plugins/PunBB.php
author Dan
Sun, 02 Sep 2007 10:56:36 -0400
changeset 4 eb9ed4c366d0
parent 3 c0c445d4a13e
child 5 e3d7322305bf
permissions -rwxr-xr-x
Various bugfixes, mostly with URL generation (maintenance commit, may not be in a working state)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     1
<?php
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     2
/*
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     3
Plugin Name: PunBB forum integration
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     4
Plugin URI: http://enanocms.org/PunBB_plugin
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     5
Description: Provides a complete forum solution in PunBB, a separately maintained and very lightweight GPL forum.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     6
Author: Dan Fuhry
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     7
Version: 0.1.12.15
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     8
Author URI: http://enanocms.org/
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
     9
*/
0
f9ffdbd96607 Initial population
Dan
parents:
diff changeset
    10
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    11
/*
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    12
 * PunBB Plugin for Enano CMS
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    13
 * Version 0.1.12.15
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    14
 * Copyright (C) 2006-2007 Dan Fuhry
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    15
 * Copyright (C) 2002-2007 Rickard Andersson
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    16
 *
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    17
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    18
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    19
 *
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    20
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    21
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    22
 */
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    23
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    24
$plugins->attachHook('base_classes_initted', '
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    25
    global $paths;
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    26
    
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    27
    $paths->add_page(Array(
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    28
      \'name\'=>\'Forum\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    29
      \'urlname\'=>\'Forum\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    30
      \'namespace\'=>\'Special\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    31
      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    32
    ));
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    33
    
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    34
  ');
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    35
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    36
$plugins->attachHook('session_started', '
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    37
    $pid = RenderMan::strToPageId($paths->get_pageid_from_url());
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    38
4
eb9ed4c366d0 Various bugfixes, mostly with URL generation (maintenance commit, may not be in a working state)
Dan
parents: 3
diff changeset
    39
    if ( getConfig("punbb_installed") == "yes" && getConfig("punbb_version") == PUNANO_VERSION && preg_match("#^Forum(/.*)?$#", $pid[0]) && $pid[1] == "Special" )
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    40
    {
4
eb9ed4c366d0 Various bugfixes, mostly with URL generation (maintenance commit, may not be in a working state)
Dan
parents: 3
diff changeset
    41
      require( ENANO_ROOT . "/punbb/include/common.php" );
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    42
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    43
    ');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    44
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    45
define('PUNANO_VERSION', '0.1.12.15');
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    46
define('PUNBB_VERSION',  '1.2.15');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    47
define('PUN_ROOT', ENANO_ROOT . '/punbb/');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    48
define('PUN', '');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    49
define('PUN_DISABLE_BUFFERING', '');
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    50
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    51
function page_Special_Forum()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    52
{
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    53
  global $db, $session, $paths, $template, $plugins; // Common objects
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    54
  if ( getConfig('punbb_installed') != 'yes' )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    55
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    56
    punano_installer();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    57
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    58
  else if ( getConfig('punbb_version') != PUNANO_VERSION )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    59
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    60
    punano_upgrade();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    61
  }
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    62
  else if ( preg_match('/^admin_/i', $paths->getParam(0)) )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    63
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    64
    punano_admin_console();
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
    65
  }
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    66
  else
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    67
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    68
    punano_main();
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    69
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    70
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    71
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    72
function punano_installer()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    73
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    74
  global $db, $session, $paths, $template, $plugins; // Common objects
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    75
  // First check our permissions
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    76
  if ( $session->user_level < USER_LEVEL_ADMIN )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    77
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    78
    die_friendly('Punano initialization error', '<p>The Punano plugin doesn\'t have its database schema installed yet, and your user account doesn\'t have permission to install it. Please ask the administrator of this site to set up Punano.</p>');
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    79
  }
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    80
  else if ( $session->auth_level < USER_LEVEL_ADMIN )
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    81
  {
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    82
    $url = makeUrlNS('Special', 'Login/' . $paths->page, 'level=' . USER_LEVEL_ADMIN, true);
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    83
    redirect($url, 'Permission denied', 'You need to have an active high-privilege session to set up Punano.', 4);
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    84
  }
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    85
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    86
  $template->header();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    87
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
    88
  // Permissions are good
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    89
  if ( isset($_POST['do_install']) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    90
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    91
    $result = _punano_perform_install();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    92
    if ( $result )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    93
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    94
      echo '<p>PunBB installation has succeeded.</p>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    95
      echo '<p><b><a href="' . makeUrlNS('Special', 'Forum') . '">Take me to my forum!</a></b></p>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    96
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    97
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    98
  else
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
    99
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   100
    $url = makeUrlNS('Special', 'Forum');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   101
    ?>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   102
    <form action="<?php echo $url; ?>" method="post">
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   103
      <p><b>Before Punano can be used, you need to install the database.</b></p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   104
      <p>This process will create several new tables in your database, and then fill them in with a default configuration for PunBB.
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   105
         You should only continue if you have CREATE TABLE and CREATE INDEX privileges on your database.</p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   106
      <p><input type="submit" style="font-weight: bold;" name="do_install" value="Install PunBB" /></p>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   107
    </form>
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   108
    <?php
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   109
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   110
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   111
  $template->footer();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   112
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   113
}
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   114
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   115
function _punano_perform_install()
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   116
{
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   117
  global $db, $session, $paths, $template, $plugins; // Common objects
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   118
  $db_prefix = table_prefix . 'pun_';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   119
  $admin_email = getConfig('contact_email');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   120
  $pun_version = PUNBB_VERSION;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   121
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   122
  $schema = file_get_contents( ENANO_ROOT . '/punbb/schema.sql' );
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   123
  if ( empty($schema) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   124
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   125
    echo 'ERROR: cannot load schema file!';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   126
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   127
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   128
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   129
  $replace = array(
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   130
      '{{TABLE_PREFIX}}' => $db_prefix,
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   131
      '{{ENANO_ADMIN_EMAIL}}' => $admin_email,
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   132
      '{{PUN_VERSION}}' => $pun_version
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   133
    );
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   134
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   135
  $schema = strtr($schema, $replace);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   136
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   137
  // Build an array of queries (from Enano's install.php)
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   138
  $schema = explode("\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   139
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   140
  foreach ( $schema as $i => $sql )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   141
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   142
    $query =& $schema[$i];
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   143
    $t = trim($query);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   144
    if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   145
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   146
      unset($schema[$i]);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   147
      unset($query);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   148
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   149
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   150
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   151
  $schema = array_values($schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   152
  $schema = implode("\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   153
  $schema = explode(";\n", $schema);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   154
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   155
  foreach ( $schema as $i => $sql )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   156
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   157
    $query =& $schema[$i];
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   158
    if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   159
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   160
      $query .= ';';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   161
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   162
    if ( !$db->check_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   163
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   164
      echo 'ERROR: Query safety check failed.<pre>' . $query . '</pre>';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   165
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   166
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   167
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   168
  foreach ( $schema as $query )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   169
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   170
    if ( !$db->sql_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   171
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   172
      echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   173
      return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   174
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   175
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   176
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   177
  // Insert users
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   178
  $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 1;');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   179
  if ( !$q )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   180
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   181
    echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   182
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   183
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   184
  $uid_list = array();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   185
  while ( $row = $db->fetchrow_num() )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   186
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   187
    $uid_list[] = $row[0];
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   188
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   189
  $query = 'INSERT INTO '.table_prefix.'pun_users(id) VALUES(' . implode('),(', $uid_list) . ');';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   190
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   191
  if ( !$db->sql_query($query) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   192
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   193
    echo $db->get_error();
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   194
    return false;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   195
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   196
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   197
  setConfig('punbb_installed', 'yes');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   198
  setConfig('punbb_version', PUNANO_VERSION);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   199
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   200
  return true;
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   201
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   202
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   203
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   204
function punano_upgrade()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   205
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   206
  global $db, $session, $paths, $template, $plugins; // Common objects
4
eb9ed4c366d0 Various bugfixes, mostly with URL generation (maintenance commit, may not be in a working state)
Dan
parents: 3
diff changeset
   207
  die('Punano upgrade was requested but this isn\'t implemented yet.');
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   208
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   209
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   210
function punano_main()
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   211
{
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   212
  global $db, $session, $paths, $template, $plugins; // Common objects
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   213
  
2
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   214
  // At this point, the PunBB API is already loaded
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   215
  // So we'll include one of the Pun frontend files
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   216
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   217
  $valid = array('delete', 'edit', 'extern', 'help', 'index', 'misc', 'moderate', 'post', 'profile', 'search', 'userlist', 'viewforum', 'viewtopic');
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   218
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   219
  $file = 'index';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   220
  if ( $x = $paths->getParam(0) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   221
  {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   222
    $x = preg_replace('/\.php$/', '', $x);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   223
    if ( in_array(strtolower($x), $valid) )
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   224
    {
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   225
      $file = strtolower($x);
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   226
    }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   227
  }
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   228
  
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   229
  // Don't worry. This is sanitized.
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   230
  require PUN_ROOT . $file . '.php';
a8a21e1c7afa Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents: 1
diff changeset
   231
  
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   232
}
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   233
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   234
function punano_admin_console()
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   235
{
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   236
  global $db, $session, $paths, $template, $plugins; // Common objects
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   237
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   238
  $valid = array('categories', 'censoring', 'forums', 'groups', 'index', 'loader', 'maintenance', 'options', 'permissions', 'prune', 'ranks', 'reports', 'users');
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   239
  $mod = array('bans', 'censoring', 'index', 'loader', 'reports', 'users');
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   240
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   241
  $file = 'index';
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   242
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   243
  if ( $x = $paths->getParam(0) )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   244
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   245
    $x = preg_replace('/\.php$/', '', $x);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   246
    $x = preg_replace('/^admin_/i', '', $x);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   247
    if ( in_array(strtolower($x), $valid) )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   248
    {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   249
      $file = strtolower($x);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   250
    }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   251
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   252
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   253
  if ( in_array($file, $mod) )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   254
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   255
    $need_level = USER_LEVEL_MOD;
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   256
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   257
  else
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   258
  {
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   259
    $need_level = USER_LEVEL_ADMIN;
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   260
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   261
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   262
  if ( $session->auth_level < $need_level )
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   263
  {
4
eb9ed4c366d0 Various bugfixes, mostly with URL generation (maintenance commit, may not be in a working state)
Dan
parents: 3
diff changeset
   264
    $need_level = ( $session->user_level > $need_level ) ? $session->user_level : $need_level;
3
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   265
    redirect( makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $need_level, false), 'Permission denied', 'You need to have permission level ' . $session->userlevel_to_string($need_level) . ' to use the PunBB administration console.', 2);
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   266
  }
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   267
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   268
  // Don't worry. This is sanitized.
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   269
  require PUN_ROOT . 'admin_' . $file . '.php';
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   270
  
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   271
}
c0c445d4a13e Got some basic security in there, admin panel works now, and most admin panel forms work (used regex mass search + replace)
Dan
parents: 2
diff changeset
   272
1
8f6143115bf5 Nothing exciting, just syncing with Scribus...
Dan
parents: 0
diff changeset
   273
?>