예제 #1
0
function plugin_dump_action()
{
    global $vars, $auth_users, $realm;
    // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this');
    if (auth::check_role('readonly')) {
        die_message(_("PKWK_READONLY prohibits this"));
    }
    $msg = PLUGIN_DUMP_ALLOW_RESTORE ? _("dump & restore") : _("dump");
    $body = '';
    while (auth::check_role('role_adm')) {
        unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
        if (!auth::auth_pw($auth_users)) {
            header('WWW-Authenticate: Basic realm="' . $realm . '"');
            header('HTTP/1.0 401 Unauthorized');
            $body = "<p><strong>" . _("The password is different.") . "</strong></p>\n";
            return array('msg' => $msg, 'body' => $body);
        }
    }
    // メニューを表示する必要があるか?
    if (!isset($vars['menu'])) {
        // 入力フォームを表示
        $body = plugin_dump_disp_form();
        return array('msg' => $msg, 'body' => $body);
    }
    $act = isset($vars['act']) ? $vars['act'] : NULL;
    set_time_limit(0);
    switch ($act) {
        case PLUGIN_DUMP_DUMP:
            $body = plugin_dump_download();
            break;
        case PLUGIN_DUMP_RESTORE:
            $retcode = plugin_dump_upload();
            $msg = $retcode['code'] == TRUE ? _("Up-loading was completed.") : _("It failed in up-loading.");
            $body = $retcode['msg'];
            break;
        default:
            // 無効な命令です。
            $body = _("It is an invalid instruction.");
    }
    return array('msg' => $msg, 'body' => $body);
}
예제 #2
0
function plugin_login_action()
{
    global $vars, $auth_type, $auth_users, $realm;
    $api = empty($vars['api']) ? 'plus' : $vars['api'];
    if ($api != 'plus') {
        if (!exist_plugin($vars['api'])) {
            return;
        }
        $call_api = 'plugin_' . $vars['api'] . '_jump_url';
        header('Location: ' . $call_api());
        die;
    }
    // NTLM, Negotiate 認証 (IIS 4.0/5.0)
    $srv_soft = defined('SERVER_SOFTWARE') ? SERVER_SOFTWARE : $_SERVER['SERVER_SOFTWARE'];
    if (substr($srv_soft, 0, 9) == 'Microsoft') {
        auth::auth_ntlm();
        login_return_page();
    }
    switch ($auth_type) {
        case 1:
            if (!auth::auth_pw($auth_users)) {
                unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
                header('HTTP/1.0 401 Unauthorized');
                header('WWW-Authenticate: Basic realm="' . $realm . '"');
            } else {
                // FIXME
                // 認証成功時は、もともとのページに戻れる
                // 下に記述すると認証すら行えないなぁ
                login_return_page();
            }
            break;
        case 2:
            if (!auth::auth_digest($auth_users)) {
                header('HTTP/1.1 401 Unauthorized');
                header('WWW-Authenticate: Digest realm="' . $realm . '", qop="auth", nonce="' . uniqid() . '", opaque="' . md5($realm) . '"');
            } else {
                login_return_page();
            }
            break;
    }
}
예제 #3
0
function plugin_table_edit2_action()
{
    global $vars, $post, $auth_users, $_string;
    $table_num = $vars['table_num'];
    $page = isset($vars['refer']) ? $vars['refer'] : null;
    if (empty($page)) {
        Utility::dieMessage('Page name is null.');
    }
    $wiki = Factory::Wiki($page);
    if (is_freeze($page)) {
        check_editable($page, true, true);
    }
    if ($wiki->isFreezed()) {
        $wiki->checkEditable(true);
    }
    //	Cancel
    $anchr_jump = PLUGIN_TABLE_EDIT2_ANCHR_JUMP ? '#TableEdit2TableNumber' . $table_num : '';
    if (isset($vars['cancel'])) {
        Utility::redirect($wiki->uri() . $anchr_jump);
        exit;
    }
    $line_count = 1;
    $table_sub_num = 1;
    //td
    $table_sub_num_chk = 1;
    //td
    $setting = 0;
    $import = $export = $csv_cancel = 0;
    $edit_mod = isset($vars['edit_mod']) ? $vars['edit_mod'] : '';
    $td_edit = $edit_mod == 't_edit_td' || $edit_mod == 'td' ? 1 : 0;
    $tr_edit = $edit_mod == 't_edit' || $edit_mod == 'tr' ? 1 : 0;
    $t_edit = $edit_mod == 't_edit_td' || $edit_mod == 't_edit' ? 1 : 0;
    $edit_show = $edit_mod == 'tdshow' || $edit_mod == 'show' ? 1 : 0;
    // Petit SPAM Check (Client(Browser)-Server Ticket Check)
    $spam = FALSE;
    if (!function_exists('honeypot_write') && $t_edit) {
        $spam = plugin_table_edit2_spam($post['encode_hint']);
    }
    if ($spam) {
        return plugin_table_edit2_honeypot();
    }
    if (Auth::check_role('readonly')) {
        die_message('PKWK_READONLY prohibits editing');
    }
    if (PLUGIN_TABLE_EDIT2_HTTP_REFERER) {
        if (!function_exists('path_check')) {
            if (!preg_match('/^(' . $script_uri . ')/', $_SERVER['HTTP_REFERER'])) {
                return;
            }
        } else {
            if (!path_check($script_uri, $_SERVER['HTTP_REFERER'])) {
                return;
            }
        }
    }
    if ($edit_mod === 'setting') {
        $set = new TableEdit2SettingWrite($vars);
        if (!$set->sc) {
            return $set->error;
        }
        $setting = 1;
        unset($vars['table_mod']);
    }
    $notimestamp = FALSE;
    if (isset($vars['csv_mod']) || isset($vars['ex_cancel']) || isset($vars['im_cancel']) || isset($vars['set_csv']) || isset($vars['csv_back'])) {
        $csv = new TableEdit2CsvAction();
        if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'import') {
            $csv->csv_import($vars);
            $import = 1;
        } else {
            if (isset($vars['csv_mod']) && $vars['csv_mod'] === 'export') {
                $export = 1;
                $csv_export_data = array();
            } else {
                if (isset($vars['ex_cancel']) || isset($vars['im_cancel'])) {
                    $csv_cancel = 1;
                    $notimestamp = TRUE;
                } else {
                    if (isset($vars['set_csv'])) {
                        $set_csv = 1;
                        $notimestamp = TRUE;
                    } else {
                        if (isset($vars['csv_back'])) {
                            if (PLUGIN_TABLE_EDIT2_CSV_UNLINK) {
                                $con = new TableEdit2CsvConversion($page, array('name' => $vars['file_name']));
                                unlink($con->filename);
                                unlink($con->logname);
                            }
                            Utility::redirect($wiki->uri());
                            exit;
                        } else {
                            return array('msg' => 'csv error', 'body' => 'csv option error');
                            // . join("\n", $csv_data)
                        }
                    }
                }
            }
        }
    }
    if (isset($vars['table_mod'])) {
        $chg = new TableEdit2TableMod($vars['table_mod']);
    }
    if ($td_edit || $tr_edit) {
        $edit = new TableEdit2Edit($vars);
    }
    if ($edit_show) {
        $show = new TableEdit2Show($vars, $page);
    }
    $args = get_source($page);
    static $count = 0;
    $source_s = '';
    $body = '';
    $row_title = 0;
    $td_title_count = 0;
    if ($td_edit || $tr_edit || $setting || $import) {
        $notimestamp = isset($vars['notimestamp']) ? TRUE : FALSE;
    }
    foreach ($wiki->get() as $args_key => $args_line) {
        if (preg_match('/^#([^\\(\\{]+)(?:\\(([^\\r]*)\\))?(\\{*)/', $args_line, $matches) !== FALSE) {
            if (isset($matches[1]) && ($matches[1] == 'table_edit2' || $matches[1] == "table_edit2\n")) {
                $table_find = 1;
                $count++;
                if ($line_count === 1 && $count == $table_num) {
                    if (preg_match('/auth_check[=_](on|off)/i', $matches[2], $auth_check)) {
                        if ($auth_check[1] == 'on') {
                            if (!auth::auth_pw($auth_users)) {
                                $user = TableEdit2Auth::basic_auth();
                                if (empty($user)) {
                                    return;
                                }
                            }
                        }
                    } else {
                        check_editable($page, true, true);
                    }
                    if ($setting) {
                        $args_line = $set->plugin_set_opt($matches[3]);
                    }
                    if ($import) {
                        $args_line = $csv->import_data_set($matches[2], $matches[3]);
                    }
                    if (isset($vars['ex_cancel'])) {
                        $args_line = $csv->cancel($matches[2], $matches[3], 'export');
                    }
                    if (isset($vars['im_cancel'])) {
                        $args_line = $csv->cancel($matches[2], $matches[3], 'import');
                    }
                    if (isset($set_csv)) {
                        $args_line = $csv->set_csv_opt($matches[2], $matches[3], $vars['set_csv']);
                    }
                    if ($edit_mod == 'tdshow') {
                        //tdshow - td_title - 06.11.11
                        if (preg_match('/title_c=(\\d+)/i', $matches[2], $match_title)) {
                            $td_title_count = $match_title[1] - 1;
                        }
                    }
                    if ($edit_mod == 'show') {
                        //show				header
                        if (preg_match('/title_r=(\\d+)/i', $matches[2], $m_row_title)) {
                            $row_title = $m_row_title[1];
                        }
                    }
                    if ($edit_show) {
                        $show->text_type($matches[2]);
                    }
                    if (isset($vars['table_mod'])) {
                        //table_mod
                        $notimestamp = TRUE;
                        $args_line = $chg->table_mod_chg($matches, $args_line);
                    }
                }
                $end_line = strlen($matches[3]);
            }
        }
        if (isset($end_line) && preg_match('/^\\}{' . $end_line . '}/', $args_line) || !isset($end_line)) {
            $table_find = 0;
        }
        if ($table_find && $table_num == $count && !isset($vars['table_mod']) && !$setting && !$import) {
            $table_sub_num_count_chk = 0;
            $table_f_chose = preg_match('/^\\|(.+)\\|([hHfFcC]?)$/', $args_line, $match_line) ? 1 : 0;
            if ($args_line[0] == ',' && $args_line != ',') {
                $table_f_chose = 2;
            }
            if ($td_edit || $tr_edit) {
                $edit->chose = $table_f_chose;
            }
            if ($table_f_chose) {
                if ($table_f_chose === 1) {
                    $match_t = explode("|", $match_line[1]);
                } elseif ($table_f_chose === 2) {
                    $match_t = csv_explode(',', substr(str_replace("\n", '', $args_line), 1));
                    $match_line = array(1 => join(',', $match_t), 2 => '');
                }
                if ($export) {
                    $csv_export_data[] = $match_line[1];
                }
                if (isset($vars['table_sub_num']) && $table_sub_num === $vars['table_sub_num'] && $table_sub_num_chk) {
                    //td 06.09.18
                    $show->chk_table_sub_first_line = $line_count;
                    $table_sub_num_chk = 0;
                }
                if (isset($vars['line_count']) && $vars['line_count'] === $line_count || strtolower($match_line[2]) === 'h' || $edit_mod == 'tdshow' || $td_edit || $row_title) {
                    //					$match_t = explode("|", $match_line[1]);
                    if ($edit_mod == 'tdshow') {
                        //tdshow - td_title - 06.11.11
                        $show->td_title[$line_count] = $match_t[$td_title_count];
                    }
                }
                if ($edit_mod == 'show') {
                    //show				header
                    if ($match_line[2] == 'h' && !$row_title) {
                        $show->table_header($match_t);
                    }
                    if ($line_count == $row_title) {
                        $show->table_header($match_t);
                    }
                }
                if ($vars['line_count'] == $line_count || $table_sub_num == $vars['table_sub_num']) {
                    // textarea 06.11.12
                    if ($edit_show) {
                        if ($show->t_type == 'textarea') {
                            $show->text_type_textarea(count($match_t));
                        }
                    }
                }
                if ($td_edit && $table_sub_num_chk == 0 && $table_sub_num == $vars['table_sub_num']) {
                    $source_s .= $edit->td_edit($match_t) . $match_line[2] . "\n";
                    $table_sub_num_count_chk = 1;
                } else {
                    if (isset($vars['line_count']) && $vars['line_count'] == $line_count && !$td_edit) {
                        if ($tr_edit) {
                            //t_edit tr_add
                            if (isset($vars['add_show']) && $vars['add_show'] === 1) {
                                $source_s .= $args_line;
                                if ($edit->chose !== 2) {
                                    $edit->chk_csv_source($args, $args_key);
                                }
                            }
                            $source_s .= $edit->tr_edit($args_line, $match_t, $match_line[2]);
                        } else {
                            if ($edit_show) {
                                //show or tdshow
                                $show->line_count = $line_count;
                                $body = $show->show_mod($match_t);
                            }
                        }
                    } else {
                        if ($edit_mod == 'tdshow') {
                            //tdshow and edit_td
                            $show->cells[$line_count] = $match_t;
                        }
                        $table_sub_num_count_chk = 1;
                        //td06.09.18
                        $source_s .= $args_line;
                    }
                }
                $line_count++;
            } else {
                if ($table_sub_num_count_chk == 1 && substr($args_line, 0, 2) != '//') {
                    //td
                    $table_sub_num++;
                    $table_sub_num_count_chk = 0;
                }
                $source_s .= $args_line;
            }
        } else {
            $source_s .= $args_line . "\n";
        }
    }
    if ($export) {
        return $csv->csv_export($vars, $csv_export_data);
    }
    $collision = 0;
    if ($tr_edit || $td_edit) {
        if (Factory::Wiki($vars['refer'])->digest() !== $vars['digest']) {
            global $_string, $_title;
            $title = $_title['collided'];
            $body = $_string['msg_collided_auto'] . make_pagelink($vars['refer']);
            $collision = 1;
        }
    }
    if ($tr_edit || $td_edit || isset($vars['table_mod']) || $setting || $import || $csv_cancel || isset($set_csv)) {
        $source = explode("\n", $source_s);
        array_pop($source);
        // 末尾に余計な改行が入るので削除
        //		var_dump($source);
        //		die;
        $wiki->set(explode("\n", $source_s), $notimestamp);
    }
    $get['page'] = $post['page'] = $vars['page'] = $page;
    if ($collision) {
        return array('msg' => $title, 'body' => $body);
    }
    if ($edit_show) {
        return array('msg' => $show->title, 'body' => $body);
    }
    //header('Location: ' . $script_uri . '?' . rawurlencode($page) . $anchr_jump);
    Utility::redirect($wiki->uri() . $anchr_jump);
    exit;
}
예제 #4
0
 function check_role($func = '')
 {
     global $adminpass;
     switch ($func) {
         case 'readonly':
             $chk_role = defined('PKWK_READONLY') ? PKWK_READONLY : ROLE_GUEST;
             break;
         case 'safemode':
             $chk_role = defined('PKWK_SAFE_MODE') ? PKWK_SAFE_MODE : ROLE_GUEST;
             break;
         case 'su':
             $now_role = auth::get_role_level();
             if ($now_role == 2 || (int) $now_role == ROLE_ADM_CONTENTS) {
                 return FALSE;
             }
             // 既に権限有
             $chk_role = ROLE_ADM_CONTENTS;
             switch ($now_role) {
                 case ROLE_AUTH_TEMP:
                     // FIXME:
                     return TRUE;
                 case ROLE_GUEST:
                     // 未認証者は、単に管理者パスワードを要求
                     $user = UNAME_ADM_CONTENTS_TEMP;
                     break;
                 case ROLE_AUTH:
                     // 認証済ユーザは、ユーザ名を維持しつつ管理者パスワードを要求
                     $user = auth::check_auth();
                     break;
             }
             $auth_temp = array($user => array($adminpass));
             while (1) {
                 if (!auth::auth_pw($auth_temp)) {
                     unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
                     header('WWW-Authenticate: Basic realm="USER NAME is ' . $user . '"');
                     header('HTTP/1.0 401 Unauthorized');
                     break;
                 }
                 // ESC : 認証失敗
                 return TRUE;
             }
             break;
         case 'role_adm':
             $chk_role = ROLE_ADM;
             break;
         case 'role_adm_contents':
             $chk_role = ROLE_ADM_CONTENTS;
             break;
         case 'role_auth':
             $chk_role = ROLE_AUTH;
             break;
         default:
             $chk_role = ROLE_GUEST;
     }
     return auth::is_check_role($chk_role);
 }