function main_page($in_dev_mode, $time_remaining = 0)
{
global $page;
if ($in_dev_mode) {
$page->output_alert("CloudFlare is currently in development mode. This will expire in " . gmdate("H:i:s", $time_remaining));
}
$form = new Form('index.php?module=cloudflare-dev_mode&action=change', 'post');
$form_container = new FormContainer('Change development mode');
$form_container->output_row('Development Mode', "This will bypass CloudFlare's accelerated cache and slow down your site, but is useful if you are making changes to cacheable content (like images, css, or JavaScript) and would like to see those changes right away.", $form->generate_on_off_radio('dev_mode', $in_dev_mode ? 1 : 0));
$form_container->end();
$buttons[] = $form->generate_submit_button('Submit');
$form->output_submit_wrapper($buttons);
$form->end();
}
function restfulapi_admin_load()
{
global $mybb, $db, $page, $lang, $cache;
if ($page->active_action == RESTFULAPI_URL) {
$page->add_breadcrumb_item($lang->restfulapi_title);
$page->output_header($lang->restfulapi_title);
$result = $db->simple_select("apisettings");
$action = "config";
if (isset($mybb->input["action"]) && in_array($mybb->input["action"], array("manage-keys", "add-key"))) {
$action = $mybb->input["action"];
}
$navs = array("config" => array("link" => "index.php?module=config-" . RESTFULAPI_URL, "title" => $lang->restfulapi_config, "description" => $lang->restfulapi_config_description), "manage-keys" => array("link" => "index.php?module=config-" . RESTFULAPI_URL . "&action=manage-keys", "title" => $lang->restfulapi_manage_api_keys, "description" => $lang->restfulapi_manage_api_keys_description), "add-key" => array("link" => "index.php?module=config-" . RESTFULAPI_URL . "&action=add-key", "title" => $lang->restfulapi_add_api_key, "description" => $lang->restfulapi_add_api_key_description));
$page->output_nav_tabs($navs, $action);
switch ($action) {
case "manage-keys":
if (isset($mybb->input["do"]) && in_array($mybb->input["do"], array("regenerate", "edit", "delete"))) {
$do = $mybb->input["do"];
if ($do == "edit" && isset($mybb->input["key_id"]) && is_string($mybb->input["key_id"])) {
$key_id = (int) $db->escape_string($mybb->input["key_id"]);
$result = $db->simple_select("apikeys", "*", "id='{$key_id}'");
if ($result->num_rows != 1) {
flash_message($lang->restfulapi_key_not_found, "error");
admin_redirect("index.php?module=config-restfulapi&action=manage-keys");
exit;
}
if ($mybb->request_method == "post" && isset($mybb->input["apicustomer"]) && is_string($mybb->input["apicustomer"]) && isset($mybb->input["apicomment"]) && is_string($mybb->input["apicomment"]) && isset($mybb->input["maxreq"]) && is_numeric($mybb->input["maxreq"]) && isset($mybb->input["maxreqrate"]) && in_array($mybb->input["maxreqrate"], array("m", "w", "d", "h"))) {
$update = array("apicustomer" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicustomer"])), "apicomment" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicomment"])), "maxreq" => (int) $mybb->input["maxreq"], "maxreqrate" => $db->escape_string(htmlspecialchars_uni($mybb->input["maxreqrate"])));
$db->update_query("apikeys", $update, "id='{$key_id}'");
$db->delete_query("apipermissions", "apikey='{$key_id}'");
if (isset($mybb->input["apinames"]) && is_array($mybb->input["apinames"])) {
$insert_allowed = array();
foreach ($mybb->input["apinames"] as $apiname) {
$insert_allowed[] = array("apikey" => $key_id, "apiname" => $db->escape_string($apiname));
}
$db->insert_query_multiple("apipermissions", $insert_allowed);
}
restfulapi_cache_rebuild();
flash_message($lang->restfulapi_key_edited_successfully, "success");
admin_redirect("index.php?module=config-restfulapi&action=manage-keys");
} else {
$keyset = $result->fetch_array();
$form = new Form("index.php?module=config-" . RESTFULAPI_URL . "&action=manage-keys&do=edit&key_id={$key_id}", "post", "edit");
$form_container = new FormContainer($lang->restfulapi_edit_api_key);
$form_container->output_row($lang->restfulapi_customer_name . " <em>*</em>", $lang->restfulapi_customer_name_description, $form->generate_text_box('apicustomer', htmlspecialchars_uni($keyset["apicustomer"]), array('id' => 'apicustomer')), 'apicustomer');
$rate_types = array("h" => $lang->restfulapi_per_hour, "d" => $lang->restfulapi_per_day, "w" => $lang->restfulapi_per_week, "m" => $lang->restfulapi_per_month);
$form_container->output_row($lang->restfulapi_max_requests . " <em>*</em>", $lang->restfulapi_max_requests_description, $form->generate_text_box('maxreq', htmlspecialchars_uni($keyset["maxreq"]), array('id' => 'maxreq')) . " " . $form->generate_select_box('maxreqrate', $rate_types, htmlspecialchars_uni($keyset["maxreqrate"]), array('id' => 'maxreqrate')), 'maxreq');
$form_container->output_row($lang->restfulapi_comment, $lang->restfulapi_comment_description, $form->generate_text_area('apicomment', htmlspecialchars_uni($keyset["apicomment"]), array('id' => 'apicomment')), 'apicomment');
$apis = glob(RESTFULAPI_PATH . "api/*api.class.php");
$presentable_apis = array();
foreach ($apis as $key => $value) {
$value = htmlspecialchars_uni(str_replace(array(RESTFULAPI_PATH . "api/", "api.class.php"), "", $value));
$presentable_apis[$value] = $value;
}
$selected = array();
// reminder, $key_id has already been escaped!
$result = $db->simple_select("apipermissions", "*", "apikey='{$key_id}'");
while ($apipermission = $db->fetch_array($result)) {
$selected[] = $apipermission["apiname"];
}
$form_container->output_row($lang->restfulapi_select_allowed_apis, $lang->restfulapi_select_allowed_apis_description, $form->generate_select_box('apinames[]', $presentable_apis, $selected, array('id' => 'apinames', 'multiple' => true, 'size' => 10)), 'apinames');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->restfulapi_edit_api_key);
$form->output_submit_wrapper($buttons);
$form->end();
}
} elseif ($do == "delete" && isset($mybb->input["key_id"]) && isset($mybb->input["my_post_key"]) && verify_post_check($mybb->input["my_post_key"])) {
$key_id = $db->escape_string($mybb->input["key_id"]);
if ($db->simple_select("apikeys", "*", "id='{$key_id}'")->num_rows == 1) {
$db->delete_query("apipermissions", "apikey='{$key_id}'");
$db->delete_query("apikeys", "id='{$key_id}'");
restfulapi_cache_rebuild();
flash_message($lang->restfulapi_key_deleted_successfully, "success");
} else {
flash_message($lang->restfulapi_key_not_found, "error");
}
admin_redirect("index.php?module=config-restfulapi&action=manage-keys");
} elseif ($do == "regenerate" && isset($mybb->input["key_id"]) && isset($mybb->input["my_post_key"]) && verify_post_check($mybb->input["my_post_key"])) {
$key_id = $db->escape_string($mybb->input["key_id"]);
if ($db->simple_select("apikeys", "*", "id='{$key_id}'")->num_rows == 1) {
$apikey = restfulapi_generate_key();
/* can't figure out a better way to generate a random yet never-generated-before API key than this one */
while ($db->simple_select("apikeys", "*", "apikey='{$apikey}'")->num_rows != 0) {
$apikey = restfulapi_generate_key();
}
$update = array("apikey" => $db->escape_string(htmlspecialchars_uni($apikey)));
$db->update_query("apikeys", $update, "id='{$key_id}'");
restfulapi_cache_rebuild();
flash_message($lang->restfulapi_key_regenerated_successfully, "success");
} else {
flash_message($lang->restfulapi_key_not_found, "error");
}
admin_redirect("index.php?module=config-restfulapi&action=manage-keys");
}
} else {
$restfulapi_cache = $cache->read("restfulapi");
$apikeysets = $restfulapi_cache["keys"];
$table = new Table();
$table->construct_header($lang->restfulapi_customer, array("width" => "15%"));
$table->construct_header($lang->restfulapi_api_key, array("class" => "align_center", "width" => "29%"));
$table->construct_header($lang->restfulapi_comment, array("class" => "align_center", "width" => "30%"));
$table->construct_header($lang->restfulapi_usage, array("class" => "align_center", "width" => "5%"));
$table->construct_header($lang->restfulapi_controls, array("class" => "align_center", "width" => "21%", "colspan" => 3));
if (count($apikeysets) == 0) {
$table->construct_cell($lang->sprintf($lang->restfulapi_no_api_key, '<a href="index.php?module=config-restfulapi&action=add-key">', '</a>'), array("class" => "first", "colspan" => 5));
$table->construct_row();
} else {
// TODO : pagination maybe ?
foreach ($apikeysets as $key => $keyset) {
$table->construct_cell("<b>" . htmlspecialchars_uni($keyset['apicustomer']) . "</b>");
$table->construct_cell(htmlspecialchars_uni($keyset['apikey']));
$table->construct_cell(htmlspecialchars_uni($keyset['apicomment']));
$table->construct_cell(htmlspecialchars_uni($keyset['access']), array("class" => "align_center"));
$table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=regenerate&key_id={$keyset['id']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->restfulapi_regenerate_api_key_confirmation}')\">{$lang->restfulapi_regenerate_api_key}</a>", array("class" => "align_center", "width" => "9%"));
$table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=edit&key_id={$keyset['id']}\">{$lang->restfulapi_edit}</a>", array("class" => "align_center", "width" => "6%"));
$table->construct_cell("<a href=\"index.php?module=config-restfulapi&action=manage-keys&do=delete&key_id={$keyset['id']}&my_post_key={$mybb->post_code}\" onclick=\"return AdminCP.deleteConfirmation(this, '{$lang->restfulapi_delete_confirm}')\">{$lang->restfulapi_delete}</a>", array("class" => "align_center", "width" => "6%"));
$table->construct_row();
}
}
$table->output($lang->restfulapi_manage_api_keys);
}
break;
case "add-key":
if ($mybb->request_method == "post" && isset($mybb->input["apicustomer"]) && is_string($mybb->input["apicustomer"]) && isset($mybb->input["apicomment"]) && is_string($mybb->input["apicomment"]) && isset($mybb->input["maxreq"]) && is_numeric($mybb->input["maxreq"]) && isset($mybb->input["maxreqrate"]) && in_array($mybb->input["maxreqrate"], array("m", "w", "d", "h"))) {
$apikey = restfulapi_generate_key();
/* can't figure out a better way to generate a random yet never-generated-before API key than this one */
while ($db->simple_select("apikeys", "*", "apikey='{$db->escape_string($apikey)}'")->num_rows != 0) {
$apikey = restfulapi_generate_key();
}
$insert = array("apicustomer" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicustomer"])), "apicomment" => $db->escape_string(htmlspecialchars_uni($mybb->input["apicomment"])), "access" => 0, "maxreq" => (int) $mybb->input["maxreq"], "maxreqrate" => $db->escape_string(htmlspecialchars_uni($mybb->input["maxreqrate"])), "apikey" => $db->escape_string(htmlspecialchars_uni($apikey)));
$apikeyid = $db->insert_query("apikeys", $insert);
if (isset($mybb->input["apinames"]) && is_array($mybb->input["apinames"])) {
$insert_allowed = array();
foreach ($mybb->input["apinames"] as $apiname) {
$insert_allowed[] = array("apikey" => $db->escape_string($apikeyid), "apiname" => $db->escape_string($apiname));
}
$db->insert_query_multiple("apipermissions", $insert_allowed);
}
restfulapi_cache_rebuild();
flash_message($lang->sprintf($lang->restfulapi_generated_successfully, $apikey, $mybb->input["apicustomer"]), 'success');
admin_redirect("index.php?module=config-restfulapi&action=manage-keys");
} else {
$form = new Form("index.php?module=config-" . RESTFULAPI_URL . "&action=add-key", "post", "add");
$form_container = new FormContainer($lang->restfulapi_add_api_key);
$form_container->output_row($lang->restfulapi_customer_name . " <em>*</em>", $lang->restfulapi_customer_name_description, $form->generate_text_box('apicustomer', '', array('id' => 'apicustomer')), 'apicustomer');
$rate_types = array("h" => $lang->restfulapi_per_hour, "d" => $lang->restfulapi_per_day, "w" => $lang->restfulapi_per_week, "m" => $lang->restfulapi_per_month);
$form_container->output_row($lang->restfulapi_max_requests . " <em>*</em>", $lang->restfulapi_max_requests_description, $form->generate_text_box('maxreq', '0', array('id' => 'maxreq')) . " " . $form->generate_select_box('maxreqrate', $rate_types, "m", array('id' => 'maxreqrate')), 'maxreq');
$form_container->output_row($lang->restfulapi_comment, $lang->restfulapi_comment_description, $form->generate_text_area('apicomment', '', array('id' => 'apicomment')), 'apicomment');
$apis = glob(RESTFULAPI_PATH . "api/*api.class.php");
$presentable_apis = array();
foreach ($apis as $key => $value) {
$value = htmlspecialchars_uni(str_replace(array(RESTFULAPI_PATH . "api/", "api.class.php"), "", $value));
$presentable_apis[$value] = $value;
}
$form_container->output_row($lang->restfulapi_select_allowed_apis . " <em>*</em>", $lang->restfulapi_select_allowed_apis_description, $form->generate_select_box('apinames[]', $presentable_apis, array_keys($presentable_apis), array('id' => 'apinames', 'multiple' => true, 'size' => 10)), 'apinames');
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->restfulapi_generate_api_key);
$form->output_submit_wrapper($buttons);
$form->end();
}
break;
default:
$apilist = $cache->read("restfulapilist");
// routine to install newly detected APIs, and activate them if needed
restfulapi_apilist_activate();
if ($mybb->request_method == "post") {
// we delete all the previously-deactivated options
$db->delete_query("apisettings", "apiaction='deactivate'");
$inserts = array();
foreach ($mybb->input as $key => $input) {
if (substr($key, 0, 7) == "option_" && $input == "1") {
// replace first occurrence of 'option_' with '' in case the option name is 'option_', so that 'option_option_' won't be all replaced into an empty string
// yeah I know, probably would never happen but we never know
$option = preg_replace('/option\\_/', '', $key, 1);
restfulapi_api_activate($option);
} elseif (substr($key, 0, 7) == "option_" && $input == "0") {
$option = preg_replace('/option\\_/', '', $key, 1);
restfulapi_api_deactivate($option);
}
}
flash_message($lang->restfulapi_saved_config, "success");
admin_redirect("index.php?module=config-restfulapi");
} else {
$result = $db->simple_select("apisettings", "*", "apiaction='deactivate'");
$deactivatedapis = array();
while ($apiarray = $db->fetch_array($result)) {
$deactivatedapis[] = $apiarray["apivalue"];
}
if (count($apilist) == 0) {
echo '<div class="notice">' . $lang->sprintf($lang->restfulapi_no_api, '<a href="index.php?module=config-restfulapi&action=add-key">', '</a>') . '</div>';
} else {
$form = new Form("index.php?module=config-" . RESTFULAPI_URL, "post", "config");
$form_container = new FormContainer($lang->restfulapi_config);
$table = new Table();
foreach ($apilist as $api => $info_array) {
require_once RESTFULAPI_PATH . "api/" . $api . "api.class.php";
$api = htmlspecialchars_uni($api);
$apiclass = $api . "api";
$api_instance = new $apiclass();
$info_array = $api_instance->info();
$name = isset($info_array["name"]) && is_string($info_array["name"]) ? htmlspecialchars_uni($info_array["name"]) . " : " . $api : $api;
$description = isset($info_array["description"]) && is_string($info_array["description"]) ? htmlspecialchars_uni($info_array["description"]) : $lang->restfulapi_config_on_off_description;
$setting_code = $form->generate_on_off_radio("option_" . $api, in_array($api, $deactivatedapis) ? 0 : 1, true, array('id' => $api . '_yes'), array('id' => $api . '_no'));
$form_container->output_row($name, $description, $setting_code, '', array(), array('id' => 'row_' . $api));
}
$form_container->end();
$buttons[] = $form->generate_submit_button($lang->restfulapi_save_config);
$form->output_submit_wrapper($buttons);
$form->end();
}
}
break;
}
$page->output_footer();
}
}
$options = "";
$type = explode("\n", $setting['type']);
$type[0] = trim($type[0]);
$element_name = "upsetting[{$setting['name']}]";
$element_id = "setting_{$setting['name']}";
if ($type[0] == "text" || $type[0] == "") {
$setting_code = $form->generate_text_box($element_name, $setting['value'], array('id' => $element_id));
} else {
if ($type[0] == "textarea") {
$setting_code = $form->generate_text_area($element_name, $setting['value'], array('id' => $element_id));
} else {
if ($type[0] == "yesno") {
$setting_code = $form->generate_yes_no_radio($element_name, $setting['value'], true, array('id' => $element_id . '_yes', 'class' => $element_id), array('id' => $element_id . '_no', 'class' => $element_id));
} else {
if ($type[0] == "onoff") {
$setting_code = $form->generate_on_off_radio($element_name, $setting['value'], true, array('id' => $element_id . '_on', 'class' => $element_id), array('id' => $element_id . '_off', 'class' => $element_id));
} else {
if ($type[0] == "cpstyle") {
$dir = @opendir(MYBB_ROOT . $config['admin_dir'] . "/styles");
while ($folder = readdir($dir)) {
if ($file != "." && $file != ".." && @file_exists(MYBB_ROOT . $config['admin_dir'] . "/styles/{$folder}/main.css")) {
$folders[$folder] = ucfirst($folder);
}
}
closedir($dir);
ksort($folders);
$setting_code = $form->generate_select_box($element_name, $folders, $setting['value'], array('id' => $element_id));
} else {
if ($type[0] == "language") {
$languages = $lang->get_languages();
$setting_code = $form->generate_select_box($element_name, $languages, $setting['value'], array('id' => $element_id));
foreach ($mybb->input['setting'] as $name => $value) {
$row = array("value" => $db->escape_string($value));
$db->update_query('wiki_settings', $row, "name=\"" . $name . "\"");
}
flash_message($lang->wiki_settings_success, 'success');
admin_redirect('index.php?module=wiki-settings');
}
$table = new Table();
$form = new Form('', 'post');
$table->construct_header($lang->wiki_setting_title);
$table->construct_header($lang->wiki_setting_givevalue);
$query = $db->write_query("SELECT * FROM `" . TABLE_PREFIX . "wiki_settings`");
while ($row = $db->fetch_array($query)) {
$table->construct_cell($row['title']);
$code = $row['optionscode'];
if ($code == 'text') {
$setting_code = $form->generate_text_box('setting[' . $row['name'] . ']', $row['value'], array('id' => $row['name']));
} elseif ($code == 'yesno') {
$setting_code = $form->generate_yes_no_radio('setting[' . $row['name'] . ']', $row['value'], true, array('id' => $row['name'] . '_yes', 'class' => $row['name']), array('id' => $row['name'] . '_no', 'class' => $row['name']));
} elseif ($code == 'onoff') {
$setting_code = $form->generate_on_off_radio('setting[' . $row['name'] . ']', $row['value'], true, array('id' => 'on', 'class' => $row['name']), array('id' => 'off', 'class' => $row['name']));
} elseif ($code == 'textarea') {
$setting_code = $form->generate_text_area('setting[' . $row['name'] . ']', $row['value'], array('id' => $row['name']));
}
$table->construct_cell($setting_code);
$table->construct_row();
}
$buttons[] = $form->generate_submit_button($lang->wiki_commit);
$table->output($lang->wiki_settings_alt);
$form->output_submit_wrapper($buttons);
$page->output_footer();
if ($folder != "." && $folder != ".." && @file_exists(MYBB_ADMIN_DIR . "/styles/{$folder}/main.css")) {
$folders[$folder] = ucfirst($folder);
}
}
closedir($dir);
ksort($folders);
$setting_code = $form->generate_select_box("cpstyle", $folders, $admin_options['cpstyle']);
$languages = array_merge(array('' => $lang->use_default), $lang->get_languages(1));
$language_code = $form->generate_select_box("cplanguage", $languages, $admin_options['cplanguage']);
$table = new Table();
$table->construct_header($lang->global_preferences);
$table->construct_cell("<strong>{$lang->acp_theme}</strong><br /><small>{$lang->select_acp_theme}</small><br /><br />{$setting_code}");
$table->construct_row();
$table->construct_cell("<strong>{$lang->acp_language}</strong><br /><small>{$lang->select_acp_language}</small><br /><br />{$language_code}");
$table->construct_row();
$table->construct_cell("<strong>{$lang->codemirror}</strong><br /><small>{$lang->use_codemirror_desc}</small><br /><br />" . $form->generate_on_off_radio('codepress', $admin_options['codepress']));
$table->construct_row();
// If 2FA is enabled we need to display a link to the recovery codes page
if (!empty($admin_options['authsecret'])) {
$lang->use_2fa_desc .= "<br />" . $lang->recovery_codes_desc . " " . $lang->recovery_codes_warning;
}
$table->construct_cell("<strong>{$lang->my2fa}</strong><br /><small>{$lang->use_2fa_desc}</small><br /><br />" . $form->generate_on_off_radio('2fa', (int) (!empty($admin_options['authsecret']))));
$table->construct_row();
if (!empty($admin_options['authsecret'])) {
$qr = $auth->getQRCodeGoogleUrl($mybb->user['username'] . "@" . str_replace(" ", "", $mybb->settings['bbname']), $admin_options['authsecret']);
$table->construct_cell("<strong>{$lang->my2fa_qr}</strong><br /><img src=\"{$qr}\"");
$table->construct_row();
}
$table->output($lang->preferences);
$table->construct_header($lang->notes_not_shared);
$table->construct_cell($form->generate_text_area("notes", $admin_options['notes'], array('style' => 'width: 99%; height: 300px;')));
$page->output_header($lang->preferences_and_personal_notes);
$sub_tabs['preferences'] = array('title' => $lang->preferences_and_personal_notes, 'link' => "index.php?module=home-preferences", 'description' => $lang->prefs_and_personal_notes_description);
$page->output_nav_tabs($sub_tabs, 'preferences');
$query = $db->simple_select("adminoptions", "notes, cpstyle, codepress", "uid='" . $mybb->user['uid'] . "'", array('limit' => 1));
$admin_options = $db->fetch_array($query);
$form = new Form("index.php?module=home-preferences", "post");
$dir = @opendir(MYBB_ADMIN_DIR . "/styles");
while ($folder = readdir($dir)) {
if ($folder != "." && $folder != ".." && @file_exists(MYBB_ADMIN_DIR . "/styles/{$folder}/main.css")) {
$folders[$folder] = ucfirst($folder);
}
}
closedir($dir);
ksort($folders);
$setting_code = $form->generate_select_box("cpstyle", $folders, $admin_options['cpstyle']);
$table = new Table();
$table->construct_header($lang->global_preferences);
$table->construct_cell("<strong>{$lang->acp_theme}</strong><br /><small>{$lang->select_acp_theme}</small><br /><br />{$setting_code}");
$table->construct_row();
$table->construct_cell("<strong>{$lang->codepress}</strong><br /><small>{$lang->use_codepress_desc}</small><br /><br />" . $form->generate_on_off_radio('codepress', $admin_options['codepress']));
$table->construct_row();
$table->output($lang->preferences);
$table->construct_header($lang->notes_not_shared);
$table->construct_cell($form->generate_text_area("notes", $admin_options['notes'], array('style' => 'width: 99%; height: 300px;')));
$table->construct_row();
$table->output($lang->personal_notes);
$buttons[] = $form->generate_submit_button($lang->save_notes_and_prefs);
$form->output_submit_wrapper($buttons);
$form->end();
$page->output_footer();
}
