/**
  * The actual output creation.
  *
  * @param   $format   string        output format being rendered
  * @param   $renderer Doku_Renderer reference to the current renderer object
  * @param   $data     array         data created by handler()
  * @return  boolean                 rendered correctly?
  */
 public function render($format, &$renderer, $data)
 {
     global $lang, $INFO, $ACT, $QUERY;
     if ($format == 'xhtml') {
         list($options, , ) = $data;
         // don't print the search form if search action has been disabled
         if (!actionOK('search')) {
             return true;
         }
         $flt = $options['filter'];
         $flt = "dataflt[" . $flt . "*~]";
         $ns = $INFO['namespace'];
         /** based on tpl_datasearchform() 	*/
         $renderer->doc .= '<div class="datasearchform__form">' . "\n";
         $renderer->doc .= '<form action="' . wl() . '" accept-charset="utf-8" class="search" id="datasearchform__search" method="get" role="search"><div class="no">' . "\n";
         $renderer->doc .= '<input type="hidden" name="id" value="' . $ns . ':datatable" />' . "\n";
         $renderer->doc .= '<input type="text" ';
         if ($ACT == 'search') {
             $renderer->doc .= 'value="' . htmlspecialchars($QUERY) . '" ';
         }
         $renderer->doc .= 'name="' . $flt . '" class="edit datasearchform__qsearch_in" />' . "\n";
         $renderer->doc .= '<input type="submit" value="' . $lang['btn_search'] . '" class="button" title="' . $lang['btn_search'] . '" />' . "\n";
         $renderer->doc .= '<div class="ajax_qsearch JSpopup datasearchform__qsearch_out"></div>' . "\n";
         $renderer->doc .= '</div></form>' . "\n";
         $renderer->doc .= '</div>' . "\n";
         return true;
     }
     return false;
 }
Beispiel #2
0
 function handle_login_form(&$event, $param)
 {
     global $auth;
     global $conf;
     global $lang;
     global $ID;
     if ($conf['authtype'] == 'authplaincas') {
         if ($this->getConf('logourl') != '') {
             $caslogo = '<img src="' . $this->getConf('logourl') . '" alt="" style="vertical-align: middle;" /> ';
         } else {
             $caslogo = '';
         }
         //var_dump($event->data->_content);
         $event->data->_content = array();
         // remove the login form
         $event->data->insertElement(0, '<fieldset><legend>' . $this->getConf('name') . '</legend>');
         $event->data->insertElement(1, '<p style="text-align: center;">' . $caslogo . '<a href="' . $this->_selfdo('caslogin') . '">Login</a></p>');
         $event->data->insertElement(2, '</fieldset>');
         //instead of removing, one could implement a local login here...
         // if ($this->getConf('jshidelocal')) {
         // $event->data->insertElement(3,'<p id="normalLoginToggle" style="display: none; text-align: center;"><a href="#" onClick="javascript:document.getElementById(\'normalLogin\').style.display = \'block\'; document.getElementById(\'normalLoginToggle\').style.display = \'none\'; return false;">Show '.$this->getConf('localname').'</a></p><p style="text-align: center;">Only use this if you cannot use the '.$this->getConf('name').' above.</p>');
         // $event->data->replaceElement(4,'<fieldset id="normalLogin" style="display: block;"><legend>'.$this->getConf('localname').'</legend><script type="text/javascript">document.getElementById(\'normalLoginToggle\').style.display = \'block\'; document.getElementById(\'normalLogin\').style.display = \'none\';</script>');
         // } else {
         // $event->data->replaceElement(3,'<fieldset><legend>'.$this->getConf('localname').'</legend>');
         // }
         $insertElement = 3;
         if ($auth && $auth->canDo('modPass') && actionOK('resendpwd')) {
             $event->data->insertElement($insertElement, '<p>' . $lang['pwdforget'] . ': <a href="' . wl($ID, 'do=resendpwd') . '" rel="nofollow" class="wikilink1">' . $lang['btn_resendpwd'] . '</a></p>');
         }
     }
 }
/**
 * Prints the actions links
 *
 * @author Michael Klier <*****@*****.**>
 */
function tpl_actions()
{
    $actions = array('admin', 'edit', 'history', 'recent', 'backlink', 'subscribe', 'subscribens', 'index', 'login', 'profile');
    print '<div class="sidebar_box">' . DOKU_LF;
    print '  <ul>' . DOKU_LF;
    foreach ($actions as $action) {
        if (!actionOK($action)) {
            continue;
        }
        // start output buffering
        if ($action == 'edit') {
            // check if new page button plugin is available
            if (!plugin_isdisabled('npd') && ($npd =& plugin_load('helper', 'npd'))) {
                $npb = $npd->html_new_page_button(true);
                if ($npb) {
                    print '    <li><div class="li">';
                    print $npb;
                    print '</div></li>' . DOKU_LF;
                }
            }
        }
        ob_start();
        print '     <li><div class="li">';
        if (tpl_actionlink($action)) {
            print '</div></li>' . DOKU_LF;
            ob_end_flush();
        } else {
            ob_end_clean();
        }
    }
    print '  </ul>' . DOKU_LF;
    print '</div>' . DOKU_LF;
}
/**
 * Print the search form
 *
 * If the first parameter is given a div with the ID 'qsearch_out' will
 * be added which instructs the ajax pagequicksearch to kick in and place
 * its output into this div. The second parameter controls the propritary
 * attribute autocomplete. If set to false this attribute will be set with an
 * value of "off" to instruct the browser to disable it's own built in
 * autocompletion feature (MSIE and Firefox)
 *
 * @author Andreas Gohr <*****@*****.**>
 * @param bool $ajax
 * @param bool $autocomplete
 * @return bool
 */
function _tpl_searchform($ajax = true, $autocomplete = true)
{
    global $lang;
    global $ACT;
    global $QUERY;
    // don't print the search form if search action has been disabled
    if (!actionOK('search')) {
        return false;
    }
    print '<form action="' . wl() . '" accept-charset="utf-8" class="navbar-form navbar-right" id="dw__search" method="get" role="search">';
    print '<input type="hidden" name="do" value="search" />';
    print '<div class="form-group">';
    print '<input type="text" ';
    if ($ACT == 'search') {
        print 'value="' . htmlspecialchars($QUERY) . '" ';
    }
    print ' autocomplete="off" ';
    print 'id="qsearch__in" accesskey="f" name="id" class="form-control col-lg-3" title="[F]" placeholder="' . $lang['btn_search'] . '" /> ';
    print '</div>';
    if ($ajax) {
        print '<div id="qsearch__out" class="ajax_qsearch"></div>';
    }
    print '</form>';
    return true;
}
Beispiel #5
0
function is_action_enabled($type)
{
    $ctype = $type;
    if ($type == 'history') {
        $ctype = 'revisions';
    }
    return actionOK($ctype);
}
/**
 * Create link/button to register page
 * DW versions > 2011-02-20 can use the core function tpl_action('register')
 *
 * @author Anika Henke <*****@*****.**>
 */
function _tpl_register($link=0,$wrapper=0) {
    global $conf;
    global $lang;
    global $ID;
    $lang_register = !empty($lang['btn_register']) ? $lang['btn_register'] : $lang['register'];

    if ($_SERVER['REMOTE_USER'] || !$conf['useacl'] || !actionOK('register')) return;

    if ($wrapper) echo "<$wrapper>";

    if ($link)
        tpl_link(wl($ID,'do=register'),$lang_register,'class="action register" rel="nofollow"');
    else
        echo html_btn('register',$ID,'',array('do'=>'register'),'get',0,$lang_register);

    if ($wrapper) echo "</$wrapper>";
}
Beispiel #7
0
 public function handle_action_act_preprocess(Doku_Event &$event, $param)
 {
     global $ID, $INFO, $REV, $RANGE, $TEXT, $PRE, $SUF;
     // check if the action was given as array key
     if (is_array($event->data)) {
         list($act) = array_keys($event->data);
     } else {
         $act = $event->data;
     }
     if ($act == 'save' && $_REQUEST['saveandedit'] && actionOK($act)) {
         if (act_permcheck($act) == 'save' && checkSecurityToken()) {
             $event->data = act_save($act);
             if ($event->data == 'show') {
                 $event->data = 'edit';
                 $REV = '';
                 // now we are working on the current revision
                 // Handle section edits
                 if ($PRE || $SUF) {
                     // $from and $to are 1-based indexes of the actually edited content
                     $from = strlen($PRE) + 1;
                     $to = $from + strlen($TEXT);
                     $RANGE = $from . '-' . $to;
                 }
                 // Ensure the current text is loaded again from the file
                 unset($GLOBALS['TEXT'], $GLOBALS['PRE'], $GLOBALS['SUF']);
                 // Reset the date of the last modification to avoid conflict messages
                 unset($GLOBALS['DATE']);
                 // Reset the change check
                 unset($_REQUEST['changecheck']);
                 // Force rendering of the metadata in order to ensure metadata is correct
                 p_set_metadata($ID, array(), true);
                 $INFO = pageinfo();
                 // reset pageinfo to new data (e.g. if the page exists)
             } elseif ($event->data == 'conflict') {
                 // DokuWiki won't accept 'conflict' as action here.
                 // Just execute save again, the conflict will be detected again
                 $event->data = 'save';
             }
         }
     }
 }
Beispiel #8
0
/**
 * Sanitize the action command
 *
 * Add all allowed commands here.
 *
 * @author Andreas Gohr <*****@*****.**>
 */
function act_clean($act)
{
    global $lang;
    global $conf;
    // check if the action was given as array key
    if (is_array($act)) {
        list($act) = array_keys($act);
    }
    //remove all bad chars
    $act = strtolower($act);
    $act = preg_replace('/[^1-9a-z_]+/', '', $act);
    if ($act == 'export_html') {
        $act = 'export_xhtml';
    }
    if ($act == 'export_htmlbody') {
        $act = 'export_xhtmlbody';
    }
    // check if action is disabled
    if (!actionOK($act)) {
        msg('Command disabled: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    //disable all acl related commands if ACL is disabled
    if (!$conf['useacl'] && in_array($act, array('login', 'logout', 'register', 'admin', 'subscribe', 'unsubscribe', 'profile', 'revert', 'resendpwd', 'subscribens', 'unsubscribens'))) {
        msg('Command unavailable: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    if (!in_array($act, array('login', 'logout', 'register', 'save', 'cancel', 'edit', 'draft', 'preview', 'search', 'show', 'check', 'index', 'revisions', 'diff', 'recent', 'backlink', 'admin', 'subscribe', 'revert', 'unsubscribe', 'profile', 'resendpwd', 'recover', 'wordblock', 'draftdel', 'subscribens', 'unsubscribens')) && substr($act, 0, 7) != 'export_') {
        msg('Command unknown: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    return $act;
}
/**
 * This displays the edit form (lots of logic included)
 *
 * @fixme    this is a huge lump of code and should be modularized
 * @triggers HTML_PAGE_FROMTEMPLATE
 * @triggers HTML_EDITFORM_INJECTION
 * @author   Andreas Gohr <*****@*****.**>
 */
function html_edit($text = null, $include = 'edit')
{
    //FIXME: include needed?
    global $ID;
    global $REV;
    global $DATE;
    global $RANGE;
    global $PRE;
    global $SUF;
    global $INFO;
    global $SUM;
    global $lang;
    global $conf;
    global $license;
    //set summary default
    if (!$SUM) {
        if ($REV) {
            $SUM = $lang['restored'];
        } elseif (!$INFO['exists']) {
            $SUM = $lang['created'];
        }
    }
    //no text? Load it!
    if (!isset($text)) {
        $pr = false;
        //no preview mode
        if ($INFO['exists']) {
            if ($RANGE) {
                list($PRE, $text, $SUF) = rawWikiSlices($RANGE, $ID, $REV);
            } else {
                $text = rawWiki($ID, $REV);
            }
            $check = md5($text);
            $mod = false;
        } else {
            //try to load a pagetemplate
            $data = array($ID);
            $text = trigger_event('HTML_PAGE_FROMTEMPLATE', $data, 'pageTemplate', true);
            $check = md5('');
            $mod = $text !== '';
        }
    } else {
        $pr = true;
        //preview mode
        if (isset($_REQUEST['changecheck'])) {
            $check = $_REQUEST['changecheck'];
            $mod = md5($text) !== $check;
        } else {
            // Why? Assume default text is unmodified.
            $check = md5($text);
            $mod = false;
        }
    }
    $wr = $INFO['writable'] && !$INFO['locked'];
    if ($wr) {
        if ($REV) {
            print p_locale_xhtml('editrev');
        }
        print p_locale_xhtml($include);
    } else {
        // check pseudo action 'source'
        if (!actionOK('source')) {
            msg('Command disabled: source', -1);
            return;
        }
        print p_locale_xhtml('read');
    }
    if (!$DATE) {
        $DATE = $INFO['lastmod'];
    }
    ?>
  <div style="width:99%;">

   <div class="toolbar">
      <div id="draft__status"><?php 
    if (!empty($INFO['draft'])) {
        echo $lang['draftdate'] . ' ' . strftime($conf['dformat']);
    }
    ?>
</div>
      <div id="tool__bar"><?php 
    if ($wr) {
        ?>
<a href="<?php 
        echo DOKU_BASE;
        ?>
lib/exe/mediamanager.php?ns=<?php 
        echo $INFO['namespace'];
        ?>
"
      target="_blank"><?php 
        echo $lang['mediaselect'];
        ?>
</a><?php 
    }
    ?>
</div>

      <?php 
    if ($wr) {
        ?>
      <script type="text/javascript" charset="utf-8"><!--//--><![CDATA[//><!--
        <?php 
        /* sets changed to true when previewed */
        ?>
        textChanged = <?php 
        $mod ? print 'true' : (print 'false');
        ?>
;
      //--><!]]></script>
      <span id="spell__action"></span>
      <div id="spell__suggest"></div>
      <?php 
    }
    ?>
   </div>
   <div id="spell__result"></div>
<?php 
    $form = new Doku_Form('dw__editform');
    $form->addHidden('id', $ID);
    $form->addHidden('rev', $REV);
    $form->addHidden('date', $DATE);
    $form->addHidden('prefix', $PRE);
    $form->addHidden('suffix', $SUF);
    $form->addHidden('changecheck', $check);
    $attr = array('tabindex' => '1');
    if (!$wr) {
        $attr['readonly'] = 'readonly';
    }
    $form->addElement(form_makeWikiText($text, $attr));
    $form->addElement(form_makeOpenTag('div', array('id' => 'wiki__editbar')));
    $form->addElement(form_makeOpenTag('div', array('id' => 'size__ctl')));
    $form->addElement(form_makeCloseTag('div'));
    if ($wr) {
        $form->addElement(form_makeOpenTag('div', array('class' => 'editButtons')));
        $form->addElement(form_makeButton('submit', 'save', $lang['btn_save'], array('id' => 'edbtn__save', 'accesskey' => 's', 'tabindex' => '4')));
        $form->addElement(form_makeButton('submit', 'preview', $lang['btn_preview'], array('id' => 'edbtn__preview', 'accesskey' => 'p', 'tabindex' => '5')));
        $form->addElement(form_makeButton('submit', 'draftdel', $lang['btn_cancel'], array('tabindex' => '6')));
        $form->addElement(form_makeCloseTag('div'));
        $form->addElement(form_makeOpenTag('div', array('class' => 'summary')));
        $form->addElement(form_makeTextField('summary', $SUM, $lang['summary'], 'edit__summary', 'nowrap', array('size' => '50', 'tabindex' => '2')));
        $elem = html_minoredit();
        if ($elem) {
            $form->addElement($elem);
        }
        $form->addElement(form_makeCloseTag('div'));
    }
    $form->addElement(form_makeCloseTag('div'));
    if ($conf['license']) {
        $form->addElement(form_makeOpenTag('div', array('class' => 'license')));
        $out = $lang['licenseok'];
        $out .= '<a href="' . $license[$conf['license']]['url'] . '" rel="license" class="urlextern"';
        if ($conf['target']['external']) {
            $out .= ' target="' . $conf['target']['external'] . '"';
        }
        $out .= '> ' . $license[$conf['license']]['name'] . '</a>';
        $form->addElement($out);
        $form->addElement(form_makeCloseTag('div'));
    }
    html_form('edit', $form);
    print '</div>' . NL;
}
/**
 * Print the search form in Bootstrap Style
 *
 * If the first parameter is given a div with the ID 'qsearch_out' will
 * be added which instructs the ajax pagequicksearch to kick in and place
 * its output into this div. The second parameter controls the propritary
 * attribute autocomplete. If set to false this attribute will be set with an
 * value of "off" to instruct the browser to disable it's own built in
 * autocompletion feature (MSIE and Firefox)
 *
 * @author Andreas Gohr <*****@*****.**>
 * @author Giuseppe Di Terlizzi <*****@*****.**>
 * @param bool $ajax
 * @param bool $autocomplete
 * @return bool
 */
function bootstrap_searchform($ajax = true, $autocomplete = true)
{
    global $lang;
    global $ACT;
    global $QUERY;
    // don't print the search form if search action has been disabled
    if (!actionOK('search')) {
        return false;
    }
    print '<form action="' . wl() . '" accept-charset="utf-8" class="form-inline search" id="dw__search" method="get" role="search"><div class="no">';
    print '<input type="hidden" name="do" value="search" />';
    print '<input type="text" ';
    if ($ACT == 'search') {
        print 'value="' . htmlspecialchars($QUERY) . '" ';
    }
    if (!$autocomplete) {
        print 'autocomplete="off" ';
    }
    print 'id="qsearch__in" type="search" placeholder="' . $lang['btn_search'] . '" accesskey="f" name="id" class="edit form-control" title="[F]" />';
    print '<button type="submit" class="btn btn-default" title="' . $lang['btn_search'] . '"><i class="glyphicon glyphicon-search"></i></button>';
    if ($ajax) {
        print '<div id="qsearch__out" class="panel panel-default ajax_qsearch JSpopup"></div>';
    }
    print '</div></form>';
    return true;
}
Beispiel #11
0
        if (empty($lang["btn_unsubscribe"])) {
            if (actionOK("subscribe")) {
                //check if action is disabled
                $_vector_tabs_right["ca-watch"]["href"] = wl(cleanID(getId()), array("do" => "subscribe"), false, "&");
                $_vector_tabs_right["ca-watch"]["text"] = $lang["btn_subscribe"];
                //language comes from DokuWiki core
            }
            //2009-12-25 "Lemming" and older ones. See the following for information:
            //<http://www.freelists.org/post/dokuwiki/Question-about-tpl-buttonsubscribe>
        } else {
            if (empty($INFO["subscribed"]) && actionOK("subscribe")) {
                //check if action is disabled
                $_vector_tabs_right["ca-watch"]["href"] = wl(cleanID(getId()), array("do" => "subscribe"), false, "&");
                $_vector_tabs_right["ca-watch"]["text"] = $lang["btn_subscribe"];
                //language comes from DokuWiki core
            } elseif (actionOK("unsubscribe")) {
                //check if action is disabled
                $_vector_tabs_right["ca-watch"]["href"] = wl(cleanID(getId()), array("do" => "unsubscribe"), false, "&");
                $_vector_tabs_right["ca-watch"]["text"] = $lang["btn_unsubscribe"];
                //language comes from DokuWiki core
            }
        }
    }
}
/******************************************************************************
 ********************************  ATTENTION  *********************************
         DO NOT MODIFY THIS FILE, IT WILL NOT BE PRESERVED ON UPDATES!
 ******************************************************************************
  If you want to add some own tabs, have a look at the README of this template
  and "/user/tabs.php". You have been warned!
 *****************************************************************************/
Beispiel #12
0
/**
 * Send a  new password
 *
 * This function handles both phases of the password reset:
 *
 *   - handling the first request of password reset
 *   - validating the password reset auth token
 *
 * @author Benoit Chesneau <*****@*****.**>
 * @author Chris Smith <*****@*****.**>
 * @author Andreas Gohr <*****@*****.**>
 *
 * @return bool true on success, false on any error
 */
function act_resendpwd()
{
    global $lang;
    global $conf;
    /* @var auth_basic $auth */
    global $auth;
    /* @var Input $INPUT */
    global $INPUT;
    if (!actionOK('resendpwd')) {
        msg($lang['resendna'], -1);
        return false;
    }
    $token = preg_replace('/[^a-f0-9]+/', '', $INPUT->str('pwauth'));
    if ($token) {
        // we're in token phase - get user info from token
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        if (!@file_exists($tfile)) {
            msg($lang['resendpwdbadauth'], -1);
            $INPUT->remove('pwauth');
            return false;
        }
        // token is only valid for 3 days
        if (time() - filemtime($tfile) > 3 * 60 * 60 * 24) {
            msg($lang['resendpwdbadauth'], -1);
            $INPUT->remove('pwauth');
            @unlink($tfile);
            return false;
        }
        $user = io_readfile($tfile);
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        if (!$conf['autopasswd']) {
            // we let the user choose a password
            $pass = $INPUT->str('pass');
            // password given correctly?
            if (!$pass) {
                return false;
            }
            if ($pass != $INPUT->str('passchk')) {
                msg($lang['regbadpass'], -1);
                return false;
            }
            // change it
            if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                msg('error modifying user data', -1);
                return false;
            }
        } else {
            // autogenerate the password and send by mail
            $pass = auth_pwgen();
            if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                msg('error modifying user data', -1);
                return false;
            }
            if (auth_sendPassword($user, $pass)) {
                msg($lang['resendpwdsuccess'], 1);
            } else {
                msg($lang['regmailfail'], -1);
            }
        }
        @unlink($tfile);
        return true;
    } else {
        // we're in request phase
        if (!$INPUT->post->bool('save')) {
            return false;
        }
        if (!$INPUT->post->str('login')) {
            msg($lang['resendpwdmissing'], -1);
            return false;
        } else {
            $user = trim($auth->cleanUser($INPUT->post->str('login')));
        }
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        // generate auth token
        $token = md5(auth_cookiesalt() . $user);
        //secret but user based
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        $url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');
        io_saveFile($tfile, $user);
        $text = rawLocale('pwconfirm');
        $trep = array('FULLNAME' => $userinfo['name'], 'LOGIN' => $user, 'CONFIRM' => $url);
        $mail = new Mailer();
        $mail->to($userinfo['name'] . ' <' . $userinfo['mail'] . '>');
        $mail->subject($lang['regpwmail']);
        $mail->setBody($text, $trep);
        if ($mail->send()) {
            msg($lang['resendpwdconfirm'], 1);
        } else {
            msg($lang['regmailfail'], -1);
        }
        return true;
    }
    // never reached
}
Beispiel #13
0
 /**
  * Sends a notify mail on new comment
  *
  * @param  array  $comment  data array of the new comment
  * @param  array  $subscribers data of the subscribers
  *
  * @author Andreas Gohr <*****@*****.**>
  * @author Esther Brunner <*****@*****.**>
  */
 function _notify($comment, &$subscribers)
 {
     global $conf;
     global $ID;
     $notify_text = io_readfile($this->localfn('subscribermail'));
     $confirm_text = io_readfile($this->localfn('confirmsubscribe'));
     $subject_notify = '[' . $conf['title'] . '] ' . $this->getLang('mail_newcomment');
     $subject_subscribe = '[' . $conf['title'] . '] ' . $this->getLang('subscribe');
     $mailer = new Mailer();
     if (empty($_SERVER['REMOTE_USER'])) {
         $mailer->from($conf['mailfromnobody']);
     }
     $replace = array('PAGE' => $ID, 'TITLE' => $conf['title'], 'DATE' => dformat($comment['date']['created'], $conf['dformat']), 'NAME' => $comment['user']['name'], 'TEXT' => $comment['raw'], 'COMMENTURL' => wl($ID, '', true) . '#comment_' . $comment['cid'], 'UNSUBSCRIBE' => wl($ID, 'do=subscribe', true, '&'), 'DOKUWIKIURL' => DOKU_URL);
     $confirm_replace = array('PAGE' => $ID, 'TITLE' => $conf['title'], 'DOKUWIKIURL' => DOKU_URL);
     $mailer->subject($subject_notify);
     $mailer->setBody($notify_text, $replace);
     // send mail to notify address
     if ($conf['notify']) {
         $mailer->bcc($conf['notify']);
         $mailer->send();
     }
     // notify page subscribers
     if (actionOK('subscribe')) {
         $data = array('id' => $ID, 'addresslist' => '', 'self' => false);
         if (class_exists('Subscription')) {
             /* Introduced in DokuWiki 2013-05-10 */
             trigger_event('COMMON_NOTIFY_ADDRESSLIST', $data, array(new Subscription(), 'notifyaddresses'));
         } else {
             /* Old, deprecated default handler */
             trigger_event('COMMON_NOTIFY_ADDRESSLIST', $data, 'subscription_addresslist');
         }
         $to = $data['addresslist'];
         if (!empty($to)) {
             $mailer->bcc($to);
             $mailer->send();
         }
     }
     // notify comment subscribers
     if (!empty($subscribers)) {
         foreach ($subscribers as $mail => $data) {
             $mailer->bcc($mail);
             if ($data['active']) {
                 $replace['UNSUBSCRIBE'] = wl($ID, 'do=discussion_unsubscribe&hash=' . $data['hash'], true, '&');
                 $mailer->subject($subject_notify);
                 $mailer->setBody($notify_text, $replace);
                 $mailer->send();
             } elseif (!$data['active'] && !$data['confirmsent']) {
                 $confirm_replace['SUBSCRIBE'] = wl($ID, 'do=discussion_confirmsubscribe&hash=' . $data['hash'], true, '&');
                 $mailer->subject($subject_subscribe);
                 $mailer->setBody($confirm_text, $confirm_replace);
                 $mailer->send();
                 $subscribers[$mail]['confirmsent'] = true;
             }
         }
     }
 }
Beispiel #14
0
/**
 * Sends a notify mail on page change or registration
 *
 * @param string     $id       The changed page
 * @param string     $who      Who to notify (admin|subscribers|register)
 * @param int|string $rev Old page revision
 * @param string     $summary  What changed
 * @param boolean    $minor    Is this a minor edit?
 * @param string[]   $replace  Additional string substitutions, @KEY@ to be replaced by value
 * @return bool
 *
 * @author Andreas Gohr <*****@*****.**>
 */
function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array())
{
    global $conf;
    /* @var Input $INPUT */
    global $INPUT;
    // decide if there is something to do, eg. whom to mail
    if ($who == 'admin') {
        if (empty($conf['notify'])) {
            return false;
        }
        //notify enabled?
        $tpl = 'mailtext';
        $to = $conf['notify'];
    } elseif ($who == 'subscribers') {
        if (!actionOK('subscribe')) {
            return false;
        }
        //subscribers enabled?
        if ($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) {
            return false;
        }
        //skip minors
        $data = array('id' => $id, 'addresslist' => '', 'self' => false, 'replacements' => $replace);
        trigger_event('COMMON_NOTIFY_ADDRESSLIST', $data, array(new Subscription(), 'notifyaddresses'));
        $to = $data['addresslist'];
        if (empty($to)) {
            return false;
        }
        $tpl = 'subscr_single';
    } else {
        return false;
        //just to be safe
    }
    // prepare content
    $subscription = new Subscription();
    return $subscription->send_diff($to, $tpl, $id, $rev, $summary);
}
Beispiel #15
0
/**
 * This displays the edit form (lots of logic included)
 *
 * @fixme    this is a huge lump of code and should be modularized
 * @triggers HTML_PAGE_FROMTEMPLATE
 * @author   Andreas Gohr <*****@*****.**>
 */
function html_edit($text = null, $include = 'edit')
{
    //FIXME: include needed?
    global $ID;
    global $REV;
    global $DATE;
    global $RANGE;
    global $PRE;
    global $SUF;
    global $INFO;
    global $SUM;
    global $lang;
    global $conf;
    //set summary default
    if (!$SUM) {
        if ($REV) {
            $SUM = $lang['restored'];
        } elseif (!$INFO['exists']) {
            $SUM = $lang['created'];
        }
    }
    //no text? Load it!
    if (!isset($text)) {
        $pr = false;
        //no preview mode
        if ($INFO['exists']) {
            if ($RANGE) {
                list($PRE, $text, $SUF) = rawWikiSlices($RANGE, $ID, $REV);
            } else {
                $text = rawWiki($ID, $REV);
            }
        } else {
            //try to load a pagetemplate
            $data = array($ID);
            $text = trigger_event('HTML_PAGE_FROMTEMPLATE', $data, 'pageTemplate', true);
        }
    } else {
        $pr = true;
        //preview mode
    }
    $wr = $INFO['writable'];
    if ($wr) {
        if ($REV) {
            print p_locale_xhtml('editrev');
        }
        print p_locale_xhtml($include);
        $ro = false;
    } else {
        // check pseudo action 'source'
        if (!actionOK('source')) {
            msg('Command disabled: source', -1);
            return;
        }
        print p_locale_xhtml('read');
        $ro = 'readonly="readonly"';
    }
    if (!$DATE) {
        $DATE = $INFO['lastmod'];
    }
    ?>
  <div style="width:99%;">

   <div class="toolbar">
      <div id="draft__status"><?php 
    if (!empty($INFO['draft'])) {
        echo $lang['draftdate'] . ' ' . date($conf['dformat']);
    }
    ?>
</div>
      <div id="tool__bar"><?php 
    if (!$ro) {
        ?>
<a href="<?php 
        echo DOKU_BASE;
        ?>
lib/exe/mediamanager.php?ns=<?php 
        echo $INFO['namespace'];
        ?>
"
      target="_blank"><?php 
        echo $lang['mediaselect'];
        ?>
</a><?php 
    }
    ?>
</div>

      <?php 
    if ($wr) {
        ?>
      <script type="text/javascript" charset="utf-8">
        <?php 
        /* sets changed to true when previewed */
        ?>
        textChanged = <?php 
        $pr ? print 'true' : (print 'false');
        ?>
;
      </script>
      <span id="spell__action"></span>
      <div id="spell__suggest"></div>
      <?php 
    }
    ?>
   </div>
   <div id="spell__result"></div>


   <form id="dw__editform" method="post" action="<?php 
    echo script();
    ?>
" accept-charset="<?php 
    echo $lang['encoding'];
    ?>
"><div class="no">
      <input type="hidden" name="id"   value="<?php 
    echo $ID;
    ?>
" />
      <input type="hidden" name="rev"  value="<?php 
    echo $REV;
    ?>
" />
      <input type="hidden" name="date" value="<?php 
    echo $DATE;
    ?>
" />
      <input type="hidden" name="prefix" value="<?php 
    echo formText($PRE);
    ?>
" />
      <input type="hidden" name="suffix" value="<?php 
    echo formText($SUF);
    ?>
" />
    </div>

    <textarea name="wikitext" id="wiki__text" <?php 
    echo $ro;
    ?>
 cols="80" rows="10" class="edit" tabindex="1"><?php 
    echo "\n" . formText($text);
    ?>
</textarea>

    <div id="wiki__editbar">
      <div id="size__ctl"></div>
      <?php 
    if ($wr) {
        ?>
         <div class="editButtons">
            <input class="button" id="edbtn__save" type="submit" name="do[save]" value="<?php 
        echo $lang['btn_save'];
        ?>
" accesskey="s" title="<?php 
        echo $lang['btn_save'];
        ?>
 [ALT+S]" tabindex="4" />
            <input class="button" id="edbtn__preview" type="submit" name="do[preview]" value="<?php 
        echo $lang['btn_preview'];
        ?>
" accesskey="p" title="<?php 
        echo $lang['btn_preview'];
        ?>
 [ALT+P]" tabindex="5" />
            <input class="button" type="submit" name="do[draftdel]" value="<?php 
        echo $lang['btn_cancel'];
        ?>
" tabindex="6" />
         </div>
      <?php 
    }
    ?>
      <?php 
    if ($wr) {
        ?>
        <div class="summary">
           <label for="edit__summary" class="nowrap"><?php 
        echo $lang['summary'];
        ?>
:</label>
           <input type="text" class="edit" name="summary" id="edit__summary" size="50" value="<?php 
        echo formText($SUM);
        ?>
" tabindex="2" />
           <?php 
        html_minoredit();
        ?>
        </div>
      <?php 
    }
    ?>
    </div>
  </form>
  </div>
<?php 
}
 function test_wikiconfig_prevents()
 {
     global $ACT, $INPUT, $conf, $auth;
     $ACT = 'profile_delete';
     $conf['profileconfirm'] = false;
     $_SERVER['REMOTE_USER'] = '******';
     $input = array('do' => $ACT, 'sectok' => getSecurityToken(), 'delete' => '1', 'confirm_delete' => '1');
     $_POST = $input;
     $_REQUEST = $input;
     $INPUT = new Input();
     $auth = new Mock_Auth_Plugin();
     $conf['disableactions'] = 'profile_delete';
     $this->assertFalse(actionOK('profile_delete'));
     $this->assertTrue($auth->canDo('delUser'));
     $this->assertFalse(auth_deleteprofile());
 }
 /**
  * process the user and update the $uinfo array
  *
  * @param $uinfo
  * @param $servicename
  *
  * @return bool
  */
 protected function processUser(&$uinfo, $servicename)
 {
     $uinfo['user'] = $this->cleanUser((string) $uinfo['user']);
     if (!$uinfo['name']) {
         $uinfo['name'] = $uinfo['user'];
     }
     if (!$uinfo['user'] || !$uinfo['mail']) {
         msg("{$servicename} did not provide the needed user info. Can't log you in", -1);
         return false;
     }
     // see if the user is known already
     $user = $this->getUserByEmail($uinfo['mail']);
     if ($user) {
         $sinfo = $this->getUserData($user);
         // check if the user allowed access via this service
         if (!in_array($this->cleanGroup($servicename), $sinfo['grps'])) {
             msg(sprintf($this->getLang('authnotenabled'), $servicename), -1);
             return false;
         }
         $uinfo['user'] = $user;
         $uinfo['name'] = $sinfo['name'];
         $uinfo['grps'] = array_merge((array) $uinfo['grps'], $sinfo['grps']);
     } elseif (actionOK('register')) {
         $ok = $this->addUser($uinfo, $servicename);
         if (!$ok) {
             msg('something went wrong creating your user account. please try again later.', -1);
             return false;
         }
     } else {
         msg($this->getLang('addUser not possible'), -1);
         return false;
     }
     return true;
 }
Beispiel #18
0
/**
 * Sanitize and validate action commands.
 *
 * Add all allowed commands here.
 *
 * @author Andreas Gohr <*****@*****.**>
 */
function act_validate($act)
{
    global $conf;
    global $INFO;
    $act = act_clean($act);
    // check if action is disabled
    if (!actionOK($act)) {
        msg('Command disabled: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    //disable all acl related commands if ACL is disabled
    if (!$conf['useacl'] && in_array($act, array('login', 'logout', 'register', 'admin', 'subscribe', 'unsubscribe', 'profile', 'revert', 'resendpwd'))) {
        msg('Command unavailable: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    //is there really a draft?
    if ($act == 'draft' && !file_exists($INFO['draft'])) {
        return 'edit';
    }
    if (!in_array($act, array('login', 'logout', 'register', 'save', 'cancel', 'edit', 'draft', 'preview', 'search', 'show', 'check', 'index', 'revisions', 'diff', 'recent', 'backlink', 'admin', 'subscribe', 'revert', 'unsubscribe', 'profile', 'resendpwd', 'recover', 'draftdel', 'sitemap', 'media')) && substr($act, 0, 7) != 'export_') {
        msg('Command unknown: ' . htmlspecialchars($act), -1);
        return 'show';
    }
    return $act;
}
/**
 * Print a dropdown menu with all DokuWiki actions
 *
 * Note: this will not use any pretty URLs
 *
 * @author Andreas Gohr <*****@*****.**>
 */
function tpl_actiondropdown($empty = '', $button = '&gt;')
{
    global $ID;
    global $INFO;
    global $REV;
    global $ACT;
    global $conf;
    global $lang;
    global $auth;
    echo '<form method="post" accept-charset="utf-8">';
    #FIXME action
    echo '<input type="hidden" name="id" value="' . $ID . '" />';
    if ($REV) {
        echo '<input type="hidden" name="rev" value="' . $REV . '" />';
    }
    echo '<input type="hidden" name="sectok" value="' . getSecurityToken() . '" />';
    echo '<select name="do" id="action__selector" class="edit">';
    echo '<option value="">' . $empty . '</option>';
    echo '<optgroup label=" &mdash; ">';
    // 'edit' - most complicated type, we need to decide on current action
    if ($ACT == 'show' || $ACT == 'search') {
        if ($INFO['writable']) {
            if (!empty($INFO['draft'])) {
                echo '<option value="edit">' . $lang['btn_draft'] . '</option>';
            } else {
                if ($INFO['exists']) {
                    echo '<option value="edit">' . $lang['btn_edit'] . '</option>';
                } else {
                    echo '<option value="edit">' . $lang['btn_create'] . '</option>';
                }
            }
        } else {
            if (actionOK('source')) {
                //pseudo action
                echo '<option value="edit">' . $lang['btn_source'] . '</option>';
            }
        }
    } else {
        echo '<option value="show">' . $lang['btn_show'] . '</option>';
    }
    echo '<option value="revisions">' . $lang['btn_revs'] . '</option>';
    echo '<option value="backlink">' . $lang['btn_backlink'] . '</option>';
    echo '</optgroup>';
    echo '<optgroup label=" &mdash; ">';
    echo '<option value="recent">' . $lang['btn_recent'] . '</option>';
    echo '<option value="index">' . $lang['btn_index'] . '</option>';
    echo '</optgroup>';
    echo '<optgroup label=" &mdash; ">';
    if ($conf['useacl'] && $auth) {
        if ($_SERVER['REMOTE_USER']) {
            echo '<option value="logout">' . $lang['btn_logout'] . '</option>';
        } else {
            echo '<option value="login">' . $lang['btn_login'] . '</option>';
        }
    }
    if ($conf['useacl'] && $auth && $_SERVER['REMOTE_USER'] && $auth->canDo('Profile') && $ACT != 'profile') {
        echo '<option value="profile">' . $lang['btn_profile'] . '</option>';
    }
    if ($conf['useacl'] && $auth && $ACT == 'show' && $conf['subscribers'] == 1) {
        if ($_SERVER['REMOTE_USER']) {
            if ($INFO['subscribed']) {
                echo '<option value="unsubscribe">' . $lang['btn_unsubscribe'] . '</option>';
            } else {
                echo '<option value="subscribe">' . $lang['btn_subscribe'] . '</option>';
            }
        }
    }
    if ($conf['useacl'] && $auth && $ACT == 'show' && $conf['subscribers'] == 1) {
        if ($_SERVER['REMOTE_USER']) {
            if ($INFO['subscribedns']) {
                echo '<option value="unsubscribens">' . $lang['btn_unsubscribens'] . '</option>';
            } else {
                echo '<option value="subscribens">' . $lang['btn_subscribens'] . '</option>';
            }
        }
    }
    if ($INFO['ismanager']) {
        echo '<option value="admin">' . $lang['btn_admin'] . '</option>';
    }
    echo '</optgroup>';
    echo '</select>';
    echo '<input type="submit" value="' . $button . '" id="action__selectorbtn" />';
    echo '</form>';
}
/**
 * Like the action buttons but links
 *
 * Available links are
 *
 *  edit    - edit/create/show link
 *  history - old revisions
 *  recent  - recent changes
 *  login   - login/logout link - if ACL enabled
 *  profile - user profile link (if logged in)
 *  index   - The index
 *  admin   - admin page - if enough rights
 *  top     - a back to top link
 *  back    - a back to parent link - if available
 *  backlink - links to the list of backlinks
 *  subscribe/subscription - subscribe/unsubscribe link
 *
 * @author Andreas Gohr <*****@*****.**>
 * @author Matthias Grimm <*****@*****.**>
 * @see    tpl_button
 */
function tpl_actionlink($type, $pre = '', $suf = '', $inner = '')
{
    global $ID;
    global $INFO;
    global $REV;
    global $ACT;
    global $conf;
    global $lang;
    global $auth;
    // check disabled actions and fix the badly named ones
    $ctype = $type;
    if ($type == 'history') {
        $ctype = 'revisions';
    }
    if (!actionOK($ctype)) {
        return false;
    }
    switch ($type) {
        case 'edit':
            #most complicated type - we need to decide on current action
            if ($ACT == 'show' || $ACT == 'search') {
                if ($INFO['writable']) {
                    if (!empty($INFO['draft'])) {
                        tpl_link(wl($ID, 'do=draft'), $pre . ($inner ? $inner : $lang['btn_draft']) . $suf, 'class="action edit" accesskey="e" rel="nofollow"');
                    } else {
                        if ($INFO['exists']) {
                            tpl_link(wl($ID, 'do=edit&amp;rev=' . $REV), $pre . ($inner ? $inner : $lang['btn_edit']) . $suf, 'class="action edit" accesskey="e" rel="nofollow"');
                        } else {
                            tpl_link(wl($ID, 'do=edit&amp;rev=' . $REV), $pre . ($inner ? $inner : $lang['btn_create']) . $suf, 'class="action create" accesskey="e" rel="nofollow"');
                        }
                    }
                } else {
                    if (!actionOK('source')) {
                        return false;
                    }
                    //pseudo action
                    tpl_link(wl($ID, 'do=edit&amp;rev=' . $REV), $pre . ($inner ? $inner : $lang['btn_source']) . $suf, 'class="action source" accesskey="v" rel="nofollow"');
                }
            } else {
                tpl_link(wl($ID, 'do=show'), $pre . ($inner ? $inner : $lang['btn_show']) . $suf, 'class="action show" accesskey="v" rel="nofollow"');
            }
            return true;
        case 'history':
            tpl_link(wl($ID, 'do=revisions'), $pre . ($inner ? $inner : $lang['btn_revs']) . $suf, 'class="action revisions" accesskey="o" rel="nofollow"');
            return true;
        case 'recent':
            tpl_link(wl('', 'do=recent'), $pre . ($inner ? $inner : $lang['btn_recent']) . $suf, 'class="action recent" accesskey="r" rel="nofollow"');
            return true;
        case 'index':
            tpl_link(wl($ID, 'do=index'), $pre . ($inner ? $inner : $lang['btn_index']) . $suf, 'class="action index" accesskey="x" rel="nofollow"');
            return true;
        case 'top':
            print '<a href="#dokuwiki__top" class="action top" accesskey="x">' . $pre . ($inner ? $inner : $lang['btn_top']) . $suf . '</a>';
            return true;
        case 'back':
            if ($parent = tpl_getparent($ID)) {
                tpl_link(wl($parent, 'do=show'), $pre . ($inner ? $inner : $lang['btn_back']) . $suf, 'class="action back" accesskey="b" rel="nofollow"');
                return true;
            }
            return false;
        case 'login':
            if ($conf['useacl'] && $auth) {
                if ($_SERVER['REMOTE_USER']) {
                    tpl_link(wl($ID, 'do=logout&amp;sectok=' . getSecurityToken()), $pre . ($inner ? $inner : $lang['btn_logout']) . $suf, 'class="action logout" rel="nofollow"');
                } else {
                    tpl_link(wl($ID, 'do=login&amp;sectok=' . getSecurityToken()), $pre . ($inner ? $inner : $lang['btn_login']) . $suf, 'class="action login" rel="nofollow"');
                }
                return true;
            }
            return false;
        case 'admin':
            if ($INFO['ismanager']) {
                tpl_link(wl($ID, 'do=admin'), $pre . ($inner ? $inner : $lang['btn_admin']) . $suf, 'class="action admin" rel="nofollow"');
                return true;
            }
            return false;
        case 'subscribe':
        case 'subscription':
            if ($conf['useacl'] && $auth && $ACT == 'show' && $conf['subscribers'] == 1) {
                if ($_SERVER['REMOTE_USER']) {
                    if ($INFO['subscribed']) {
                        tpl_link(wl($ID, 'do=unsubscribe'), $pre . ($inner ? $inner : $lang['btn_unsubscribe']) . $suf, 'class="action unsubscribe" rel="nofollow"');
                    } else {
                        tpl_link(wl($ID, 'do=subscribe'), $pre . ($inner ? $inner : $lang['btn_subscribe']) . $suf, 'class="action subscribe" rel="nofollow"');
                    }
                    return true;
                }
            }
            return false;
        case 'subscribens':
            if ($conf['useacl'] && $auth && $ACT == 'show' && $conf['subscribers'] == 1) {
                if ($_SERVER['REMOTE_USER']) {
                    if ($INFO['subscribedns']) {
                        tpl_link(wl($ID, 'do=unsubscribens'), $pre . ($inner ? $inner : $lang['btn_unsubscribens']) . $suf, 'class="action unsubscribens" rel="nofollow"');
                    } else {
                        tpl_link(wl($ID, 'do=subscribens'), $pre . ($inner ? $inner : $lang['btn_subscribens']) . $suf, 'class="action subscribens" rel="nofollow"');
                    }
                    return true;
                }
            }
            return false;
        case 'backlink':
            tpl_link(wl($ID, 'do=backlink'), $pre . ($inner ? $inner : $lang['btn_backlink']) . $suf, 'class="action backlink" rel="nofollow"');
            return true;
        case 'profile':
            if ($conf['useacl'] && $auth && $_SERVER['REMOTE_USER'] && $auth->canDo('Profile') && $ACT != 'profile') {
                tpl_link(wl($ID, 'do=profile'), $pre . ($inner ? $inner : $lang['btn_profile']) . $suf, 'class="action profile" rel="nofollow"');
                return true;
            }
            return false;
        default:
            print '[unknown link type]';
            return true;
    }
}
Beispiel #21
0
 /**
  * Prints given sidebar box
  *
  * @author Michael Klier <*****@*****.**>
  */
 function _sidebar_dispatch($sb, $pos)
 {
     global $lang;
     global $conf;
     global $ID;
     global $REV;
     global $INFO;
     $svID = $ID;
     // save current ID
     $svREV = $REV;
     // save current REV
     $pname = $this->getConf('pagename');
     switch ($sb) {
         case 'main':
             $main_sb = $pname;
             if (@page_exists($main_sb)) {
                 if (auth_quickaclcheck($main_sb) >= AUTH_READ) {
                     $always = $this->getConf('main_always');
                     if ($always or !$always && !getNS($ID)) {
                         print '<div class="main_sidebar sidebar_box">' . DOKU_LF;
                         print $this->p_sidebar_xhtml($main_sb, $pos) . DOKU_LF;
                         print '</div>' . DOKU_LF;
                     }
                 }
             } else {
                 $out = $this->locale_xhtml('nosidebar');
                 $link = '<a href="' . wl($pname) . '" class="wikilink2">' . $pname . '</a>' . DOKU_LF;
                 print '<div class="main_sidebar sidebar_box">' . DOKU_LF;
                 print str_replace('LINK', $link, $out);
                 print '</div>' . DOKU_LF;
             }
             break;
         case 'namespace':
             $user_ns = $this->getConf('user_ns');
             $group_ns = $this->getConf('group_ns');
             if (!preg_match("/^" . $user_ns . ":.*?\$|^" . $group_ns . ":.*?\$/", $svID)) {
                 // skip group/user sidebars and current ID
                 $ns_sb = $this->_getNsSb($svID);
                 if ($ns_sb && auth_quickaclcheck($ns_sb) >= AUTH_READ) {
                     print '<div class="namespace_sidebar sidebar_box">' . DOKU_LF;
                     print $this->p_sidebar_xhtml($ns_sb, $pos) . DOKU_LF;
                     print '</div>' . DOKU_LF;
                 }
             }
             break;
         case 'user':
             $user_ns = $this->getConf('user_ns');
             if (isset($INFO['userinfo']['name'])) {
                 $user = $_SERVER['REMOTE_USER'];
                 $user_sb = $user_ns . ':' . $user . ':' . $pname;
                 if (@page_exists($user_sb)) {
                     $subst = array('pattern' => array('/@USER@/'), 'replace' => array($user));
                     print '<div class="user_sidebar sidebar_box">' . DOKU_LF;
                     print $this->p_sidebar_xhtml($user_sb, $pos, $subst) . DOKU_LF;
                     print '</div>';
                 }
                 // check for namespace sidebars in user namespace too
                 if (preg_match('/' . $user_ns . ':' . $user . ':.*/', $svID)) {
                     $ns_sb = $this->_getNsSb($svID);
                     if ($ns_sb && $ns_sb != $user_sb && auth_quickaclcheck($ns_sb) >= AUTH_READ) {
                         print '<div class="namespace_sidebar sidebar_box">' . DOKU_LF;
                         print $this->p_sidebar_xhtml($ns_sb, $pos) . DOKU_LF;
                         print '</div>' . DOKU_LF;
                     }
                 }
             }
             break;
         case 'group':
             $group_ns = $this->getConf('group_ns');
             if (isset($INFO['userinfo']['grps'])) {
                 foreach ($INFO['userinfo']['grps'] as $grp) {
                     $group_sb = $group_ns . ':' . $grp . ':' . $pname;
                     if (@page_exists($group_sb) && auth_quickaclcheck(cleanID($group_sb)) >= AUTH_READ) {
                         $subst = array('pattern' => array('/@GROUP@/'), 'replace' => array($grp));
                         print '<div class="group_sidebar sidebar_box">' . DOKU_LF;
                         print $this->p_sidebar_xhtml($group_sb, $pos, $subst) . DOKU_LF;
                         print '</div>' . DOKU_LF;
                     }
                 }
             } else {
                 $group_sb = $group_ns . ':all:' . $pname;
                 if (@page_exists($group_sb) && auth_quickaclcheck(cleanID($group_sb)) >= AUTH_READ) {
                     print '<div class="group_sidebar sidebar_box">' . DOKU_LF;
                     print $this->p_sidebar_xhtml($group_sb, $pos, $subst) . DOKU_LF;
                     print '</div>' . DOKU_LF;
                 }
             }
             break;
         case 'toolbox':
             $actions = array('admin', 'edit', 'history', 'recent', 'backlink', 'subscribe', 'subscribens', 'index', 'login', 'profile');
             print '<div class="toolbox_sidebar sidebar_box">' . DOKU_LF;
             print '  <ul>' . DOKU_LF;
             foreach ($actions as $action) {
                 if (!actionOK($action)) {
                     continue;
                 }
                 // start output buffering
                 if ($action == 'edit') {
                     // check if new page button plugin is available
                     if (!plugin_isdisabled('npd') && ($npd =& plugin_load('helper', 'npd'))) {
                         $npb = $npd->html_new_page_button(true);
                         if ($npb) {
                             print '    <li class="level1"><div class="li">';
                             print $npb;
                             print '</div></li>' . DOKU_LF;
                         }
                     }
                 }
                 ob_start();
                 print '   <li><div class="li">';
                 if (tpl_actionlink($action)) {
                     print '</div></li>' . DOKU_LF;
                     ob_end_flush();
                 } else {
                     ob_end_clean();
                 }
             }
             print '  </ul>' . DOKU_LF;
             print '</div>' . DOKU_LF;
             break;
         case 'trace':
             print '<div class="trace_sidebar sidebar_box">' . DOKU_LF;
             print '  <h1>' . $lang['breadcrumb'] . '</h1>' . DOKU_LF;
             print '  <div class="breadcrumbs">' . DOKU_LF;
             $conf['youarehere'] != 1 ? tpl_breadcrumbs() : tpl_youarehere();
             print '  </div>' . DOKU_LF;
             print '</div>' . DOKU_LF;
             break;
         case 'extra':
             print '<div class="extra_sidebar sidebar_box">' . DOKU_LF;
             @(include dirname(__FILE__) . '/sidebar.html');
             print '</div>' . DOKU_LF;
             break;
         default:
             // check for user defined sidebars
             if (@file_exists(DOKU_PLUGIN . 'sidebarng/sidebars/' . $sb . '/sidebar.php')) {
                 print '<div class="' . $sb . '_sidebar sidebar_box">' . DOKU_LF;
                 @(require_once DOKU_PLUGIN . 'sidebarng/sidebars/' . $sb . '/sidebar.php');
                 print '</div>' . DOKU_LF;
             }
             break;
     }
     // restore ID and REV
     $ID = $svID;
     $REV = $svREV;
 }
 /**
  * Check if subscription system is enabled
  *
  * @return bool
  */
 public function isenabled()
 {
     return actionOK('subscribe');
 }
Beispiel #23
0
/**
 * Send a  new password
 *
 * This function handles both phases of the password reset:
 *
 *   - handling the first request of password reset
 *   - validating the password reset auth token
 *
 * @author Benoit Chesneau <*****@*****.**>
 * @author Chris Smith <*****@*****.**>
 * @author Andreas Gohr <*****@*****.**>
 *
 * @return bool true on success, false on any error
 */
function act_resendpwd()
{
    global $lang;
    global $conf;
    global $auth;
    if (!actionOK('resendpwd')) {
        msg($lang['resendna'], -1);
        return false;
    }
    $token = preg_replace('/[^a-f0-9]+/', '', $_REQUEST['pwauth']);
    if ($token) {
        // we're in token phase - get user info from token
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        if (!@file_exists($tfile)) {
            msg($lang['resendpwdbadauth'], -1);
            unset($_REQUEST['pwauth']);
            return false;
        }
        // token is only valid for 3 days
        if (time() - filemtime($tfile) > 3 * 60 * 60 * 24) {
            msg($lang['resendpwdbadauth'], -1);
            unset($_REQUEST['pwauth']);
            @unlink($tfile);
            return false;
        }
        $user = io_readfile($tfile);
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        if (!$conf['autopasswd']) {
            // we let the user choose a password
            // password given correctly?
            if (!isset($_REQUEST['pass']) || $_REQUEST['pass'] == '') {
                return false;
            }
            if ($_REQUEST['pass'] != $_REQUEST['passchk']) {
                msg($lang['regbadpass'], -1);
                return false;
            }
            $pass = $_REQUEST['pass'];
            if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                msg('error modifying user data', -1);
                return false;
            }
        } else {
            // autogenerate the password and send by mail
            $pass = auth_pwgen();
            if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
                msg('error modifying user data', -1);
                return false;
            }
            if (auth_sendPassword($user, $pass)) {
                msg($lang['resendpwdsuccess'], 1);
            } else {
                msg($lang['regmailfail'], -1);
            }
        }
        @unlink($tfile);
        return true;
    } else {
        // we're in request phase
        if (!$_POST['save']) {
            return false;
        }
        if (empty($_POST['login'])) {
            msg($lang['resendpwdmissing'], -1);
            return false;
        } else {
            $user = trim($auth->cleanUser($_POST['login']));
        }
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        // generate auth token
        $token = md5(auth_cookiesalt() . $user);
        //secret but user based
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        $url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');
        io_saveFile($tfile, $user);
        $text = rawLocale('pwconfirm');
        $text = str_replace('@DOKUWIKIURL@', DOKU_URL, $text);
        $text = str_replace('@FULLNAME@', $userinfo['name'], $text);
        $text = str_replace('@LOGIN@', $user, $text);
        $text = str_replace('@TITLE@', $conf['title'], $text);
        $text = str_replace('@CONFIRM@', $url, $text);
        if (empty($conf['mailprefix'])) {
            $subject = $lang['regpwmail'];
        } else {
            $subject = '[' . $conf['mailprefix'] . '] ' . $lang['regpwmail'];
        }
        if (mail_send($userinfo['name'] . ' <' . $userinfo['mail'] . '>', $subject, $text, $conf['mailfrom'])) {
            msg($lang['resendpwdconfirm'], 1);
        } else {
            msg($lang['regmailfail'], -1);
        }
        return true;
    }
    return false;
    // never reached
}
Beispiel #24
0
/**
 * Check the actions and get data for buttons and links
 *
 * Available actions are
 *
 *  edit        - edit/create/show/draft
 *  history     - old revisions
 *  recent      - recent changes
 *  login       - login/logout - if ACL enabled
 *  profile     - user profile (if logged in)
 *  index       - The index
 *  admin       - admin page - if enough rights
 *  top         - back to top
 *  back        - back to parent - if available
 *  backlink    - links to the list of backlinks
 *  subscribe/subscription- subscribe/unsubscribe
 *
 * @author Andreas Gohr <*****@*****.**>
 * @author Matthias Grimm <*****@*****.**>
 * @author Adrian Lang <*****@*****.**>
 * @param string $type
 * @return array|bool|string
 */
function tpl_get_action($type)
{
    global $ID;
    global $INFO;
    global $REV;
    global $ACT;
    // check disabled actions and fix the badly named ones
    if ($type == 'history') {
        $type = 'revisions';
    }
    if (!actionOK($type)) {
        return false;
    }
    $accesskey = null;
    $id = $ID;
    $method = 'get';
    $params = array('do' => $type);
    switch ($type) {
        case 'edit':
            // most complicated type - we need to decide on current action
            if ($ACT == 'show' || $ACT == 'search') {
                $method = 'post';
                if ($INFO['writable']) {
                    $accesskey = 'e';
                    if (!empty($INFO['draft'])) {
                        $type = 'draft';
                        $params['do'] = 'draft';
                    } else {
                        $params['rev'] = $REV;
                        if (!$INFO['exists']) {
                            $type = 'create';
                        }
                    }
                } else {
                    if (!actionOK('source')) {
                        return false;
                    }
                    //pseudo action
                    $params['rev'] = $REV;
                    $type = 'source';
                    $accesskey = 'v';
                }
            } else {
                $params = array();
                $type = 'show';
                $accesskey = 'v';
            }
            break;
        case 'revisions':
            $type = 'revs';
            $accesskey = 'o';
            break;
        case 'recent':
            $accesskey = 'r';
            break;
        case 'index':
            $accesskey = 'x';
            break;
        case 'top':
            $accesskey = 't';
            $params = array();
            $id = '#dokuwiki__top';
            break;
        case 'back':
            $parent = tpl_getparent($ID);
            if (!$parent) {
                return false;
            }
            $id = $parent;
            $params = array();
            $accesskey = 'b';
            break;
        case 'login':
            $params['sectok'] = getSecurityToken();
            if (isset($_SERVER['REMOTE_USER'])) {
                if (!actionOK('logout')) {
                    return false;
                }
                $params['do'] = 'logout';
                $type = 'logout';
            }
            break;
        case 'register':
            if ($_SERVER['REMOTE_USER']) {
                return false;
            }
            break;
        case 'resendpwd':
            if ($_SERVER['REMOTE_USER']) {
                return false;
            }
            break;
        case 'admin':
            if (!$INFO['ismanager']) {
                return false;
            }
            break;
        case 'revert':
            if (!$INFO['ismanager'] || !$REV || !$INFO['writable']) {
                return false;
            }
            $params['rev'] = $REV;
            $params['sectok'] = getSecurityToken();
            break;
            /** @noinspection PhpMissingBreakStatementInspection */
        /** @noinspection PhpMissingBreakStatementInspection */
        case 'subscription':
            $type = 'subscribe';
            $params['do'] = 'subscribe';
        case 'subscribe':
            if (!$_SERVER['REMOTE_USER']) {
                return false;
            }
            break;
        case 'backlink':
            break;
        case 'profile':
            if (!isset($_SERVER['REMOTE_USER'])) {
                return false;
            }
            break;
        case 'media':
            break;
        default:
            return '[unknown %s type]';
            break;
    }
    return compact('accesskey', 'type', 'id', 'method', 'params');
}
/**
 * Dispatches the given sidebar type to return the right content
 *
 * @author Michael Klier <*****@*****.**>
 */
function tpl_sidebar_dispatch($sb, $pos)
{
    global $lang;
    global $conf;
    global $ID;
    global $REV;
    global $INFO;
    global $TOC;
    $svID = $ID;
    // save current ID
    $svREV = $REV;
    // save current REV
    $svTOC = $TOC;
    // save current TOC
    $pname = tpl_getConf('pagename');
    switch ($sb) {
        case 'main':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            $main_sb = $pname;
            if (@page_exists($main_sb) && auth_quickaclcheck($main_sb) >= AUTH_READ) {
                $always = tpl_getConf('main_sidebar_always');
                if ($always or !$always && !getNS($ID)) {
                    print '<div class="main_sidebar sidebar_box">' . DOKU_LF;
                    print p_sidebar_xhtml($main_sb, $pos) . DOKU_LF;
                    print '</div>' . DOKU_LF;
                }
            } elseif (!@page_exists($main_sb) && auth_quickaclcheck($main_sb) >= AUTH_CREATE) {
                if (@file_exists(DOKU_TPLINC . 'lang/' . $conf['lang'] . '/nonidebar.txt')) {
                    $out = p_render('xhtml', p_get_instructions(io_readFile(DOKU_TPLINC . 'lang/' . $conf['lang'] . '/nosidebar.txt')), $info);
                } else {
                    $out = p_render('xhtml', p_get_instructions(io_readFile(DOKU_TPLINC . 'lang/en/nosidebar.txt')), $info);
                }
                $link = '<a href="' . wl($pname) . '" class="wikilink2">' . $pname . '</a>' . DOKU_LF;
                print '<div class="main_sidebar sidebar_box">' . DOKU_LF;
                print str_replace('LINK', $link, $out);
                print '</div>' . DOKU_LF;
            }
            break;
        case 'namespace':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            $user_ns = tpl_getConf('user_sidebar_namespace');
            $group_ns = tpl_getConf('group_sidebar_namespace');
            if (!preg_match("/^" . $user_ns . ":.*?\$|^" . $group_ns . ":.*?\$/", $svID)) {
                // skip group/user sidebars and current ID
                $ns_sb = _getNsSb($svID);
                if ($ns_sb && auth_quickaclcheck($ns_sb) >= AUTH_READ) {
                    print '<div class="namespace_sidebar sidebar_box">' . DOKU_LF;
                    print p_sidebar_xhtml($ns_sb, $pos) . DOKU_LF;
                    print '</div>' . DOKU_LF;
                }
            }
            break;
        case 'user':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            $user_ns = tpl_getConf('user_sidebar_namespace');
            if (isset($INFO['userinfo']['name'])) {
                $user = $_SERVER['REMOTE_USER'];
                $user_sb = $user_ns . ':' . $user . ':' . $pname;
                if (@page_exists($user_sb)) {
                    $subst = array('pattern' => array('/@USER@/'), 'replace' => array($user));
                    print '<div class="user_sidebar sidebar_box">' . DOKU_LF;
                    print p_sidebar_xhtml($user_sb, $pos, $subst) . DOKU_LF;
                    print '</div>';
                }
                // check for namespace sidebars in user namespace too
                if (preg_match('/' . $user_ns . ':' . $user . ':.*/', $svID)) {
                    $ns_sb = _getNsSb($svID);
                    if ($ns_sb && $ns_sb != $user_sb && auth_quickaclcheck($ns_sb) >= AUTH_READ) {
                        print '<div class="namespace_sidebar sidebar_box">' . DOKU_LF;
                        print p_sidebar_xhtml($ns_sb, $pos) . DOKU_LF;
                        print '</div>' . DOKU_LF;
                    }
                }
            }
            break;
        case 'group':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            $group_ns = tpl_getConf('group_sidebar_namespace');
            if (isset($INFO['userinfo']['name'], $INFO['userinfo']['grps'])) {
                foreach ($INFO['userinfo']['grps'] as $grp) {
                    $group_sb = $group_ns . ':' . $grp . ':' . $pname;
                    if (@page_exists($group_sb) && auth_quickaclcheck(cleanID($group_sb)) >= AUTH_READ) {
                        $subst = array('pattern' => array('/@GROUP@/'), 'replace' => array($grp));
                        print '<div class="group_sidebar sidebar_box">' . DOKU_LF;
                        print p_sidebar_xhtml($group_sb, $pos, $subst) . DOKU_LF;
                        print '</div>' . DOKU_LF;
                    }
                }
            }
            break;
        case 'index':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            print '<div class="index_sidebar sidebar_box">' . DOKU_LF;
            print '  ' . p_index_xhtml($svID, $pos) . DOKU_LF;
            print '</div>' . DOKU_LF;
            break;
        case 'toc':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            if (auth_quickaclcheck($svID) >= AUTH_READ) {
                $toc = tpl_toc(true);
                // replace ids to keep XHTML compliance
                if (!empty($toc)) {
                    $toc = preg_replace('/id="(.*?)"/', 'id="sb__' . $pos . '__\\1"', $toc);
                    print '<div class="toc_sidebar sidebar_box">' . DOKU_LF;
                    print $toc;
                    print '</div>' . DOKU_LF;
                }
            }
            break;
        case 'toolbox':
            if (tpl_getConf('hideactions') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                print '<div class="toolbox_sidebar sidebar_box">' . DOKU_LF;
                print '  <div class="level1">' . DOKU_LF;
                print '    <ul>' . DOKU_LF;
                print '      <li><div class="li">';
                tpl_actionlink('login');
                print '      </div></li>' . DOKU_LF;
                print '    </ul>' . DOKU_LF;
                print '  </div>' . DOKU_LF;
                print '</div>' . DOKU_LF;
            } else {
                $actions = array('admin', 'revert', 'edit', 'history', 'recent', 'backlink', 'subscription', 'index', 'login', 'profile', 'top');
                print '<div class="toolbox_sidebar sidebar_box">' . DOKU_LF;
                print '  <div class="level1">' . DOKU_LF;
                print '    <ul>' . DOKU_LF;
                foreach ($actions as $action) {
                    if (!actionOK($action)) {
                        continue;
                    }
                    // start output buffering
                    if ($action == 'edit') {
                        // check if new page button plugin is available
                        if (!plugin_isdisabled('npd') && ($npd =& plugin_load('helper', 'npd'))) {
                            $npb = $npd->html_new_page_button(true);
                            if ($npb) {
                                print '    <li><div class="li">';
                                print $npb;
                                print '</div></li>' . DOKU_LF;
                            }
                        }
                    }
                    ob_start();
                    print '     <li><div class="li">';
                    if (tpl_actionlink($action)) {
                        print '</div></li>' . DOKU_LF;
                        ob_end_flush();
                    } else {
                        ob_end_clean();
                    }
                }
                print '    </ul>' . DOKU_LF;
                print '  </div>' . DOKU_LF;
                print '</div>' . DOKU_LF;
            }
            break;
        case 'trace':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            print '<div class="trace_sidebar sidebar_box">' . DOKU_LF;
            print '  <h1>' . $lang['breadcrumb'] . '</h1>' . DOKU_LF;
            print '  <div class="breadcrumbs">' . DOKU_LF;
            $conf['youarehere'] != 1 ? tpl_breadcrumbs() : tpl_youarehere();
            print '  </div>' . DOKU_LF;
            print '</div>' . DOKU_LF;
            break;
        case 'extra':
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            print '<div class="extra_sidebar sidebar_box">' . DOKU_LF;
            @(include dirname(__FILE__) . '/' . $pos . '_sidebar.html');
            print '</div>' . DOKU_LF;
            break;
        default:
            if (tpl_getConf('closedwiki') && !isset($_SERVER['REMOTE_USER'])) {
                return;
            }
            // check for user defined sidebars
            if (@file_exists(DOKU_TPLINC . 'sidebars/' . $sb . '/sidebar.php')) {
                print '<div class="' . $sb . '_sidebar sidebar_box">' . DOKU_LF;
                @(require_once DOKU_TPLINC . 'sidebars/' . $sb . '/sidebar.php');
                print '</div>' . DOKU_LF;
            }
            break;
    }
    // restore ID, REV and TOC
    $ID = $svID;
    $REV = $svREV;
    $TOC = $svTOC;
}
Beispiel #26
0
    /**
     * function _print
     * @author  Myron Turner
     */
    function _print()
    {
        global $INFO;
        global $lang;
        global $ckgedit_lang;
        global $ID;
        global $REV;
        global $DATE;
        global $PRE;
        global $SUF;
        global $SUM;
        $wr = $INFO['writable'];
        if ($wr) {
            if ($REV) {
                print p_locale_xhtml('editrev');
            }
            $ro = false;
        } else {
            // check pseudo action 'source'
            if (!actionOK('source')) {
                msg('Command disabled: source', -1);
                return false;
            }
            print p_locale_xhtml('read');
            $ro = 'readonly="readonly"';
        }
        if (!$DATE) {
            $DATE = $INFO['lastmod'];
        }
        $guest_toolbar = $this->getConf('guest_toolbar');
        $guest_media = $this->getConf('guest_media');
        if (!isset($INFO['userinfo']) && !$guest_toolbar) {
            $toolbar = "DokuwikiNoGuest";
        } else {
            if (!isset($INFO['userinfo']) && !$guest_media) {
                $toolbar = "DokuwikiGuest";
            } else {
                $toolbar = 'Dokuwiki';
            }
        }
        $height = isset($_COOKIE['ckgEdht']) && $_COOKIE['ckgEdht'] ? $_COOKIE['ckgEdht'] : 250;
        $doku_url = rtrim(DOKU_URL, '/');
        $ckeditor_replace = <<<CKEDITOR_REPLACE

\t\t   ckgeditCKInstance = CKEDITOR.replace('wiki__text',
\t\t       { 
                  toolbar: '{$toolbar}' ,    
                  height: {$height},
                  filebrowserImageBrowseUrl :  '{$doku_url}/lib/plugins/ckgedit/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector={$doku_url}/lib/plugins/ckgedit/fckeditor/editor/filemanager/connectors/php/connector.php',
                  filebrowserBrowseUrl: '{$doku_url}/lib/plugins/ckgedit/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector={$doku_url}/lib/plugins/ckgedit/fckeditor/editor/filemanager/connectors/php/connector.php',                                
               }
\t\t   );
           FCKeditor_OnComplete(ckgeditCKInstance);
           
               
CKEDITOR_REPLACE;
        echo $this->helper->registerOnLoad($ckeditor_replace);
        global $skip_styling;
        ?>

 
   <form id="dw__editform" method="post" action="<?php 
        echo script();
        ?>
"  accept-charset="<?php 
        echo $lang['encoding'];
        ?>
">
    <div class="no">
      <input type="hidden" name="id"   value="<?php 
        echo $ID;
        ?>
" />
      <input type="hidden" name="rev"  value="<?php 
        echo $REV;
        ?>
" />
      <input type="hidden" name="date" value="<?php 
        echo $DATE;
        ?>
" />
      <input type="hidden" name="prefix" value="<?php 
        echo formText($PRE);
        ?>
" />
      <input type="hidden" name="suffix" value="<?php 
        echo formText($SUF);
        ?>
" />
      <input type="hidden" id="ckgedit_mode_type"  name="mode" value="" />
      <input type="hidden" id="fck_preview_mode"  name="fck_preview_mode" value="nil" />
      <input type="hidden" id="fck_wikitext"    name="fck_wikitext" value="__false__" />     
       <input type="hidden" id="styling"  name="styling" value="styles" />
      <?php 
        if (function_exists('formSecurityToken')) {
            formSecurityToken();
        }
        ?>
    </div>

    <textarea name="wikitext" id="wiki__text" <?php 
        echo $ro;
        ?>
 cols="80" rows="10" class="edit" tabindex="1"><?php 
        echo "\n" . $this->xhtml;
        ?>
</textarea>
    
<?php 
        $temp = array();
        trigger_event('HTML_EDITFORM_INJECTION', $temp);
        $DW_EDIT_disabled = '';
        $guest_perm = auth_quickaclcheck($_REQUEST['id']);
        $guest_group = false;
        $guest_user = false;
        if (isset($INFO['userinfo']) && isset($INFO['userinfo']['grps'])) {
            $user_groups = $INFO['userinfo']['grps'];
            if (is_array($user_groups) && $user_groups) {
                foreach ($user_groups as $group) {
                    if (strcasecmp('guest', $group) == 0) {
                        $guest_group = true;
                        break;
                    }
                }
            }
            if ($INFO['client'] == 'guest') {
                $guest_user = true;
            }
        }
        if (($guest_user || $guest_group) && $guest_perm <= 2) {
            $DW_EDIT_disabled = 'disabled';
        }
        $DW_EDIT_hide = $this->dw_edit_displayed();
        $is_ckgeditChrome = false;
        if (stripos($_SERVER['HTTP_USER_AGENT'], 'Chrome') !== false) {
            preg_match("/Chrome\\/(\\d+)/", $_SERVER['HTTP_USER_AGENT'], $cmatch);
            if ((int) $cmatch[1] < 26) {
                $is_ckgeditChrome = true;
            }
        }
        ?>

    <div id="wiki__editbar">
      <div id="size__ctl" style="display: none"></div>
      <?php 
        if ($wr) {
            ?>
         <div class="editButtons">
            <input type="checkbox" name="ckgedit" value="ckgedit" checked="checked" style="display: none"/>
             <input class="button" type="button" id = "save_button"
                   name="do[save]"
                   value="<?php 
            echo $lang['btn_save'];
            ?>
" 
                   title="<?php 
            echo $lang['btn_save'];
            ?>
 "   
                   <?php 
            echo $DW_EDIT_disabled;
            ?>
                   
                  /> 

            <input class="button" id="ebtn__delete" type="submit" 
                   <?php 
            echo $DW_EDIT_disabled;
            ?>
                   name="do[delete]" value="<?php 
            echo $lang['btn_delete'];
            ?>
"
                   title="<?php 
            echo $this->getLang('title_dw_delete');
            ?>
"
                   style = "font-size: 100%;"
            />

            
             <?php 
            if (!$is_ckgeditChrome) {
                ?>
 
             <input class="button"  id = "ebtn__dwedit"
                 <?php 
                echo $DW_EDIT_disabled;
                ?>
                 
                 <?php 
                echo $DW_EDIT_hide;
                ?>
                 style = "font-size: 100%;"            
                 type="submit" 
                 name="do[save]" 
                 value="<?php 
                echo $this->getLang('btn_dw_edit');
                ?>
"  
                 title="<?php 
                echo $this->getLang('title_dw_edit');
                ?>
"
                  />
             <?php 
            }
            global $INFO;
            $disabled = 'Disabled';
            $inline = $this->test ? 'inline' : 'none';
            $chrome_dwedit_link = '<a href="' . wl($INFO['id'], array('do' => 'show')) . '" ' . 'onclick="draft_delete();setDWEditCookie(2);"class="action edit" rel="nofollow" title="DW Edit"><span>DW Edit</span></a>';
            $backup_btn = $this->getLang('dw_btn_backup') ? $this->getLang('dw_btn_backup') : $this->getLang('dw_btn_refresh');
            $backup_title = $this->getLang('title_dw_backup') ? $this->getLang('title_dw_backup') : $this->getLang('title_dw_refresh');
            $using_scayt = $this->getConf('scayt') == 'on';
            ?>
            <input class="button" type="submit" 
                 name="do[draftdel]" 
                 id = "ebut_cancel"
                 value="<?php 
            echo $lang['btn_cancel'];
            ?>
"                  
                 style = "font-size: 100%;"
                 title = "<?php 
            echo $this->getLang('title_dw_cancel');
            ?>
"
             />

           <!-- aspell button removed, not supported -->

            <input class="button" type="button" value = "Test"
                   title="Test"  
                   style = 'display:<?php 
            echo $inline;
            ?>
;'
                   onmousedown="parse_wikitext('test');"
                  /> 

 <?php 
            if ($this->draft_found) {
                ?>
             <input class="button"       
                 style = "background-color: yellow"
                 id="ckgedit_draft_btn" 
                 type="button" value="<?php 
                echo $this->getLang('btn_draft');
                ?>
"  
                 title="<?php 
                echo $this->getLang('title_draft');
                ?>
"
                  />
 <?php 
            } else {
                ?>

  
             <input class="button" type="button" 
                   id = "backup_button"
                   value="<?php 
                echo $backup_btn;
                ?>
"
                   title="<?php 
                echo $backup_title;
                ?>
"  
                   
                  />
 
             <input class="button" type="button"
                   id = "revert_to_prev_btn"
                   value="<?php 
                echo $this->getLang('dw_btn_revert');
                ?>
"  
                   title="<?php 
                echo $this->getLang('title_dw_revert');
                ?>
"  
                   
                  />
     <?php 
                if (!$skip_styling) {
                    ?>
              
              <input class="button" type="submit"
                   name ="do[edit]" 
                   id = "no_styling_btn"                   
                   style = "font-size: 100%;"                   
                   value="<?php 
                    echo $this->getLang('dw_btn_styling');
                    ?>
"  
                   title="<?php 
                    echo $this->getLang('title_styling');
                    ?>
"  
                  />
    <?php 
                }
                ?>
                  
             &nbsp;&nbsp;&nbsp;

<?php 
                if ($is_ckgeditChrome) {
                    echo $chrome_dwedit_link;
                }
                ?>
 <br />

 <?php 
            }
            ?>

 <?php 
            if ($this->debug) {
                ?>
         <input class="button" type="button" value = "Debug"
                   title="Debug"                     
                   onclick="HTMLParser_debug();"
                  /> 

            <br />
 <?php 
            }
            ?>

   <div id = "backup_msg" class="backup_msg" style=" display:none;">
     <table><tr><td class = "backup_msg_td">
      <div id="backup_msg_area" class="backup_msg_area"></div>
     <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
     <td align="right">
      <a href="javascript:hide_backup_msg();void(0);" class="backup_msg_close">[ close ]</a>&nbsp;&nbsp;&nbsp;
     </table>
     
 </div>


     <label class="nowrap" for="complex_tables" >     
        <input type="checkbox" name="complex_tables" value="complex_tables"  id = "complex_tables" 
                     /><span id='complex_tables_label'> <?php 
            echo $this->getLang('complex_tables');
            ?>
</span></label> 
      &nbsp;&nbsp;<label class="nowrap" for="editor_height"><?php 
            echo $this->getLang('editor_height');
            ?>
</label> 
        <input type="text" size= "4" name="editor_height" title = "<?php 
            echo $this->getLang('editor_height_title');
            ?>
" value="<?php 
            echo $height;
            ?>
"  id = "editor_height"  onchange="setEdHeight(this.value);" />  px    

      <input style="display:none;" class="button" id="edbtn__save" type="submit" name="do[save]" 
                      value="<?php 
            echo $lang['btn_save'];
            ?>
" 
                      onmouseup="draft_delete();"
                      <?php 
            echo $DW_EDIT_disabled;
            ?>
                      title="<?php 
            echo $lang['btn_save'];
            ?>
 "  />

            <!-- Not used by ckgedit but required to prevent null error when DW adds events -->
            <input type="button" id='edbtn__preview' style="display: none"/>


 <div id='saved_wiki_html' style = 'display:none;' ></div>
 <div id='ckgedit_draft_html' style = 'display:none;' >
 <?php 
            echo $this->draft_text;
            ?>
 </div>

         </div>
      <?php 
        }
        ?>

        <?php 
        if ($wr) {
            ?>
            <div class="summary">
                <label for="edit__summary" class="nowrap"><?php 
            echo $lang['summary'];
            ?>
:</label>
                <input type="text" class="edit" name="summary" id="edit__summary" size="50" value="<?php 
            echo formText($SUM);
            ?>
" tabindex="2" />
                <label class="nowrap" for="minoredit"><input type="checkbox" id="minoredit" name="minor" value="1" tabindex="3" /> <span><?php 
            echo $this->getLang('minor_changes');
            ?>
</span></label>
            </div>
        <?php 
        }
        ?>
    </div>
   </form>

        <!-- draft messages from DW -->
        <div id="draft__status"></div>
  <script type="text/javascript">
//<![CDATA[
        <?php 
        echo 'var backup_empty = "' . $this->getLang('backup_empty') . '";';
        ?>
        /* aspell_window removed, not supported */
        if(window.unsetDokuWikiLockTimer) window.unsetDokuWikiLockTimer();  

   
  function getComplexTables() {   
     return  document.getElementById('complex_tables').checked;
  }

    <?php 
        global $useComplexTables;
        if ($useComplexTables) {
            ?>
               
        document.getElementById('complex_tables').click();            
    <?php 
        }
        ?>
  
    <?php 
        if ($this->getConf('complex_tables')) {
            ?>
         document.getElementById('complex_tables').disabled = true;
    <?php 
        }
        ?>
  

<?php 
        if (preg_match("/MISIE|Trident/", $_SERVER['HTTP_USER_AGENT'])) {
            echo "var isIE = true;";
        } else {
            echo "var isIE = false;";
        }
        echo "var doku_base = '" . DOKU_BASE . "'";
        ?>
  
          
   var ckgedit_draft_btn = "<?php 
        echo $this->getLang('btn_exit_draft');
        ?>
";
   var ckgedit_draft_btn_title = "<?php 
        echo $this->getLang('title_exit_draft');
        ?>
";
   function ckgedit_get_draft() {
      var dom = GetE('ckgedit_draft_html');
      var draft = dom.innerHTML;
      var dw_text =  CKEDITOR.instances.wiki__text.getData();     	 
 
      CKEDITOR.instances.wiki__text.setData(draft);      
      dom.innerHTML = dw_text;
      var btn = GetE('ckgedit_draft_btn');
      var tmp = btn.value;  
      btn.value = ckgedit_draft_btn;
      ckgedit_draft_btn = tmp;
      tmp = ckgedit_draft_btn_title;
      btn.title = ckgedit_draft_btn_title;
      ckgedit_draft_btn_title = tmp;
   }


   function safe_convert(value) {            

     if(oDokuWiki_FCKEditorInstance.dwiki_fnencode && oDokuWiki_FCKEditorInstance.dwiki_fnencode == 'safe') {
      <?php 
        global $updateVersion;
        if (!isset($updateVersion)) {
            $updateVersion = 0;
        }
        echo "updateVersion={$updateVersion};";
        $list = plugin_list('action');
        $safe_converted = false;
        if (in_array('safefnrecode', $list)) {
            $safe_converted = true;
        }
        ?>

 		if(value.match(/%25/ && value.match(/%25[a-z0-9]/))) {
                          value = value.replace(/%25/g,"%");
                          <?php 
        if ($updateVersion > 30 || $safe_converted) {
            echo 'value = value.replace(/%5D/g,"]");';
        }
        ?>

                          value =  dwikiUTF8_decodeFN(value,'safe');
                       }
        }
        return value; 

     }
	 
RegExp.escape = function(str)
{
    var specials = new RegExp("[.*+?|()\\[\\]{}\\\\]", "g"); // .*+?|()[]{}\
    return str.replace(specials, "\\$&");
}
var ckgedit_xcl_fonts =parseInt  ("<?php 
        echo $this->getConf('font_options');
        ?>
");
var ckgedit_xcl_colors =parseInt("<?php 
        echo $this->getConf('color_options');
        ?>
");
var ckgedit_xcl_styles = (ckgedit_xcl_fonts + ckgedit_xcl_colors ==2) ? true : false;
var HTMLParser_DEBUG = "";


<?php 
        if ($this->debug) {
            ?>
   function HTMLParser_debug() {        
       HTMLParser_DEBUG = "";
       parse_wikitext("");
/*
      for(var i in oDokuWiki_FCKEditorInstance) {     
         HTMLParser_DEBUG += i + ' = ' + oDokuWiki_FCKEditorInstance[i] + "\n";;
       }
*/

       var w = window.open();       
       w.document.write('<pre>' + HTMLParser_DEBUG + '</pre>');
       w.document.close();
  }
<?php 
        }
        ?>

<?php 
        $url = DOKU_URL . 'lib/plugins/ckgedit/scripts/script-cmpr.js';
        echo "var script_url = '{$url}';";
        if ($this->test) {
            $parse_url = DOKU_URL . 'lib/plugins/ckgedit/scripts/parse_wiki.js.unc';
        } else {
            $parse_url = DOKU_URL . 'lib/plugins/ckgedit/scripts/parse_wiki-cmpr.js';
        }
        echo "var parse_url = '{$parse_url}';";
        //  $safe_url = DOKU_URL . 'lib/plugins/ckgedit/scripts/safeFN_cmpr.js';
        ?>

LoadScript(parse_url);
try {
  if(!window.HTMLParserInstalled){
    LoadScript(script_url);   
  }
}
catch (ex) {  
   LoadScript(script_url); 
}


if(window.DWikifnEncode && window.DWikifnEncode == 'safe') {
   LoadScript(DOKU_BASE + 'lib/plugins/ckgedit/scripts/safeFN_cmpr.js' );
}


 //]]>

  </script>


  
<?php 
    }
Beispiel #27
0
/**
 * Preprocess edit form data
 *
 * @author   Andreas Gohr <*****@*****.**>
 *
 * @triggers HTML_EDITFORM_OUTPUT
 */
function html_edit()
{
    global $ID;
    global $REV;
    global $DATE;
    global $PRE;
    global $SUF;
    global $INFO;
    global $SUM;
    global $lang;
    global $conf;
    global $TEXT;
    global $RANGE;
    if (isset($_REQUEST['changecheck'])) {
        $check = $_REQUEST['changecheck'];
    } elseif (!$INFO['exists']) {
        // $TEXT has been loaded from page template
        $check = md5('');
    } else {
        $check = md5($TEXT);
    }
    $mod = md5($TEXT) !== $check;
    $wr = $INFO['writable'] && !$INFO['locked'];
    $include = 'edit';
    if ($wr) {
        if ($REV) {
            $include = 'editrev';
        }
    } else {
        // check pseudo action 'source'
        if (!actionOK('source')) {
            msg('Command disabled: source', -1);
            return;
        }
        $include = 'read';
    }
    global $license;
    $form = new Doku_Form(array('id' => 'dw__editform'));
    $form->addHidden('id', $ID);
    $form->addHidden('rev', $REV);
    $form->addHidden('date', $DATE);
    $form->addHidden('prefix', $PRE . '.');
    $form->addHidden('suffix', $SUF);
    $form->addHidden('changecheck', $check);
    $data = array('form' => $form, 'wr' => $wr, 'media_manager' => true, 'target' => isset($_REQUEST['target']) && $wr && $RANGE !== '' ? $_REQUEST['target'] : 'section', 'intro_locale' => $include);
    if ($data['target'] !== 'section') {
        // Only emit event if page is writable, section edit data is valid and
        // edit target is not section.
        trigger_event('HTML_EDIT_FORMSELECTION', $data, 'html_edit_form', true);
    } else {
        html_edit_form($data);
    }
    if (isset($data['intro_locale'])) {
        echo p_locale_xhtml($data['intro_locale']);
    }
    $form->addHidden('target', $data['target']);
    $form->addElement(form_makeOpenTag('div', array('id' => 'wiki__editbar')));
    $form->addElement(form_makeOpenTag('div', array('id' => 'size__ctl')));
    $form->addElement(form_makeCloseTag('div'));
    if ($wr) {
        $form->addElement(form_makeOpenTag('div', array('class' => 'editButtons')));
        $form->addElement(form_makeButton('submit', 'save', $lang['btn_save'], array('id' => 'edbtn__save', 'accesskey' => 's', 'tabindex' => '4')));
        $form->addElement(form_makeButton('submit', 'preview', $lang['btn_preview'], array('id' => 'edbtn__preview', 'accesskey' => 'p', 'tabindex' => '5')));
        $form->addElement(form_makeButton('submit', 'draftdel', $lang['btn_cancel'], array('tabindex' => '6')));
        $form->addElement(form_makeCloseTag('div'));
        $form->addElement(form_makeOpenTag('div', array('class' => 'summary')));
        $form->addElement(form_makeTextField('summary', $SUM, $lang['summary'], 'edit__summary', 'nowrap', array('size' => '50', 'tabindex' => '2')));
        $elem = html_minoredit();
        if ($elem) {
            $form->addElement($elem);
        }
        $form->addElement(form_makeCloseTag('div'));
    }
    $form->addElement(form_makeCloseTag('div'));
    if ($wr && $conf['license']) {
        $form->addElement(form_makeOpenTag('div', array('class' => 'license')));
        $out = $lang['licenseok'];
        $out .= ' <a href="' . $license[$conf['license']]['url'] . '" rel="license" class="urlextern"';
        if ($conf['target']['extern']) {
            $out .= ' target="' . $conf['target']['extern'] . '"';
        }
        $out .= '>' . $license[$conf['license']]['name'] . '</a>';
        $form->addElement($out);
        $form->addElement(form_makeCloseTag('div'));
    }
    if ($wr) {
        // sets changed to true when previewed
        echo '<script type="text/javascript" charset="utf-8"><!--//--><![CDATA[//><!--' . NL;
        echo 'textChanged = ' . ($mod ? 'true' : 'false');
        echo '//--><!]]></script>' . NL;
    }
    ?>
    <div style="width:99%;">

    <div class="toolbar">
    <div id="draft__status"><?php 
    if (!empty($INFO['draft'])) {
        echo $lang['draftdate'] . ' ' . dformat();
    }
    ?>
</div>
    <div id="tool__bar"><?php 
    if ($wr && $data['media_manager']) {
        ?>
<a href="<?php 
        echo DOKU_BASE;
        ?>
lib/exe/mediamanager.php?ns=<?php 
        echo $INFO['namespace'];
        ?>
"
        target="_blank"><?php 
        echo $lang['mediaselect'];
        ?>
</a><?php 
    }
    ?>
</div>

    </div>
    <?php 
    html_form('edit', $form);
    print '</div>' . NL;
}
Beispiel #28
0
/**
 * Print the search form
 *
 * If the first parameter is given a div with the ID 'qsearch_out' will
 * be added which instructs the ajax pagequicksearch to kick in and place
 * its output into this div. The second parameter controls the propritary
 * attribute autocomplete. If set to false this attribute will be set with an
 * value of "off" to instruct the browser to disable it's own built in
 * autocompletion feature (MSIE and Firefox)
 *
 * @author Andreas Gohr <*****@*****.**>
 * @param bool $ajax
 * @param bool $autocomplete
 * @return bool
 */
function tpl_searchform($ajax = true, $autocomplete = true)
{
    global $lang;
    global $ACT;
    global $QUERY;
    // don't print the search form if search action has been disabled
    if (!actionOK('search')) {
        return false;
    }
    print '<form action="' . wl() . '" accept-charset="utf-8" class="search" id="dw__search" method="get"><div class="no">';
    print '<input type="hidden" name="do" value="search" />';
    print '<input type="text" ';
    if ($ACT == 'search') {
        print 'value="' . htmlspecialchars($QUERY) . '" ';
    }
    if (!$autocomplete) {
        print 'autocomplete="off" ';
    }
    print 'id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" />';
    print '<input type="submit" value="' . $lang['btn_search'] . '" class="button" title="' . $lang['btn_search'] . '" />';
    if ($ajax) {
        print '<div id="qsearch__out" class="ajax_qsearch JSpopup"></div>';
    }
    print '</div></form>';
    return true;
}
Beispiel #29
0
/**
 * Send digest and list mails for all subscriptions which are in effect for the
 * current page
 *
 * @author Adrian Lang <*****@*****.**>
 */
function sendDigest()
{
    global $conf;
    global $ID;
    echo 'sendDigest(): started' . NL;
    if (!actionOK('subscribe')) {
        echo 'sendDigest(): disabled' . NL;
        return false;
    }
    $sub = new Subscription();
    $sent = $sub->send_bulk($ID);
    echo "sendDigest(): sent {$sent} mails" . NL;
    echo 'sendDigest(): finished' . NL;
    return (bool) $sent;
}
Beispiel #30
0
/**
 * Send a  new password
 *
 * This function handles both phases of the password reset:
 *
 *   - handling the first request of password reset
 *   - validating the password reset auth token
 *
 * @author Benoit Chesneau <*****@*****.**>
 * @author Chris Smith <*****@*****.**>
 * @author Andreas Gohr <*****@*****.**>
 *
 * @return bool true on success, false on any error
 */
function act_resendpwd()
{
    global $lang;
    global $conf;
    global $auth;
    if (!actionOK('resendpwd')) {
        return false;
    }
    if (!$auth) {
        return false;
    }
    // should not be able to get here without modPass being possible...
    if (!$auth->canDo('modPass')) {
        msg($lang['resendna'], -1);
        return false;
    }
    $token = preg_replace('/[^a-f0-9]+/', '', $_REQUEST['pwauth']);
    if ($token) {
        // we're in token phase
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        if (!@file_exists($tfile)) {
            msg($lang['resendpwdbadauth'], -1);
            return false;
        }
        $user = io_readfile($tfile);
        @unlink($tfile);
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        $pass = auth_pwgen();
        if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
            msg('error modifying user data', -1);
            return false;
        }
        if (auth_sendPassword($user, $pass)) {
            msg($lang['resendpwdsuccess'], 1);
        } else {
            msg($lang['regmailfail'], -1);
        }
        return true;
    } else {
        // we're in request phase
        if (!$_POST['save']) {
            return false;
        }
        if (empty($_POST['login'])) {
            msg($lang['resendpwdmissing'], -1);
            return false;
        } else {
            $user = trim($auth->cleanUser($_POST['login']));
        }
        $userinfo = $auth->getUserData($user);
        if (!$userinfo['mail']) {
            msg($lang['resendpwdnouser'], -1);
            return false;
        }
        // generate auth token
        $token = md5(auth_cookiesalt() . $user);
        //secret but user based
        $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth';
        $url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');
        io_saveFile($tfile, $user);
        $text = rawLocale('pwconfirm');
        $text = str_replace('@DOKUWIKIURL@', DOKU_URL, $text);
        $text = str_replace('@FULLNAME@', $userinfo['name'], $text);
        $text = str_replace('@LOGIN@', $user, $text);
        $text = str_replace('@TITLE@', $conf['title'], $text);
        $text = str_replace('@CONFIRM@', $url, $text);
        if (mail_send($userinfo['name'] . ' <' . $userinfo['mail'] . '>', $lang['regpwmail'], $text, $conf['mailfrom'])) {
            msg($lang['resendpwdconfirm'], 1);
        } else {
            msg($lang['regmailfail'], -1);
        }
        return true;
    }
    return false;
    // never reached
}