="row1">Subject:</td><td class="row1"><?php echo $r['subject']; ?></td></tr>
<tr><td class="row2">Date:</td><td class="row2"><?php echo date('M j, Y G:i', $r['date']); ?></td></tr>
<tr><td class="row1">Message:</td><td class="row1"><?php echo RenderMan::render($r['message_text']);
- if($r['signature'] != '')
+ if ( $r['signature'] != '' )
{
echo '<hr style="margin-left: 1em; width: 200px;" />';
echo RenderMan::render($r['signature']);
@@ -82,33 +100,60 @@
break;
case 'Move':
$id = $argv[1];
- if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
+ if ( !preg_match('#^([0-9]+)$#', $id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
- if(!$q) $db->_die('The message data could not be selected.');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
$r = $db->fetchrow();
$db->free_result();
- if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
+ if ( $r['message_to'] != $session->username )
+ {
+ die_friendly('Access denied', '<p>You are not authorized to alter this message.</p>');
+ }
$fname = $argv[2];
- if(!$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) ) die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
+ if ( !$fname || ( $fname != 'Inbox' && $fname != 'Outbox' && $fname != 'Sent' && $fname != 'Drafts' && $fname != 'Archive' ) )
+ {
+ die_friendly('Invalid request', '<p>The folder name "'.$fname.'" is invalid.</p>');
+ }
$q = $db->sql_query('UPDATE '.table_prefix.'privmsgs SET folder_name=\''.strtolower($fname).'\' WHERE message_id='.$id.';');
$db->free_result();
- if(!$q) $db->_die('The message was not successfully moved.');
+ if ( !$q )
+ {
+ $db->_die('The message was not successfully moved.');
+ }
die_friendly('Message status', '<p>Your message has been moved to the folder "'.$fname.'".</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
break;
case 'Delete':
$id = $argv[1];
- if(!preg_match('#^([0-9]+)$#', $id)) die_friendly('Message error', '<p>Invalid message ID</p>');
+ if ( !preg_match('#^([0-9]+)$#', $id) )
+ {
+ die_friendly('Message error', '<p>Invalid message ID</p>');
+ }
$q = $db->sql_query('SELECT message_to FROM '.table_prefix.'privmsgs WHERE message_id='.$id.'');
- if(!$q) $db->_die('The message data could not be selected.');
+ if ( !$q )
+ {
+ $db->_die('The message data could not be selected.');
+ }
$r = $db->fetchrow();
- if($r['message_to'] != $session->username) die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
+ if ( $r['message_to'] != $session->username )
+ {
+ die_friendly('Access denied', '<p>You are not authorized to delete this message.</p>');
+ }
$q = $db->sql_query('DELETE FROM '.table_prefix.'privmsgs WHERE message_id='.$id.';');
- if(!$q) $db->_die('The message was not successfully deleted.');
+ if ( !$q )
+ {
+ $db->_die('The message was not successfully deleted.');
+ }
$db->free_result();
die_friendly('Message status', '<p>The message has been deleted.</p><p><a href="'.makeUrlNS('Special', 'PrivateMessages/Folder/Inbox').'">Return to inbox</a></p>');
break;
case 'Compose':
- if($argv[1]=='Send' && isset($_POST['_send']))
+ if ( $argv[1]=='Send' && isset($_POST['_send']) )
{
// Check each POST DATA parameter...
if(!isset($_POST['to']) || ( isset($_POST['to']) && $_POST['to'] == '')) die_friendly('Sending of message failed', '<p>Please enter the username to which you want to send your message.</p>');
@@ -191,10 +236,26 @@
?>
<br />
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr><th colspan="2">Compose new private message</th></tr>
- <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma; you<br />can send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small></td><td class="row1"><?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?></td></tr>
- <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $subj; ?>" /></td></tr>
- <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $text; ?></textarea></td></tr>
+ <tr>
+ <th colspan="2">Compose new private message</th>
+ </tr>
+ <tr>
+ <td class="row1">
+ To:<br />
+ <small>Separate multiple names with a single comma; you<br />
+ may send this message to up to <b><?php echo (string)MAX_PMS_PER_BATCH; ?></b> users.</small>
+ </td>
+ <td class="row1">
+ <?php echo $template->username_field('to', (isset($_POST['_savedraft'])) ? $_POST['to'] : $to ); ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="row2">
+ Subject:
+ </td>
+ <td class="row2">
+ <input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $subj; ?>" /></td></tr>
+ <tr><td class="row1">Message:</td><td class="row1" style="min-width: 80%;"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $text; ?></textarea></td></tr>
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /> <input type="submit" name="_inbox" value="Back to Inbox" /></th></tr>
</table></div>
<?php
@@ -254,9 +315,9 @@
<br />
<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4">
<tr><th colspan="2">Edit draft</th></tr>
- <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['to']; else echo $r['message_to']; ?>" /></td></tr>
- <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo $_POST['subject']; else echo $r['subject']; ?>" /></td></tr>
- <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo $_POST['message']; else echo $r['message_text']; ?></textarea></td></tr>
+ <tr><td class="row1">To:<br /><small>Separate multiple names with a single comma</small></td><td class="row1"><input name="to" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['to']); else echo $r['message_to']; ?>" /></td></tr>
+ <tr><td class="row2">Subject:</td><td class="row2"><input name="subject" type="text" size="30" value="<?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['subject']); else echo $r['subject']; ?>" /></td></tr>
+ <tr><td class="row1">Message:</td><td class="row1"><textarea rows="20" cols="40" name="message" style="width: 100%;"><?php if(isset($_POST['_savedraft'])) echo htmlspecialchars($_POST['message']); else echo $r['message_text']; ?></textarea></td></tr>
<tr><th colspan="2"><input type="submit" name="_send" value="Send message" /> <input type="submit" name="_savedraft" value="Save as draft" /></th></tr>
</table></div>
<?php
--- a/plugins/SpecialAdmin.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialAdmin.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -48,9 +48,12 @@
function page_Admin_Home() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -115,9 +118,12 @@
function page_Admin_GeneralConfig() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -203,6 +209,16 @@
setConfig('pw_strength_minimum', $strength);
}
+ // Account lockout policy
+ if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )
+ setConfig('lockout_threshold', $_POST['lockout_threshold']);
+
+ if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )
+ setConfig('lockout_duration', $_POST['lockout_duration']);
+
+ if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )
+ setConfig('lockout_policy', $_POST['lockout_policy']);
+
echo '<div class="info-box">Your changes to the site configuration have been saved.</div><br />';
}
@@ -344,13 +360,50 @@
<td class="row1">Account activation:</td><td class="row1">
<?php
echo '<label><input'; if(getConfig('account_activation') == 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="disable" /> Disable registration</label><br />';
- echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
+ echo '<label><input'; if(getConfig('account_activation') != 'user' && getConfig('account_activation') != 'admin' && getConfig('account_activation') != 'disable') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="none" /> None</label>';
echo '<label><input'; if(getConfig('account_activation') == 'user') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="user" /> User</label>';
echo '<label><input'; if(getConfig('account_activation') == 'admin') echo ' checked="checked"'; echo ' type="radio" name="account_activation" value="admin" /> Admin</label>';
?>
</td>
</tr>
+ <!-- Account lockout -->
+
+ <tr><th colspan="2">Account lockouts</th></tr>
+
+ <tr><td class="row3" colspan="2">Configure Enano to prevent or restrict logins for a specified period of time if a user enters an incorrect password a specific number of times.</td></tr>
+
+ <tr>
+ <td class="row2">Lockout threshold:<br />
+ <small>How many times can a user enter wrong credentials before a lockout goes into effect?</small>
+ </td>
+ <td class="row2">
+ <input type="text" name="lockout_threshold" value="<?php echo ( $_ = getConfig('lockout_threshold') ) ? $_ : '5' ?>" />
+ </td>
+ </tr>
+
+ <tr>
+ <td class="row1">Lockout duration:<br />
+ <small>This is how long an account lockout should last, in minutes.</small>
+ </td>
+ <td class="row1">
+ <input type="text" name="lockout_duration" value="<?php echo ( $_ = getConfig('lockout_duration') ) ? $_ : '15' ?>" />
+ </td>
+ </tr>
+
+ <tr>
+ <td class="row2">Lockout policy:<br />
+ <small>What should be done when a lockout goes into effect?</small>
+ </td>
+ <td class="row2">
+ <label><input type="radio" name="lockout_policy" value="disable" <?php if ( getConfig('lockout_policy') == 'disable' ) echo 'checked="checked"'; ?> /> Don't do anything</label><br />
+ <label><input type="radio" name="lockout_policy" value="captcha" <?php if ( getConfig('lockout_policy') == 'captcha' ) echo 'checked="checked"'; ?> /> Require visual confirmation</label><br />
+ <label><input type="radio" name="lockout_policy" value="lockout" <?php if ( getConfig('lockout_policy') == 'lockout' || !getConfig('lockout_policy') ) echo 'checked="checked"'; ?> /> Prevent all login attempts</label>
+ </td>
+ </tr>
+
+ <!-- Password strength -->
+
<tr><th colspan="2">Password strength</th></tr>
<tr>
@@ -464,9 +517,12 @@
function page_Admin_UploadConfig()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -581,9 +637,12 @@
function page_Admin_PluginManager() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -722,9 +781,12 @@
function page_Admin_UploadAllowedMimeTypes()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -785,9 +847,12 @@
function page_Admin_Sidebar()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -842,9 +907,12 @@
/*
function page_Admin_UserManager() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -1112,9 +1180,12 @@
function page_Admin_GroupManager()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -1471,9 +1542,12 @@
function page_Admin_COPPA()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -1544,9 +1618,12 @@
function page_Admin_PageManager()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -1740,9 +1817,12 @@
function page_Admin_PageEditor()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -1840,9 +1920,12 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -2103,15 +2186,18 @@
function page_Admin_BanControl()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != '')
{
- $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . $db->escape($_GET['id']) . '');
+ $e = $db->sql_query('DELETE FROM '.table_prefix.'banlist WHERE ban_id=' . intval($_GET['id']) . '');
if(!$e) $db->_die('The ban list entry was not deleted.');
}
if(isset($_POST['create']) && !defined('ENANO_DEMO_MODE'))
@@ -2215,9 +2301,12 @@
function page_Admin_MassEmail()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -2431,9 +2520,12 @@
function page_Admin_DBBackup()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -2535,9 +2627,12 @@
function page_Admin_AdminLogout()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
- echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
+ $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
+ echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
+ echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
@@ -2548,6 +2643,7 @@
function page_Special_Administration()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if($session->auth_level < USER_LEVEL_ADMIN) {
redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
@@ -2573,7 +2669,7 @@
}
if ( t == namespace_list.Admin + 'AdminLogout' )
{
- var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, 'Are you sure you want to de-authenticate?', 'If you de-authenticate, you will no longer be able to use the administration panel until you re-authenticate again. You may do so at any time using the Administration button on the sidebar.');
+ var mb = new messagebox(MB_YESNO|MB_ICONQUESTION, $lang.get('user_logout_confirm_title_elev'), $lang.get('user_logout_confirm_body_elev'));
mb.onclick['Yes'] = function() {
var tigraentry = document.getElementById('i_div0_0').parentNode;
var tigraobj = $(tigraentry);
@@ -2685,7 +2781,7 @@
}
else
{
- echo '<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>';
+ echo '<script type="text/javascript">document.write(\'<div class="wait-box">Please wait while the administration panel loads. You need to be using a recent browser with AJAX support in order to use Runt.</div>\');</script><noscript><div class="error-box">It looks like Javascript isn\'t enabled in your browser. Please enable Javascript or use a different browser to continue.</div></noscript>';
}
?>
</div>
@@ -2710,6 +2806,7 @@
function page_Special_EditSidebar()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if($session->auth_level < USER_LEVEL_ADMIN)
{
@@ -2834,9 +2931,8 @@
if(isset($_GET['action']) && isset($_GET['id']))
{
- if(preg_match('#^([0-9]*)$#', $_GET['id']))
+ if(!preg_match('#^([0-9]*)$#', $_GET['id']))
{
- } else {
echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>';
}
switch($_GET['action'])
@@ -2980,7 +3076,7 @@
echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
break;
}
- $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$query)
{
echo $db->get_error();
@@ -2990,7 +3086,7 @@
echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
break;
case 'delete':
- $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
+ $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
if(!$query)
{
echo $db->get_error();
@@ -3005,7 +3101,7 @@
echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
break;
case 'disenable';
- $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3015,7 +3111,22 @@
$r = $db->fetchrow();
$db->free_result();
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
- $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
+ if(!$q)
+ {
+ echo $db->get_error();
+ $template->footer();
+ exit;
+ }
+ if(isset($_GET['ajax']))
+ {
+ ob_end_clean();
+ die('GOOD');
+ }
+ break;
+ case 'rename';
+ $newname = $db->escape($_POST['newname']);
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3029,7 +3140,7 @@
}
break;
case 'getsource':
- $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3045,7 +3156,7 @@
case 'save':
if ( defined('ENANO_DEMO_MODE') )
{
- $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
@@ -3061,13 +3172,13 @@
$_POST['content'] = sanitize_html($_POST['content'], true);
}
}
- $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
exit;
}
- $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
@@ -3159,6 +3270,8 @@
$parser = $template->makeParserText($vars['sidebar_section']);
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+ // fix for the "Administration" link that somehow didn't get rendered properly
+ $c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
break;
case BLOCK_HTML:
$parser = $template->makeParserText($vars['sidebar_section_raw']);
@@ -3178,7 +3291,10 @@
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
break;
}
- $t = $template->tplWikiFormat($row['block_name']);
+ $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']);
+ if ( empty($block_name) )
+ $block_name = '<Unnamed>';
+ $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
--- a/plugins/SpecialCSS.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialCSS.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:CSS, which is used in template files to reference the style sheet. Disabling or deleting this plugin will result in site instability.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/plugins/SpecialGroups.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialGroups.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides group moderators and site administrators with the ability to control who is part of their groups.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -50,10 +50,10 @@
{
die_friendly('Error', '<p>Hacking attempt</p>');
}
- $q = $db->sql_query('SELECT group_name,group_type FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
+ $q = $db->sql_query('SELECT group_name,group_type,system_group FROM '.table_prefix.'groups WHERE group_id=' . $gid . ';');
if ( !$q )
{
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
}
$row = $db->fetchrow();
$db->free_result();
@@ -70,7 +70,7 @@
ORDER BY m.is_mod DESC,u.username ASC;');
if ( !$q )
{
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
}
$is_member = false;
@@ -127,11 +127,29 @@
{
die_friendly('ERROR', '<p>Hacking attempt</p>');
}
- $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
- if (!$q)
- $db->_die();
- $row['group_type'] = $_POST['group_state'];
- echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
+ $q = $db->sql_query('SELECT group_type, system_group FROM '.table_prefix.'groups WHERE group_id=' . intval( $_POST['group_id']) . ';');
+ if ( !$q )
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
+ $error = false;
+ if ( $db->numrows() < 1 )
+ {
+ echo '<div class="error-box" style="margin-left: 0;">The group you selected does not exist.</div>';
+ $error = true;
+ }
+ $r = $db->fetchrow();
+ if ( $r['system_group'] == 1 && ( intval($_POST['group_state']) == GROUP_OPEN || intval($_POST['group_state']) == GROUP_REQUEST ) )
+ {
+ echo '<div class="error-box" style="margin-left: 0;">Because this is a system group, you can\'t make it open or allow membership requests.</div>';
+ $error = true;
+ }
+ if ( !$error )
+ {
+ $q = $db->sql_query('UPDATE '.table_prefix.'groups SET group_type=' . intval($_POST['group_state']) . ' WHERE group_id=' . intval( $_POST['group_id']) . ';');
+ if (!$q)
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
+ $row['group_type'] = $_POST['group_state'];
+ echo '<div class="info-box" style="margin-left: 0;">The group state was updated.</div>';
+ }
break;
case 'adduser':
$username = $_POST['add_username'];
@@ -139,7 +157,7 @@
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\'' . $db->escape($username) . '\';');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
if ($db->numrows() < 1)
{
echo '<div class="error-box">The username you entered could not be found.</div>';
@@ -152,7 +170,7 @@
// Check if the user is already in the group, and if so, only update modship
$q = $db->sql_query('SELECT member_id,is_mod FROM '.table_prefix.'group_members WHERE user_id=' . $uid . ' AND group_id=' . intval($_POST['group_id']) . ';');
if ( !$q )
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
if ( $db->numrows() > 0 )
{
$r = $db->fetchrow();
@@ -160,7 +178,7 @@
{
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET is_mod=' . $mod . ' WHERE member_id=' . $r['member_id'] . ';');
if ( !$q )
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
foreach ( $members as $i => $member )
{
if ( $member['member_id'] == $r['member_id'] )
@@ -179,7 +197,7 @@
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,is_mod) VALUES(' . intval($_POST['group_id']) . ', ' . $uid . ', ' . $mod . ');');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">The user "' . $username . '" has been added to this usergroup.</div>';
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
@@ -195,7 +213,7 @@
ORDER BY m.is_mod DESC,u.username ASC
LIMIT 1;');
if ( !$q )
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
$r = $db->fetchrow();
$members[] = $r;
@@ -209,7 +227,7 @@
{
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
unset($members[$i]);
}
}
@@ -223,7 +241,7 @@
{
$q = $db->sql_query('UPDATE '.table_prefix.'group_members SET pending=0 WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
$members[] = $member;
unset($pending[$i]);
continue;
@@ -232,7 +250,7 @@
{
$q = $db->sql_query('DELETE FROM '.table_prefix.'group_members WHERE member_id=' . $member['member_id'] . ';');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
unset($pending[$i]);
}
}
@@ -246,7 +264,7 @@
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES(' . $gid . ', ' . $session->user_id . ');');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">You have been added to this group.</div>';
$q = $db->sql_query('SELECT u.username,u.email,u.reg_time,m.member_id,m.user_id,m.is_mod,COUNT(c.comment_id)
@@ -262,7 +280,7 @@
ORDER BY m.is_mod DESC,u.username ASC
LIMIT 1;');
if ( !$q )
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
$r = $db->fetchrow();
$members[] = $r;
@@ -274,7 +292,7 @@
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'group_members(group_id,user_id,pending) VALUES(' . $gid . ', ' . $session->user_id . ', 1);');
if (!$q)
- $db->_die();
+ $db->_die('SpecialGroups.php, line ' . __LINE__);
echo '<div class="info-box">A request has been sent to the moderator(s) of this group to add you.</div>';
}
@@ -305,7 +323,7 @@
</tr>
<tr>
<td class="row2">Group name:</td>
- <td class="row1">' . $row['group_name'] . '</td>
+ <td class="row1">' . $row['group_name'] . ( $row['system_group'] == 1 ? ' (system group)' : '' ) . '</td>
</tr>
<tr>
<td class="row2">Membership status:</td>
--- a/plugins/SpecialPageFuncs.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialPageFuncs.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:CreatePage, which can be used to create new pages. Also adds the About Enano and GNU General Public License pages.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -109,6 +109,17 @@
exit;
}
+ if ( substr($urlname, 0, 8) == 'Project:' )
+ {
+ $template->header();
+
+ echo '<h3>The page could not be created.</h3><p>The page title can\'t start with "Project:" because this prefix is reserved for a parser shortcut.</p>';
+
+ $template->footer();
+ $db->close();
+
+ exit;
+ }
$tn = $paths->nslist[$_POST['namespace']] . $urlname;
if ( isset($paths->pages[$tn]) )
@@ -151,13 +162,13 @@
{
$db->_die('The page entry could not be inserted.');
}
- $q = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text) VALUES(\''.$urlname.'\', \''.$_POST['namespace'].'\', \''.$db->escape('Please edit this page! <nowiki><script type="text/javascript">ajaxEditor();</script></nowiki>').'\');');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text) VALUES(\''.$urlname.'\', \''.$_POST['namespace'].'\', \''.'\');');
if ( !$q )
{
$db->_die('The page text entry could not be inserted.');
}
- header('Location: '.makeUrlNS($_POST['namespace'], sanitize_page_id($p)));
+ header('Location: '.makeUrlNS($_POST['namespace'], sanitize_page_id($p)) . '#do:edit');
exit;
}
$template->header();
@@ -347,6 +358,8 @@
function page_Special_About_Enano()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
$platform = 'Unknown';
$uname = @file_get_contents('/proc/sys/kernel/ostype');
if($uname == "Linux\n")
@@ -367,23 +380,52 @@
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<tr><th colspan="2" style="text-align: left;">About the Enano Content Management System</th></tr>
- <tr><td colspan="2" class="row3"><p>This website is powered by <a href="http://enanocms.org/">Enano</a>, the lightweight and open source
- CMS that everyone can use. Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano
- uses, please see <a href="http://enanocms.org/Legal_information">Legal Information</a>.</p>
- <p>The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified,
- distributed, and used to create derivative works. For more information about Free Software, check out the
- <a href="http://en.wikipedia.org/wiki/Free_Software" onclick="window.open(this.href); return false;">Wikipedia page</a> or
- the <a href="http://www.fsf.org/" onclick="window.open(this.href); return false;">Free Software Foundation's</a> homepage.</p>
- <p>This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
- <p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
- warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.</p>
- <p>You should have received <a href="<?php echo makeUrlNS('Special', 'GNU_General_Public_License'); ?>">a copy of
- the GNU General Public License</a> along with this program; if not, write to:</p>
- <p style="margin-left 2em;">Free Software Foundation, Inc.,<br />
- 51 Franklin Street, Fifth Floor<br />
- Boston, MA 02110-1301, USA</p>
- <p>Alternatively, you can <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">read it online</a>.</p>
+ <tr><td colspan="2" class="row3">
+ <?php
+ echo $lang->get('meta_enano_about_poweredby');
+ $subst = array(
+ 'gpl_link' => makeUrlNS('Special', 'GNU_General_Public_License')
+ );
+ echo $lang->get('meta_enano_about_gpl', $subst);
+ if ( $lang->lang_code != 'eng' ):
+ // Do not remove this block of code. Doing so is a violation of the GPL. (A copy of the GPL in other languages
+ // must be accompanied by a copy of the English GPL.)
+ ?>
+ <h3>(English)</h3>
+ <p>
+ This website is powered by <a href="http://enanocms.org/">Enano</a>, the lightweight and open source CMS that everyone can use.
+ Enano is copyright © 2006-2007 Dan Fuhry. For legal information, along with a list of libraries that Enano uses, please
+ see <a href="http://enanocms.org/Legal_information">Legal Information</a>.
+ </p>
+ <p>
+ The developers and maintainers of Enano strongly believe that software should not only be free to use, but free to be modified,
+ distributed, and used to create derivative works. For more information about Free Software, check out the
+ <a href="http://en.wikipedia.org/wiki/Free_Software" onclick="window.open(this.href); return false;">Wikipedia page</a> or
+ the <a href="http://www.fsf.org/" onclick="window.open(this.href); return false;">Free Software Foundation's</a> homepage.
+ </p>
+ <p>
+ This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ </p>
+ <p>
+ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ </p>
+ <p>
+ You should have received <a href="<?php echo makeUrlNS('Special', 'GNU_General_Public_License'); ?>">a copy of
+ the GNU General Public License</a> along with this program; if not, write to:
+ </p>
+ <p style="margin-left 2em;">
+ Free Software Foundation, Inc.,<br />
+ 51 Franklin Street, Fifth Floor<br />
+ Boston, MA 02110-1301, USA
+ </p>
+ <p>
+ Alternatively, you can <a href="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">read it online</a>.
+ </p>
+ <?php
+ endif;
+ ?>
</td></tr>
<tr>
<td class="row2" colspan="2">
@@ -406,11 +448,11 @@
</table>
</td>
</tr>
- <tr><td style="width: 100px;" class="row1"><a href="http://enanocms.org">Enano</a> version:</td><td class="row1"><?php echo enano_version(true) . ' (' . enano_codename() . ')'; ?></td></tr>
- <tr><td style="width: 100px;" class="row2">Web server:</td><td class="row2"><?php if(isset($_SERVER['SERVER_SOFTWARE'])) echo $_SERVER['SERVER_SOFTWARE']; else echo 'Unable to determine web server software.'; ?></td></tr>
- <tr><td style="width: 100px;" class="row1">Server platform:</td><td class="row1"><?php echo $platform; ?></td></tr>
- <tr><td style="width: 100px;" class="row2"><a href="http://www.php.net/">PHP</a> version:</td><td class="row2"><?php echo PHP_VERSION; ?></td></tr>
- <tr><td style="width: 100px;" class="row1"><a href="http://www.mysql.com/">MySQL</a> version:</td><td class="row1"><?php echo mysql_get_server_info($db->_conn); ?></td></tr>
+ <tr><td style="width: 100px;" class="row1"><?php echo $lang->get('meta_enano_about_lbl_enanoversion'); ?></td><td class="row1"><?php echo enano_version(true) . ' (' . enano_codename() . ')'; ?></td></tr>
+ <tr><td style="width: 100px;" class="row2"><?php echo $lang->get('meta_enano_about_lbl_webserver'); ?></td><td class="row2"><?php if(isset($_SERVER['SERVER_SOFTWARE'])) echo $_SERVER['SERVER_SOFTWARE']; else echo 'Unable to determine web server software.'; ?></td></tr>
+ <tr><td style="width: 100px;" class="row1"><?php echo $lang->get('meta_enano_about_lbl_serverplatform'); ?></td><td class="row1"><?php echo $platform; ?></td></tr>
+ <tr><td style="width: 100px;" class="row2"><?php echo $lang->get('meta_enano_about_lbl_phpversion'); ?></td><td class="row2"><?php echo PHP_VERSION; ?></td></tr>
+ <tr><td style="width: 100px;" class="row1"><?php echo $lang->get('meta_enano_about_lbl_mysqlversion'); ?></td><td class="row1"><?php echo mysql_get_server_info($db->_conn); ?></td></tr>
</table>
</div>
<?php
--- a/plugins/SpecialSearch.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialSearch.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:Search, which is a frontend to the Enano search engine.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -100,18 +100,21 @@
if(!empty($q))
{
// See if any pages directly match the title
-
- for ( $i = 0; $i < count ( $paths->pages ) / 2; $i++ )
+
+ if ( strlen($q) >= 4 )
{
- $pg =& $paths->pages[$i];
- $q_lc = strtolower( str_replace(' ', '_', $q) );
- $q_tl = strtolower( str_replace('_', ' ', $q) );
- $p_lc = strtolower($pg['urlname']);
- $p_tl = strtolower($pg['name']);
- if ( strstr($p_tl, $q_tl) || strstr($p_lc, $q_lc) && $pg['visible'] == 1 )
+ for ( $i = 0; $i < count ( $paths->pages ) / 2; $i++ )
{
- echo '<div class="usermessage">Perhaps you were looking for <b><a href="' . makeUrl($pg['urlname'], false, true) . '">' . htmlspecialchars($pg['name']) . '</a></b>?</div>';
- break;
+ $pg =& $paths->pages[$i];
+ $q_lc = strtolower( str_replace(' ', '_', $q) );
+ $q_tl = strtolower( str_replace('_', ' ', $q) );
+ $p_lc = strtolower($pg['urlname']);
+ $p_tl = strtolower($pg['name']);
+ if ( strstr($p_tl, $q_tl) || strstr($p_lc, $q_lc) && $pg['visible'] == 1 )
+ {
+ echo '<div class="usermessage">Perhaps you were looking for <b><a href="' . makeUrl($pg['urlname'], false, true) . '">' . htmlspecialchars($pg['name']) . '</a></b>?</div>';
+ break;
+ }
}
}
--- a/plugins/SpecialUpdownload.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialUpdownload.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
*
@@ -59,8 +59,14 @@
{
$file = false;
}
- if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
- if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
+ if ( !is_array($file) )
+ {
+ die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
+ }
+ if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size') )
+ {
+ die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
+ }
/*
$allowed_mime_types = Array(
'text/plain',
@@ -88,7 +94,7 @@
*/
$types = fetch_allowed_extensions();
$ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
- if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
+ if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
{
die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
}
--- a/plugins/SpecialUserFuncs.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialUserFuncs.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -90,6 +90,14 @@
\'namespace\'=>\'Special\',
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
));
+
+ $paths->add_page(Array(
+ \'name\'=>\'Language exporter\',
+ \'urlname\'=>\'LangExportJSON\',
+ \'namespace\'=>\'Special\',
+ \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ ));
+
');
// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
@@ -100,18 +108,65 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $__login_status;
+ global $lang;
$pubkey = $session->rijndael_genkey();
$challenge = $session->dss_rand();
+ $locked_out = false;
+ // are we locked out?
+ $threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
+ $duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
+ // convert to minutes
+ $duration = $duration * 60;
+ $policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
+ if ( $policy != 'disable' )
+ {
+ $ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
+ $timestamp_cutoff = time() - $duration;
+ $q = $session->sql('SELECT timestamp FROM '.table_prefix.'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
+ $fails = $db->numrows();
+ if ( $fails >= $threshold )
+ {
+ $row = $db->fetchrow();
+ $locked_out = true;
+ $lockdata = array(
+ 'locked_out' => true,
+ 'lockout_threshold' => $threshold,
+ 'lockout_duration' => ( $duration / 60 ),
+ 'lockout_fails' => $fails,
+ 'lockout_policy' => $policy,
+ 'lockout_last_time' => $row['timestamp'],
+ 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'captcha' => ''
+ );
+ if ( $policy == 'captcha' )
+ {
+ $lockdata['captcha'] = $session->make_captcha();
+ }
+ }
+ $db->free_result();
+ }
+
if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )
{
$username = ( $session->user_logged_in ) ? $session->username : false;
$response = Array(
'username' => $username,
'key' => $pubkey,
- 'challenge' => $challenge
+ 'challenge' => $challenge,
+ 'locked_out' => false
);
+
+ if ( $locked_out )
+ {
+ foreach ( $lockdata as $x => $y )
+ {
+ $response[$x] = $y;
+ }
+ unset($x, $y);
+ }
+
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
$response = $json->encode($response);
echo $response;
@@ -135,10 +190,53 @@
$paths->main_page();
$template->header();
echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';
- $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';
+ $header = ( $level > USER_LEVEL_MEMBER ) ? $lang->get('user_login_message_short_elev') : $lang->get('user_login_message_short');
if ( isset($_POST['login']) )
{
- echo '<p>'.$__login_status.'</p>';
+ $errstring = $__login_status['error'];
+ switch($__login_status['error'])
+ {
+ case 'key_not_found':
+ $errstring = $lang->get('user_err_key_not_found');
+ break;
+ case 'key_wrong_length':
+ $errstring = $lang->get('user_err_key_wrong_length');
+ break;
+ case 'too_big_for_britches':
+ $errstring = $lang->get('user_err_too_big_for_britches');
+ break;
+ case 'invalid_credentials':
+ $errstring = $lang->get('user_err_invalid_credentials');
+ if ( $__login_status['lockout_policy'] == 'lockout' )
+ {
+ $errstring .= $lang->get('err_invalid_credentials_lockout', array('lockout_fails' => $__login_status['lockout_fails']));
+ }
+ else if ( $__login_status['lockout_policy'] == 'captcha' )
+ {
+ $errstring .= $lang->get('user_err_invalid_credentials_lockout_captcha', array('lockout_fails' => $__login_status['lockout_fails']));
+ }
+ break;
+ case 'backend_fail':
+ $errstring = $lang->get('user_err_backend_fail');
+ break;
+ case 'locked_out':
+ $attempts = intval($__login_status['lockout_fails']);
+ if ( $attempts > $__login_status['lockout_threshold'])
+ $attempts = $__login_status['lockout_threshold'];
+
+ $server_time = time();
+ $time_rem = ( $__login_status['lockout_last_time'] == time() ) ? $__login_status['lockout_duration'] : $__login_status['lockout_duration'] - round( ( $server_time - $__login_status['lockout_last_time'] ) / 60 );
+ if ( $time_rem < 1 )
+ $time_rem = $__login_status['lockout_duration'];
+
+ $s = ( $time_rem == 1 ) ? '' : $lang->get('meta_plural');
+
+ $captcha_string = ( $__login_status['lockout_policy'] == 'captcha' ) ? $lang->get('err_locked_out_captcha_blurb') : '';
+ $errstring = $lang->get('user_err_locked_out', array('plural' => $s, 'captcha_blurb' => $captcha_string, 'time_rem' => $time_rem));
+
+ break;
+ }
+ echo '<div class="error-box-mini">'.$errstring.'</div>';
}
if ( $p = $paths->getAllParams() )
{
@@ -159,18 +257,18 @@
<?php
if ( $level <= USER_LEVEL_MEMBER )
{
- echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';
+ echo '<p>' . $lang->get('user_login_body', array('reg_link' => makeUrlNS('Special', 'Register'))) . '</p>';
}
else
{
- echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';
+ echo '<p>' . $lang->get('user_login_body_elev') . '</p>';
}
?>
</td>
</tr>
<tr>
<td class="row2">
- Username:
+ <?php echo $lang->get('user_login_field_username'); ?>:
</td>
<td class="row1">
<input name="username" size="25" type="text" <?php
@@ -189,23 +287,52 @@
?> />
</td>
<?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
- <td rowspan="2" class="row3">
- <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />
- Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>
+ <td rowspan="<?php echo ( ( $locked_out && $lockdata['lockout_policy'] == 'captcha' ) ) ? '4' : '2'; ?>" class="row3">
+ <small><?php echo $lang->get('user_login_forgotpass_blurb', array('forgotpass_link' => makeUrlNS('Special', 'PasswordReset'))); ?><br />
+ <?php echo $lang->get('user_login_createaccount_blurb', array('reg_link' => makeUrlNS('Special', 'Register'))); ?></small>
</td>
<?php } ?>
</tr>
<tr>
- <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
+ <td class="row2">
+ <?php echo $lang->get('user_login_field_password'); ?>:
+ </td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>
</tr>
- <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>
+ <?php
+ if ( $locked_out && $lockdata['lockout_policy'] == 'captcha' )
+ {
+ ?>
+ <tr>
+ <td class="row2" rowspan="2"><?php echo $lang->get('user_login_field_captcha'); ?>:<br /></td><td class="row1"><input type="hidden" name="captcha_hash" value="<?php echo $lockdata['captcha']; ?>" /><input name="captcha_code" size="25" type="text" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '4'; ?>" /></td>
+ </tr>
+ <tr>
+ <td class="row3">
+ <img src="<?php echo makeUrlNS('Special', 'Captcha/' . $lockdata['captcha']) ?>" onclick="this.src=this.src+'/a';" style="cursor: pointer;" />
+ </td>
+ </tr>
+ <?php
+ }
+ ?>
<tr>
<td class="row3" colspan="3">
- <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>
- <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>
+ <?php
+ if ( $level <= USER_LEVEL_MEMBER && ( !isset($_GET['use_crypt']) || ( isset($_GET['use_crypt']) && $_GET['use_crypt']!='0' ) ) )
+ {
+ $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
+ $nocrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=0", true);
+ echo '<p><b>' . $lang->get('user_login_nocrypt_title') . '</b> ' . $lang->get('user_login_nocrypt_body', array('nocrypt_link' => $nocrypt_link)) . '</p>';
+ echo '<p>' . $lang->get('user_login_nocrypt_countrylist') . '</p>';
+ }
+ else if ( $level <= USER_LEVEL_MEMBER && ( isset($_GET['use_crypt']) && $_GET['use_crypt']=='0' ) )
+ {
+ $returnpage_link = ( $return = $paths->getAllParams() ) ? '/' . $return : '';
+ $usecrypt_link = makeUrlNS('Special', "Login$returnpage_link", "level=$level&use_crypt=1", true);
+ echo '<p><b>' . $lang->get('user_login_usecrypt_title') . '</b> ' . $lang->get('user_login_usecrypt_body', array('usecrypt_link' => $usecrypt_link)) . '</p>';
+ echo '<p>' . $lang->get('user_login_usecrypt_countrylist') . '</p>';
+ }
+ ?>
</td>
</tr>
- <?php } ?>
<tr>
<th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>
</tr>
@@ -237,17 +364,18 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $__login_status;
+ global $lang;
if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )
{
$plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
$data = $json->decode($_POST['params']);
+ $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false;
+ $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false;
$level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;
- $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);
+ $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code);
$session->start();
- //echo "$result\n$session->sid_super";
- //exit;
- if ( $result == 'success' )
+ if ( $result['success'] )
{
$response = Array(
'result' => 'success',
@@ -256,9 +384,16 @@
}
else
{
+ $captcha = '';
+ if ( $result['error'] == 'locked_out' && $result['lockout_policy'] == 'captcha' )
+ {
+ $session->kill_captcha();
+ $captcha = $session->make_captcha();
+ }
$response = Array(
'result' => 'error',
- 'error' => $result
+ 'data' => $result,
+ 'captcha' => $captcha
);
}
$response = $json->encode($response);
@@ -267,27 +402,37 @@
exit;
}
if(isset($_POST['login'])) {
+ $captcha_hash = ( isset($_POST['captcha_hash']) ) ? $_POST['captcha_hash'] : false;
+ $captcha_code = ( isset($_POST['captcha_code']) ) ? $_POST['captcha_code'] : false;
if($_POST['use_crypt'] == 'yes')
{
- $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));
+ $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']), $captcha_hash, $captcha_code);
}
else
{
- $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));
+ $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']), $captcha_hash, $captcha_code);
}
$session->start();
$paths->init();
- if($result == 'success')
+ if($result['success'])
{
$template->load_theme($session->theme, $session->style);
if(isset($_POST['return_to']))
{
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
- redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ $subst = array(
+ 'username' => $session->username,
+ 'redir_target' => $name
+ );
+ redirect( makeUrl($_POST['return_to'], false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
}
else
{
- redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );
+ $subst = array(
+ 'username' => $session->username,
+ 'redir_target' => $lang->get('user_login_success_body_mainpage')
+ );
+ redirect( makeUrl(getConfig('main_page'), false, true), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
}
}
else
@@ -317,22 +462,26 @@
function page_Special_Logout() {
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
if ( !$session->user_logged_in )
$paths->main_page();
$l = $session->logout();
if ( $l == 'success' )
{
- redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
+
+ redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4);
}
$template->header();
- echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';
+ echo '<h3>' . $lang->get('user_logout_err_title') . '</h3>';
+ echo '<p>' . $l . '</p>';
$template->footer();
}
function page_Special_Register()
{
global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
// form field trackers
$username = '';
@@ -341,8 +490,8 @@
if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))
{
- $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';
- die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);
+ $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>' . $lang->get('user_reg_err_disabled_body_adminblurb', array( 'reg_link' => makeUrl($paths->page, 'IWannaPlayToo&coppa=no', true) )) . '</p>' : '';
+ die_friendly($lang->get('user_reg_err_disabled_title'), '<p>' . $lang->get('user_reg_err_disabled_body') . '</p>' . $s);
}
if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )
{
@@ -355,7 +504,7 @@
$captcharesult = $session->get_captcha($_POST['captchahash']);
if($captcharesult != $_POST['captchacode'])
{
- $s = 'The confirmation code you entered was incorrect.';
+ $s = $lang->get('user_reg_err_captcha');
}
else
{
@@ -379,7 +528,7 @@
$crypt_key = $session->fetch_public_key($_POST['crypt_key']);
if ( !$crypt_key )
{
- $s = 'Couldn\'t look up public encryption key';
+ $s = $lang->get('user_reg_err_missing_key');
}
else
{
@@ -406,28 +555,28 @@
{
case "none":
default:
- $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';
+ $str = $lang->get('user_reg_msg_success_activ_none', array('login_link' => makeUrlNS('Special', 'Login', false, true)));
break;
case "user":
- $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';
+ $str = $lang->get('user_reg_msg_success_activ_user');
break;
case "admin":
- $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';
+ $str = $lang->get('user_reg_msg_success_activ_admin');
break;
}
- die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
}
else if ( $s == 'success' && $coppa )
{
- $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';
- die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');
+ $str = $lang->get('user_reg_msg_success_activ_coppa');
+ die_friendly($lang->get('user_reg_msg_success_title'), '<p>' . $lang->get('user_reg_msg_success_body') . ' ' . $str . '</p>');
}
$username = htmlspecialchars($_POST['username']);
$email = htmlspecialchars($_POST['email']);
$realname = htmlspecialchars($_POST['real_name']);
}
$template->header();
- echo 'A user account enables you to have greater control over your browsing experience.';
+ echo $lang->get('user_reg_msg_greatercontrol');
if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )
{
@@ -439,22 +588,22 @@
$challenge = $session->dss_rand();
?>
- <h3>Create a user account</h3>
- <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="runEncryption();">
+ <h3><?php echo $lang->get('user_reg_msg_table_title'); ?></h3>
+ <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post" onsubmit="return runEncryption();">
<div class="tblholder">
<table border="0" width="100%" cellspacing="1" cellpadding="4">
- <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>
+ <tr><th class="subhead" colspan="3"><?php echo $lang->get('user_reg_msg_table_subtitle'); ?></th></tr>
<?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>
<!-- FIELD: Username -->
<tr>
<td class="row1" style="width: 50%;">
- Preferred username:
+ <?php echo $lang->get('user_reg_lbl_field_username'); ?>
<span id="e_username"></span>
</td>
<td class="row1" style="width: 50%;">
- <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" />
+ <input tabindex="1" type="text" name="username" size="30" value="<?php echo $username; ?>" onkeyup="namegood = false; validateForm(this);" onblur="checkUsername();" />
</td>
<td class="row1" style="max-width: 24px;">
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />
@@ -464,14 +613,14 @@
<!-- FIELD: Password -->
<tr>
<td class="row3" style="width: 50%;" rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>">
- Password:
+ <?php echo $lang->get('user_reg_lbl_field_password'); ?>
<span id="e_password"></span>
<?php if ( getConfig('pw_strength_enable') == '1' && getConfig('pw_strength_minimum') > -10 ): ?>
- <small>It needs to score at least <b><?php echo getConfig('pw_strength_minimum'); ?></b> for your registration to be accepted.</small>
+ <small><?php echo $lang->get('user_reg_msg_password_score'); ?></small>
<?php endif; ?>
</td>
<td class="row3" style="width: 50%;">
- <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm();" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
+ <input tabindex="2" type="password" name="password" size="15" onkeyup="<?php if ( getConfig('pw_strength_enable') == '1' ): ?>password_score_field(this); <?php endif; ?>validateForm(this);" /><?php if ( getConfig('pw_strength_enable') == '1' ): ?><span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span><?php endif; ?>
</td>
<td rowspan="<?php echo ( getConfig('pw_strength_enable') == '1' ) ? '3' : '2'; ?>" class="row3" style="max-width: 24px;">
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />
@@ -481,7 +630,7 @@
<!-- FIELD: Password confirmation -->
<tr>
<td class="row3" style="width: 50%;">
- <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small>
+ <input tabindex="3" type="password" name="password_confirm" size="15" onkeyup="validateForm(this);" /> <small><?php echo $lang->get('user_reg_lbl_field_password_confirm'); ?></small>
</td>
</tr>
@@ -499,18 +648,24 @@
<tr>
<td class="row1" style="width: 50%;">
<?php
- if ( $coppa ) echo 'Your parent or guardian\'s e';
- else echo 'E';
- ?>-mail address:
+ if ( $coppa )
+ {
+ echo $lang->get('user_reg_lbl_field_email_coppa');
+ }
+ else
+ {
+ echo $lang->get('user_reg_lbl_field_email');
+ }
+ ?>
<?php
if ( ( $x = getConfig('account_activation') ) == 'user' )
{
- echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small>';
+ echo '<br /><small>' . $lang->get('user_reg_msg_email_activuser') . '</small>';
}
?>
</td>
<td class="row1" style="width: 50%;">
- <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm();" />
+ <input tabindex="4" type="text" name="email" size="30" value="<?php echo $email; ?>" onkeyup="validateForm(this);" />
</td>
<td class="row1" style="max-width: 24px;">
<img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />
@@ -520,8 +675,8 @@
<!-- FIELD: Real name -->
<tr>
<td class="row3" style="width: 50%;">
- Real name:<br />
- <small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small>
+ <?php echo $lang->get('user_reg_lbl_field_realname'); ?><br />
+ <small><?php echo $lang->get('user_reg_msg_realname_optional'); ?></small>
</td>
<td class="row3" style="width: 50%;">
<input tabindex="5" type="text" name="real_name" size="30" value="<?php echo $realname; ?>" /></td><td class="row3" style="max-width: 24px;">
@@ -531,11 +686,11 @@
<!-- FIELD: CAPTCHA image -->
<tr>
<td class="row1" style="width: 50%;" rowspan="2">
- Visual confirmation<br />
+ <?php echo $lang->get('user_reg_lbl_field_captcha'); ?><br />
<small>
- Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br />
+ <?php echo $lang->get('user_reg_msg_captcha_pleaseenter', array('regen_flags' => 'href="#" onclick="regenCaptcha(); return false;"')); ?><br />
<br />
- If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.
+ <?php echo $lang->get('user_reg_msg_captcha_blind'); ?>
</small>
</td>
<td colspan="2" class="row1">
@@ -547,7 +702,7 @@
<!-- FIELD: CAPTCHA input field -->
<tr>
<td class="row1" colspan="2">
- Code:
+ <?php echo $lang->get('user_reg_lbl_field_captcha_code'); ?>
<input tabindex="6" name="captchacode" type="text" size="10" />
<input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />
</td>
@@ -597,6 +752,18 @@
var frm = document.forms.regform;
if ( frm.password.value.length < 1 )
return true;
+ pass1 = frm.password.value;
+ pass2 = frm.password_confirm.value;
+ if ( pass1 != pass2 )
+ {
+ alert($lang.get('user_reg_err_alert_password_nomatch'));
+ return false;
+ }
+ if ( pass1.length < 6 && pass1.length > 0 )
+ {
+ alert($lang.get('user_reg_err_alert_password_tooshort'));
+ return false;
+ }
if(aes_testpassed)
{
frm.use_crypt.value = 'yes';
@@ -609,21 +776,6 @@
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
}
- }
- pass1 = frm.password.value;
- pass2 = frm.password_confirm.value;
- if ( pass1 != pass2 )
- {
- alert('The passwords you entered do not match.');
- return false;
- }
- if ( pass1.length < 6 && pass1.length > 0 )
- {
- alert('The new password must be 6 characters or greater in length.');
- return false;
- }
- if(aes_testpassed)
- {
pass = frm.password.value;
pass = stringToByteArray(pass);
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
@@ -645,24 +797,37 @@
<script type="text/javascript">
// <![CDATA[
var namegood = false;
- function validateForm()
+ function validateForm(field)
{
+ if ( typeof(field) != 'object' )
+ {
+ field = {
+ name: '_nil',
+ value: '_nil',
+ }
+ }
+ // wait until $lang is initted
+ if ( typeof($lang) != 'object' )
+ {
+ setTimeout('validateForm();', 200);
+ return false;
+ }
var frm = document.forms.regform;
failed = false;
// Username
- if(!namegood)
+ if(!namegood && ( field.name == 'username' || field.name == '_nil' ) )
{
//if(frm.username.value.match(/^([A-z0-9 \!@\-\(\)]+){2,}$/ig))
var regex = new RegExp('^([^<>_&\?]+){2,}$', 'ig');
if ( frm.username.value.match(regex) )
{
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
- document.getElementById('e_username').innerHTML = ''; // '<br /><small><b>Checking availability...</b></small>';
+ document.getElementById('e_username').innerHTML = ' ';
} else {
failed = true;
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
- document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
}
}
document.getElementById('b_username').innerHTML = '';
@@ -672,31 +837,34 @@
}
// Password
- if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value)
+ if ( field.name == 'password' || field.name == 'password_confirm' || field.name == '_nil' )
{
- document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
- document.getElementById('e_password').innerHTML = '<br /><small>The password you entered is valid.</small>';
- } else {
- failed = true;
- if(frm.password.value.length < 6)
+ if(frm.password.value.match(/^(.+){6,}$/ig) && frm.password_confirm.value.match(/^(.+){6,}$/ig) && frm.password.value == frm.password_confirm.value )
{
- document.getElementById('e_password').innerHTML = '<br /><small>Your password must be at least six characters in length.</small>';
+ document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/good.gif';
+ document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_err_password_good') + '</small>';
+ } else {
+ failed = true;
+ if(frm.password.value.length < 6)
+ {
+ document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_length') + '</small>';
+ }
+ else if(frm.password.value != frm.password_confirm.value)
+ {
+ document.getElementById('e_password').innerHTML = '<br /><small>' + $lang.get('user_reg_msg_password_needmatch') + '</small>';
+ }
+ else
+ {
+ document.getElementById('e_password').innerHTML = '';
+ }
+ document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
}
- else if(frm.password.value != frm.password_confirm.value)
- {
- document.getElementById('e_password').innerHTML = '<br /><small>The passwords you entered do not match.</small>';
- }
- else
- {
- document.getElementById('e_password').innerHTML = '';
- }
- document.getElementById('s_password').src='<?php echo scriptPath; ?>/images/bad.gif';
}
// E-mail address
// workaround for idiot jEdit bug
- if ( validateEmail(frm.email.value) )
+ if ( validateEmail(frm.email.value) && ( field.name == 'email' || field.name == '_nil' ) )
{
document.getElementById('s_email').src='<?php echo scriptPath; ?>/images/good.gif';
} else {
@@ -716,28 +884,29 @@
if(!namegood)
{
- if(frm.username.value.match(/^([A-z0-9 \.:\!@\#\*]+){2,}$/ig))
+ var r = new RegExp('^([A-z0-9 \.:\!@\#\*]+){2,}$', 'g');
+ if(frm.username.value.match(r))
{
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/unknown.gif';
- document.getElementById('e_username').innerHTML = '';
+ document.getElementById('e_username').innerHTML = ' ';
} else {
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
- document.getElementById('e_username').innerHTML = '<br /><small>Your username must be at least two characters in length and may contain only alphanumeric characters (A-Z and 0-9), spaces, and the following characters: :, !, @, #, *.</small>';
+ document.getElementById('e_username').innerHTML = '<br /><small>' + $lang.get('user_reg_err_username_invalid') + '</small>';
return false;
}
}
- document.getElementById('e_username').innerHTML = '<br /><small><b>Checking availability...</b></small>';
+ document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_checking') + '</b></small>';
ajaxGet('<?php echo scriptPath; ?>/ajax.php?title=null&_mode=checkusername&name='+escape(frm.username.value), function() {
if(ajax.readyState == 4)
if(ajax.responseText == 'good')
{
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/good.gif';
- document.getElementById('e_username').innerHTML = '<br /><small><b>This username is available.</b></small>';
+ document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_available') + '</b></small>';
namegood = true;
} else if(ajax.responseText == 'bad') {
document.getElementById('s_username').src='<?php echo scriptPath; ?>/images/bad.gif';
- document.getElementById('e_username').innerHTML = '<br /><small><b>Error: that username is already taken.</b></small>';
+ document.getElementById('e_username').innerHTML = '<br /><small><b>' + $lang.get('user_reg_msg_username_unavailable') + '</b></small>';
namegood = false;
} else {
document.getElementById('e_username').innerHTML = ajax.responseText;
@@ -776,13 +945,13 @@
echo '<table border="0" cellspacing="1" cellpadding="4">';
echo '<tr>
<td class="row1">
- Before you can register, please tell us your age.
+ ' . $lang->get('user_reg_coppa_title') . '
</td>
</tr>
<tr>
<td class="row3">
- <a href="' . $link_coppa_no . '">I was born <b>on or before</b> ' . $yo13_date . ' and am <b>at least</b> 13 years of age</a><br />
- <a href="' . $link_coppa_yes . '">I was born <b>after</b> ' . $yo13_date . ' and am <b>less than</b> 13 years of age</a>
+ <a href="' . $link_coppa_no . '">' . $lang->get('user_reg_coppa_link_atleast13', array( 'yo13_date' => $yo13_date )) . '</a><br />
+ <a href="' . $link_coppa_yes . '">' . $lang->get('user_reg_coppa_link_not13', array( 'yo13_date' => $yo13_date )) . '</a>
</td>
</tr>';
echo '</table>';
@@ -1511,4 +1680,31 @@
}
}
+function page_Special_LangExportJSON()
+{
+ global $db, $session, $paths, $template, $plugins; // Common objects
+ global $lang;
+
+ $lang_id = ( $x = $paths->getParam(0) ) ? intval($x) : $lang->lang_id;
+
+ if ( $lang->lang_id == $lang_id )
+ $lang_local =& $lang;
+ else
+ $lang_local = new Language($lang_id);
+
+ $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+
+ $timestamp = date('D, j M Y H:i:s T', $lang_local->lang_timestamp);
+ header("Last-Modified: $timestamp");
+ header("Date: $timestamp");
+ header('Content-type: text/javascript');
+
+ $lang_local->fetch();
+ echo "if ( typeof(enano_lang) != 'object' )
+ var enano_lang = new Object();
+
+enano_lang[{$lang->lang_id}] = " . $json->encode($lang_local->strings) . ";";
+
+}
+
?>
\ No newline at end of file
--- a/plugins/SpecialUserPrefs.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/SpecialUserPrefs.php Sat Nov 03 07:43:35 2007 -0400
@@ -4,13 +4,13 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:Preferences.
Author: Dan Fuhry
-Version: 1.0.1
+Version: 1.0.2
Author URI: http://enanocms.org/
*/
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0 release candidate 2
+ * Version 1.0.2
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
@@ -100,7 +100,7 @@
global $db, $session, $paths, $template, $plugins; // Common objects
global $userprefs_menu_links;
- userprefs_menu_add('Profile/membership', 'Edit e-mail address and password', makeUrlNS('Special', 'Preferences/EmailPassword'));
+ userprefs_menu_add('Profile/membership', 'Edit e-mail address and password', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');
userprefs_menu_add('Profile/membership', 'Edit signature', makeUrlNS('Special', 'Preferences/Signature'));
userprefs_menu_add('Profile/membership', 'Edit public profile', makeUrlNS('Special', 'Preferences/Profile'));
userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
@@ -212,6 +212,8 @@
if ( strlen($newpass) > 0 )
{
+ if ( defined('ENANO_DEMO_MODE') )
+ $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">You can\'t change your password in demo mode.</div>';
// Perform checks
if ( strlen($newpass) < 6 )
$errors .= '<div class="error-box" style="margin: 0 0 10px 0;">Password must be at least 6 characters. You hacked my script, darn you!</div>';
@@ -302,11 +304,14 @@
{
case 'Home':
global $email;
- $user_page = '<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '">user page</a> <sup>(<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '#do:comments">comments</a>)</sup>';
+ $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);
+ $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';
+ $user_page = '<a href="' . makeUrlNS('User', sanitize_page_id($session->username)) . '"' . $userpage_exists . '>user page</a> <sup>(<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '#do:comments">comments</a>)</sup>';
$site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', 'administrator');
+ $make_one_now = '<a href="' . makeUrlNS('User', sanitize_page_id($session->username)) . '">make one now</a>';
echo "<h3 style='margin-top: 0;'>$session->username, welcome to your control panel</h3>";
echo "<p>Here you can make changes to your profile, view statistics on yourself on this site, and set your preferences.</p>
- <p>If you have not already done so, you are encouraged to make a $user_page and tell the other members of this site a little about yourself.</p>
+ <p>Your $user_page is your free writing space. You can use it to tell the other members of this site a little bit about yourself. If you haven't already made a user page, why not $make_one_now?</p>
<p>Use the menu at the top to navigate around. If you have any questions, you may contact the $site_admin.";
break;
case 'EmailPassword':
--- a/plugins/admin/PageGroups.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/admin/PageGroups.php Sat Nov 03 07:43:35 2007 -0400
@@ -48,7 +48,12 @@
echo '<div class="error-box">Please specify at least one page to place in this group.</div>';
return;
}
- if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL )
+ if ( $_POST['group_type'] == PAGE_GRP_REGEX && empty($_POST['regex']) )
+ {
+ echo '<div class="error-box">Please specify a regular expression to match page IDs against.</div>';
+ return;
+ }
+ if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL && $_POST['group_type'] != PAGE_GRP_REGEX )
{
echo '<div class="error-box">Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.</div>';
return;
@@ -103,6 +108,14 @@
if ( !$q )
$db->_die();
break;
+ case PAGE_GRP_REGEX:
+ $name = $db->escape($_POST['pg_name']);
+ $regex = $db->escape($_POST['regex']);
+ $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_REGEX . ', \'' . $name . '\', \'' . $regex . '\');';
+ $q = $db->sql_query($sql);
+ if ( !$q )
+ $db->_die();
+ break;
}
echo '<div class="info-box">The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.</div>';
break;
@@ -115,6 +128,7 @@
var pg_normal = <?php echo PAGE_GRP_NORMAL; ?>;
var pg_tagged = <?php echo PAGE_GRP_TAGGED; ?>;
var pg_catlink = <?php echo PAGE_GRP_CATLINK; ?>;
+ var pg_regex = <?php echo PAGE_GRP_REGEX; ?>;
var selection = false;
// Get selection
for ( var i = 0; i < selector.childNodes.length; i++ )
@@ -135,7 +149,7 @@
return true;
}
selection = parseInt(selection);
- if ( selection != pg_normal && selection != pg_tagged && selection != pg_catlink )
+ if ( selection != pg_normal && selection != pg_tagged && selection != pg_catlink && selection != pg_regex )
{
alert('Invalid field value');
return true;
@@ -156,6 +170,10 @@
document.getElementById('pg_create_title_normal').style.display = 'inline';
document.getElementById('pg_create_normal_1').style.display = 'block';
document.getElementById('pg_create_normal_2').style.display = 'block';
+
+ document.getElementById('pg_create_title_regex').style.display = 'none';
+ document.getElementById('pg_create_regex_1').style.display = 'none';
+ document.getElementById('pg_create_regex_2').style.display = 'none';
}
else if ( selection == pg_catlink )
{
@@ -170,6 +188,10 @@
document.getElementById('pg_create_title_normal').style.display = 'none';
document.getElementById('pg_create_normal_1').style.display = 'none';
document.getElementById('pg_create_normal_2').style.display = 'none';
+
+ document.getElementById('pg_create_title_regex').style.display = 'none';
+ document.getElementById('pg_create_regex_1').style.display = 'none';
+ document.getElementById('pg_create_regex_2').style.display = 'none';
}
else if ( selection == pg_tagged )
{
@@ -184,6 +206,28 @@
document.getElementById('pg_create_title_normal').style.display = 'none';
document.getElementById('pg_create_normal_1').style.display = 'none';
document.getElementById('pg_create_normal_2').style.display = 'none';
+
+ document.getElementById('pg_create_title_regex').style.display = 'none';
+ document.getElementById('pg_create_regex_1').style.display = 'none';
+ document.getElementById('pg_create_regex_2').style.display = 'none';
+ }
+ else if ( selection == pg_regex )
+ {
+ document.getElementById('pg_create_title_catlink').style.display = 'none';
+ document.getElementById('pg_create_catlink_1').style.display = 'none';
+ document.getElementById('pg_create_catlink_2').style.display = 'none';
+
+ document.getElementById('pg_create_title_tagged').style.display = 'none';
+ document.getElementById('pg_create_tagged_1').style.display = 'none';
+ document.getElementById('pg_create_tagged_2').style.display = 'none';
+
+ document.getElementById('pg_create_title_normal').style.display = 'none';
+ document.getElementById('pg_create_normal_1').style.display = 'none';
+ document.getElementById('pg_create_normal_2').style.display = 'none';
+
+ document.getElementById('pg_create_title_regex').style.display = 'inline';
+ document.getElementById('pg_create_regex_1').style.display = 'block';
+ document.getElementById('pg_create_regex_2').style.display = 'block';
}
}
@@ -199,6 +243,10 @@
document.getElementById('pg_create_tagged_1').style.display = 'none';
document.getElementById('pg_create_tagged_2').style.display = 'none';
+ document.getElementById('pg_create_title_regex').style.display = 'none';
+ document.getElementById('pg_create_regex_1').style.display = 'none';
+ document.getElementById('pg_create_regex_2').style.display = 'none';
+
document.getElementById('pg_create_title_normal').style.display = 'inline';
document.getElementById('pg_create_normal_1').style.display = 'block';
document.getElementById('pg_create_normal_2').style.display = 'block';
@@ -292,6 +340,7 @@
<option value="' . PAGE_GRP_NORMAL . '" selected="selected">Static group of pages</option>
<option value="' . PAGE_GRP_TAGGED . '">Group of pages with one tag</option>
<option value="' . PAGE_GRP_CATLINK . '">Link to category</option>
+ <option value="' . PAGE_GRP_REGEX . '">Perl-compatible regular expression (advanced)</option>
</select>
</td>
</tr>';
@@ -308,6 +357,9 @@
<span id="pg_create_title_catlink">
Mirror a category
</span>
+ <span id="pg_create_title_regex">
+ Filter through a regular expression
+ </span>
</th>
</tr>';
@@ -324,6 +376,14 @@
<div id="pg_create_tagged_1">
Include pages with this tag:
</div>
+ <div id="pg_create_regex_1">
+ Regular expression:<br />
+ <small>Be sure to include the starting and ending delimiters and any flags you might need.<br />
+ These pages might help: <a href="http://us.php.net/manual/en/reference.pcre.pattern.modifiers.php">Pattern modifiers</a> •
+ <a href="http://us.php.net/manual/en/reference.pcre.pattern.syntax.php">Pattern syntax</a><br />
+ Examples: <tt>/^(Special|Admin):/i</tt> • <tt>/^Image:([0-9]+)$/</tt><br />
+ Developers, remember that this will be matched against the full page identifier string. This means that <tt>/^About_Enano$/</tt>
+ will NOT match the page Special:About_Enano.</small>
</td>';
echo ' <td class="row1">
@@ -341,6 +401,9 @@
<div id="pg_create_catlink_2">
' . $catlist . '
</div>
+ <div id="pg_create_regex_2">
+ <input type="text" name="regex" size="60" />
+ </div>
</td>
</tr>';
@@ -539,6 +602,23 @@
echo '<div class="info-box">The affecting tag was updated.</div>';
}
}
+ else if ( $_POST['pg_type'] == PAGE_GRP_REGEX )
+ {
+ $target = $_POST['pg_target'];
+ if ( empty($target) )
+ {
+ echo '<div class="error-box">Please enter an expression to match against..</div>';
+ }
+ else
+ {
+ $target = $db->escape($target);
+ $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';');
+ if ( !$q )
+ $db->_die();
+ else
+ echo '<div class="info-box">The expression to match against was updated.</div>';
+ }
+ }
else if ( $_POST['pg_type'] == PAGE_GRP_CATLINK )
{
$target = $_POST['pg_target'];
@@ -797,6 +877,22 @@
</td>
</tr>';
break;
+ case PAGE_GRP_REGEX:
+ echo '<tr>
+ <td class="row2">
+ Regular expression to use:<br />
+ <small>Be sure to include the starting and ending delimiters and any flags you might need.<br />
+ These pages might help: <a href="http://us.php.net/manual/en/reference.pcre.pattern.modifiers.php">Pattern modifiers</a> •
+ <a href="http://us.php.net/manual/en/reference.pcre.pattern.syntax.php">Pattern syntax</a><br />
+ Examples: <tt>/^(Special|Admin):/i</tt> • <tt>/^Image:([0-9]+)$/</tt><br />
+ Developers, remember that this will be matched against the full page identifier string. This means that <tt>/^About_Enano$/</tt>
+ will NOT match the page Special:About_Enano.</small>
+ </td>
+ <td class="row1">
+ <input type="text" name="pg_target" value="' . htmlspecialchars($row['pg_target']) . '" size="30" />
+ </td>
+ </tr>';
+ break;
case PAGE_GRP_CATLINK:
// Build category list
@@ -911,6 +1007,9 @@
case PAGE_GRP_NORMAL:
$type = 'Static set of pages';
break;
+ case PAGE_GRP_REGEX:
+ $type = 'Regular expression match';
+ break;
}
$target = '';
if ( $row['pg_type'] == PAGE_GRP_TAGGED )
@@ -921,6 +1020,10 @@
{
$target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target'])));
}
+ else if ( $row['pg_type'] == PAGE_GRP_REGEX )
+ {
+ $target = 'Expression: <tt>' . htmlspecialchars($row['pg_target']) . '</tt>';
+ }
$btn_edit = '<input type="submit" name="action[edit][' . $row['pg_id'] . ']" value="Edit" />';
$btn_del = '<input type="submit" name="action[del][' . $row['pg_id'] . ']" value="Delete" />';
// stupid jEdit bug/hack
--- a/plugins/admin/SecurityLog.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/admin/SecurityLog.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
--- a/plugins/admin/UserManager.php Thu Sep 27 15:55:37 2007 -0400
+++ b/plugins/admin/UserManager.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* Copyright (C) 2006-2007 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -52,7 +52,14 @@
}
else
{
- if ( $session->user_id != $user_id )
+ if ( $session->user_id == $user_id )
+ {
+ $username = $session->username;
+ $password = false;
+ $email = $session->email;
+ $real_name = $session->real_name;
+ }
+ else
{
$username = $_POST['username'];
if ( !preg_match('#^'.$session->valid_username.'$#', $username) )
@@ -402,18 +409,18 @@
{
$row = $db->fetchrow();
$db->free_result();
- if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
- else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
+ if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "' . htmlspecialchars($_GET['user']) . '" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ else echo '<div class="warning-box">The user account "' . htmlspecialchars($_GET['user']) . '" has NOT been activated, possibly because the account is already active.</div>';
} else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
break;
case "sendemail":
- if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
- else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
+ if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "' . htmlspecialchars($_GET['user']) . '" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
+ else echo '<div class="error-box">The user account "' . htmlspecialchars($_GET['user']) . '" has not been activated, probably because of a bad SMTP configuration.</div>';
break;
case "deny":
- $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
+ $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';');
if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
- else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
+ else echo '<div class="info-box">All activation requests for the user "' . htmlspecialchars($_GET['user']) . '" have been deleted.</div>';
break;
}
}
--- a/schema.sql Thu Sep 27 15:55:37 2007 -0400
+++ b/schema.sql Sat Nov 03 07:43:35 2007 -0400
@@ -1,5 +1,5 @@
-- Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
--- Version 1.0 (Banshee)
+-- Version 1.0.2 (Coblynau)
-- Copyright (C) 2006-2007 Dan Fuhry
-- This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
@@ -104,6 +104,7 @@
temp_password text,
temp_password_time int(12) NOT NULL DEFAULT 0,
user_coppa tinyint(1) NOT NULL DEFAULT 0,
+ user_lang smallint(5) NOT NULL,
PRIMARY KEY (user_id)
) CHARACTER SET `utf8`;
@@ -254,6 +255,38 @@
PRIMARY KEY ( tag_id )
) CHARACTER SET `utf8`;
+-- Added in 1.1.1
+
+CREATE TABLE {{TABLE_PREFIX}}lockout(
+ id int(12) NOT NULL auto_increment,
+ ipaddr varchar(40) NOT NULL,
+ action ENUM('credential', 'level') NOT NULL DEFAULT 'credential',
+ timestamp int(12) NOT NULL DEFAULT 0,
+ PRIMARY KEY ( id )
+) CHARACTER SET `utf8`;
+
+-- Added in 1.1.1
+
+CREATE TABLE {{TABLE_PREFIX}}language(
+ lang_id smallint(5) NOT NULL auto_increment,
+ lang_code varchar(16) NOT NULL,
+ lang_name_default varchar(64) NOT NULL,
+ lang_name_native varchar(64) NOT NULL,
+ last_changed int(12) NOT NULL DEFAULT 0,
+ PRIMARY KEY ( lang_id )
+) CHARACTER SET `utf8`;
+
+-- Added in 1.1.1
+
+CREATE TABLE {{TABLE_PREFIX}}language_strings(
+ string_id bigint(15) NOT NULL auto_increment,
+ lang_id smallint(5) NOT NULL,
+ string_category varchar(32) NOT NULL,
+ string_name varchar(64) NOT NULL,
+ string_content longtext NOT NULL,
+ PRIMARY KEY ( string_id )
+);
+
INSERT INTO {{TABLE_PREFIX}}config(config_name, config_value) VALUES
('site_name', '{{SITE_NAME}}'),
('main_page', 'Main_Page'),
@@ -278,7 +311,7 @@
('copyright_notice', '{{COPYRIGHT}}'),
('wiki_edit_notice_text', '== Why can I edit this page? ==\n\nEveryone can edit almost any page in this website. This concept is called a wiki. It gives everyone the opportunity to make a change for the best. While some spam and vandalism may occur, it is believed that most contributions will be legitimate and helpful.\n\nFor security purposes, a history of all page edits is kept, and administrators are able to restore vandalized or spammed pages with just a few clicks.'),
('cache_thumbs', '{{ENABLE_CACHE}}'),
- ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),('enano_beta_version', '{{BETA_VERSION}}'),( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' ),
+ ('max_file_size', '256000'),('enano_version', '{{VERSION}}'),( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' ),
('contact_email', '{{ADMIN_EMAIL}}'),
('powered_btn', '1');
--- a/themes/oxygen/acledit.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/oxygen/acledit.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -3,10 +3,10 @@
<table border="0" cellspacing="1" cellpadding="4" style="width: 100%;">
<tr>
<th></th>
- <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('1');">Deny</th>
- <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('2');">Disallow</th>
- <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('3');">Wiki mode</th>
- <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('4');">Allow</th>
+ <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('1');">{lang:acl_lbl_field_deny}</th>
+ <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('2');">{lang:acl_lbl_field_disallow}</th>
+ <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('3');">{lang:acl_lbl_field_wikimode}</th>
+ <th style='cursor: pointer;' title="Click to change all columns" onclick="__aclSetAllRadios('4');">{lang:acl_lbl_field_allow}</th>
</tr>
<!-- ENDVAR acl_field_begin -->
<!-- VAR acl_field_item -->
@@ -21,13 +21,7 @@
<!-- VAR acl_field_end -->
<tr>
<td colspan="5" class="row3">
- <p><b>Permission types:</b></p>
- <ul>
- <li><b>Allow</b> means that the user is allowed to access the item</li>
- <li><b>Wiki mode</b> means the user can access the item if wiki mode is active (per-page wiki mode is taken into account)</li>
- <li><b>Disallow</b> means the user is denied access unless something allows it.</li>
- <li><b>Deny</b> means that the user is denied access to the item. This setting overrides all other permissions.</li>
- </ul>
+ {lang:acl_lbl_help}
</td>
</tr>
</table>
--- a/themes/oxygen/comment.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/oxygen/comment.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -20,7 +20,7 @@
</table>
</td>
<td class="row2">
- <b>Subject:</b> <span id="subject_{ID}">{SUBJECT}</span>
+ <b>{lang:comment_lbl_subject}</b> <span id="subject_{ID}">{SUBJECT}</span>
</td>
</tr>
<tr>
@@ -42,7 +42,7 @@
<!-- BEGIN auth_mod -->
<tr>
<td class="row1">
- <b>Moderation options:</b> {MOD_APPROVE_LINK} {MOD_DELETE_LINK}
+ <b>{lang:comment_lbl_mod_options}</b> {MOD_APPROVE_LINK} {MOD_DELETE_LINK}
</td>
</tr>
<!-- END auth_mod -->
--- a/themes/oxygen/css/bleu.css Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/oxygen/css/bleu.css Sat Nov 03 07:43:35 2007 -0400
@@ -6,7 +6,7 @@
/* The basics */
html,body { height: 100%; }
-body { margin: 0; padding: 0; background: url(../images/bleu/bg.png); font-family: trebuchet ms, verdana, arial, helvetica, sans-serif; font-size: 9pt; }
+body { /* color added in 1.0.2 to fix light text in dark desktop themes */ color: #202020; margin: 0; padding: 0; background: url(../images/bleu/bg.png); font-family: trebuchet ms, verdana, arial, helvetica, sans-serif; font-size: 9pt; }
.holder { border: 1px solid #CCCCCC; padding: 1px; background-color: #FFFFFF; color: #444444 }
div.pad { padding: 10px; }
table#title { margin: 0; padding: 0; height: 100px; background-color: #90B0D0; text-align: center; }
--- a/themes/oxygen/footer.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/oxygen/footer.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -13,6 +13,8 @@
<div id="credits">
<b>{COPYRIGHT}</b><br />
Website engine powered by <a href="<!-- BEGIN stupid_mode -->http://enanocms.org/<!-- BEGINELSE stupid_mode -->{URL_ABOUT_ENANO}<!-- END stupid_mode -->">Enano</a> | <a href="http://validator.w3.org/check?uri=referer">Valid XHTML 1.1</a> | <a href="http://jigsaw.w3.org/css-validator/validator?uri=referer">Valid CSS</a> | Generated in [[GenTime]]sec
+ <!-- Do not remove this line or scheduled tasks will not run. -->
+ <img alt=" " src="{SCRIPTPATH}/cron.php" width="1" height="1" />
</div>
</td><td id="mdg-btr"></td></tr>
--- a/themes/oxygen/header.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/oxygen/header.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -1,5 +1,5 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-<html>
+<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>{PAGE_NAME} • {SITE_NAME}</title>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
@@ -11,6 +11,7 @@
{ADDITIONAL_HEADERS}
<script type="text/javascript">
+ // <![CDATA[
function collapseSidebar(side)
{
@@ -21,7 +22,7 @@
{
elem.style.display = 'block';
counter.style.display = 'none';
- elem.parentNode.style.width = '156px';
+ elem.parentNode.style.width = '';
if ( !KILL_SWITCH )
{
createCookie(side+'_sidebar', 'open', 365);
@@ -66,7 +67,7 @@
function ajaxRenameInline()
{
- if ( KILL_SWITCH )
+ if ( KILL_SWITCH || IE )
return false;
// This trick is _so_ vBulletin...
elem = document.getElementById('h2PageName');
@@ -89,7 +90,8 @@
if(!elem1 || !elem2) return;
value = elem2.value;
elem2.parentNode.removeChild(elem2); // just destroy the thing
- elem1.innerHTML = value;
+ elem1.removeChild(elem1.firstChild);
+ elem1.appendChild(document.createTextNode(value));
elem1.style.display = 'block';
if(!value || value=='') return;
ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(value), function() {
@@ -100,10 +102,12 @@
}
function ajaxRenameInlineCancel(e)
{
+ if ( typeof(e) != 'object' && IE )
+ e = window.event;
elem1 = document.getElementById('h2PageName');
elem2 = document.getElementById('pageheading');
if(!elem1 || !elem2) return;
- if ( e.target )
+ if ( typeof(e) == 'object' && e.target )
{
if(e.target == elem2)
return;
@@ -114,6 +118,7 @@
elem1.style.display = 'block';
document.onclick = null;
}
+ // ]]>
</script>
</head>
@@ -149,7 +154,7 @@
<td id="mdg-bl"></td>
<td class="menu_bg">
<div class="menu_nojs" id="pagebar_main">
- <div class="label">Page tools</div>
+ <div class="label">{lang:onpage_lbl_pagetools}</div>
{TOOLBAR}
<ul>
{TOOLBAR_EXTRAS}
@@ -160,7 +165,7 @@
<tr><td id="mdg-ml"></td><td style="background-color: #FFFFFF;">
<div class="pad"><div class="contentDiv">
<div style="float: right;">
- <image alt=" " src="{SCRIPTPATH}/images/spacer.gif" id="ajaxloadicon" />
+ <img alt=" " src="{SCRIPTPATH}/images/spacer.gif" id="ajaxloadicon" />
</div>
<h2 <!-- BEGIN auth_rename --> ondblclick="ajaxRenameInline();" title="Double-click to rename this page" <!-- END auth_rename --> id="h2PageName">{PAGE_NAME}</h2>
<div id="ajaxEditContainer">
--- a/themes/printable/css/default.css Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/printable/css/default.css Sat Nov 03 07:43:35 2007 -0400
@@ -6,7 +6,7 @@
/* The basics */
html,body { height: 100%; }
-body { margin: 0; padding: 0; background-color: #FFFFFF; font-family: trebuchet ms, verdana, arial, helvetica, sans-serif; font-size: 9pt; }
+body { /* color added in 1.0.2 to fix light text in dark desktop themes */ color: #202020; margin: 0; padding: 0; background-color: #FFFFFF; font-family: trebuchet ms, verdana, arial, helvetica, sans-serif; font-size: 9pt; }
.holder { border: 1px solid #CCCCCC; padding: 1px; background-color: #FFFFFF; color: #444444 }
div.pad { padding: 10px; }
table#title { margin: 0; padding: 0; height: 100px; background-color: #90B0D0; text-align: center; }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/themes/stpatty/css-extra/ie-fixes-shamrock.css Sat Nov 03 07:43:35 2007 -0400
@@ -0,0 +1,23 @@
+/*
+ * St. Patty theme for Enano
+ * Copyright (C) 2007 Dan Fuhry
+ *
+ * This theme is Free Software, available under the terms of the GNU General Public License. See the file "GPL" included with this
+ * package for details.
+ */
+
+div#bg {
+ background-image: none;
+}
+div#title {
+ /* background-image: none; */
+}
+div#rap {
+ background-image: url(../images/rap-ie.gif);
+}
+div#sidebar ul li a {
+ margin-bottom: -14px;
+}
+div#pagetools a {
+ padding: 4px 3px;
+}
--- a/themes/stpatty/css-extra/ie-fixes.css Thu Sep 27 15:55:37 2007 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-/*
- * St. Patty theme for Enano
- * Copyright (C) 2007 Dan Fuhry
- *
- * This theme is Free Software, available under the terms of the GNU General Public License. See the file "GPL" included with this
- * package for details.
- */
-
-div#bg {
- background-image: none;
-}
-div#title {
- /* background-image: none; */
-}
-div#rap {
- background-image: url(../images/rap-ie.gif);
-}
-div#sidebar ul li a {
- margin-bottom: -14px;
-}
-div#pagetools a {
- padding: 4px 3px;
-}
--- a/themes/stpatty/css/shamrock.css Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/stpatty/css/shamrock.css Sat Nov 03 07:43:35 2007 -0400
@@ -16,6 +16,8 @@
}
body {
background-color: #101d14;
+ /* color added in 1.0.2 to fix light text in dark desktop themes */
+ color: #202020;
background-image: url(../images/bghatching.gif);
background-repeat: repeat;
font-family: "Lucida Sans Unicode", sans-serif;
--- a/themes/stpatty/footer.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/stpatty/footer.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -11,6 +11,8 @@
-->
<b>{COPYRIGHT}</b><br />
Powered by <a href="<!-- BEGIN stupid_mode -->http://enanocms.org/<!-- BEGINELSE stupid_mode -->{URL_ABOUT_ENANO}<!-- END stupid_mode -->">Enano</a> | <a href="http://validator.w3.org/check?uri=referer">Valid XHTML 1.1</a> | <a href="http://jigsaw.w3.org/css-validator/validator?uri=referer">Valid CSS</a> | [[Stats]]
+ <!-- Do not remove this line or scheduled tasks will not run. -->
+ <img alt=" " src="{SCRIPTPATH}/cron.php" width="1" height="1" />
</div>
</div>
</div>
--- a/themes/stpatty/header.tpl Thu Sep 27 15:55:37 2007 -0400
+++ b/themes/stpatty/header.tpl Sat Nov 03 07:43:35 2007 -0400
@@ -9,10 +9,15 @@
<!-- This script automatically loads the other 15 JS files -->
<script type="text/javascript" src="{SCRIPTPATH}/includes/clientside/static/enano-lib-basic.js"></script>
<!--[if lt IE 7]>
- <link rel="stylesheet" type="text/css" href="{SCRIPTPATH}/themes/{THEME_ID}/css-extra/ie-fixes.css" />
+ <link rel="stylesheet" type="text/css" href="{SCRIPTPATH}/themes/{THEME_ID}/css-extra/ie-fixes-{STYLE_ID}.css" />
<![endif]-->
<script type="text/javascript">
// <![CDATA[
+
+ // Disable transition effects for the ACL editor
+ // (they're real slow in this theme, at least in fx/opera/IE)
+ var aclDisableTransitionFX = true;
+
function ajaxRenameInline()
{
// This trick is _so_ vBulletin...
--- a/upgrade.php Thu Sep 27 15:55:37 2007 -0400
+++ b/upgrade.php Sat Nov 03 07:43:35 2007 -0400
@@ -2,7 +2,7 @@
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.0.2 (Coblynau)
+ * Version 1.1.1
* upgrade.php - upgrade script
* Copyright (C) 2006-2007 Dan Fuhry
*
@@ -61,7 +61,7 @@
// Everything related to versions goes here!
// Valid versions to upgrade from
-$valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0', '1.0.1', '1.0.1.1');
+$valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0', '1.0.1', '1.0.1.1', '1.0.2b1', '1.0.2', 'Stable1.0ToUnstable1.1');
// Basically a list of dependencies, which should be resolved automatically
// If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not
@@ -75,9 +75,12 @@
'1.0RC2' => Array('1.0RC3'),
'1.0RC3' => Array('1.0'),
'1.0' => Array('1.0.1'),
- '1.0.1' => Array('1.0.1.1')
+ '1.0.1' => Array('1.0.1.1'),
+ '1.0.1.1' => Array('1.0.2b1'),
+ '1.0.2b1' => Array('Stable1.0ToUnstable1.1'),
+ 'Stable1.0ToUnstable1.1' => Array('1.1.1')
);
-$this_version = '1.0.2b1';
+$this_version = '1.1.1';
$func_list = Array(
'1.0' => Array('u_1_0_1_update_del_votes'),
'1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // ,
@@ -157,7 +160,7 @@
$session->start();
$template = new template_nodb();
-$template->load_theme('stpatty', 'shamrock', false);
+$template->load_theme('oxygen', 'bleu', false);
$modestrings = Array(
'login' => 'Administrative login',
@@ -444,7 +447,7 @@
{
if(isset($_POST['login']))
{
- $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin);
+ $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin);
if($session->sid_super)
{
header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super);
@@ -461,7 +464,7 @@
<?php
if(isset($_POST['login']))
{
- echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>';
+ echo '<tr><td colspan="2"><p style="color: red;">Login failed: '. $result['error'] . '</p></td></tr>';
}
?>
<tr>
@@ -525,7 +528,7 @@
?>
<div style="text-align: center; margin-top: 10px;">
- <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-green.png" style="display: block; margin: 0 auto; padding-left: 134px;" />
+ <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" />
<h2>Welcome to the Enano upgrade wizard</h2>
<?php
if ( file_exists('./_nightly.php') )
@@ -619,10 +622,10 @@
$schema = file_get_contents('upgrade.sql');
// Strip out and process version blocks
- preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'(.*?)'."\n".'---END \\1---#is', $schema, $matches);
+ preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'((.*?)'."\n)?".'---END \\1---#is', $schema, $matches);
$from_list =& $matches[1];
- $query_list =& $matches[2];
+ $query_list =& $matches[3];
foreach($matches[0] as $m)
{
--- a/upgrade.sql Thu Sep 27 15:55:37 2007 -0400
+++ b/upgrade.sql Sat Nov 03 07:43:35 2007 -0400
@@ -3,12 +3,25 @@
-- ALL NON-SQL LINES, even otherwise blank lines, must start with "--" or they will get sent to MySQL!
-- Common tasks (version numbers)
DELETE FROM {{TABLE_PREFIX}}config WHERE config_name='enano_version' OR config_name='enano_beta_version' OR config_name='enano_alpha_version' OR config_name='enano_rc_version';
-INSERT INTO {{TABLE_PREFIX}}config (config_name, config_value) VALUES( 'enano_version', '1.0.2' ),( 'enano_beta_version', '1' );
+INSERT INTO {{TABLE_PREFIX}}config (config_name, config_value) VALUES( 'enano_version', '1.1.1' );
+---BEGIN Stable1.0ToUnstable1.1---
+-- UPDATE {{TABLE_PREFIX}}groups SET group_id=9998 WHERE group_id=4;
+-- UPDATE {{TABLE_PREFIX}}group_members SET group_id=9998 WHERE group_id=4;
+-- INSERT INTO {{TABLE_PREFIX}}groups(group_id,group_name,group_type,system_group) VALUES(4, 'Regular members', 3, 1);
+CREATE TABLE {{TABLE_PREFIX}}lockout( id int(12) NOT NULL auto_increment, ipaddr varchar(40) NOT NULL, action ENUM('credential', 'level') NOT NULL DEFAULT 'credential', timestamp int(12) NOT NULL DEFAULT 0, PRIMARY KEY ( id ) ) CHARACTER SET `utf8`;
+CREATE TABLE {{TABLE_PREFIX}}language( lang_id smallint(5) NOT NULL auto_increment, lang_code varchar(16) NOT NULL, lang_name_default varchar(64) NOT NULL, lang_name_native varchar(64) NOT NULL, last_changed int(12) NOT NULL DEFAULT 0, PRIMARY KEY ( lang_id ) ) CHARACTER SET `utf8`;
+CREATE TABLE {{TABLE_PREFIX}}language_strings( string_id bigint(15) NOT NULL auto_increment, lang_id smallint(5) NOT NULL, string_category varchar(32) NOT NULL, string_name varchar(64) NOT NULL, string_content longtext NOT NULL, PRIMARY KEY ( string_id ) );
+ALTER TABLE {{TABLE_PREFIX}}users ADD COLUMN user_lang smallint(5) NOT NULL;
+---END Stable1.0ToUnstable1.1---
+---BEGIN 1.0.2---
+---END 1.0.2---
+---BEGIN 1.0.2b1---
+-- This is really optional, but could reduce confusion if regex page groups get truncated for no apparent reason.
+ALTER TABLE {{TABLE_PREFIX}}page_groups MODIFY COLUMN pg_target text DEFAULT NULL;
+---END 1.0.2b1---
---BEGIN 1.0.1.1---
--- No changes in this release
---END 1.0.1.1---
---BEGIN 1.0.1---
--- No changes in this release
---END 1.0.1---
---BEGIN 1.0---
-- Fix for obnoxious $_GET issue
@@ -84,6 +97,7 @@
---END 1.0b4---
---BEGIN 1.0b3---
INSERT INTO {{TABLE_PREFIX}}config(config_name, config_value) VALUES( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' );
+ALTER TABLE {{TABLE_PREFIX}}privmsgs ADD COLUMN message_read tinyint(1) NOT NULL DEFAULT 0;
---END 1.0b3---
---BEGIN 1.0b2---
-- 10/1: Removed alterations to users table, moved to upgrade.php, to allow the session manager to work